Skip to main content
View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Explore Marketplace
App Categories
10
  1. Control Panels
    11
  2. Databases
    10
  3. Development
    31
  4. Games
    6
  5. Media and Entertainment
    11
  6. Monitoring
    6
  7. Productivity
    14
  8. Security
    17
  9. Stacks
    3
  10. Website
    11
App Creators
46
  1. aaPanel
    1
  2. Akaunting
    1
  3. Ant Media
    2
  4. Apache
    1
  5. Appwrite
    1
  6. BitNinja
    1
  7. Budibase
    1
  8. Bunker
    1
  9. Chevereto
    1
  10. Cloudron
    1
  11. cPanel
    1
  12. Easypanel
    1
  13. FileCloud Community
    1
  14. gopaddle
    1
  15. Haltdos
    1
  16. ILLA
    1
  17. JetApps
    1
  18. Kali Linux
    1
  19. Linode
    65
  20. LiteSpeed Technologies
    6
  21. Liveswitch
    1
  22. MagicSpam
    1
  23. MainConcept
    5
  24. Microweber
    1
  25. Mist
    1
  26. NATS
    1
  27. Nextcloud
    1
  28. NirvaShare
    1
  29. OnlyOffice
    1
  30. Owncast
    1
  31. ownCloud
    1
  32. Peppermint Lab
    1
  33. Percona
    1
  34. Plesk
    1
  35. Project Jupyter
    1
  36. Rabbit Company
    1
  37. Restya
    1
  38. Seatable
    1
  39. SelfHostedPro
    1
  40. ServerWand
    1
  41. Severalnines
    1
  42. SimpleX Chat
    1
  43. Superinsight
    1
  44. Team Kepler
    1
  45. UTunnel
    1
  46. VictoriaMetrics
    1
Back

Wazuh

by Latest Version | Ubuntu 22.04 LTS
Deploy This App

New to Linode? Get started here with a $100, 60-day credit.

Free, open source, and comprehensive security monitoring solution.

Deploy a free infrastructure monitoring solution to detect threats, intrusion attempts, unauthorized user actions, and provide security analytics. Wazuh collects, aggregates, indexes, and analyzes security data to increase your threat detection without the costs of premium security programs. Features include out-of-the-box incident responses, automated vulnerability assessment, and data analysis to help you get more out of log information.

Deploying the Wazuh Marketplace App

The Linode Marketplace allows you to easily deploy software on a Linode using the Linode Cloud Manager.

  1. Log in to the Cloud Manager and select the Marketplace link from the left navigation menu. This displays the Linode Compute Create page with the Marketplace tab pre-selected.
  2. Under the Select App section, select the app you would like to deploy.
  3. Fill out all required Options for the selected app as well as any desired Advanced Options (which are optional). See the Configuration Options section for details.
  4. Complete the rest of the form as discussed within the Getting Started > Create a Linode.
  5. Click the Create Linode button. Once the Linode has provisioned and has fully powered on, wait for the software installation to complete. If the Linode is powered off or restarted before this time, the software installation will likely fail. To determine if the installation has completed, open the Linode’s Lish console and wait for the system login prompt to appear.
  6. Follow the instructions within the Getting Started After Deployment section.

Wazuh should be fully installed within 10-15 minutes after the Compute Instance has finished provisioning.

Configuration Options

  • Supported distributions: Ubuntu 22.04 LTS
  • Recommended plan: All plan types and sizes can be used, though a minimum of a 8GB Instance is recommended for production.

Wazuh Options

  • Email address (required): Enter the email address to use for generating the SSL certificates.

Limited User (Optional)

You can optionally fill out the following fields to automatically create a limited user for your new Compute Instance. This is recommended for most deployments as an additional security measure. This account will be assigned to the sudo group, which provides elevated permission when running commands with the sudo prefix.

  • Limited sudo user: Enter your preferred username for the limited user.
  • Password for the limited user: Enter a strong password for the new user.
  • SSH public key for the limited user: If you wish to login as the limited user through public key authentication (without entering a password), enter your public key here. See Creating an SSH Key Pair and Configuring Public Key Authentication on a Server for instructions on generating a key pair.
  • Disable root access over SSH: To block the root user from logging in over SSH, select Yes (recommended). You can still switch to the root user once logged in and you can also log in as root through Lish.

Custom Domain (Optional)

If you wish to automatically configure a custom domain, you first need to configure your domain to use Linode’s name servers. This is typically accomplished directly through your registrar. See Use Linode’s Name Servers with Your Domain. Once that is finished, you can fill out the following fields for the Marketplace App:

  • Linode API Token: If you wish to use the Linode’s DNS Manager to manage DNS records for your custom domain, create a Linode API Personal Access Token on your account with Read/Write access to Domains. If this is provided along with the subdomain and domain fields (outlined below), the installation attempts to create DNS records via the Linode API. See Get an API Access Token. If you do not provide this field, you need to manually configure your DNS records through your DNS provider and point them to the IP address of the new instance.
  • Subdomain: The subdomain you wish to use, such as www for www.example.com.
  • Domain: The domain name you wish to use, such as example.com

Warning: Do not use a double quotation mark character (“) within any of the App-specific configuration fields, including user and database password fields. This special character may cause issues during deployment.

Getting Started After Deployment

  1. Log into your new Compute Instance through LISH or SSH using the root user and the password you entered when creating the instance.
  2. The usernames and passwords have been saved in a .deployment-secrets.txt file located in your root directory. You can view this file in your preferred text editor or through the cat command.
cat /root/.deployment-secrets.txt

This file contains all of your Wazuh credentials. The admin user and its associated password are needed when following the Access the Wazuh App section below.

# Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
  indexer_username: 'admin'
  indexer_password: '3O*NRpS5B5*sohufTz?TuM.Vef6zoN5d'

# Wazuh dashboard user for establishing the connection with Wazuh indexer
  indexer_username: 'kibanaserver'
  indexer_password: 'Z.0M8rorxRS+DQfefe96N?.Cb+?byn7k'

# Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index
  indexer_username: 'kibanaro'
  indexer_password: 'W?PVE08Pk2AYE8*brrg4Ni+LXAbBKJl++2II'

# Filebeat user for CRUD operations on Wazuh indices
  indexer_username: 'logstash'
  indexer_password: 'FGH6rDIgrg.zvXz?qZfQ1dv?2QAAQuiX7'

# User with READ access to all indices
  indexer_username: 'readall'
  indexer_password: 'jVVugegfB0ldF+fNN?0bS0iMviFe8RnY'

# User with permissions to perform snapshot and restore operations
  indexer_username: 'snapshotrestore'
  indexer_password: 'YN17mfegnWy*efeL30KC1Zz.7yrhCma7'

# Password for wazuh API user
  api_username: 'wazuh'
  api_password: 'PtE5y+esjMmB74g4ttjY+ds0lGfP??uk'

# Password for wazuh-wui API user
  api_username: 'wazuh-wui'
  api_password: '6?PPR1o0fwfgefLiBjbYxBz+icG0rGojT'

Access the Wazuh App

  1. Open a web browser and navigate to the domain you created in the beginning of your deployment. You can also use your Compute Instance’s rDNS, which may look like 203-0-113-0.ip.linodeusercontent.com. See the Managing IP Addresses guide for information on viewing and setting the rDNS value.
  2. In the login screen that appears, enter admin as the username and enter its corresponding password (which can be found by following the View Credentials section).
Screenshot of Wazuh login screen

Now that you’ve accessed your Wazuh instance, you need to configure a Wazuh Agent on the server you’d like to monitor with Wazuh.

For more documentation on Wazuh, check out the official Wazuh documentation to learn how to further utilize your instance.

The Wazuh App was built by Linode. For support regarding app deployment, contact Linode Support via the information listed in the sidebar. For support regarding the tool or software itself, join the Wazuh Slack Community.

Support Details

Supported by:
Linode

Support URL:
https://www.linode.com/support

Docs and Resources

How to Use Linode’s Marketplace Apps

Deploying Wazuh with Linode Marketplace Apps

Wazuh Documentation

Join the Wazuh Community Slack

Related Apps

Uptime Kuma

Free, comprehensive, and “fancy” monitoring solution

Kali Linux

Kali Linux is a Linux distribution and tool suite for penetration testing and security research. Deploy Kali from the Linode Marketplace.

BeEF

Browser Exploitation Framework (BeEF) is an open source web browser penetration tool