{"id":9582,"date":"2021-07-10T23:22:03","date_gmt":"2021-07-10T20:22:03","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9582"},"modified":"2024-03-18T19:43:06","modified_gmt":"2024-03-18T16:43:06","slug":"install-wazuh-server-on-rocky-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-wazuh-server-on-rocky-linux\/","title":{"rendered":"Install Wazuh Server on Rocky Linux 8\/Rocky Linux 9"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to install Wazuh server on Rocky Linux 8\/Rocky Linux 9. <a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/wazuh.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wazuh<\/a> is an open-source tool for visibility, security detection, and compliance. It is a fork of OSSEC HIDS with additional integration with ELK stack and OpenSCAP. The Wazuh stack consists of the Wazuh server (manager), the ELK stack, and the Wazuh agents as shown in the image below. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"802\" height=\"337\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch.png\" alt=\"\" class=\"wp-image-9585\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch.png 802w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch-768x323.png 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch-150x63.png 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch-300x126.png 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/wazuh_arch-696x292.png 696w\" sizes=\"(max-width: 802px) 100vw, 802px\" \/><\/figure><\/div>\n\n\n<p>As of this writing, the current latest and stable version is of Wazuh is v4.4.1.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-wazuh-server-on-rocky-linux\">Installing Wazuh Server on Rocky Linux<\/a><ul><li><a href=\"#deployment-architecture\">Deployment Architecture<\/a><\/li><li><a href=\"#system-requirements\">System Requirements<\/a><\/li><li><a href=\"#install-wazuh-server\">Install Wazuh Server<\/a><ul><li><a href=\"#add-wazuh-to-repository\">Add Wazuh to repository<\/a><\/li><li><a href=\"#install-wazuh-server-on-rocky-linux-8-rocky-linux-9\">Install Wazuh  Server on Rocky Linux 8\/Rocky Linux 9<\/a><\/li><\/ul><\/li><li><a href=\"#install-elastic-stack-on-rocky-linux-8-rocky-linux-9\">Install Elastic Stack on Rocky Linux 8\/Rocky Linux 9<\/a><ul><li><a href=\"#create-elastic-repository\">Create Elastic Repository<\/a><\/li><li><a href=\"#install-elasticsearch-kibana-and-filebeat\">Install Elasticsearch, Kibana and Filebeat<\/a><\/li><li><a href=\"#configuring-elasticsearch\">Configuring Elasticsearch<\/a><\/li><li><a href=\"#configure-filebeat\">Configure Filebeat<\/a><\/li><li><a href=\"#configure-kibana\">Configure Kibana<\/a><\/li><li><a href=\"#open-ports-on-firewall\">Open Ports on Firewall<\/a><\/li><li><a href=\"#accessing-wazuh-app-on-kibana-web-interface\">Accessing Wazuh App on Kibana Web Interface<\/a><\/li><li><a href=\"#further-reading\">Further Reading<\/a><\/li><\/ul><\/li><li><a href=\"#related-tutorials\">Related Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-wazuh-server-on-rocky-linux\">Installing Wazuh Server on Rocky Linux<\/h2>\n\n\n\n<p>The Wazuh server has the primary functions of <strong>agent registration, data analysis, and managing of agents<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"deployment-architecture\">Deployment Architecture<\/h3>\n\n\n\n<p>There are two different <a href=\"https:\/\/documentation.wazuh.com\/3.9\/getting-started\/architecture.html\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">deployment architectures for Wazuh server<\/a>;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>All-in-one<\/strong>: The Wazuh server and Elastic Stack are installed on the same host.<\/li>\n\n\n\n<li><strong>Distributed<\/strong>: Each component is installed on a separate host as a single-node or multi-node cluster. This type of deployment provides high availability and scalability of the product, and it is convenient for large working environments.<\/li>\n<\/ul>\n\n\n\n<p>In this tutorial, we will use the <strong>All-in-one deployment architecture<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"system-requirements\">System Requirements<\/h3>\n\n\n\n<p>Consult the documentation for the <a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/requirements.html\" target=\"_blank\" rel=\"noreferrer noopener\">recommended system requirements<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-wazuh-server\">Install Wazuh Server<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"add-wazuh-to-repository\">Add Wazuh to repository<\/h4>\n\n\n\n<p>You first have to add Wazuh repository to the server by running the command below.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/yum.repos.d\/wazuh.repo << 'EOL'\n[wazuh_repo]\ngpgcheck=1\ngpgkey=https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH\nenabled=1\nname=Wazuh repository\nbaseurl=https:\/\/packages.wazuh.com\/4.x\/yum\/\nprotect=1\nEOL\n<\/code><\/pre>\n\n\n\n<p>Import the Wazuh repository GPG key<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm --import https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-wazuh-server-on-rocky-linux-8-rocky-linux-9\">Install Wazuh  Server on Rocky Linux 8\/Rocky Linux 9<\/h4>\n\n\n\n<p>Run the following command to install wazuh server. on Rocky Linux 8\/Rocky Linux 9<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf -y install wazuh-manager<\/code><\/pre>\n\n\n\n<p>When the installation process is complete, start Wazuh Manager.<\/p>\n\n\n\n<pre id=\"block-24d1b016-220e-4375-9a01-ba22f1147037\" class=\"wp-block-preformatted\">systemctl start wazuh-manager<\/code><\/pre>\n\n\n\n<p>You can check the status as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status wazuh-manager<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf wazuh-manager.service - Wazuh manager\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/wazuh-manager.service; disabled; vendor preset: disabled)\n   Active: active (running) since Tue 2023-05-09 14:15:02 EDT; 6s ago\n  Process: 6018 ExecStart=\/usr\/bin\/env \/var\/ossec\/bin\/wazuh-control start (code=exited, status=0\/SUCCESS)\n    Tasks: 99 (limit: 17668)\n   Memory: 204.5M\n   CGroup: \/system.slice\/wazuh-manager.service\n           \u251c\u25006077 \/var\/ossec\/framework\/python\/bin\/python3 \/var\/ossec\/api\/scripts\/wazuh-apid.py\n           \u251c\u25006117 \/var\/ossec\/bin\/wazuh-authd\n           \u251c\u25006132 \/var\/ossec\/bin\/wazuh-db\n           \u251c\u25006157 \/var\/ossec\/bin\/wazuh-execd\n           \u251c\u25006171 \/var\/ossec\/bin\/wazuh-analysisd\n           \u251c\u25006223 \/var\/ossec\/bin\/wazuh-syscheckd\n           \u251c\u25006238 \/var\/ossec\/bin\/wazuh-remoted\n           \u251c\u25006251 \/var\/ossec\/bin\/wazuh-logcollector\n           \u251c\u25006262 \/var\/ossec\/bin\/wazuh-monitord\n           \u2514\u25006301 \/var\/ossec\/bin\/wazuh-modulesd\n\nMay 09 14:14:54 rocky9 env[6018]: Started wazuh-db...\nMay 09 14:14:55 rocky9 env[6018]: Started wazuh-execd...\nMay 09 14:14:56 rocky9 env[6018]: Started wazuh-analysisd...\nMay 09 14:14:57 rocky9 env[6018]: Started wazuh-syscheckd...\nMay 09 14:14:58 rocky9 env[6018]: Started wazuh-remoted...\nMay 09 14:14:58 rocky9 env[6018]: Started wazuh-logcollector...\nMay 09 14:14:59 rocky9 env[6018]: Started wazuh-monitord...\nMay 09 14:15:00 rocky9 env[6018]: Started wazuh-modulesd...\nMay 09 14:15:02 rocky9 env[6018]: Completed.\nMay 09 14:15:02 rocky9 systemd[1]: Started Wazuh manager.\n<\/code><\/pre>\n\n\n\n<p>To avoid issues on version control and updates, it is recommended you disable the repository.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code> sed -i \"s\/enabled=1\/enabled=0\/\" \/etc\/yum.repos.d\/wazuh.repo<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-elastic-stack-on-rocky-linux-8-rocky-linux-9\">Install Elastic Stack on Rocky Linux 8\/Rocky Linux 9<\/h3>\n\n\n\n<p>Next, you need to install Elasticsearch, Kibana, Filebeat and Wazuh APP  to be able to use Wazuh-manager to its full potential.<\/p>\n\n\n\n<p>Before you can proceed, you need to ensure that the Elastic components being installed are compatible with the version of Wazuh-manager installed.<\/p>\n\n\n\n<p>In this demo, Wazuh-manager 4.4.1 is installed:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -qa wazuh-manager<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wazuh-manager-4.4.1-1.x86_64<\/code><\/pre>\n\n\n\n<p>Based on the <a href=\"https:\/\/documentation.wazuh.com\/current\/upgrade-guide\/compatibility_matrix\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wazuh compatibility matrix<\/a>, Wazuh 4.4.1 is compatible with Elastic 7.17.9, as of this writing.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-elastic-repository\">Create Elastic Repository<\/h4>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/yum.repos.d\/elasticstack.repo << EOL\n[elasticsearch]\nname=Elasticsearch repository for 7.x packages\nbaseurl=https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\ngpgcheck=1\ngpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\nenabled=1\nautorefresh=1\ntype=rpm-md\nEOL\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-elasticsearch-kibana-and-filebeat\">Install Elasticsearch, Kibana and Filebeat<\/h4>\n\n\n\n<p>Based on the compatibility matrix for Wazuh 4.4.1, install Elasticsearch 7.17.9, Kibana 7.17.9 and Filebeat 7.17.9 by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install elasticsearch-7.17.9 kibana-7.17.9 filebeat-7.17.9<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nDependencies resolved.\n===================================================================================================================================================================================================================\n Package                                               Architecture                                   Version                                          Repository                                             Size\n===================================================================================================================================================================================================================\nInstalling:\n elasticsearch                                         x86_64                                         7.17.9-1                                         elasticsearch                                         301 M\n filebeat                                              x86_64                                         7.17.9-1                                         elasticsearch                                          34 M\n kibana                                                x86_64                                         7.17.9-1                                         elasticsearch                                         261 M\n\nTransaction Summary\n===================================================================================================================================================================================================================\nInstall  3 Packages\n\nTotal download size: 595 M\nInstalled size: 1.3 G\nIs this ok [y\/N]: y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configuring-elasticsearch\">Configuring Elasticsearch<\/h4>\n\n\n\n<p>There are only a few changes we are going to make in regards to configuring  Elasticsearch.<\/p>\n\n\n\n<p>You can optionally set the Elastic cluster name;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/#cluster.name: my-application\/cluster.name: wazuh-elastic\/' \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<p>Next, configure JVM heap size to no more than half the size of your memory. In this case, our test server has 2G RAM and the heap size is set to 512M for both maximum and minimum sizes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo '-Xms512m\n-Xmx512m' &gt; \/etc\/elasticsearch\/jvm.options.d\/jvm-memory.options<\/code><\/pre>\n\n\n\n<p>Start and enable ES to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now elasticsearch<\/code><\/pre>\n\n\n\n<p>Verify that Elasticsearch is running as expected.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -XGET localhost:9200<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n{\n  \"name\" : \"rocky9\",\n  \"cluster_name\" : \"wazuh-elastic\",\n  \"cluster_uuid\" : \"-bJbTqm8S2OVWpgka0RSnQ\",\n  \"version\" : {\n    \"number\" : \"7.17.9\",\n    \"build_flavor\" : \"default\",\n    \"build_type\" : \"rpm\",\n    \"build_hash\" : \"ef48222227ee6b9e70e502f0f0daa52435ee634d\",\n    \"build_date\" : \"2023-01-31T05:34:43.305517834Z\",\n    \"build_snapshot\" : false,\n    \"lucene_version\" : \"8.11.1\",\n    \"minimum_wire_compatibility_version\" : \"6.8.0\",\n    \"minimum_index_compatibility_version\" : \"6.0.0-beta1\"\n  },\n  \"tagline\" : \"You Know, for Search\"\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-filebeat\">Configure Filebeat<\/h4>\n\n\n\n<p>Create a backup of the Filebeat configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mv \/etc\/filebeat\/filebeat.yml{,.original}<\/code><\/pre>\n\n\n\n<p>In our setup, we use the Filebeat configuration file below. You can configure it to your liking.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/filebeat\/filebeat.yml << 'EOL'\n# Wazuh - Filebeat configuration file\noutput.elasticsearch:\n  hosts: [\"localhost:9200\"]\nsetup.template.json.enabled: true\nsetup.template.json.path: '\/etc\/filebeat\/wazuh-template.json'\nsetup.template.json.name: 'wazuh'\nsetup.ilm.overwrite: true\nsetup.ilm.enabled: false\n\nfilebeat.modules:\n  - module: wazuh\n    alerts:\n      enabled: true\n    archives:\n      enabled: false\n      \nlogging.level: info\nlogging.to_files: true\nlogging.files:\n  path: \/var\/log\/filebeat\n  name: filebeat\n  keepfiles: 7\n  permissions: 0644\nEOL\n<\/code><\/pre>\n\n\n\n<p>Then download the alerts template for ELK<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -so \/etc\/filebeat\/wazuh-template.json https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/4.4\/extensions\/elasticsearch\/7.x\/wazuh-template.json<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod go+r \/etc\/filebeat\/wazuh-template.json<\/code><\/pre>\n\n\n\n<p>Test Filebeat connection to Elasticsearch<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>filebeat test output<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nelasticsearch: http:\/\/localhost:9200...\n  parse url... OK\n  connection...\n    parse host... OK\n    dns lookup... OK\n    addresses: ::1, 127.0.0.1\n    dial up... OK\n  TLS... WARN secure connection disabled\n  talk to server... OK\n  version: 7.17.9\n<\/code><\/pre>\n\n\n\n<p>Install the Wazuh module for Filebeat:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -s https:\/\/packages.wazuh.com\/4.x\/filebeat\/wazuh-filebeat-0.2.tar.gz | tar -xz -C \/usr\/share\/filebeat\/module<\/code><\/pre>\n\n\n\n<p>Start and enable Filebeat to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now filebeat<\/code><\/pre>\n\n\n\n<p>Filebeat will write logs to <strong>\/var\/log\/filebeat\/<\/strong> just in case you need to check something.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-kibana\">Configure Kibana<\/h4>\n\n\n\n<p>Define the address to which the Kibana server will bind. By IP addresses and host names are both valid values. <strong>localhost<\/strong> is the default value.<\/p>\n\n\n\n<p>In my case, the IP address of my Wazuh server is 192.168.60.19. Hence, I will configure Kibana to listen on this address.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i -e '\/server.host:\/s\/^#\/\/' -e '\/server.host:\/s\/localhost\/192.168.60.19\/' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>To configure Kibana to listen on any interface IP, replace the IP above with 0.0.0.0. For example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i -e '\/server.host:\/s\/^#\/\/' -e '\/server.host:\/s\/localhost\/0.0.0.0\/' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>Install Wazuh App Kibana Plugin<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/usr\/share\/kibana\/data<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R kibana: \/usr\/share\/kibana\/data<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R kibana: \/usr\/share\/kibana\/plugins<\/code><\/pre>\n\n\n\n<p>Before you download and install the plugin, get the tag for your <a href=\"https:\/\/github.com\/wazuh\/wazuh-kibana-app\/\" target=\"_blank\" rel=\"noreferrer noopener\">specific version of Wazuh<\/a>;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-plugin install \\\nhttps:\/\/packages.wazuh.com\/4.x\/ui\/kibana\/wazuh_kibana-4.4.1_7.17.9-1.zip<\/code><\/pre>\n\n\n\n<p>You can list installed plugins;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-plugin list<\/code><\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wazuh@4.4.1-01<\/code><\/pre>\n\n\n\n<p>Start Kibana;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now kibana<\/code><\/pre>\n\n\n\n<p>Restart Elasticsearch and Wazuh manager;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart elasticsearch wazuh-manager<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"open-ports-on-firewall\">Open Ports on Firewall<\/h4>\n\n\n\n<p>Read about Wazuh Server ports on <a href=\"https:\/\/documentation.wazuh.com\/current\/getting-started\/architecture.html#required-ports\" target=\"_blank\" rel=\"noreferrer noopener\">Required Wazuh Ports page<\/a>.<\/p>\n\n\n\n<p>You need to allow some ports on firewall. These include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>5601\/tcp for external access to Kibana<\/li>\n\n\n\n<li>1514\/udp\/tcp to allow collection of events from agents (when configured for UDP, TCP is used by default).<\/li>\n\n\n\n<li>1515\/udp for Agents registration service<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=5601\/tcp --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port={1514,1515}\/udp --permanent<\/code><\/pre>\n\n\n\n<pre id=\"block-4bdb6266-8a77-4106-acd7-0883cfd275ab\" class=\"wp-block-preformatted\">firewall-cmd --add-port={1514,1515}\/tcp --permanent<\/code><\/pre>\n\n\n\n<p>Then reload the firewall<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"accessing-wazuh-app-on-kibana-web-interface\">Accessing Wazuh App on Kibana Web Interface<\/h4>\n\n\n\n<p>You can now access Kibana web interface via the address <strong>http:\/\/server-IP-or-hostname:5601<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1870\" height=\"842\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app.png\" alt=\"Install Wazuh Server on Rocky Linux\" class=\"wp-image-16444\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app.png?v=1683646799 1870w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app-768x346.png?v=1683646799 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app-1536x692.png?v=1683646799 1536w\" sizes=\"(max-width: 1870px) 100vw, 1870px\" \/><\/figure>\n\n\n\n<p>Wazuh App dashboard<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1892\" height=\"753\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/kibana-wazuhapp-dashboard.png\" alt=\"\" class=\"wp-image-9587\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/kibana-wazuhapp-dashboard.png?v=1625905543 1892w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/kibana-wazuhapp-dashboard-768x306.png?v=1625905543 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/kibana-wazuhapp-dashboard-1536x611.png?v=1625905543 1536w\" sizes=\"(max-width: 1892px) 100vw, 1892px\" \/><\/figure>\n\n\n\n<p>In the next guide, you will learn how to push event data\/logs to Wazuh server.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-wazuh-agent-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Wazuh Agent on Rocky Linux 8\/Rocky Linux 9<\/a><\/p>\n\n\n\n<p>That marks the end of our tutorial on how to Install Wazuh Server.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"further-reading\">Further Reading<\/h4>\n\n\n\n<p><a href=\"https:\/\/documentation.wazuh.com\/3.13\/installation-guide\/installing-wazuh-manager\/linux\/centos\/index.html\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Installing Wazuh Server on CentOS<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"related-tutorials\">Related Tutorials<\/h3>\n\n\n\n<p><a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-ossec-agent-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install OSSEC Agent on CentOS 8<\/a><\/p>\n\n\n\n<p><a aria-label=\"undefined (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/installing-elk-stack-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Installing ELK Stack on CentOS 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elastic-stack-7-on-fedora-30-fedora-29-centos-7\/\" target=\"_blank\" aria-label=\"undefined (opens in a new tab)\" rel=\"noreferrer noopener\">Install Elastic Stack 7 on Fedora 30\/Fedora 29\/CentOS 7<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install Wazuh server on Rocky Linux 8\/Rocky Linux 9. Wazuh is an open-source tool for visibility, security<\/p>\n","protected":false},"author":3,"featured_media":9589,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,72],"tags":[3820,3825,3587,3826,1829],"class_list":["post-9582","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-monitoring","tag-hids","tag-install-wazuh-server-rocky-linux","tag-rocky-linux-8","tag-rocky-linux-wazuh-server","tag-wazuh-manager","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9582"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9582"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9582\/revisions"}],"predecessor-version":[{"id":21737,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9582\/revisions\/21737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9589"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}