curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh
curl -sO https://packages.wazuh.com/4.9/config.yml
Edit the configuration file:
sudo nano config.yml
For all-in-one installation:
nodes:
wazuh:
- name: node-1
ip: "127.0.0.1"
indexer:
- name: node-1
ip: "127.0.0.1"
dashboard:
- name: node-1
ip: "127.0.0.1"
sudo bash wazuh-install.sh -a
This will install:
The installation takes approximately 10-15 minutes.
After installation, retrieve the admin password:
sudo cat /etc/wazuh-dashboard/opensearch_dashboards/keystore/passwords
Or for newer versions:
sudo cat /etc/wazuh-indexer/opensearch-security/internal_users.yml
On Debian 13:
sudo systemctl enable --now wazuh-manager wazuh-indexer wazuh-dashboard
On RHEL 10:
sudo systemctl enable --now wazuh-manager wazuh-indexer wazuh-dashboard
Verify services are running:
sudo systemctl status wazuh-manager
sudo systemctl status wazuh-indexer
sudo systemctl status wazuh-dashboard
On UFW:
sudo ufw allow 443/tcp
sudo ufw allow 1514/tcp
sudo ufw allow 1515/tcp
sudo ufw allow 55000/tcp
On firewalld:
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-port=1514/tcp
sudo firewall-cmd --permanent --add-port=1515/tcp
sudo firewall-cmd --permanent --add-port=55000/tcp
sudo firewall-cmd --reload
Open https://SERVER_IP and log in with username admin and the password retrieved in Step 4.
Note: You may need to accept the self-signed certificate warning.
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --dearmor -o /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
sudo apt update
sudo WAZUH_MANAGER="WAZUH_SERVER_IP" WAZUH_AGENT_NAME="agent-name" apt install -y wazuh-agent
sudo systemctl enable --now wazuh-agent
sudo rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
sudo tee /etc/yum.repos.d/wazuh.repo >/dev/null <<'EOF'
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=Wazuh repository
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
EOF
sudo WAZUH_MANAGER="WAZUH_SERVER_IP" WAZUH_AGENT_NAME="agent-name" dnf install -y wazuh-agent
sudo systemctl enable --now wazuh-agent
Download and run the installer:
$msiUrl = "https://packages.wazuh.com/4.x/windows/wazuh-agent-4.9.0-1.msi"
Invoke-WebRequest -Uri $msiUrl -OutFile wazuh-agent.msi
msiexec /i wazuh-agent.msi /q WAZUH_MANAGER="WAZUH_SERVER_IP" WAZUH_AGENT_NAME="windows-agent"
In the Wazuh dashboard:
Navigate to Security > Security events to view:
Edit /var/ossec/etc/ossec.conf on the manager:
<active-response>
<disabled>no</disabled>
<ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
</active-response>
See Wazuh Hardening.
Stuck on a step or need custom configuration? We provide paid consulting for Wazuh deployments, from single-instance setups to distributed clusters.
📧 office@linux-server-admin.com
🌐 Contact Page
Prefer automation? See Wazuh Ansible Setup for an example playbook.
Prefer containers? See Wazuh Docker Setup.
See Wazuh Configuration for configuration guidance.
See Wazuh Security for hardening guidance.