diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index 9950d8a096..c2ef61b88b 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -65,8 +65,34 @@ removedUrls['x.y'] = [ /* *** RELEASE 4.9 ****/ +/* Redirections from 4.8 to 4.9 */ + +redirections.push( + { + 'target': ['4.8=>4.9', '4.9=>4.8'], + '4.8': '/deployment-options/offline-installation.html', + '4.9': '/deployment-options/offline-installation/index.html', + }, + { + 'target': ['4.9=>4.8'], + '4.8': '/deployment-options/offline-installation.html', + '4.9': '/deployment-options/offline-installation/step-by-step.html', + }, +); + +/* Pages added in 4.9 */ + newUrls['4.9'] = [ '/release-notes/release-4-9-0.html', + '/deployment-options/offline-installation/index.html', + '/deployment-options/offline-installation/step-by-step.html', + '/deployment-options/offline-installation/installation-assistant.html', +]; + +/* Pages no longer available in 4.9 */ + +removedUrls['4.9'] = [ + '/deployment-options/offline-installation.html', ]; /* *** RELEASE 4.8 ****/ diff --git a/source/deployment-options/index.rst b/source/deployment-options/index.rst index b419ff09d0..3f4437b4d8 100644 --- a/source/deployment-options/index.rst +++ b/source/deployment-options/index.rst @@ -38,7 +38,7 @@ All the alternatives include instructions on how to install the :doc:`Wazuh cent

Offline

-- :doc:`offline-installation`: Installing the solution offline involves downloading the Wazuh components to later install them on a system with no internet connection. +- :doc:`offline-installation/index`: Installing the solution offline involves downloading the Wazuh components to later install them on a system with no internet connection. .. raw:: html @@ -158,7 +158,7 @@ These alternatives guide you to install the Wazuh central components along with amazon-machine-images/amazon-machine-images docker/index deploying-with-kubernetes/index - offline-installation + offline-installation/index wazuh-from-sources/index deploying-with-ansible/index deploying-with-puppet/index diff --git a/source/deployment-options/offline-installation/index.rst b/source/deployment-options/offline-installation/index.rst new file mode 100644 index 0000000000..2434a9f2fe --- /dev/null +++ b/source/deployment-options/offline-installation/index.rst @@ -0,0 +1,77 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: Discover the offline step-by-step process to install the Wazuh central components without connection to the Internet. + +Offline installation +==================== + +You can install Wazuh even when there is no connection to the Internet. Installing the solution offline involves downloading the Wazuh central components to later install them on a system with no Internet connection. The Wazuh server, the Wazuh indexer, and the Wazuh dashboard can be installed and configured on the same host in an all-in-one deployment, or each component can be installed on a separate host as a distributed deployment, depending on your environment needs. + +For more information about the hardware requirements and the recommended operating systems, check the :ref:`Requirements ` section. + +.. note:: You need root user privileges to run all the commands described below. + +Prerequisites +------------- + +- ``curl``, ``tar``, and ``setcap`` need to be installed in the target system where the offline installation will be carried out. ``gnupg`` might need to be installed as well for some Debian-based systems. + +- In some systems, the command ``cp`` is an alias for ``cp -i`` β€” you can check this by running ``alias cp``. If this is your case, use ``unalias cp`` to avoid being asked for confirmation to overwrite files. + +Download the packages and configuration files +--------------------------------------------- + +#. Run the following commands from any Linux system with Internet connection. This action executes a script that downloads all required files for the offline installation on x86_64 architectures. Select the package format to download. + + .. tabs:: + + .. group-tab:: RPM + + .. code-block:: console + + # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-install.sh + # chmod 744 wazuh-install.sh + # ./wazuh-install.sh -dw rpm + + .. group-tab:: DEB + + .. code-block:: console + + # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-install.sh + # chmod 744 wazuh-install.sh + # ./wazuh-install.sh -dw deb + +#. Download the certificates configuration file. + + .. code-block:: console + + # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/config.yml + +#. Edit ``config.yml`` to prepare the certificates creation. + + - If you are performing an all-in-one deployment, replace ``""``, ``""``, and ``""`` with ``127.0.0.1``. + + - If you are performing a distributed deployment, replace the node names and IP values with the corresponding names and IP addresses. You need to do this for all the Wazuh server, the Wazuh indexer, and the Wazuh dashboard nodes. Add as many node fields as needed. + + +#. Run the ``./wazuh-install.sh -g`` to create the certificates. For a multi-node cluster, these certificates need to be later deployed to all Wazuh instances in your cluster. + + .. code-block:: console + + # ./wazuh-install.sh -g + +#. Copy or move ``wazuh-offline.tar.gz`` and ``wazuh-install-files.tar`` files to a folder accessible to the host(s) from where the offline installation will be carried out. This can be done by using ``scp``. + + +Next steps +---------- + +Once the Wazuh files are ready and copied to the specified hosts, it is necessary to install the Wazuh components. + + +.. toctree:: + :maxdepth: 1 + + installation-assistant + step-by-step \ No newline at end of file diff --git a/source/deployment-options/offline-installation/installation-assistant.rst b/source/deployment-options/offline-installation/installation-assistant.rst new file mode 100644 index 0000000000..8ceb104921 --- /dev/null +++ b/source/deployment-options/offline-installation/installation-assistant.rst @@ -0,0 +1,122 @@ +Install Wazuh components using the assistant +-------------------------------------------- + +Install and configure the different Wazuh components with the aid of the Wazuh installation assistant. + +.. note:: You need root user privileges to run all the commands described below. + +Please, make sure that a copy of the ``wazuh-install-files.tar`` and ``wazuh-offline.tar.gz`` files, created during the initial configuration step, is placed in your working directory. + +Installing the Wazuh indexer +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install and configure the Wazuh indexer nodes. + + +#. Run the assistant with the ``--offline-install`` to perform an offline installation. Use the option ``--wazuh-indexer`` and the node name to install and configure the Wazuh indexer. The node name must be the same one used in ``config.yml`` for the initial configuration, for example, ``node-1``. + + .. code-block:: console + + # bash wazuh-install.sh --offline-install --wazuh-indexer node-1 + + Repeat this step for every Wazuh indexer node in your cluster. Then proceed with initializing your single-node or multi-node cluster in the next step. + +#. Run the Wazuh installation assistant with option ``--start-cluster`` on any Wazuh indexer node to load the new certificates information and start the cluster. + + .. code-block:: console + + # bash wazuh-install.sh --start-cluster + + .. note:: You only have to initialize the cluster `once`, there is no need to run this command on every node. + +Testing the cluster installation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +#. Run the following command to get the *admin* password: + + .. code-block:: console + + # tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 + +#. Run the following command to confirm that the installation is successful. Replace ```` with the password gotten from the output of the previous command. Replace ```` with the configured Wazuh indexer IP address: + + .. code-block:: console + + # curl -k -u admin: https://:9200 + + .. code-block:: none + :class: output + + { + "name" : "node-1", + "cluster_name" : "wazuh-cluster", + "cluster_uuid" : "095jEW-oRJSFKLz5wmo5PA", + "version" : { + "number" : "7.10.2", + "build_type" : "rpm", + "build_hash" : "db90a415ff2fd428b4f7b3f800a51dc229287cb4", + "build_date" : "2023-06-03T06:24:25.112415503Z", + "build_snapshot" : false, + "lucene_version" : "9.6.0", + "minimum_wire_compatibility_version" : "7.10.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "The OpenSearch Project: https://opensearch.org/" + } + +#. Replace ```` and ````, and run the following command to check if the cluster is working correctly: + + .. code-block:: console + + # curl -k -u admin: https://:9200/_cat/nodes?v + +Installing the Wazuh server +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +#. Run the assistant with the ``--offline-install`` to perform an offline installation. Use the option ``--wazuh-server`` followed by the node name to install the Wazuh server. The node name must be the same one used in ``config.yml`` for the initial configuration, for example, ``wazuh-1``. + + .. code-block:: console + + # bash wazuh-install.sh --offline-install --wazuh-server wazuh-1 + +Your Wazuh server is now successfully installed. + +- If you want a Wazuh server multi-node cluster, repeat this step on every Wazuh server node. +- If you want a Wazuh server single-node cluster, everything is set and you can proceed directly with the next stage. + +Installing the Wazuh dashboard +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +#. Run the assistant with the ``--offline-install`` to perform an offline installation. Use the option ``--wazuh-dashboard`` and the node name to install and configure the Wazuh dashboard. The node name must be the same one used in ``config.yml`` for the initial configuration, for example, ``dashboard``. + + .. code-block:: console + + # bash wazuh-install.sh --wazuh-dashboard dashboard + + The default Wazuh web user interface port is 443, used by the Wazuh dashboard. You can change this port using the optional parameter ``-p|--port ``. Some recommended ports are 8443, 8444, 8080, 8888, and 9000. + + Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful. + + .. code-block:: none + :emphasize-lines: 3,4 + + INFO: --- Summary --- + INFO: You can access the web interface https:// + User: admin + Password: + + INFO: Installation finished. + + You now have installed and configured Wazuh. All passwords generated by the Wazuh installation assistant can be found in the ``wazuh-passwords.txt`` file inside the ``wazuh-install-files.tar`` archive. To print them, run the following command: + + .. code-block:: console + + # tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt + +#. Access the Wazuh web interface with your credentials. + + - URL: *https://* + - **Username**: *admin* + - **Password**: ** + + When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser instead. Alternatively, a certificate from a trusted authority can be configured. diff --git a/source/deployment-options/offline-installation.rst b/source/deployment-options/offline-installation/step-by-step.rst similarity index 79% rename from source/deployment-options/offline-installation.rst rename to source/deployment-options/offline-installation/step-by-step.rst index 1c23431bdd..a515c31352 100644 --- a/source/deployment-options/offline-installation.rst +++ b/source/deployment-options/offline-installation/step-by-step.rst @@ -1,79 +1,12 @@ -.. Copyright (C) 2015, Wazuh, Inc. - -.. meta:: - :description: Discover the offline step-by-step process to install the Wazuh central components without connection to the Internet. - -Offline installation -==================== - -You can install Wazuh even when there is no connection to the Internet. Installing the solution offline involves downloading the Wazuh central components to later install them on a system with no Internet connection. The Wazuh server, the Wazuh indexer, and the Wazuh dashboard can be installed and configured on the same host in an all-in-one deployment, or each component can be installed on a separate host as a distributed deployment, depending on your environment needs. - -For more information about the hardware requirements and the recommended operating systems, check the :ref:`Requirements ` section. - -.. note:: You need root user privileges to run all the commands described below. - -Prerequisites -------------- - -- ``curl``, ``tar``, and ``setcap`` need to be installed in the target system where the offline installation will be carried out. ``gnupg`` might need to be installed as well for some Debian-based systems. - -- In some systems, the command ``cp`` is an alias for ``cp -i`` β€” you can check this by running ``alias cp``. If this is your case, use ``unalias cp`` to avoid being asked for confirmation to overwrite files. - -Download the packages and configuration files ---------------------------------------------- - -#. Run the following commands from any Linux system with Internet connection. This action executes a script that downloads all required files for the offline installation on x86_64 architectures. Select the package format to download. - - .. tabs:: - - .. group-tab:: RPM - - .. code-block:: console - - # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-install.sh - # chmod 744 wazuh-install.sh - # ./wazuh-install.sh -dw rpm - - .. group-tab:: DEB - - .. code-block:: console - - # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-install.sh - # chmod 744 wazuh-install.sh - # ./wazuh-install.sh -dw deb - -#. Download the certificates configuration file. - - .. code-block:: console - - # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/config.yml - -#. Edit ``config.yml`` to prepare the certificates creation. - - - If you are performing an all-in-one deployment, replace ``""``, ``""``, and ``""`` with ``127.0.0.1``. - - - If you are performing a distributed deployment, replace the node names and IP values with the corresponding names and IP addresses. You need to do this for all the Wazuh server, the Wazuh indexer, and the Wazuh dashboard nodes. Add as many node fields as needed. - - -#. Run the ``./wazuh-certs-tool.sh`` to create the certificates. For a multi-node cluster, these certificates need to be later deployed to all Wazuh instances in your cluster. - - .. code-block:: console - - # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-certs-tool.sh - # chmod 744 wazuh-certs-tool.sh - # ./wazuh-certs-tool.sh --all - -#. Copy or move ``wazuh-offline.tar.gz`` file and ``./wazuh-certificates/`` folder to a folder accessible to the host(s) from where the offline installation will be carried out. This can be done by using ``scp``. - - -Install Wazuh components from local files +Install Wazuh components step by step ----------------------------------------- -#. In the working directory where you placed ``wazuh-offline.tar.gz`` and ``./wazuh-certificates/``, execute the following command to decompress the installation files: +#. In the working directory where you placed ``wazuh-offline.tar.gz`` and ``wazuh-install-files.tar``, execute the following command to decompress the installation files: .. code-block:: console # tar xf wazuh-offline.tar.gz + # tar xf wazuh-install-files.tar You can check the SHA512 of the decompressed package files in ``wazuh-offline/wazuh-packages/``. Find the SHA512 checksums in the :doc:`/installation-guide/packages-list`. @@ -87,14 +20,14 @@ Installing the Wazuh indexer .. group-tab:: RPM .. code-block:: console - + # rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH # rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-indexer*.rpm .. group-tab:: DEB .. code-block:: console - + # dpkg -i ./wazuh-offline/wazuh-packages/wazuh-indexer*.deb #. Run the following commands replacing ```` with the name of the Wazuh indexer node you are configuring as defined in ``config.yml``. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components. @@ -104,25 +37,25 @@ Installing the Wazuh indexer # NODE_NAME= .. code-block:: console - + # mkdir /etc/wazuh-indexer/certs - # mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem - # mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem - # mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/ - # mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/ - # cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/ + # mv -n wazuh-install-files/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem + # mv -n wazuh-install-files/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem + # mv wazuh-install-files/admin-key.pem /etc/wazuh-indexer/certs/ + # mv wazuh-install-files/admin.pem /etc/wazuh-indexer/certs/ + # cp wazuh-install-files/root-ca.pem /etc/wazuh-indexer/certs/ # chmod 500 /etc/wazuh-indexer/certs # chmod 400 /etc/wazuh-indexer/certs/* # chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs Here you move the node certificate and key files, such as `node-1.pem` and `node-1-key.pem`, to their corresponding `certs` folder. They're specific to the node and are not required on the other nodes. However, note that the `root-ca.pem` certificate isn't moved but copied to the `certs` folder. This way, you can continue deploying it to other component folders in the next steps. -#. Edit ``/etc/wazuh-indexer/opensearch.yml`` and replace the following values: - - - #. ``network.host``: Sets the address of this node for both HTTP and transport traffic. The node will bind to this address and will also use it as its publish address. Accepts an IP address or a hostname. +#. Edit ``/etc/wazuh-indexer/opensearch.yml`` and replace the following values: - Use the same node address set in ``config.yml`` to create the SSL certificates. + + #. ``network.host``: Sets the address of this node for both HTTP and transport traffic. The node will bind to this address and will also use it as its publish address. Accepts an IP address or a hostname. + + Use the same node address set in ``config.yml`` to create the SSL certificates. #. ``node.name``: Name of the Wazuh indexer node as defined in the ``config.yml`` file. For example, ``node-1``. @@ -135,8 +68,8 @@ Installing the Wazuh indexer - "node-2" - "node-3" - #. ``discovery.seed_hosts:`` List of the addresses of the master-eligible nodes. Each element can be either an IP address or a hostname. - You may leave this setting commented if you are configuring the Wazuh indexer as a single-node. For multi-node configurations, uncomment this setting and set your master-eligible nodes addresses. + #. ``discovery.seed_hosts:`` List of the addresses of the master-eligible nodes. Each element can be either an IP address or a hostname. + You may leave this setting commented if you are configuring the Wazuh indexer as a single-node. For multi-node configurations, uncomment this setting and set your master-eligible nodes addresses. .. code-block:: yaml @@ -144,7 +77,7 @@ Installing the Wazuh indexer - "10.0.0.1" - "10.0.0.2" - "10.0.0.3" - + #. ``plugins.security.nodes_dn``: List of the Distinguished Names of the certificates of all the Wazuh indexer cluster nodes. Uncomment the lines for ``node-2`` and ``node-3`` and change the common names (CN) and values according to your settings and your ``config.yml`` definitions. .. code-block:: yaml @@ -158,13 +91,13 @@ Installing the Wazuh indexer .. include:: /_templates/installations/indexer/common/enable_indexer.rst -#. For multi-node clusters, repeat the previous steps on every Wazuh indexer node. +#. For multi-node clusters, repeat the previous steps on every Wazuh indexer node. -#. When all Wazuh indexer nodes are running, run the Wazuh indexer ``indexer-init.sh`` script on `any Wazuh indexer node` to initialize the cluster. +#. When all Wazuh indexer nodes are running, run the Wazuh indexer ``indexer-security-init.sh`` script on `any Wazuh indexer node` to load the new certificates information and start the cluster. .. code-block:: console - # /usr/share/wazuh-indexer/bin/indexer-init.sh + # /usr/share/wazuh-indexer/bin/indexer-security-init.sh #. Run the following command to check that the installation is successful. Note that this command uses localhost, set your Wazuh indexer address if necessary. @@ -207,14 +140,14 @@ Installing the Wazuh manager .. group-tab:: RPM .. code-block:: console - + # rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH # rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-manager*.rpm .. group-tab:: DEB .. code-block:: console - + # dpkg -i ./wazuh-offline/wazuh-packages/wazuh-manager*.deb #. Enable and start the Wazuh manager service. @@ -223,7 +156,7 @@ Installing the Wazuh manager #. Run the following command to verify that the Wazuh manager status is active. - .. include:: /_templates/installations/wazuh/common/check_wazuh_manager.rst + .. include:: /_templates/installations/wazuh/common/check_wazuh_manager.rst Installing Filebeat @@ -238,19 +171,19 @@ Filebeat must be installed and configured on the same server as the Wazuh manage .. group-tab:: RPM .. code-block:: console - + # rpm -ivh ./wazuh-offline/wazuh-packages/filebeat*.rpm .. group-tab:: DEB .. code-block:: console - + # dpkg -i ./wazuh-offline/wazuh-packages/filebeat*.deb #. Move a copy of the configuration files to the appropriate location. Ensure to type β€œyes” at the prompt to overwrite ``/etc/filebeat/filebeat.yml``. .. code-block:: console - + # cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\ cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\ chmod go+r /etc/filebeat/wazuh-template.json @@ -268,7 +201,7 @@ Filebeat must be installed and configured on the same server as the Wazuh manage ... }, ... - } + } #. Edit the ``/etc/filebeat/filebeat.yml`` configuration file and replace the following value: @@ -277,34 +210,34 @@ Filebeat must be installed and configured on the same server as the Wazuh manage #. Create a Filebeat keystore to securely store authentication credentials. .. code-block:: console - + # filebeat keystore create #. Add the username and password ``admin``:``admin`` to the secrets keystore. - + .. code-block:: console # echo admin | filebeat keystore add username --stdin --force - # echo admin | filebeat keystore add password --stdin --force + # echo admin | filebeat keystore add password --stdin --force #. Install the Wazuh module for Filebeat. .. code-block:: console - - # tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.4.tar.gz -C /usr/share/filebeat/module + + # tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.2.tar.gz -C /usr/share/filebeat/module #. Replace ```` with your Wazuh server node certificate name, the same used in ``config.yml`` when creating the certificates. For example, ``wazuh-1``. Then, move the certificates to their corresponding location. .. code-block:: console - + # NODE_NAME= .. code-block:: console # mkdir /etc/filebeat/certs - # mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem - # mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem - # cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/ + # mv -n wazuh-install-files/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem + # mv -n wazuh-install-files/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem + # cp wazuh-install-files/root-ca.pem /etc/filebeat/certs/ # chmod 500 /etc/filebeat/certs # chmod 400 /etc/filebeat/certs/* # chown -R root:root /etc/filebeat/certs @@ -340,14 +273,14 @@ Filebeat must be installed and configured on the same server as the Wazuh manage talk to server... OK version: 7.10.2 - To check the number of shards that have been configured, you can run the following command. Note that this command uses localhost, set your Wazuh indexer address if necessary. - + To check the number of shards that have been configured, you can run the following command. Note that this command uses localhost, set your Wazuh indexer address if necessary. + .. code-block:: console # curl -k -u admin:admin "https://localhost:9200/_template/wazuh?pretty&filter_path=wazuh.settings.index.number_of_shards" Expand the output to see an example response. - + .. code-block:: none :class: output collapsed @@ -363,7 +296,7 @@ Filebeat must be installed and configured on the same server as the Wazuh manage Your Wazuh server node is now successfully installed. Repeat the steps of this installation process stage for every Wazuh server node in your cluster, expand the **Wazuh cluster configuration for multi-node deployment** section below, and carry on then with configuring the Wazuh cluster. If you want a Wazuh server single-node cluster, everything is set and you can proceed directly with the Wazuh dashboard installation. - + Wazuh cluster configuration for multi-node deployment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -381,17 +314,17 @@ Configuring the Wazuh server master node .. include:: /_templates/installations/manager/configure_wazuh_master_node.rst - #. Restart the Wazuh manager. + #. Restart the Wazuh manager. .. include:: /_templates/installations/manager/restart_wazuh_manager.rst - + Configuring the Wazuh server worker nodes """"""""""""""""""""""""""""""""""""""""" #. .. include:: /_templates/installations/manager/configure_wazuh_worker_node.rst - #. Restart the Wazuh manager. + #. Restart the Wazuh manager. .. include:: /_templates/installations/manager/restart_wazuh_manager.rst @@ -410,7 +343,7 @@ An example output of the command looks as follows: .. code-block:: none :class: output - + NAME TYPE VERSION ADDRESS master-node master |WAZUH_CURRENT| 10.0.0.3 worker-node1 worker |WAZUH_CURRENT| 10.0.0.4 @@ -428,14 +361,14 @@ Installing the Wazuh dashboard .. group-tab:: RPM .. code-block:: console - + # rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH # rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-dashboard*.rpm .. group-tab:: DEB .. code-block:: console - + # dpkg -i ./wazuh-offline/wazuh-packages/wazuh-dashboard*.deb #. Replace ```` with your Wazuh dashboard node name, the same used in ``config.yml`` to create the certificates. For example, ``dashboard``. Then, move the certificates to their corresponding location. @@ -447,9 +380,9 @@ Installing the Wazuh dashboard .. code-block:: console # mkdir /etc/wazuh-dashboard/certs - # mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem - # mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem - # cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/ + # mv -n wazuh-install-files/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem + # mv -n wazuh-install-files/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem + # cp wazuh-install-files/root-ca.pem /etc/wazuh-dashboard/certs/ # chmod 500 /etc/wazuh-dashboard/certs # chmod 400 /etc/wazuh-dashboard/certs/* # chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs @@ -473,10 +406,10 @@ Installing the Wazuh dashboard .. include:: /_templates/installations/dashboard/enable_dashboard.rst #. **Only for distributed deployments**: Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. - + .. code-block:: yaml :emphasize-lines: 3 - + hosts: - default: url: https://localhost @@ -487,9 +420,9 @@ Installing the Wazuh dashboard #. Run the following command to verify the Wazuh dashboard service is active. - .. include:: /_templates/installations/wazuh/common/check_wazuh_dashboard.rst + .. include:: /_templates/installations/wazuh/common/check_wazuh_dashboard.rst -#. Access the web interface. +#. Access the web interface. - URL: *https://* - **Username**: admin @@ -498,10 +431,10 @@ Installing the Wazuh dashboard Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. Securing your Wazuh installation --------------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -You have now installed and configured all the Wazuh central components. We recommend changing the default credentials to protect your infrastructure from possible attacks. +You have now installed and configured all the Wazuh central components. We recommend changing the default credentials to protect your infrastructure from possible attacks. Select your deployment type and follow the instructions to change the default passwords for both the Wazuh API and the Wazuh indexer users. @@ -511,14 +444,14 @@ Select your deployment type and follow the instructions to change the default pa .. group-tab:: All-in-one deployment #. Use the Wazuh passwords tool to change all the internal users passwords. - + .. code-block:: console - + # /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all --admin-user wazuh --admin-password wazuh - + .. code-block:: console :class: output - + INFO: The password for user admin is yWOzmNA.?Aoc+rQfDBcF71KZp?1xd7IO INFO: The password for user kibanaserver is nUa+66zY.eDF*2rRl5GKdgLxvgYQA+wo INFO: The password for user kibanaro is 0jHq.4i*VAgclnqFiXvZ5gtQq1D5LCcL @@ -529,16 +462,16 @@ Select your deployment type and follow the instructions to change the default pa INFO: The password for Wazuh API user wazuh is JYWz5Zdb3Yq+uOzOPyUU4oat0n60VmWI INFO: The password for Wazuh API user wazuh-wui is +fLddaCiZePxh24*?jC0nyNmgMGCKE+2 INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service. - - + + .. group-tab:: Distributed deployment - #. On `any Wazuh indexer node`, use the Wazuh passwords tool to change the passwords of the Wazuh indexer users. + #. On `any Wazuh indexer node`, use the Wazuh passwords tool to change the passwords of the Wazuh indexer users. .. code-block:: console - + # /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all - + .. code-block:: console :class: output @@ -553,19 +486,19 @@ Select your deployment type and follow the instructions to change the default pa - #. On your `Wazuh server master node`, change the default password of the admin users: `wazuh` and `wazuh-wui`. Note that the commands below use localhost, set your Wazuh manager IP address if necessary. + #. On your `Wazuh server master node`, change the default password of the admin users: `wazuh` and `wazuh-wui`. Note that the commands below use localhost, set your Wazuh manager IP address if necessary. - #. Get an authorization TOKEN. + #. Get an authorization TOKEN. .. code-block:: console # TOKEN=$(curl -u wazuh-wui:wazuh-wui -k -X GET "https://localhost:55000/security/user/authenticate?raw=true") - #. Change the `wazuh` user credentials (ID 1). Select a password between 8 and 64 characters long, it should contain at least one uppercase and one lowercase letter, a number, and a symbol. See :api-ref:`PUT /security/users/{user_id} ` to learn more. + #. Change the `wazuh` user credentials (ID 1). Select a password between 8 and 64 characters long, it should contain at least one uppercase and one lowercase letter, a number, and a symbol. See :api-ref:`PUT /security/users/{user_id} ` to learn more. .. code-block:: console - curl -k -X PUT "https://localhost:55000/security/users/1" -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d' + curl -k -X PUT "https://localhost:55000/security/users/1" -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d' { "password": "SuperS3cretPassword!" }' @@ -573,30 +506,30 @@ Select your deployment type and follow the instructions to change the default pa .. code-block:: console :class: output - {"data": {"affected_items": [{"id": 1, "username": "wazuh", "allow_run_as": true, "roles": [1]}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "User was successfully updated", "error": 0} - - - #. Change the `wazuh-wui` user credentials (ID 2). + {"data": {"affected_items": [{"id": 1, "username": "wazuh", "allow_run_as": true, "roles": [1]}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "User was successfully updated", "error": 0} + + + #. Change the `wazuh-wui` user credentials (ID 2). .. code-block:: console - curl -k -X PUT "https://localhost:55000/security/users/2" -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d' + curl -k -X PUT "https://localhost:55000/security/users/2" -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -d' { "password": "SuperS3cretPassword!" }' .. code-block:: console - :class: output + :class: output {"data": {"affected_items": [{"id": 2, "username": "wazuh-wui", "allow_run_as": true, "roles": [1]}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "User was successfully updated", "error": 0} + + See the :doc:`Securing the Wazuh API ` section for additional security configurations. - See the :doc:`Securing the Wazuh API ` section for additional security configurations. - - .. note:: Remember to store these passwords securely. + .. note:: Remember to store these passwords securely. #. On `all your Wazuh server nodes`, run the following command to update the `admin` password in the Filebeat keystore. Replace ```` with the random password generated in the first step. - + .. code-block:: console # echo | filebeat keystore add password --stdin --force @@ -606,7 +539,7 @@ Select your deployment type and follow the instructions to change the default pa .. include:: /_templates/common/restart_filebeat.rst .. note:: Repeat steps 3 and 4 on `every Wazuh server node`. - + #. On your `Wazuh dashboard node`, run the following command to update the `kibanaserver` password in the Wazuh dashboard keystore. Replace ```` with the random password generated in the first step. .. code-block:: console @@ -617,7 +550,7 @@ Select your deployment type and follow the instructions to change the default pa .. code-block:: yaml :emphasize-lines: 6 - + hosts: - default: url: https://localhost @@ -632,7 +565,7 @@ Select your deployment type and follow the instructions to change the default pa Next steps ----------- +^^^^^^^^^^ Once the Wazuh environment is ready, Wazuh agents can be installed on every endpoint to be monitored. To install the Wazuh agents and start monitoring the endpoints, see the :doc:`Wazuh agent ` installation section. If you need to install them offline, you can check the appropriate agent package to download for your monitored system in the :ref:`Wazuh agent packages list ` section.