As part of my journey to deepen my understanding of cybersecurity compliance standards, including PCI DSS and GDPR, I decided to deploy Wazuh in my home lab.

My goal was to create a robust monitoring solution for three devices:

a physical Windows desktop, a virtualized Linux machine running Ubuntu, and another virtualized Windows machine.

By leveraging Proxmox for virtualization, I aimed to gain practical experience that would help me navigate the complexities of these compliance frameworks and improve my skills in securing networks.

However, the journey was filled with excitement and a few challenges along the way.

Getting Started

Setting Up the Environment

I’ve been running Proxmox for several months now and it was relatively straightforward to create an environment for Wazuh to run on.

I created virtual machines for both the Ubuntu and Windows systems.

However, I quickly realized that configuring the networking correctly took some trial and error.

I had to double-check IP addresses and ensure that all devices were communicating properly, which led to a few frustrating moments.

Resource Allocation

I needed to allocate more resources(RAM) so that everything would run smoothly. Here’s a snapshot of the resource allocation for my Wazuh deployment:

• CPU Usage: 4 CPUs
• Memory Usage: 16.00 GiB
• Boot Disk Size: 100.00 GiB

Installing Wazuh

Once I got the virtual machines up and running, I dove into installing Wazuh. At first, I was optimistic, but I faced some challenges. The installation process was not as smooth as I had hoped.

For instance, I had some trouble getting the Wazuh agent on my Windows desktop to connect to the Wazuh manager. I spent quite a bit of time tweaking configurations and checking logs to figure out what was wrong.

It turned out that I had to adjust some firewall settings to allow communication between the devices.

Setting Up NGINX and SSL

To access the Wazuh dashboard remotely, I decided to set up NGINX as a reverse proxy. This part of the process was a bit daunting for me as a newcomer.

I followed various guides but ran into issues with the DNS setup. There were moments of confusion when the site wouldn’t load, usually when I add a new A Record the site appears right away.

After a bit of refreshing site popped up with an SSL certificate.

Monitoring and Learning

Once Wazuh was up and running, I was excited to start monitoring the activity on my devices.

I was amazed at how Wazuh gathered data from the Windows desktop, tracking login attempts and system changes.

However, I soon realized that I needed to spend time familiarizing myself with the dashboard.

At first, it was overwhelming to interpret the alerts and logs. I found myself sifting through notifications, trying to determine what was normal and what might be a genuine threat.

I also had to spend time learning how to customize rules for monitoring, especially for the Ubuntu VM. The initial settings didn’t quite match my needs, so I had to dig into the documentation to figure out how to tailor the alerts for my setup.

Conclusion

Deploying Wazuh in my home lab has been a journey of discovery filled with its share of challenges.

While I faced issues with networking, installation, and configuration, each hurdle taught me something new about cybersecurity and system monitoring.

As I continue to refine my setup and expand my knowledge, I’m excited to see how Wazuh can help me stay vigilant against potential threats in a network.