Secure your Arch Linux with Wazuh

Secure your Arch Linux with Wazuh


Happy Share Arch Linux
Last updated on

Wazuh is a free, open-source security monitoring platform that can be used to monitor your Arch Linux system. In this guide, we install Wazuh on Arch Linux with single node setup.

Install the Server in Docker

We first clone the Wazuh Docker repository and checkout the latest release. In this case, we are using version 4.7.4.

git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.4

Next, we navigate to the single-node directory and generate the self-signed certificates.

cd wazuh-docker/single-node

docker-compose -f generate-indexer-certs.yml run --rm generator

Finally, we start the Wazuh server, including wazuh-manager, wazuh-indexer, and wazuh-dashboard.

docker-compose up -d

You may access the Wazuh dashboard at https://localhost with default username admin and password SecretPassword.

Install the Agent in Arch Linux

We first install the Wazuh agent on Arch Linux.

yay -S wazuh-agent

Next, we configure the agent to connect to the Wazuh server. To do that, we need to know the IP address of the Wazuh server. In this case, the default container name is single-node-wazuh_manager_1 and default value in the ossec.conf file is MANAGER_IP. You will need sudo su to edit the file.

export WAZUH_MANAGER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' single-node-wazuh.manager-1) && sed -i "s|MANAGER_IP|$WAZUH_MANAGER|g" /var/ossec/etc/ossec.conf

Finally, we enable and start the Wazuh agent.

systemctl enable wazuh-agent
systemctl start wazuh-agent
systemctl status wazuh-agent

Final Result

Back to the Wazuh dashboard(https://localhost), you should see the Arch Linux agent connected to the server.

2024-05-01-secure-your-arch-linux-with-wazuh.webp

Clean Up

In case you want to clean up the Wazuh server and agent, you can stop and remove the agent and containers.

systemctl disable wazuh-agent.service
yay -Rs wazuh-agent

docker compose down --rmi all --volumes --remove-orphans

References

Wazuh Docker deployment - Deployment on Docker · Wazuh documentation

Deploying Wazuh agents on Linux endpoints - Wazuh agent