Deploying Wazuh through the Linode Marketplace

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $100 credit.
This credit will be applied to any valid services used during your first 60 days.

Wazuh provides a security solution for monitoring your infrastructure and detecting threats, intrusion attempts, system anomalies, poorly configured applications, and unauthorized user actions. It also provides a framework for incident response and regulatory compliance.

Deploying the Wazuh Marketplace App

The Linode Marketplace allows you to easily deploy software on a Linode using the Linode Cloud Manager.

  1. Log in to the Cloud Manager and select the Marketplace link from the left navigation menu. This displays the Linode Compute Create page with the Marketplace tab pre-selected.

  2. Under the Select App section, select the app you would like to deploy.

  3. Fill out all required Options for the selected app as well as any desired Advanced Options (which are optional). See the Configuration Options section for details.

  4. Complete the rest of the form as discussed within the Getting Started > Create a Linode.

  5. Click the Create Linode button. Once the Linode has provisioned and has fully powered on, wait for the software installation to complete. If the Linode is powered off or restarted before this time, the software installation will likely fail. To determine if the installation has completed, open the Linode’s Lish console and wait for the system login prompt to appear.

  6. Follow the instructions within the Getting Started After Deployment section.

Software installation should complete within 10-15 minutes after the Linode has finished provisioning.

Configuration Options

Wazuh Options

Here are the additional options available for this Marketplace App:

FieldDescription
Admin Email for the serverThis email is require to generate the SSL certificates. Required
Your Linode API TokenYour Linode API Token is needed to create DNS records. If this is provided along with the subdomain and domain fields, the installation attempts to create DNS records via the Linode API. If you don’t have a token, but you want the installation to create DNS records, you must create one before continuing.
SubdomainThe subdomain you wish the installer to create a DNS record for during setup. The suggestion given is www. The subdomain should only be provided if you also provide a domain and API Token.
DomainThe domain name where you wish to host your Wazuh instance. The installer creates a DNS record for this domain during setup if you provide this field along with your API Token.
The limited sudo user to be created for the LinodeThis is the limited user account to be created for the Linode. This account has sudo user privileges.
The password for the limited sudo userSet a password for the limited sudo user. The password must meet the complexity strength validation requirements for a strong password. This password can be used to perform any action on your server, similar to root, so make it long, complex, and unique.
The SSH Public Key that will be used to access the LinodeIf you wish to access SSH via Public Key (recommended) rather than by password, enter the public key here.
Disable root access over SSH?Select Yes to block the root account from logging into the server via SSH. Select No to allow the root account to login via SSH.

General Options

For advice on filling out the remaining options on the Create a Linode form, see Getting Started > Create a Linode. That said, some options may be limited or recommended based on this Marketplace App:

  • Supported distributions: Ubuntu 20.04 LTS
  • Recommended plan: All plan types and sizes can be used, though a minimum of a 8GB Instance is recommended for production.

Getting Started after Deployment

Accessing the Wazuh App

  1. Open a web browser and navigate to the domain you created in the beginning of your deployment. You can also use your Compute Instance’s rDNS, which may look like li*.members.linode.com. See the Managing IP Addresses guide for information on viewing and setting the rDNS value.

  2. In the login screen that appears, enter admin as the username and admin as the password. Since the default admin user is set to read-only, you need to follow the steps below to reset the admin password.

    1. Log in to your Compute Instance over SSH. See Connecting to a Remote Server Over SSH for assistance.

    2. Run the Wazuh Password reset tool that has been preloaded onto your instance in the root directory:

      bash /root/wazuh-passwords-tool.sh -a
      
    3. After the tool finishes running, it outputs all of the new passwords for each system. Record these credentials.

    4. You are now able to log in to your Wazuh instance with your new admin credentials.

Now that you’ve accessed your Wazuh instance, you need to configure a Wazuh Agent on the server you’d like to monitor with Wazuh.

For more documentation on Wazuh, check out the official Wazuh documentation to learn how to further utilize your instance.

Note
Currently, Linode does not manage software and systems updates for Marketplace Apps. It is up to the user to perform routine maintenance on software deployed in this fashion.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on


Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.