Installing the Wazuh manager from sources

Installing dependencies

Before compiling Wazuh from sources, you need to install the required build tools and libraries for the destination operating system. This section covers the essential development tools, compilers, and build utilities needed to compile the Wazuh manager successfully.

# apt-get update
# apt-get install python3 gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev procps build-essential

# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install
# cd .. && rm -rf cmake-*

# yum update -y
# yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 devtoolset-7 procps -y
# curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz  && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-* && scl enable devtoolset-7 bash

# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install
# cd .. && rm -rf cmake-*

# yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils procps -y
# curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz  && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-* && scl enable devtoolset-7 bash
# yum-config-manager --enable PowerTools
# yum install libstdc++-static -y

# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install
# cd .. && rm -rf cmake-*
# export PATH=/usr/local/bin:$PATH

# yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils procps -y
# curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz  && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-* && scl enable devtoolset-7 bash
# yum config-manager --set-enabled crb
# yum install libstdc++-static -y

# dnf update -y
# dnf install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils procps -y
# curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-*
# dnf config-manager --set-enabled crb
# dnf install libstdc++-static -y

# curl -OL https://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && ./bootstrap --no-system-curl && make -j$(nproc) && make install
# cd .. && rm -rf cmake-*
# export PATH=/usr/local/bin:$PATH

Optional. Install the following dependencies only when compiling the CPython from sources. Since v4.2.0, make deps TARGET=server will download a portable version of CPython ready to be installed. Nevertheless, you can download the CPython sources by adding the PYTHON_SOURCE flag when running make deps.

To install the required dependencies to build the Python interpreter, follow these steps:

# echo "deb-src http://archive.ubuntu.com/ubuntu $(lsb_release -cs) main" >> /etc/apt/sources.list
# apt-get update
# apt-get build-dep python3 -y

# yum install epel-release yum-utils -y
# yum-builddep python36 -y

# dnf install epel-release dnf-utils -y
# dnf builddep python3 -y

Installing the Wazuh manager

This section walks you through downloading the Wazuh source code, compiling it, and running the installation wizard to set up the Wazuh manager on your system.

1. Download and extract the latest version:

   # curl -Ls https://github.com/wazuh/wazuh/archive/v4.14.0.tar.gz | tar zx
   # cd wazuh-4.14.0
   

2. If you have previously compiled for another platform, clean the build using the Makefile in src/:

   # make -C src clean
   # make -C src clean-deps
   

3. Run the install.sh script. This will display a wizard to guide you through the installation process using the Wazuh sources:

   Warning

   If you want to enable the database output, check out the Alert management section before running the installation script.

   # ./install.sh
   

   The initial run might take some time as it downloads and processes the vulnerability detection content. To speed up this process, you can set the DOWNLOAD_CONTENT environment variable to y beforehand. The adjusted command downloads a pre-prepared database during installation.

   # DOWNLOAD_CONTENT=y ./install.sh
   

4. When the script asks what kind of installation you want, type manager to install the Wazuh manager:

   1- What kind of installation do you want (manager, agent, local, hybrid, or help)? manager
   

   Note

   During the installation, users can decide the installation path. Execute the ./install.sh and select the language, set the installation mode to manager, then set the installation path (Choose where to install Wazuh [/var/ossec]). The default path of installation is /var/ossec. A commonly used custom path is /opt.

   Warning

   Be extremely careful not to select a critical installation directory if you choose a different path than the default. If the directory already exists, the installer will ask to delete the directory or proceed by installing Wazuh inside it.

5. The installer asks if you want to start Wazuh at the end of the installation. If you choose not to, you can start it later with:

   SystemdSysV init

   # systemctl start wazuh-manager
   

Installing other Wazuh components

Once the Wazuh manager is installed from source, you can install the Wazuh indexer, Filebeat, and the Wazuh dashboard by following the Installation guide. The Wazuh indexer and dashboard are excluded from the installation from sources procedure, as they rely on pre-built packages.

Uninstall

This section provides instructions for completely removing the Wazuh manager installation from your system.

1. To uninstall the Wazuh manager, set WAZUH_HOME with the current installation path:

   # WAZUH_HOME="/WAZUH/INSTALLATION/PATH"
   

2. Stop the service:

   # service wazuh-manager stop 2> /dev/null
   

3. Stop the daemon:

   # $WAZUH_HOME/bin/wazuh-control stop 2> /dev/null
   

4. Remove the installation folder and all its content:

   # rm -rf $WAZUH_HOME
   

5. Delete the service:

   SysV initSystemd

   # [ -f /etc/rc.local ] && sed -i'' '/wazuh-control start/d' /etc/rc.local
   # find /etc/{init.d,rc*.d} -name "*wazuh*" | xargs rm -f
   

6. Remove Wazuh user and group:

   # userdel wazuh 2> /dev/null
   # groupdel wazuh 2> /dev/null