Wazuh tutorial 9. wazuh installation on docker env using docker-compose mulit-node-infra in english

3 min read 3 months ago
Published on Oct 03, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the installation of Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. Wazuh is a powerful security monitoring tool that provides threat detection, integrity monitoring, incident response, and compliance. Using Docker and Docker Compose simplifies the deployment process, making it accessible for both beginners and experienced users.

Step 1: Install Docker and Docker Compose

Before you can install Wazuh, ensure that Docker and Docker Compose are installed on your system.

  1. Install Docker:

    • For Windows or Mac, download and install Docker Desktop from the Docker website.

    • For Linux, use the following commands:

      sudo apt update
      sudo apt install docker.io
      
  2. Install Docker Compose:

    • You can install Docker Compose using the following command:

      sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
      sudo chmod +x /usr/local/bin/docker-compose
      
  3. Verify Installation:

    • Check if Docker and Docker Compose are installed correctly:

      docker --version
      docker-compose --version
      

Step 2: Set Up the Wazuh Docker Compose File

Create a Docker Compose file to define the Wazuh services.

  1. Create a directory for Wazuh:

    mkdir wazuh-docker
    cd wazuh-docker
    
  2. Create a docker-compose.yml file:

    • Open your preferred text editor and create a new file named docker-compose.yml.
  3. Add the following content to the docker-compose.yml file:

    version: '3.7'
    services:
      wazuh-manager:
        image: wazuh/wazuh:latest
        container_name: wazuh-manager
        environment:
          - WAZUH_PASSWORD=your_password_here
        volumes:
          - wazuh-data:/var/ossec/data
        ports:
          - "55000:55000"
    
      elasticsearch:
        image: elasticsearch:7.9.3
        container_name: elasticsearch
        environment:
          - discovery.type=single-node
          - ES_JAVA_OPTS=-Xms512m -Xmx512m
        volumes:
          - esdata:/usr/share/elasticsearch/data
        ports:
          - "9200:9200"
      
      kibana:
        image: kibana:7.9.3
        container_name: kibana
        environment:
          - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
        ports:
          - "5601:5601"
    
    volumes:
      wazuh-data:
      esdata:
    
  4. Adjust the WAZUH_PASSWORD to a secure password of your choice.

Step 3: Deploy the Wazuh Stack

Now that you have set up the Docker Compose file, you can deploy the Wazuh stack.

  1. Run the following command in the directory containing your docker-compose.yml file:

    docker-compose up -d
    
  2. Check the status of your containers:

    docker-compose ps
    

    Ensure that all containers are running properly.

Step 4: Access Wazuh and Kibana

Once the containers are running, you can access the Wazuh and Kibana interfaces.

  1. Access Wazuh:

    • Open your web browser and go to http://localhost:55000.
    • Log in using the username wazuh and the password you set in the docker-compose.yml file.
  2. Access Kibana:

    • Open your web browser and go to http://localhost:5601.

Conclusion

You have successfully installed Wazuh on a Docker environment using Docker Compose for a multi-node infrastructure. This setup allows you to monitor security events effectively. Next steps could include configuring Wazuh agents on your monitored systems, exploring Kibana dashboards for data visualization, or integrating additional services into your infrastructure. Happy monitoring!