Installing the Wazuh dashboard step by step

Install and configure the Wazuh dashboard following step-by-step instructions. The Wazuh dashboard is a web interface for mining and visualizing the Wazuh server alerts and archived events.

Note

Root user privileges are required to run the commands described below.

Wazuh dashboard installation

Installing package dependencies

  1. Install the following packages if missing.

    Yum

    APT

    # yum install libcap

    # apt install debhelper tar curl libcap2-bin #debhelper version 9 or later

Adding the Wazuh repository

Note

If you are installing the Wazuh dashboard on the same host as the Wazuh indexer or the Wazuh server, you may skip these steps as you may have added the Wazuh repository already.

Yum

APT

  1. Import the GPG key.

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH

  2. Add the repository.

    # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo

  1. Install the following package if missing.

    # apt install gnupg

  2. Install the GPG key.

    # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -

  3. Add the repository.

    # echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

  4. Update the package information.

    # apt-get update

Installing the Wazuh dashboard

  1. Install the Wazuh dashboard package.

    Yum

    APT

    # yum -y install wazuh-dashboard

    # apt -y install wazuh-dashboard

Configuring the Wazuh dashboard

  1. Edit the /etc/wazuh-dashboard/opensearch_dashboards.yml file and replace the following values:

    1. server.host: This setting specifies the host of the back end server. To allow remote users to connect, set the value to the IP address or DNS name of the Kibana server. The value 0.0.0.0 will accept all the available IP addresses of the host.

    2. opensearch.hosts: The URLs of the Wazuh indexer instances to use for all your queries. Wazuh dashboard can be configured to connect to multiple Wazuh indexer nodes in the same cluster. The addresses of the nodes can be separated by commas. For example, ["https://10.0.0.2:9200", "https://10.0.0.3:9200","https://10.0.0.4:9200"]

         server.host: 0.0.0.0
   server.port: 443
   opensearch.hosts: https://localhost:9200
   opensearch.ssl.verificationMode: certificate

Deploying certificates

Note

Make sure that a copy of wazuh-certificates.tar, created in the previous stage of the installation process, is placed in your working directory.

  1. Replace <dashboard-node-name> with your Wazuh dashboard node name, the same used in config.yml to create the certificates, and move the certificates to their corresponding location.

    # NODE_NAME=<dashboard-node-name>

    # mkdir /etc/wazuh-dashboard/certs
# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
# chmod 500 /etc/wazuh-dashboard/certs
# chmod 400 /etc/wazuh-dashboard/certs/*
# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs

Starting the Wazuh dashboard service

  1. Enable and start the Wazuh dashboard service.

    Systemd

    SysV Init

    # systemctl daemon-reload
# systemctl enable wazuh-dashboard
# systemctl start wazuh-dashboard

    Choose one option according to your operating system:

    1. RPM-based operating system:

    # chkconfig --add wazuh-dashboard
# service wazuh-dashboard start

    1. Debian-based operating system:

    # update-rc.d wazuh-dashboard defaults 95 10
# service wazuh-dashboard start

    Only for distributed deployments

    Edit the file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml and replace the url value with the IP address or hostname of the Wazuh server master node.

    hosts:
  - default:
    url: https://localhost
    port: 55000
    username: wazuh-wui
    password: wazuh-wui
    run_as: false

  2. Access the Wazuh web interface with your credentials.

    • URL: https://<dashboard_ip>

    • Username: admin

    • Password: <admin_password>

When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the root-ca.pem file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured.

Note

It is highly recommended to change the default Wazuh passwords. To perform this action, see the Change the Wazuh indexer passwords and the Securing the Wazuh API sections.

Next steps

All the Wazuh central components are successfully installed.

Wazuh installation workflow

The Wazuh environment is now ready and you can proceed with installing the Wazuh agent on the endpoints to be monitored. To perform this action, see the Wazuh agent section.

If you want to uninstall the Wazuh dashboard, see Uninstall the Wazuh dashboard.