Skip to content
/ Wazuh-Server Public

Setting up a Home Intrusion Detection System Lab for Linux and Windows.

wazuh.com/
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fayasmh07/Wazuh-Server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
README.md
README.md
 
 

Repository files navigation

Wazuh - Intrusion Detection System

wazuh-standard-featured-picture

Wazuh is an open-source security platform that provides comprehensive intrusion detection system (IDS) capabilities by monitoring systems, networks, and applications for suspicious activity and potential threats.

wazuh-dashboard-wide

Setting Up Wazuh System

Setting up Wazuh IDS contains mainly 2 parts :

  1. Wazuh Server
  2. Wazuh Agent

The Wazuh Server acts as the central management and processing hub, collecting, analyzing, and storing security data from various sources, including Wazuh agents and external logs, to provide comprehensive threat detection and response capabilities.

Wazuh Agents are lightweight, deployed on endpoint devices, and tasked with collecting and forwarding local logs, system metrics, and security events to the Wazuh server for centralized analysis and alerting.

Implemneting Wazuh Server

  1. For setting up the server its better to use Wazuh Assistant in an Linux Based Operating system than using Wazuh OVA Virtual Machine.

image

  • You can choose any of the above Operating System
  • I choose Ubuntu 22.04 for this.
  • Its open-source, light-weight, also easy to manage as a wazuh server.

 

  1. Setup the Ubuntu Virtual machine

image

 

  1. Open a Terminal and paste this code below :

sudo curl -sO https://packages.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

  • It downloads and installs the WAZUH server config files in your system.
  • Also after the installation process I got the username and password for the Wazuh Server Dashboard.
  • By using my Ubuntu system IP address (private IP) I could get get into the Wazuh Dashboard.

image

 

Implementing Wazuh Agents (Endpoints)

On Linux

  1. Access the Wazuh Dashboard

image

  1. Click the Add Agent link to add a new endpoint device for monitoring

image

  1. Here I'm selecting the DEBIAN amd64 for my Kali Linux laptop & setting the IP address of my ubuntu system (wazuh server).

image

  1. After setting up my agent name and group, i got the bash commands to install Wazuh Agent in my Kali Linux Laptop.

image

  1. After providing the commands, Wazuh Agent starts to run in my Linux Distro

image

  1. Now the endpoint has been added to the server.

image

 

On Windows

  1. Access the Wazuh Dashboard

image

  1. click on the Add New Agent

image

  1. I need to install the Wazuh Agent on the Windows, so im selecting the Windows version

image

  1. Now giving the Agent name and group, After that I get the commands to start Wazuh Agent in Windows.

image

  1. copy the commands and paste in the windows powershell (Powershell should be run as administrator

Screenshot 2024-07-09 115437

Screenshot 2024-07-09 115512

  1. After that my Windows system has been added to the Wazuh IDS.

image

About

Setting up a Home Intrusion Detection System Lab for Linux and Windows.

wazuh.com/

Topics

ids intrusion-detection-system wazuh wazuh-agent wazuh-server

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published