Wazuh Docker Deployment | Install Wazuh using Docker | Docker & Docker Compose

Introduction

This tutorial provides a step-by-step guide on how to deploy Wazuh using Docker and Docker Compose. Wazuh is an open-source security platform that provides security monitoring and compliance reporting, making it an essential tool for organizations aiming to enhance their security posture. This guide will help you set up Wazuh on your system quickly using Docker, allowing for easy management and scalability.

Step 1: Install Docker and Docker Compose

Before deploying Wazuh, ensure that Docker and Docker Compose are installed on your system.

1. Install Docker

   • For CentOS, run the following commands:

     sudo yum install -y yum-utils
     sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
     sudo yum install docker-ce docker-ce-cli containerd.io
     

   • Start Docker:

     sudo systemctl start docker
     sudo systemctl enable docker
     

2. Install Docker Compose

   • Download the latest version of Docker Compose:

     sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
     

   • Set permissions:

     sudo chmod +x /usr/local/bin/docker-compose
     

3. Verify Installation

   • Check Docker version:

     docker --version
     

   • Check Docker Compose version:

     docker-compose --version
     

Step 2: Create a Docker Compose File for Wazuh

You will need to create a Docker Compose file that defines the Wazuh services.

1. Create a Project Directory

   • Create a new directory for your Wazuh project:

     mkdir wazuh-docker
     cd wazuh-docker
     

2. Create a docker-compose.yml File

   • Use your preferred text editor to create a file named docker-compose.yml:

     version: '3.9'
     services:
       wazuh-manager:
         image: wazuh/wazuh-manager:latest
         environment:
           - "WAZUH_MANAGER_HOST=wazuh-manager"
         ports:
           - "55000:55000"
           - "5514:5514"
         volumes:
           - wazuh_data:/var/ossec/data
     
       wazuh-dashboard:
         image: wazuh/wazuh-dashboard:latest
         ports:
           - "5601:5601"
         depends_on:
           - wazuh-manager
     
       wazuh-indexer:
         image: wazuh/wazuh-indexer:latest
         ports:
           - "9200:9200"
           - "9300:9300"
         environment:
           - "WAZUH_INDEXER_HOST=wazuh-indexer"
         volumes:
           - wazuh_data:/usr/share/wazuh-indexer/data
     
     volumes:
       wazuh_data:
     

Step 3: Start the Wazuh Services

Once your docker-compose.yml file is ready, you can start the Wazuh services.

1. Run Docker Compose

   • In your project directory, execute the command:

     docker-compose up -d
     

   • This command will start the Wazuh Manager, Dashboard, and Indexer in detached mode.

2. Verify the Containers are Running

   • Check the status of your containers:

     docker ps
     

   • You should see the Wazuh services listed and running.

Step 4: Access the Wazuh Dashboard

After starting the services, you can access the Wazuh web interface.

1. Open Your Web Browser

   • Navigate to http://<your-server-ip>:5601.
   • Replace <your-server-ip> with the actual IP address of your server.

2. Log In to the Dashboard

   • Use the default credentials to log in:
     • Username: admin
     • Password: admin

Conclusion

You have successfully deployed Wazuh using Docker and Docker Compose. This setup provides a scalable and manageable environment for monitoring security events.

Next Steps

• Explore Wazuh's features and customize configurations according to your needs.
• Consider setting up Wazuh agents on your endpoints to collect logs and security data.
• Review Wazuh documentation for advanced configurations and integrations.