search
Website Toolbase

Wazuh Dashboard Installation

circle-info

https://documentation.wazuh.com/4.10/installation-guide/wazuh-dashboard/step-by-step.htmlarrow-up-right

Installing the packages : 

apt-get install debhelper tar curl libcap2-bin #debhelper version 9 or later
apt-get install gnupg apt-transport-https

Installing the GPG keys & adding the repositories : 

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update

Installing the wazuh dashboard : 

apt-get -y install wazuh-dashboard=4.10.1-1

Configuring the wazuh dashboard:

Edit the /etc/wazuh-dashboard/opensearch_dashboards.yml file and replace the following values:

  1. server.host: This setting specifies the host of the Wazuh dashboard server. To allow remote users to connect, set the value to the IP address or DNS name of the Wazuh dashboard server. The value 0.0.0.0 will accept all the available IP addresses of the host.

  2. opensearch.hosts: The URLs of the Wazuh indexer instances to use for all your queries. The Wazuh dashboard can be configured to connect to multiple Wazuh indexer nodes in the same cluster. The addresses of the nodes can be separated by commas. For example, ["https://10.0.0.2:9200", "https://10.0.0.3:9200","https://10.0.0.4:9200"]

server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://192.168.146.157:9200 <--CHANGE THIS-->
opensearch.ssl.verificationMode: certificate 
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home

hashtag
Deploying certificates :

Replace <DASHBOARD_NODE_NAME> with your Wazuh dashboard node name, the same one used in config.yml to create the certificates, and move the certificates to their corresponding location.

Starting the services :

Edit the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file and replace the url value with the IP address or hostname of the Wazuh server master node.

Access the Wazuh web interface with your credentials.

  • URL: https://<WAZUH_DASHBOARD_IP_ADDRESS>

  • Username: admin

  • Password: admin

Here we have completed the single node deployment to wazuh and in the upcoming sections we will learn how to deploy wazuh in shared multinode deployment.

hashtag
Securing Wazuh Installation :

Use the Wazuh passwords tool to change all the internal users' passwords.

The output should look like :

PreviousWazuh Server InstallationNextSingle node deployment with Script

Last updated