# Wazuh Dashboard Installation

{% hint style="info" %}
<https://documentation.wazuh.com/4.10/installation-guide/wazuh-dashboard/step-by-step.html>
{% endhint %}

Installing the packages :&#x20;

```bash
apt-get install debhelper tar curl libcap2-bin #debhelper version 9 or later
apt-get install gnupg apt-transport-https
```

Installing the GPG keys & adding the repositories :&#x20;

```bash
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update
```

Installing the wazuh dashboard :&#x20;

```bash
apt-get -y install wazuh-dashboard=4.10.1-1
```

Configuring the wazuh dashboard:&#x20;

Edit the `/etc/wazuh-dashboard/opensearch_dashboards.yml` file and replace the following values:

1. `server.host`: This setting specifies the host of the Wazuh dashboard server. To allow remote users to connect, set the value to the IP address or DNS name of the Wazuh dashboard server. The value `0.0.0.0` will accept all the available IP addresses of the host.
2. `opensearch.hosts`: The URLs of the Wazuh indexer instances to use for all your queries. The Wazuh dashboard can be configured to connect to multiple Wazuh indexer nodes in the same cluster. The addresses of the nodes can be separated by commas. For example, `["https://10.0.0.2:9200", "https://10.0.0.3:9200","https://10.0.0.4:9200"]`

{% code overflow="wrap" %}

```bash
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://192.168.146.157:9200 <--CHANGE THIS-->
opensearch.ssl.verificationMode: certificate 
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
```

{% endcode %}

#### Deploying certificates :&#x20;

Replace `<DASHBOARD_NODE_NAME>` with your Wazuh dashboard node name, the same one used in `config.yml` to create the certificates, and move the certificates to their corresponding location.

```bash
NODE_NAME=<DASHBOARD_NODE_NAME>
# NODE_NAME=dashboard-node-1
```

```bash
mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
```

Starting the services :&#x20;

```bash
systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard
```

Edit the `/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml` file and replace the `url` value with the IP address or hostname of the Wazuh server master node.

```bash
hosts:
  - default:
      url: https://192.168.146.157 <--CHANGE THIS-->
      port: 55000
      username: wazuh-wui
      password: wazuh-wui
      run_as: false
```

Access the Wazuh web interface with your credentials.

* **URL**: `https://<WAZUH_DASHBOARD_IP_ADDRESS>`
* **Username**: `admin`
* **Password**: `admin` &#x20;

<figure><img src="https://2332860236-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fq6mjlFfyDOi3mV0lemKE%2Fuploads%2F8ciaZOAnyMT9d7C8TNee%2Fimage.png?alt=media&#x26;token=578108d7-a311-495e-b57b-b11e92e0b9c5" alt=""><figcaption></figcaption></figure>

Here we have completed the single node deployment to wazuh and in the upcoming sections we will learn how to deploy wazuh in shared multinode deployment.

***

## Securing Wazuh Installation :&#x20;

Use the Wazuh passwords tool to change all the internal users' passwords.

```bash
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
```

The output should look like :&#x20;

{% code overflow="wrap" %}

```bash
INFO: The password for user admin is yWOzmNA.?Aoc+rQfDBcF71KZp?1xd7IO
INFO: The password for user kibanaserver is nUa+66zY.eDF*2rRl5GKdgLxvgYQA+wo
INFO: The password for user kibanaro is 0jHq.4i*VAgclnqFiXvZ5gtQq1D5LCcL
INFO: The password for user logstash is hWW6U45rPoCT?oR.r.Baw2qaWz2iH8Ml
INFO: The password for user readall is PNt5K+FpKDMO2TlxJ6Opb2D0mYl*I7FQ
INFO: The password for user snapshotrestore is +GGz2noZZr2qVUK7xbtqjUup049tvLq.
WARNING: Wazuh indexer passwords changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.
INFO: The password for Wazuh API user wazuh is JYWz5Zdb3Yq+uOzOPyUU4oat0n60VmWI
INFO: The password for Wazuh API user wazuh-wui is +fLddaCiZePxh24*?jC0nyNmgMGCKE+2
INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
```

{% endcode %}