Wazuh Installation Guide — Using Installation Assistant

Overview

Wazuh is an open-source security platform that provides XDR and SIEM protection for endpoints and cloud workloads.

In this tutorial, we will install the Wazuh central components (Manager, Indexer, and Dashboard) on Ubuntu 22.04 using installation assistant, which is the easier method. The installation assistant is a bash script that automates the process of setting up Wazuh, making the installation process faster and less error-prone.

Prerequisites

Before starting the installation, ensure you have:

• Root or sudo privileges on your Ubuntu system
• Minimum 4GB RAM (8GB recommended)
• Stable internet connectivity
• At least 50GB of available disk space
• Ports 443, 1514, 1515, and 55000 available

System Requirements

Hardware Requirements

Note: These specifications are sufficient for monitoring up to 100 endpoints and storing 90 days of queryable/indexed alert data.

Supported Operating Systems

Wazuh recommends any of the following operating system versions:

Installation Steps

Step 1: Update the System

First, update your Ubuntu system to ensure all packages are current:

sudo apt update && sudo apt upgrade -y

Step 2: Download and Run the Installation Assistant

Download and execute the Wazuh installation script:

curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Important Notes:

• The -a flag performs an All-in-One installation (Manager + Indexer + Dashboard)
• Wait for installation completion (this can take 10–15 minutes)
• Do not interrupt the installation process

Step 3: Note the Generated Credentials

After the installation finishes, the output will display the credentials and confirm that the installation was successful. Important: Note down the generated passwords displayed at the end — you’ll need these to access the dashboard.

Step 4: Access the Wazuh Dashboard

1. Open your web browser
2. Navigate to: https://<server-ip-address>

• Replace <server-ip-address> with your actual server IP
• Example: https://192.168.132.143/

3. You may see a security warning about the certificate (this is normal for self-signed certificates)

4. Click “Advanced” and proceed to the site

Get Enes Ismaili’s stories in your inbox

Join Medium for free to get updates from this writer.Subscribe

5. Log in using the admin credentials provided in Step 3

You should now see the Wazuh Dashboard.

Step 5: Verify Installation

Navigate to Agents in the dashboard — you’ll see no agents yet (we’ll cover adding agents in the next tutorial).

Post-Installation Verification

Verify that all Wazuh services are running properly:

sudo systemctl status wazuh-manager wazuh-indexer wazuh-dashboard

All services should show “active (running)” status.

Security Recommendations

• Change the default admin password immediately after first login
• Configure proper firewall rules for your environment
• The installation uses self-signed certificates (browser security warnings are expected)
• Consider implementing proper SSL certificates for production use

Troubleshooting

Dashboard Won’t Load

If the dashboard doesn’t load, check if all services are running:

sudo systemctl status wazuh-manager
sudo systemctl status wazuh-indexer  
sudo systemctl status wazuh-dashboard

If any service is not running, restart it:

sudo systemctl restart wazuh-manager
sudo systemctl restart wazuh-indexer
sudo systemctl restart wazuh-dashboard

Port 443 Blocked

If port 443 is blocked, open the firewall:

sudo ufw allow 443/tcp

Certificate Errors

Browser certificate warnings are normal with self-signed certificates. You can safely proceed by clicking “Advanced” and “Proceed to site.”

Memory Issues

If you experience performance issues, ensure your system meets the minimum RAM requirements (8GB recommended).

Conclusion

You now have Wazuh successfully installed and running on Ubuntu 22.04! The platform is ready to monitor your infrastructure and provide comprehensive security insights.

Next Steps

• Add agents (Linux, Windows, or macOS endpoints)
• Explore alerts and rules in the dashboard
• Enable security modules such as:
• File Integrity Monitoring (FIM)
• Vulnerability detection
• Compliance monitoring
• Threat hunting capabilities

Additional Resources

• Official Wazuh Documentation: https://documentation.wazuh.com/
• Wazuh Community: https://wazuh.com/community/
• Latest Version Check: https://wazuh.com/