🔭 Installing Wazuh on macOS Apple Silicon with Orbstack Linux Machines Virtualizing Ubuntu 22.04 LTS Server (Intel CPU)

As a Mac user with an Apple Silicon processor, you might face challenges when performing research or installing software that only supports Intel architecture. Wazuh, an open-source platform that integrates SIEM, HIDS, and compliance, is one such tool that often targets Intel-based systems.

One solution to this limitation is using Orbstack, a lightweight virtualization platform for macOS that supports Linux machines. With Orbstack, you can run Ubuntu 22.04 LTS Server with an Intel CPU on your Mac with Apple Silicon, allowing you to install and run Wazuh smoothly.

Prerequisites

Before starting, ensure the following requirements are met:

1. Mac with Apple Silicon – Ensure you have a Mac with an Apple Silicon processor.

2. Orbstack – Install Orbstack from the official Orbstack website.

(getButton) #text=(OrbStack v1.7.5 arm64) #icon=(demo) (getButton) #text=(OrbStack v1.7.5 arm64) #file=(Size: 408MB) #icon=(download) #size=(1) #color=(#1bc517) #info=(Download)

3. Stable Internet Connection – Required for downloading additional packages during installation.

Step 1: Install and Download Orbstack

1. Download Orbstack from the official website and install it on your Mac.

Step 2: Setting Up Ubuntu with Orbstack Linux Machines

1. Open Orbstack and use the Linux Machines feature.

2. In the top right corner, click the + logo to add a new machine.

3. Name your machine and set the following:

   - Distribution: Ubuntu

   - Version: Ubuntu 22.04 LTS (Jammy Jellyfish)

   - CPU: Intel

4. Click Create and wait a few minutes while Orbstack sets up the virtual machine for you. Once completed, your Intel-based Ubuntu VM will be ready for Wazuh installation.

Step 3: Install Wazuh

To install Wazuh, run the following command in your Ubuntu VM terminal:

curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a(code-box)

Step 4: Access the Wazuh Dashboard

Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.

INFO: --- Summary ---

INFO: You can access the web interface https://<wazuh-dashboard-ip>

    User: admin

    Password: <ADMIN_PASSWORD>

INFO: Installation finished.(code-box)

You now have installed and configured Wazuh.

Access the Wazuh web interface with https://<wazuh-dashboard-ip> and your credentials:

Username: admin

Password: <ADMIN_PASSWORD>(code-box)

When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.

You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt(code-box)

With just a few steps, you're all set up! Wazuh is now running on your Mac using Orbstack and Ubuntu 22.04 with an Intel CPU, making the whole process efficient and compatible with Apple Silicon. Happy monitoring! 😇

If you're confused or encounter any issues following these steps, you can check out the step-by-step video on YouTube here :

Feel free to reach out to me via email or connect with me on other social media platforms if you need further assistance! 😊