FedoraRHEL Based

How To Install Wazuh on Fedora 42

Install Wazuh on Fedora 42

Setting up Wazuh on Fedora 42 transforms your system into a powerful security information and event management (SIEM) platform. This comprehensive guide provides step-by-step instructions for installing Wazuh’s complete security monitoring solution on your Fedora 42 system.

Wazuh offers enterprise-grade threat detection, compliance monitoring, and security analytics capabilities that help organizations protect their IT infrastructure. Whether you’re implementing security monitoring for development environments or production systems, this installation guide ensures a successful deployment with proper configuration and optimization.

Table of Contents

Understanding Wazuh Architecture and Components

Wazuh operates as a distributed security platform consisting of multiple interconnected components that work together to provide comprehensive security monitoring capabilities. Understanding these components is crucial for successful installation and configuration.

The Wazuh Manager serves as the central brain of the security platform, processing security events, analyzing logs, and generating alerts. This component handles rule processing, threat correlation, and compliance reporting while maintaining communication with deployed agents across your infrastructure.

The Wazuh Indexer functions as the data storage and search engine, built on OpenSearch technology. It stores security events, logs, and alerts while providing fast search capabilities for forensic analysis and threat hunting activities.

The Wazuh Dashboard provides the web-based interface for security analysts and administrators. This component offers visualization capabilities, reporting tools, and management interfaces for configuring the entire Wazuh deployment.

Wazuh Agents are lightweight monitoring components deployed on endpoints throughout your network. These agents collect security events, monitor file integrity, detect intrusions, and report findings back to the central manager for analysis.

The architecture supports both single-node deployments for smaller environments and multi-node clustered configurations for enterprise-scale implementations. This flexibility allows organizations to scale their security monitoring capabilities based on specific requirements and infrastructure constraints.

System Requirements and Prerequisites for Fedora 42

Hardware Specifications and Capacity Planning

Minimum system requirements for Wazuh installation include 2 vCPU cores and 2 GB RAM, though these specifications only support very basic monitoring scenarios. Production environments require significantly more resources to handle real-world security monitoring workloads effectively.

Recommended specifications for optimal performance include 8 vCPU cores, 8 GB RAM, and at least 100 GB storage capacity. These requirements scale based on the number of monitored endpoints, log volume, and retention requirements for your specific environment.

Storage planning requires careful consideration of log retention policies and expected data volumes. Plan for approximately 1-2 GB storage per monitored endpoint per month, with additional capacity for 90-day alert retention as the baseline requirement.

Software Dependencies and System Preparation

Fedora 42 compatibility requires verification of package availability and repository access. Ensure your system runs the 64-bit version supporting Intel, AMD, or ARM processor architectures.

Essential prerequisites include root user privileges for system-level installations, active internet connectivity for package downloads, and proper network configuration allowing component communication.

Required packages include libcap for capability management, curl and wget for file downloads, and unzip for archive extraction. Install these dependencies before beginning the Wazuh installation process.

Network Configuration and Security Considerations

Firewall configuration must allow communication on specific ports including 1514 (agent communication), 1515 (agent enrollment), and 55000 (API access). Configure firewalld rules to permit these connections while maintaining security.

Time synchronization ensures accurate log timestamps and proper event correlation across distributed components. Configure NTP or systemd-timesyncd for consistent time synchronization across your infrastructure.

SELinux considerations may require policy adjustments for proper Wazuh operation on Fedora 42. Plan for potential policy modifications while maintaining system security standards.

Method 1: Quick Unattended Installation Process

Overview and Use Cases

Unattended installation provides the fastest deployment method for Wazuh on Fedora 42, automating component installation and initial configuration. This approach works best for testing environments, proof-of-concept deployments, and scenarios requiring rapid setup.

The automated installation script performs system compatibility checks, downloads necessary packages, configures services, and generates initial configuration files without manual intervention. This streamlined process reduces installation time and minimizes configuration errors.

Step-by-Step Unattended Installation

Begin by downloading the official Wazuh installation script using the following command:

curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh

Verify the script integrity and execute the unattended installation:

sudo bash ./wazuh-install.sh -a

The installation script automatically detects your Fedora 42 system, installs required dependencies, and configures all Wazuh components. Monitor the installation output for any error messages or warnings that require attention.

Installation Process Monitoring

During installation, the script performs several critical tasks including system compatibility verification, package repository configuration, component installation, and service initialization. Each step displays progress information and status updates.

Expected output includes package download confirmations, service startup messages, and configuration file generation notifications. The script creates log files documenting the entire installation process for troubleshooting purposes.

Completion indicators include successful service startup confirmations and dashboard access credentials. The script generates a password file containing default login credentials for initial dashboard access.

Post-Installation Verification and Access

Access the Wazuh dashboard by opening a web browser and navigating to https://your-server-ip:443. Accept any SSL certificate warnings during initial access, as the installation uses self-signed certificates.

Default authentication uses the username admin with an automatically generated password stored in /etc/wazuh-indexer/internalusers.backup. Change this password immediately after first login for security purposes.

Service verification ensures all components started correctly:

sudo systemctl status wazuh-manager
sudo systemctl status wazuh-indexer
sudo systemctl status wazuh-dashboard

All services should display “active (running)” status for proper operation.

Method 2: Manual Step-by-Step Installation

When to Choose Manual Installation

Manual installation provides greater control over component configuration and integration with existing infrastructure. This approach benefits environments with specific security requirements, custom configurations, or integration needs with existing systems.

Learning purposes make manual installation valuable for understanding Wazuh architecture and component relationships. System administrators gain deeper knowledge of configuration files, service dependencies, and troubleshooting procedures.

Corporate environments often require manual installation to comply with security policies, change management procedures, and documentation requirements. This method allows customization of security settings and integration with existing authentication systems.

Repository Setup and Package Management

Configure the Wazuh repository by importing the GPG signing key and adding the package repository:

sudo rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH

sudo tee /etc/yum.repos.d/wazuh.repo <<EOF
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
EOF

Update package metadata to ensure access to the latest Wazuh packages:

sudo dnf makecache

Installing Wazuh Manager Component

Install the Wazuh Manager package using DNF:

sudo dnf install wazuh-manager -y

Configure the manager by editing /var/ossec/etc/ossec.conf to customize logging, alerting, and integration settings. This configuration file controls manager behavior and security rules.

Start and enable the Wazuh Manager service:

sudo systemctl daemon-reload
sudo systemctl enable wazuh-manager
sudo systemctl start wazuh-manager

Verify installation by checking service status and log files:

sudo systemctl status wazuh-manager
sudo tail -f /var/ossec/logs/ossec.log

Installing Wazuh Indexer Component

Install required dependencies for the Wazuh Indexer:

sudo dnf install java-11-openjdk-headless -y

Install the Wazuh Indexer package:

sudo dnf install wazuh-indexer -y

Configure indexer settings by editing /etc/wazuh-indexer/opensearch.yml to specify cluster settings, network configuration, and security parameters.

Initialize the indexer and start services:

sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer
sudo systemctl start wazuh-indexer

Installing Wazuh Dashboard Component

Install dashboard dependencies including the required libcap package:

sudo dnf install libcap -y

Install the Wazuh Dashboard package:

sudo dnf install wazuh-dashboard -y

Configure dashboard settings by editing /etc/wazuh-dashboard/opensearch_dashboards.yml to specify server settings, indexer connections, and security configurations.

Start dashboard services:

sudo systemctl daemon-reload
sudo systemctl enable wazuh-dashboard
sudo systemctl start wazuh-dashboard

Service Management and Integration

Verify all components are running correctly:

sudo systemctl status wazuh-manager wazuh-indexer wazuh-dashboard

Configure service dependencies to ensure proper startup order and automatic recovery during system restarts.

Test component communication by checking log files and dashboard connectivity to confirm proper integration between all Wazuh components.

Fedora 42 Specific Configuration Considerations

Operating System Compatibility and Known Issues

Fedora 42 support requires attention to specific compatibility considerations and known limitations. While Wazuh supports Enterprise Linux distributions, Fedora’s rapid release cycle may introduce package conflicts or dependency issues.

Package management with DNF requires specific repository configurations and may need compatibility flags for successful installation. Monitor installation logs for dependency conflicts and resolution strategies.

System libraries and kernel versions in Fedora 42 may require additional configuration adjustments for optimal Wazuh performance. Verify compatibility with your specific kernel version and system libraries.

SELinux Policy Configuration

SELinux enforcement on Fedora 42 requires policy adjustments for Wazuh components to operate correctly. Create custom policies or adjust existing ones to permit necessary file access and network operations.

Security contexts must be configured for Wazuh directories and files. Use restorecon and setsebool commands to apply appropriate security contexts and boolean settings.

Audit logs help identify SELinux denials and required policy adjustments. Monitor /var/log/audit/audit.log for SELinux-related issues during installation and operation.

Firewall Management with Firewalld

Configure firewalld rules to permit Wazuh communication:

sudo firewall-cmd --permanent --add-port=1514/tcp
sudo firewall-cmd --permanent --add-port=1515/tcp
sudo firewall-cmd --permanent --add-port=55000/tcp
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --reload

Zone configuration may require custom zones for Wazuh services, especially in environments with strict network segmentation requirements.

Rich rules provide granular control over access to Wazuh services, allowing restriction based on source IP addresses or network ranges.

Performance Optimization for Fedora

Kernel parameters may require tuning for optimal Wazuh performance, particularly for high-volume log processing environments. Adjust vm.max_map_count and file descriptor limits as needed.

Memory management benefits from proper swap configuration and memory allocation tuning for Java-based components like the Wazuh Indexer.

Storage optimization includes configuring appropriate file systems, mount options, and I/O schedulers for Wazuh data directories.

Post-Installation Configuration and Optimization

Initial Dashboard Access and Authentication

Access the Wazuh dashboard through your web browser at https://your-server-ip:5601. The initial login uses default credentials that must be changed immediately for security purposes.

Default credentials include the username admin with the password located in the installation-generated password file. Locate this file and record the password for initial access.

Password management requires immediate changes to default passwords and implementation of strong password policies. Configure password complexity requirements and expiration policies as needed.

SSL certificate configuration may require installing proper certificates for production environments. Replace self-signed certificates with certificates from trusted certificate authorities.

Essential Configuration Tasks

Manager configuration involves editing /var/ossec/etc/ossec.conf to customize log analysis rules, alert thresholds, and integration settings. This configuration file controls the core behavior of your Wazuh deployment.

Alert notification setup enables integration with email systems, syslog servers, and external APIs for real-time security notifications. Configure SMTP settings and notification templates to meet your organizational requirements.

Data retention policies determine how long security events and logs are stored in the system. Balance retention requirements with available storage capacity and compliance obligations.

Index management includes configuring rotation policies, replica settings, and optimization schedules for the Wazuh Indexer component.

Agent Deployment Preparation

Manager IP configuration must specify the correct IP address for agent communication. Agents use this address to establish connections and report security events.

Port accessibility verification ensures agents can communicate through firewalls and network security devices. Test connectivity from representative network segments where agents will be deployed.

Certificate management establishes secure communication channels between agents and the manager. Generate and distribute agent certificates using Wazuh’s built-in certificate authority.

Agent groups provide organizational structure for managing large numbers of agents with different monitoring requirements. Create groups based on system types, security requirements, or organizational structure.

Advanced Integration Configuration

SIEM integration enables forwarding alerts and events to external security platforms using syslog, APIs, or file-based exports. Configure integration settings to match your existing security operations center workflows.

API configuration allows third-party tools and custom applications to interact with Wazuh data and management functions. Generate API credentials and configure rate limiting as appropriate.

External authentication integration with LDAP, Active Directory, or SAML providers centralizes user management and enforces organizational access policies.

Backup configuration establishes procedures for protecting Wazuh configuration and data. Implement regular backups of configuration files, rules, and critical system data.

Agent Installation and Management

Multi-Platform Agent Deployment

Linux agent installation on Fedora systems uses the same repository configuration as the manager:

sudo dnf install wazuh-agent -y

Windows agent deployment requires downloading the Windows installer package and distributing it through group policy, system management tools, or manual installation procedures.

macOS agent installation uses package installers or configuration management tools to deploy agents across Apple environments.

Container deployment supports Docker and Kubernetes environments with specialized agent configurations and deployment manifests.

Agent Registration and Authentication

Manual registration uses the manage_agents tool for interactive agent enrollment:

sudo /var/ossec/bin/manage_agents

Automatic registration streamlines deployment in large environments by configuring agents to self-register with the manager using shared authentication keys.

Bulk deployment strategies include configuration management tools, automated deployment scripts, and integration with existing system provisioning workflows.

Authentication key management ensures secure communication between agents and the manager while facilitating key rotation and revocation procedures.

Agent Configuration and Monitoring

Configuration management centralizes agent settings through group configurations and individual agent customizations. Modify /var/ossec/etc/ossec.conf on agents or use centralized configuration management.

Log monitoring setup specifies which log files and system events agents should collect and forward to the manager. Configure log paths, parsing rules, and collection frequencies based on system requirements.

Performance tuning optimizes agent resource usage while maintaining comprehensive monitoring coverage. Adjust collection intervals, buffer sizes, and processing priorities based on system capacity.

Health monitoring tracks agent connectivity, performance, and data collection effectiveness. Implement alerting for agent communication failures or performance degradation.

Security Hardening and Best Practices

Access Control Implementation

Multi-factor authentication strengthens dashboard access security by requiring additional authentication factors beyond username and password combinations. Configure MFA integration with organizational authentication systems.

Role-based access control limits user permissions based on job functions and security clearance levels. Create custom roles matching organizational structure and security requirements.

API security includes authentication token management, rate limiting, and access logging for all programmatic access to Wazuh services.

Network access restrictions limit dashboard and API access to authorized IP ranges and network segments using firewall rules and application-level controls.

System Security Measures

SSL/TLS configuration ensures encrypted communication between all Wazuh components and external connections. Install proper certificates and configure strong cipher suites.

Database security includes access controls, encryption at rest, and backup security for the Wazuh Indexer and MongoDB components.

File system permissions restrict access to Wazuh configuration files, logs, and data directories to authorized system accounts only.

Regular updates maintain security patches and feature updates for all Wazuh components and underlying system dependencies.

Compliance and Monitoring

Audit trail configuration enables comprehensive logging of administrative actions, configuration changes, and security events for compliance and forensic purposes.

Regulatory compliance mapping ensures Wazuh configurations meet requirements for standards like PCI DSS, HIPAA, SOX, and organizational security policies.

Backup procedures protect configuration data, security rules, and historical event data through regular backups and tested restoration procedures.

Vulnerability management includes regular security assessments of the Wazuh deployment and prompt remediation of identified security issues.

Troubleshooting Common Installation Issues

Installation and Package Problems

Repository access issues often stem from network connectivity problems or proxy configurations. Verify internet connectivity and configure proxy settings if necessary for package downloads.

Package dependency conflicts may occur when existing system packages interfere with Wazuh requirements. Use DNF’s dependency resolution features or consider package exclusions to resolve conflicts.

Fedora 42 compatibility problems may require installation flags or alternative installation methods. Monitor Wazuh community forums for Fedora-specific solutions and workarounds.

Insufficient resources cause installation failures or performance problems. Verify system meets minimum requirements and consider resource allocation adjustments.

Service and Communication Issues

Component startup failures often indicate configuration errors or missing dependencies. Check systemctl status output and service logs for specific error messages and resolution guidance.

Port accessibility problems prevent communication between Wazuh components and agents. Use network diagnostic tools to verify port connectivity and firewall configurations.

SSL certificate errors cause dashboard access problems and component communication failures. Verify certificate validity, trust chains, and certificate authority configurations.

Performance bottlenecks manifest as slow dashboard response or delayed event processing. Monitor system resources and adjust configuration parameters for better performance.

Agent and Network Troubleshooting

Agent registration failures prevent endpoints from joining the Wazuh deployment. Verify network connectivity, authentication keys, and manager configuration settings.

Communication problems between agents and the manager result in missing security events and alerts. Check firewall rules, network routing, and agent configuration files.

Log collection issues cause incomplete monitoring coverage and missed security events. Verify file permissions, log file paths, and parsing rule configurations.

Dashboard loading problems affect user access and system administration tasks. Check browser compatibility, JavaScript settings, and dashboard service status.

Maintenance and Update Management

Regular Maintenance Procedures

Database optimization includes index maintenance, storage cleanup, and performance tuning for the Wazuh Indexer component. Schedule regular optimization tasks to maintain system performance.

Log rotation manages disk space usage by archiving old logs and removing expired data according to retention policies. Configure automated log rotation to prevent storage exhaustion.

Performance monitoring tracks system resource usage, response times, and processing capacity to identify potential bottlenecks before they impact operations.

Capacity planning evaluates current usage trends and projects future resource requirements for storage, processing, and network capacity.

Update Strategy and Implementation

Repository management ensures access to the latest Wazuh releases while maintaining stability through controlled update procedures. Subscribe to Wazuh security advisories and release notifications.

Testing procedures validate updates in staging environments before production deployment. Test all functionality, integrations, and performance after updates.

Rollback planning provides recovery procedures for failed updates or compatibility issues. Maintain system backups and documented rollback procedures for critical deployments.

Coordinated updates minimize service disruption by scheduling maintenance windows and coordinating updates across distributed components.

System Health Monitoring

Key performance indicators track system health through metrics like event processing rates, storage utilization, and response times. Establish baselines and alerting thresholds for proactive monitoring.

Automated health checks monitor component status, connectivity, and performance through scheduled scripts and monitoring integrations.

Proactive maintenance addresses potential issues before they impact operations through trend analysis, predictive monitoring, and preventive actions.

Documentation maintenance keeps installation documentation, procedures, and troubleshooting guides current with system changes and lessons learned.

Congratulations! You have successfully installed Wazuh. Thanks for using this tutorial for installing Wazuh on your Fedora 42 Linux system. For additional help or useful information, we recommend you check the official Wazuh website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button