Wazuh tutorial 9. wazuh installation on docker env using docker-compose mulit-node-infra in english

Introduction

This tutorial will guide you through the installation of Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. Wazuh is a powerful security monitoring tool that provides threat detection, integrity monitoring, incident response, and compliance. Using Docker and Docker Compose simplifies the deployment process, making it accessible for both beginners and experienced users.

Step 1: Install Docker and Docker Compose

Before you can install Wazuh, ensure that Docker and Docker Compose are installed on your system.

1. Install Docker:

   • For Windows or Mac, download and install Docker Desktop from the Docker website.

   • For Linux, use the following commands:

     sudo apt update
     sudo apt install docker.io
     

2. Install Docker Compose:

   • You can install Docker Compose using the following command:

     sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
     sudo chmod +x /usr/local/bin/docker-compose
     

3. Verify Installation:

   • Check if Docker and Docker Compose are installed correctly:

     docker --version
     docker-compose --version
     

Step 2: Set Up the Wazuh Docker Compose File

Create a Docker Compose file to define the Wazuh services.

1. Create a directory for Wazuh:

   mkdir wazuh-docker
   cd wazuh-docker
   

2. Create a docker-compose.yml file:

   • Open your preferred text editor and create a new file named docker-compose.yml.

3. Add the following content to the docker-compose.yml file:

   version: '3.7'
   services:
     wazuh-manager:
       image: wazuh/wazuh:latest
       container_name: wazuh-manager
       environment:
         - WAZUH_PASSWORD=your_password_here
       volumes:
         - wazuh-data:/var/ossec/data
       ports:
         - "55000:55000"
   
     elasticsearch:
       image: elasticsearch:7.9.3
       container_name: elasticsearch
       environment:
         - discovery.type=single-node
         - ES_JAVA_OPTS=-Xms512m -Xmx512m
       volumes:
         - esdata:/usr/share/elasticsearch/data
       ports:
         - "9200:9200"
     
     kibana:
       image: kibana:7.9.3
       container_name: kibana
       environment:
         - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
       ports:
         - "5601:5601"
   
   volumes:
     wazuh-data:
     esdata:
   

4. Adjust the WAZUH_PASSWORD to a secure password of your choice.

Step 3: Deploy the Wazuh Stack

Now that you have set up the Docker Compose file, you can deploy the Wazuh stack.

1. Run the following command in the directory containing your docker-compose.yml file:

   docker-compose up -d
   

2. Check the status of your containers:

   docker-compose ps
   

   Ensure that all containers are running properly.

Step 4: Access Wazuh and Kibana

Once the containers are running, you can access the Wazuh and Kibana interfaces.

1. Access Wazuh:

   • Open your web browser and go to http://localhost:55000.
   • Log in using the username wazuh and the password you set in the docker-compose.yml file.

2. Access Kibana:

   • Open your web browser and go to http://localhost:5601.

Conclusion

You have successfully installed Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. This setup allows you to monitor security events effectively. Next steps could include configuring Wazuh agents on your monitored systems, exploring Kibana dashboards for data visualization, or integrating additional services into your infrastructure. Happy monitoring!