Wazuh All-in-One Server Installation Guide: Boost Your Security!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey welcome back to General Labs I figured we'd change it up today I got a video on uh I've been playing actually with uh a Sim called was who was who uh it's pretty neat it's free it's open source you can buy a cloud version of it um but today we're gonna just do a quick installation I've got uh a Ubuntu desktop that's uh in my VMware Workstation kind of cloud um and we can we're going to go through I'm going to clone that uh the main image for that Ubuntu box and then we'll do just a one server install of Wazoo um and then we'll just get it powered up and see if it we can log into it um I'll have some more videos on like adding agents and things like that logs email alerts you can find another on YouTube but I figured I'd maybe change it up a tad all right we've been doing a lot of Cisco stuff which is awesome but uh yeah I want to cover some more Microsoft and then some security tools so this will just kind of via off the I don't know maybe a new series so let's get going um so I have VMware up and running um right now we're gonna I was gonna clone that so I have a standard image I use this helps me speed up uh labs are doing things uh where I need just to test something and I don't want to change um or I want to default configuration so I have just this Linux Linux image it's just Ubuntu um so right clicking on it if you do have VMware worksters I'm sure you're familiar with it but uh we'll right click go to manage and then we're just going to clone it and I'm going to hit next there and we can clone it on the current state of the VM or we can clone it uh and on the any snapshots that we have you know built off of this uh Linux image we're going to do the current state of the virtual machine just so it's fresh and then you've got kind of two choices here you can do a link clone which you're not really um well you can read that there I don't know if you can see it but it requires less disk space you know you're not like doing like you're not copying the whole hard drive over to a different location um so this is a lot faster but um yeah if you if you do delete the master image then you will lose the link clone will stop functioning so that FYI so you don't want to get rid of your master images go hit next and we'll call it was who and that's how fast it is so it should pop up over here down at the bottom and let's power this thing on might take a second I might do some pausing here so sure what I added for resources but probably not that much there it is a re-center the screen it's at here get a little bit more of the virtual machine on there all right I'm going to open a terminal then I've got the scripts kind of written down here you can find this on their site um their quick install so it was who installation assistant um got guides available there too actually we'll just go through that guide real quick that'll probably be the best option than what I have here but um Let's uh so I think we need curl installed uh so sudo app Star Girl I don't think I had that I didn't so let's put that on there and so let's download the assistant and the configuration file so let's copy that in the clipboard and let's paste those in here all right so those are done so the next thing we have to do like I said I'm going to be paraphrasing this configuration is there's the step by step if you have multiple servers things like that that you're doing we're just doing a lab setup or like a small network setup or you just want it running on one box which is probably most places unless you've got hundreds and hundreds of Agents or something um so we want to open we need to edit this config.yaml file and we need to change some variables here like VIP address and maybe like the name of the box if you if you want to change that some of the like the node name or the server name or dashboard name so let's go from there and let's do that so you know Nano config yaml and let's I'm going to leave these default on the names just for the lab's sake but feel free to customize that I need to find out my IP so this setup too is also DHCP I wouldn't do that either so you want to hard set these but this is just a lap so I'm sure you guys have already hard set uh your Linux box and then we'll whoops Alexa sorry my microphone's in my way all right so that's can all set up for the yaml file and now what are we doing all right we need to generate these config files here so this will be our next command to run nope you are right sudo expand this out a little bit I know the text is small zoom in and I get to editing all right so yeah we've got the cluster key that's in there the certificates and passwords necessary for the installation and we're all putting this was who install file so if we do an LS all that um anyway you'll notice that in figure yaml file is gone and so it used that to set these Woods who install files up so the next thing we need to do is do the install so cash a zoo and then there's actually any question mark that actually let me just hit it so we can so there's some options here on the installer and the one we're wanting and this I didn't find this in the documentation I think it's somewhere in here um like I said you don't if you follow this whole thing you're going to be setting like there's a lot more steps for the cluster than there is for the single single server setup so right now like we're pretty close to being done but the only thing we need to do here is we're looking for this just wanted to show you this a so we're we're going to specify like it's all in one so we'll throw that on there and then it's just a matter of waiting and waiting actually doesn't take too long so it's going to go through do all the installation hopefully there's no errors and then I'm going to pause it and I'll come back but then it should drop our username and password so we're able to sign into it so super easy super quick setup um pretty neat Sim if you're looking for something to just have some reporting I mean it's pretty powerful with IDs so it has an agent that goes on PCS or servers that um so am I something here I gotta cancel this here so yeah it's pretty pretty interesting so we'll go through some of those in another video I just wanted to get the server set up let me pause I'll be right back all right we're back so it took about I don't know 10 minutes or something to get this totally installed so as you can see there's quite a list of things the indexer uh file bead installation uh the wasu dashboard was Zoo dashboard um and then at the bottom here uh there you'll see your username and the the password that's generated you'll want to change this um even though it is fairly complex I would say I'm going to copy that but you can also find um where's that let me look in the documentation here it does save that to a file uh not seeing it it's maybe it's under the dashboard oh where are you um well I do know what's on a file I'll post it in the description um once I find it but I would just like I said I'd write that down or copy and paste that into into G edit or something so we can do that just so you have it and it's admin and this is generated so you guys can have it if you want uh I'll be changing it but um so now let's open uh Firefox and since I don't have a DNS server set up or not configured right now guess we could do localhost but one uh 248 I think yeah there we go all right so now we're seeing we don't have a valid certificate we're getting this error message I'm sure you guys have seen that before it accept and you can see our interface is coming up for that password in there in our dashboards live Neato super super fast super easy like I said if you have like a small office you guys are working with or you have a even a fairly decent sized company that you wanted to like bring your lobs and your event management into one server where you're collecting from Cisco or 48 or um you know your Microsoft stuff so you're we're going to be able to put like as it's shown here like no agents where we're added to this manager so if we click add agent it's pretty neat that it gives you this template so depending on whatever OS sent us Ubuntu Windows Mac um it on the Windows side this is a little outdated but uh got a huge deal it still runs I've tested it on server 2022. so you throw some of your settings in here and that'll generate you um uh invoke web requests that you can copy then and um throw out on your on your servers and then you're able to You Know download the installer you can also download the install the agent installer uh on was uh or Wazoo I'm gonna pronounce that wrong forever actually that was in that documentation here so if you go into your documentation you can find that you'll actually have the download for Windows there um and then the ins installation for like uh especially if you're wanting to like throw it out there there's a window installer yeah so you download the windows installer and then these are the command lines you'd use so the MSI so you could push this out if you wanted to if you have some kind of package management software Group Policy however you wanted to do that and then you would just specify the management uh the ones who manager IP address um for it to register and we'll do that in the next video we will start putting some agents out and start generating some alerts let's just go back to the home page so you can see here quite a few options quite a few things to change or week um you know your security events there's not going to be events right now they're actually the only event you're probably going to see right now is the uh is the wasu manager itself it's going to report its events here so um if we change something on that Ubuntu one box uh this actual the wasu server um it's going to be listing events also so it's collecting that right now so there is some events in there but nothing from so if I SSH into this box it would it would pop an alert uh so yeah system auditing it's just a great you know vulnerabilities that the machine knows about you can tie this in with all kinds of stuff great just a great piece of software so I'm going to start covering some of that as I learn it as I go forward too so um yeah I hope you can join for the next series or next couple videos in the series and appreciate your time thanks again

Info

Channel: Unreal Labs

Views: 13,601

Rating: undefined out of 5

Keywords: Wazuh, SIEM, Security, Installing Wazuh server, installing wazuh on linux, how to install Wazuh, Log management, Networking, network, network security, Cybersecurity training, Training, network training, ccna security, ccna, unreal labs, unreal-labs, IDS, Intrustions, Intrusion monitoring, Security for your network, Opensource, open source software, labbing, VMWare, Cloning a VM in VMWare Workstation, gns3

Id: 3CfjoCQmpo8

Channel Id: undefined

Length: 15min 46sec (946 seconds)

Published: Wed Sep 20 2023