How to Install Wazuh on Ubuntu 26.04
Wazuh is an open-source security platform used for threat detection, integrity monitoring, incident response, vulnerability detection, log analysis, and security event management.
This guide explains how to install the Wazuh All-in-One Docker Deployment on Ubuntu 26.04.
Update the System
Update all installed packages:
apt update -y
apt upgrade -y Install Required Packages
Install dependencies required for Docker installation:
apt install -y curl apt-transport-https ca-certificates software-properties-common gnupg lsb-release Install Docker
Install Docker from Ubuntu repository:
apt install -y docker.ioEnable and start Docker service:
systemctl enable --now dockerVerify Docker installation:
docker --versionOutput:
Docker version 29.1.3, build 29.1.3-0ubuntu4.1 Install Docker Compose
Ubuntu 26.04 may not include the Docker Compose plugin package by default.
Install standalone Docker Compose manually:
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/bin/docker-composeMake it executable:
chmod +x /usr/local/bin/docker-composeVerify installation:
docker-compose --versionExample output:
Docker Compose version v5.1.3 Download Wazuh Docker Deployment
Create working directory:
mkdir -p /opt/wazuh
cd /opt/wazuhClone the official Wazuh Docker repository:
git clone https://github.com/wazuh/wazuh-docker.git -b v4.12.0Move into the single-node deployment directory:
cd wazuh-docker/single-node Generate SSL Certificates
Generate certificates required for Wazuh services:
docker-compose -f generate-indexer-certs.yml run --rm generatorOutput:
Created SSL certificates successfully Start Wazuh Stack
Start all Wazuh containers:
docker-compose up -dCheck running containers:
docker psOutput:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e093279f4e87 wazuh/wazuh-dashboard:4.12.0 "/entrypoint.sh" 11 seconds ago Up 10 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
d8764845ec9d wazuh/wazuh-manager:4.12.0 "/init" 12 seconds ago Up 10 seconds 0.0.0.0:1514-1515->1514-1515/tcp, [::]:1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, [::]:514->514/udp, 0.0.0.0:55000->55000/tcp, [::]:55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
cfc5392eed9b wazuh/wazuh-indexer:4.12.0 "/entrypoint.sh open…" 12 seconds ago Up 10 seconds 0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp single-node-wazuh.indexer-1 Configure Firewall
Allow required ports:
ufw allow 443/tcp
ufw allow 1514/tcp
ufw allow 1515/tcpEnable firewall:
ufw enableReload firewall:
ufw reloadCheck firewall status:
ufw status Access Wazuh Dashboard
Open your browser and visit:
https://your_server_ipReplace
your_server_ipwith your actual server IP or domain name.
You may see a browser security warning because Wazuh uses a self-signed SSL certificate by default.
Proceed to continue to the dashboard.
Default Login Credentials
Default credentials are usually:
Username: admin
Password: SecretPasswordGet the generated admin password:
docker-compose exec wazuh.dashboard bashInside the container run:
cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.ymlOr retrieve credentials using:
docker-compose logs | grep admin Wazuh Login Screen
Wazuh Dashboard
Verify Wazuh Services
Check container status:
docker psCheck logs:
docker-compose logs -fRestart services if needed:
docker-compose restartStop services:
docker-compose down Install Wazuh Agent (Optional)
To monitor another Linux server, install the Wazuh agent:
curl -sO https://packages.wazuh.com/4.x/wazuh-install.sh
bash ./wazuh-install.sh -aFollow the prompts to connect the agent to your Wazuh manager.
🎉 Wazuh is now successfully installed on Ubuntu 26.04 and ready for security monitoring and threat detection.
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS