Install #Wazuh 4.x on Ubuntu 22.04 all in one with single command

Krishnendu Paul

Apr 23, 2023 1 min read

Surely you heard about Wazuh. Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments.  For details - visit . Target of this post to to deploy all services of Wazuh in a single server super fast, so without much effort you can deploy wazuh agent on your test systems to try wazuh.

So, lets start install dependencies on a freshly deployed Ubuntu instance.

sudo apt update && sudo apt install curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release gnupg2

Plan is to deploy all in one server for Wazuh as per following diagram

So - let's start. Deploy Wazuh 4.5.x all in one system

curl -sO && chmod 744 && bash ./ -a

And you are done. Once install complete, it will show you the URL to access the dashboard and username and password.

Inside Dashboard, you will find option to add agent, which will give you command line to add agent on your endpoint. For Ubuntu 15.x endpoints, add agent using following command  ( Just change the [Your Wazuh Server Address Here] part ).  It will not only enable wazuh agent, also it will configure your wazuh agent for active response

curl -so wazuh-agent.deb && sudo WAZUH_MANAGER='[YOUR WAZUH SERVER ADDRESS HERE]' dpkg -i ./wazuh-agent.deb && echo "wazuh_command.remote_commands=1" >> /var/ossec/etc/local_internal_options.conf && sudo systemctl daemon-reload && sudo systemctl enable wazuh-agent && sudo systemctl start wazuh-agent 

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.