Introduction:
Wazuh is an open-source security platform that aims to help organizations monitor and manage security incidents, detect threats, and ensure compliance with security regulations. It provides capabilities for intrusion detection, log analysis, vulnerability detection, and threat intelligence, wazuh is trusted and used by thousands of organizations around the world. With its powerful features and flexible capabilities, it has become a preferred choice for those looking for a reliable and flexible open-source security platform. Wazuh is a powerful security platform that combines threat detection and response capabilities and is characterized by the ability to integrate and customize to meet the needs of different organizations.
Features of Wazuh
Protect endpoints and cloud workloads: Wazuh provides continuous protection for on-ground and cloud-based environments, ensuring environments are protected from potential threats.
Integration and scalability: Wazuh can integrate with other security tools and expand its capabilities based on an organization’s needs.
Security monitoring and log data analysis: Wazuh enables effective threat detection and response through log data analysis.
Security Integration Monitoring and Incident Response: Wazuh supports regulatory compliance monitoring and cloud security.
Security Tools, Log Control, and Incident Control: Wazuh provides tools for security, incident control, and log control.
Installation Wazuh by AWS
Step 1 “Launch Instance”
When logging into the AWS account, we select the EC2 service through Services or by the search box:
Click on Launch instance
Under Name and tags
Enter a name to identify your instance, For this tutorial, name the instance (Wazuh)
Under Application and OS Images:
From Quick Start, choose an AMI that meets your web server needs
Here we choose Ubuntu (which is free tier eligible)
Under Instance type:
Choose the type of instance, here we choose t2.medium.(It is recommended that the lowest specifications be 2CPU and 4GiB, which are available in the t2.medium or higher instance).
Under Key pair (login):
Choose the key pair
or create new key pair:
Give a name to the key pair, then click Create key pair
Under Network settings: under Firewall (security groups)
Choose to Create security groups
To Allow SSH traffic by clicking on the check box
To Allow HTTPS traffic from the internet by clicking on the check box
Leave all other configurations as they are (default settings)
In the Summary panel, review your instance configuration and then choose Launch instance.
Successfully initiated launch of instance and to see the instance click on the ID:
Your instance will first be Pending, and will then go into the Running state.
Step 2: “Connect to the instance”
To connect to your instance, select the instance and choose Connect.
There are many ways to connect to ec2, here we will choose the SSH client to connect.
After selecting the “SSH Client” section, copy and execute the following commands in the terminal as per the following steps:
Open Terminal (here we use Git Bash)
Change the directory with the cd command (change directory), where you have downloaded your pem file(key pair).
In this article, the pem file is stored in the downloads folder.
Execute the cd command to change the path to the location of the encryption key
cd Download/
Execute the following commands sequentially
Chmod 400 [key pair name].pem
ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name
After the command is executed you will be prompted to type “Yes” to continue with the connection
And that’s it! Now we’re logged in to our AWS instance.
Before installing Wazuh on an EC2 instance:
We get root permission by executing the sudo -i command
Executing the command “sudo -i” means booting as root on Linux. The main feature of this command is that it gives you full admin (root user) privileges, allowing you to perform commands and operations that require root user privileges.
Step 3 “Install Wazuh”
Now to install Wazuh, execute the command curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh&&sudo bash ./wazuh-install.sh -a -i
After some time has passed, the Wazuh installation is completed and we can log in using the username and password that we obtained with the installation:
Step 4 “login Wazuh”
Return to the AWS account and click on the instance
Then click on the details box
Then click on the public IPV4 address to open in a browser.
After opening the public IPV4 address in the browser, the following page appears, so we click on Advanced
then click below:
The wazuh construction steps have been completed successfully
We now login using the username and password that were obtained during the installation process previously:
You have successfully logged into Wazuh
References:
https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html
https://dev.to/zahraajawad/our-wordpress-site-installation-by-aws-34jn
