VYOS

install Wazuh

Arsitektur Wazuh

Biasanya ada 3 komponen:

  1. Wazuh Server / Manager
    • menerima log & agent
  2. Indexer
    • database backend (OpenSearch)
  3. Dashboard
    • web UI monitoring

Untuk lab/testing bisa dijadikan 1 server all-in-one.

Spesifikasi Minimal

Untuk lab kecil:

  • CPU: 4 Core
  • RAM: 8 GB (minimal banget)
  • Disk: 100 GB SSD

Kalau RAM cuma 2-4 GB biasanya berat karena indexer makan RAM besar.

1. Update OS

apt update && apt upgrade -y

Install dependency:

apt install curl unzip wget apt-transport-https lsb-release gnupg -y

2. Download Installer Resmi

Masuk ke root:

cd /root

Download installer:

curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh

Beri permission:

chmod +x wazuh-install.sh

3. Install All-in-One

Paling gampang:

./wazuh-install.sh -a

Parameter -a artinya:

  • install manager
  • install indexer
  • install dashboard

Sekalian semua otomatis.

Proses bisa 10โ€“30 menit tergantung server.

4. Setelah Selesai

Nanti keluar informasi seperti:

INFO: --- Summary ---
INFO: You can access the web interface https://IP_SERVER
INFO: User: admin
INFO: Password: xxxxx

Simpan password adminnya.

5. Cek Service

systemctl status wazuh-manager
systemctl status wazuh-indexer
systemctl status wazuh-dashboard

Kalau normal harus status:

active (running)

6. Akses Dashboard

Buka browser:

https://IP-SERVER

Contoh:

https://192.168.1.10

Login:

  • user: admin
  • password: hasil installer

7. Open Firewall

Kalau pakai UFW:

ufw allow 443/tcp
ufw allow 1514/tcp
ufw allow 1515/tcp
ufw reload

Port penting:

  • 443 = dashboard
  • 1514 = agent log
  • 1515 = agent registration

8. Install Agent Linux

Di server/client Linux:

curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.11.0-1_amd64.deb

Install:

WAZUH_MANAGER='IP_WAZUH' dpkg -i ./wazuh-agent.deb

Contoh:

WAZUH_MANAGER='192.168.1.10' dpkg -i ./wazuh-agent.deb

Enable:

systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent

9. Cek Agent Masuk

Di server:

/var/ossec/bin/agent_control -l

Harus muncul agent connected.

Lokasi File Penting

Config Manager

/var/ossec/etc/ossec.conf

Log Wazuh

/var/ossec/logs/ossec.log

Config Dashboard

/etc/wazuh-dashboard/

Black list zimbra :

nano /opt/zimbra/conf/postfix_rbl_override

Posted

in

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *