Cyber Security: Wazuh Install Docker: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
Unknown user (talk)
Created page with "Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**. Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh..."
 
No edit summary
 
Line 1: Line 1:
Baik, saya kasih panduan step-by-step instalasi **Wazuh di Ubuntu 24.04**.
Oke 👍 saya jelaskan langkah-langkah **instalasi Wazuh dengan Docker di Ubuntu 24.04**. Cara ini lebih simpel karena pakai *docker-compose* resmi dari Wazuh.
Wazuh biasanya dipasang dalam bentuk **Wazuh server (manager + indexer + dashboard)**, atau **Wazuh agent** di endpoint.
Di sini saya jelaskan instalasi **all-in-one Wazuh server** untuk uji coba/lab (production biasanya dipisah per komponen).


---
---


## 🔹 1. Persiapan
## 1. Persiapan Server


Pastikan sistem sudah update:
Pastikan Ubuntu sudah update dan punya akses root/sudo:


```bash
```bash
Line 13: Line 11:
```
```


Install paket pendukung:
Install paket dasar:


```bash
```bash
sudo apt install curl apt-transport-https unzip wget gnupg lsb-release software-properties-common -y
sudo apt install -y curl apt-transport-https ca-certificates gnupg lsb-release
```
```


---
---


## 🔹 2. Tambah Repository Wazuh
## 2. Install Docker & Docker Compose


Import GPG key:
Install Docker CE:


```bash
```bash
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --dearmor -o /usr/share/keyrings/wazuh.gpg
curl -fsSL https://get.docker.com | sh
```
```


Tambahkan repo:
Tambahkan user ke grup docker (opsional biar tidak perlu sudo):


```bash
```bash
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt stable main" | \
sudo usermod -aG docker $USER
  sudo tee /etc/apt/sources.list.d/wazuh.list
```
```


Update:
→ logout / login lagi agar aktif.
 
Cek versi:


```bash
```bash
sudo apt update
docker --version
docker compose version
```
```


---
---


## 🔹 3. Instal Wazuh Manager
## 3. Ambil Repository Wazuh Docker
 
Clone repo resmi Wazuh:


```bash
```bash
sudo apt install wazuh-manager -y
git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.0
```
```


Jalankan service:
*(ganti `v4.8.0` dengan versi terbaru jika ada update)*
 
Masuk ke folder:


```bash
```bash
sudo systemctl daemon-reload
cd wazuh-docker/single-node
sudo systemctl enable wazuh-manager
sudo systemctl start wazuh-manager
sudo systemctl status wazuh-manager
```
```


---
---


## 🔹 4. Instal Wazuh Indexer (ElasticSearch fork)
## 4. Jalankan Wazuh


```bash
Jalankan stack Wazuh:
sudo apt install wazuh-indexer -y
```
 
Enable & start:


```bash
```bash
sudo systemctl enable wazuh-indexer
docker compose up -d
sudo systemctl start wazuh-indexer
```
```


---
Cek status container:
 
## 🔹 5. Instal Wazuh Dashboard (Web UI)


```bash
```bash
sudo apt install wazuh-dashboard -y
docker ps
```
```


Enable & start:
Container yang harusnya jalan:


```bash
* `wazuh.manager` → core engine
sudo systemctl enable wazuh-dashboard
* `wazuh.dashboard` → UI web
sudo systemctl start wazuh-dashboard
* `wazuh.indexer` → database/search
```


---
---


## 🔹 6. Akses Dashboard
## 5. Akses Dashboard


Default URL:
Setelah semua jalan, buka browser ke:


```
```
https://<IP-server>:5601
https://<IP_SERVER>:443
```
```


Login awal biasanya:
Default login (bisa dicek di `config/wazuh_dashboard_pass`):


* **User:** `admin`
* User: `admin`
* **Password:** bisa dicek dengan:
* Password: auto-generate → lihat pakai:


   ```bash
   ```bash
   sudo cat /etc/wazuh-dashboard/initial_admin_password
   docker exec -it wazuh.dashboard cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh-passwords.txt
   ```
   ```


---
---


## 🔹 7. Tambah Wazuh Agent (Contoh di Ubuntu)
## 6. Install Agent (contoh Linux)


```bash
Di endpoint yang ingin dipantau:
sudo apt install wazuh-agent -y
```
 
Edit konfigurasi:
 
```bash
sudo nano /var/ossec/etc/ossec.conf
```
 
Ubah bagian:
 
```xml
<server>
  <address>IP_WAZUH_MANAGER</address>
</server>
```
 
Jalankan agent:


```bash
```bash
curl -sO https://packages.wazuh.com/4.8/wazuh-agent-4.8.0.deb
sudo WAZUH_MANAGER="<IP_SERVER>" dpkg -i ./wazuh-agent-4.8.0.deb
sudo systemctl enable wazuh-agent
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
sudo systemctl start wazuh-agent
Line 139: Line 116:
---
---


## 🔹 8. Verifikasi
✅ Selesai! Sekarang log dari agent akan muncul di dashboard Wazuh.


* Cek log manager:
---
 
  ```bash
  sudo tail -f /var/ossec/logs/ossec.log
  ```
* Cek agent status:
 
 
  sudo /var/ossec/bin/agent_control -ls
 
👉 Dengan langkah di atas, Wazuh sudah bisa berjalan di Ubuntu 24.04 dengan **Manager + Indexer + Dashboard**.


Mau saya bikinkan juga **versi instalasi via Docker Compose (lebih cepat dan rapi)** atau cukup native saja seperti ini?
Mau saya bikinkan juga **docker-compose.yml minimal** (single-node) biar tidak perlu clone repo resmi, cukup copy-paste file saja?

Latest revision as of 03:48, 22 September 2025

Oke 👍 saya jelaskan langkah-langkah **instalasi Wazuh dengan Docker di Ubuntu 24.04**. Cara ini lebih simpel karena pakai *docker-compose* resmi dari Wazuh.

---

    1. 1. Persiapan Server

Pastikan Ubuntu sudah update dan punya akses root/sudo:

```bash sudo apt update && sudo apt upgrade -y ```

Install paket dasar:

```bash sudo apt install -y curl apt-transport-https ca-certificates gnupg lsb-release ```

---

    1. 2. Install Docker & Docker Compose

Install Docker CE:

```bash curl -fsSL https://get.docker.com | sh ```

Tambahkan user ke grup docker (opsional biar tidak perlu sudo):

```bash sudo usermod -aG docker $USER ```

→ logout / login lagi agar aktif.

Cek versi:

```bash docker --version docker compose version ```

---

    1. 3. Ambil Repository Wazuh Docker

Clone repo resmi Wazuh:

```bash git clone https://github.com/wazuh/wazuh-docker.git -b v4.8.0 ```

  • (ganti `v4.8.0` dengan versi terbaru jika ada update)*

Masuk ke folder:

```bash cd wazuh-docker/single-node ```

---

    1. 4. Jalankan Wazuh

Jalankan stack Wazuh:

```bash docker compose up -d ```

Cek status container:

```bash docker ps ```

Container yang harusnya jalan:

  • `wazuh.manager` → core engine
  • `wazuh.dashboard` → UI web
  • `wazuh.indexer` → database/search

---

    1. 5. Akses Dashboard

Setelah semua jalan, buka browser ke:

``` https://<IP_SERVER>:443 ```

Default login (bisa dicek di `config/wazuh_dashboard_pass`):

  • User: `admin`
  • Password: auto-generate → lihat pakai:
 ```bash
 docker exec -it wazuh.dashboard cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh-passwords.txt
 ```

---

    1. 6. Install Agent (contoh Linux)

Di endpoint yang ingin dipantau:

```bash curl -sO https://packages.wazuh.com/4.8/wazuh-agent-4.8.0.deb sudo WAZUH_MANAGER="<IP_SERVER>" dpkg -i ./wazuh-agent-4.8.0.deb sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent ```

---

✅ Selesai! Sekarang log dari agent akan muncul di dashboard Wazuh.

---

Mau saya bikinkan juga **docker-compose.yml minimal** (single-node) biar tidak perlu clone repo resmi, cukup copy-paste file saja?

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Cyber_Security:_Wazuh_Install_Docker&oldid=72829"