Install Wazuh server from sources
This guide describes how to install the manager and API from source code. In addition, for distributed architectures, you will find some guidance on how to install Filebeat.
Note
Many of the commands described below need to be executed with root user privileges.
Installing Wazuh manager
Install development tools and compilers. In Linux this can easily be done using your distribution's package manager:
For RPM-based distributions:
$ sudo yum install make gcc git # If you want to use Auth, also install: $ sudo yum install openssl-devel
For Debian-based distributions:
$ sudo apt-get install gcc make git libc6-dev curl # If you want to use Auth, also install: $ sudo apt-get install libssl-dev
Download and extract the latest version:
$ curl -Ls https://github.com/wazuh/wazuh/archive/v2.1.1.tar.gz | tar zx
Run the
install.sh
script, this will display a wizard that will guide you through the installation process using the Wazuh sources:
$ cd wazuh-* $ sudo ./install.sh
The script will ask about what kind of installation you want. Type
server
to install Wazuh Manager:
1- What kind of installation do you want (server, agent, local, hybrid or help)? server
Start the services using this command:
$ sudo /var/ossec/bin/ossec-control start
Installing Wazuh API
NodeJS >= 4.6.1 is required in order to run the Wazuh API. If you do not have NodeJS installed or your version is older than 4.6.1, we recommend you add the official repository as this has more recent versions.
For RPM-based distributions:
$ curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - $ sudo yum -y install nodejs
For Debian-based distributions:
$ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - $ sudo apt-get install -y nodejs
Download and execute the installation script:
$ curl -s -o install_api.sh https://raw.githubusercontent.com/wazuh/wazuh-api/v2.1.1/install_api.sh && bash ./install_api.sh download
Python >= 2.7 is required in order to run the API. It is installed by default or included in the official repositories of most Linux distributions. It is possible to set a custom Python path for the API to use, in
/var/ossec/api/configuration/config.js
:
config.python = [ // Default installation { bin: "python", lib: "" }, // Package 'python27' for CentOS 6 { bin: "/opt/rh/python27/root/usr/bin/python", lib: "/opt/rh/python27/root/usr/lib64" } ];CentOS 6 and Red Hat 6 come with Python 2.6, you can install Python 2.7 in parallel maintaining older version:
For CentOS 6:
$ sudo yum install -y centos-release-scl $ sudo yum install -y python27
For RHEL 6:
$ sudo yum install python27 # You may need to first enable a repository in order to get python27, with a command like this: # sudo yum-config-manager --enable rhui-REGION-rhel-server-rhscl # sudo yum-config-manager --enable rhel-server-rhscl-6-rpms
Note
You can also run an unattended installation of the Wazuh manager and API.
Installing Filebeat
While Filebeat can be installed from source (see this doc), the process is more complex than you may like, and it is beyond the scope of Wazuh documentation. We recommend installing Filebeat via repository package, otherwise, you can install it from a binary tarball, that's should work for any Linux distro. See more here.
Warning
In a single-host architecture (where Wazuh server and Elastic Stack are installed in the same system), you may entirely skip installing Filebeat, since Logstash will be able to read the event/alert data directly from the local filesystem without the assistance of a forwarder.
Next steps
Once you have installed the manager, API and Filebeat (only needed for distributed architectures), you are ready to install Elastic Stack.