DEV Community

Zahraa Jawad
Zahraa Jawad

Posted on

Setting Up a Secure Wazuh Environment by AWS EC2

Introduction:

Wazuh is an open-source security platform that aims to help organizations monitor and manage security incidents, detect threats, and ensure compliance with security regulations. It provides capabilities for intrusion detection, log analysis, vulnerability detection, and threat intelligence, wazuh is trusted and used by thousands of organizations around the world. With its powerful features and flexible capabilities, it has become a preferred choice for those looking for a reliable and flexible open-source security platform. Wazuh is a powerful security platform that combines threat detection and response capabilities and is characterized by the ability to integrate and customize to meet the needs of different organizations.

Features of Wazuh

Protect endpoints and cloud workloads: Wazuh provides continuous protection for on-ground and cloud-based environments, ensuring environments are protected from potential threats.

Integration and scalability: Wazuh can integrate with other security tools and expand its capabilities based on an organization's needs.

Security monitoring and log data analysis: Wazuh enables effective threat detection and response through log data analysis.

Security Integration Monitoring and Incident Response: Wazuh supports regulatory compliance monitoring and cloud security.

Security Tools, Log Control, and Incident Control: Wazuh provides tools for security, incident control, and log control.

Installation Wazuh by AWS

Step 1 "Launch Instance"

When logging into the AWS account, we select the EC2 service through Services or by the search box:

Image description

Click on Launch instance

Image description

Under Name and tags

Enter a name to identify your instance, For this tutorial, name the instance (Wazuh)

Image description

Under Application and OS Images:

From Quick Start, choose an AMI that meets your web server needs
Here we choose Ubuntu (which is free tier eligible)

Image description

Under Instance type:

Choose the type of instance, here we choose t2.medium.(It is recommended that the lowest specifications be 2CPU and 4GiB, which are available in the t2.medium or higher instance).

Image description

Under Key pair (login):

Choose the key pair

Image description

or create new key pair:
Give a name to the key pair, then click Create key pair

Image description

Under Network settings: under Firewall (security groups)

Choose to Create security groups
To Allow SSH traffic by clicking on the check box
To Allow HTTPS traffic from the internet by clicking on the check box

Image description

Leave all other configurations as they are (default settings)

In the Summary panel, review your instance configuration and then choose Launch instance.

Image description

Successfully initiated launch of instance and to see the instance click on the ID:

Image description

Your instance will first be Pending, and will then go into the Running state.

Image description

Step 2: "Connect to the instance"

To connect to your instance, select the instance and choose Connect.

Image description

There are many ways to connect to ec2, here we will choose the SSH client to connect.
After selecting the "SSH Client" section, copy and execute the following commands in the terminal as per the following steps:

Image description

Open Terminal (here we use Git Bash)

Image description

Change the directory with the cd command (change directory), where you have downloaded your pem file(key pair).

In this article, the pem file is stored in the downloads folder.

Execute the cd command to change the path to the location of the encryption key
cd Download/

Image description

Execute the following commands sequentially

  1. Chmod 400 [key pair name].pem

  2. ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name

Image description

After the command is executed you will be prompted to type “Yes” to continue with the connection

Image description

And that’s it! Now we’re logged in to our AWS instance.

Image description

Before installing Wazuh on an EC2 instance:

We get root permission by executing the sudo -i command

Image description

Executing the command "sudo -i" means booting as root on Linux. The main feature of this command is that it gives you full admin (root user) privileges, allowing you to perform commands and operations that require root user privileges.

Step 3 "Install Wazuh"

Now to install Wazuh, execute the command curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh&&sudo bash ./wazuh-install.sh -a -i

Image description

Image description

After some time has passed, the Wazuh installation is completed and we can log in using the username and password that we obtained with the installation:

Image description

Step 4 "login Wazuh"

  • Return to the AWS account and click on the instance
  • Then click on the details box
  • Then click on the public IPV4 address to open in a browser.

Image description

After opening the public IPV4 address in the browser, the following page appears, so we click on Advanced

Image description

then click below:

Image description

The wazuh construction steps have been completed successfully

Image description

We now login using the username and password that were obtained during the installation process previously:

Image description

You have successfully logged into Wazuh

Image description

References:

https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html

https://dev.to/zahraajawad/our-wordpress-site-installation-by-aws-34jn

Top comments (1)

Collapse
 
adiootechnology profile image
adiootechnology

Thank you for this...can you also say where to put the agent?