How to Set Up Wazuh Security Platform
Wazuh is an open-source security platform providing threat detection, integrity monitoring, and compliance reporting for your Breeze infrastructure.
Install Wazuh Manager
Use the official installation script on a dedicated Breeze or your primary server:
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh
sudo bash wazuh-install.sh --wazuh-serverInstall Wazuh Agent on Endpoints
On each Breeze you want to monitor:
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh
sudo WAZUH_MANAGER="manager_ip" bash wazuh-install.sh --wazuh-agent
sudo systemctl start wazuh-agentKey Features
- Log analysis - collects and analyzes syslog, auth, and application logs
- File integrity monitoring - detects unauthorized changes to system files
- Rootkit detection - scans for hidden processes and files
- Vulnerability detection - checks installed packages against CVE databases
- Compliance - maps findings to PCI-DSS, HIPAA, and CIS benchmarks
Agent Configuration
Edit /var/ossec/etc/ossec.conf to customize monitored paths:
<syscheck>
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/var/www</directories>
</syscheck>Accessing the Dashboard
The Wazuh dashboard runs on port 443 by default. Log in with the credentials printed during installation to view alerts and compliance reports across all your monitored Breeze instances.