TLDR Wazuh setup

TLDR Wazuh setup

Create two servers on Linode:

  • 1GB Ubuntu for the agent
  • 4GB Ubuntu for the server Note:This is the minimum requirement

On the server machine

  1. Connect to the "server" via SSH and run apt update
  2. Next, run curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

You should see an output like this:
INFO: --- Summary --- INFO: You can access the web interface https://<wazuh-dashboard-ip> User: admin Password: <ADMIN_PASSWORD> INFO: Installation finished.

You should now be able to login to the machine in your browser using the credentials provided.

On the agent machine

  1. Connect to the "agent" via SSH and run apt update

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

apt-get update

Deply the Wazuh Agent
WAZUH_MANAGER="10.0.0.2" apt-get install wazuh-agent

Enable and start the Wazuh agent service.
systemctl daemon-reload systemctl enable wazuh-agent systemctl start wazuh-agent