{WiP} Update the installation guide

javimed · javimed · commit 5bb74e27b603 · 2025-09-25T16:17:10.000-03:00
diff --git a/source/_templates/installations/filebeat/opensearch/configure_filebeat.rst b/source/_templates/installations/filebeat/opensearch/configure_filebeat.rst
@@ -1,18 +1,17 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
-#. ``hosts``: The list of Wazuh indexer nodes to connect to. You can use either IP addresses or hostnames. By default, the host is set to localhost ``hosts: ["127.0.0.1:9200"]``. Replace it with your Wazuh indexer address accordingly. 
-  
-    If you have more than one Wazuh indexer node, you can separate the addresses using commas. For example, ``hosts: ["10.0.0.1:9200", "10.0.0.2:9200", "10.0.0.3:9200"]`` 
+#. ``hosts``: The list of Wazuh indexer nodes to connect to. You can use either IP addresses or hostnames. By default, the host is set to localhost ``hosts: ["127.0.0.1:9200"]``. Replace your Wazuh indexer IP address accordingly.
 
-    .. code-block:: yaml
+   If you have more than one Wazuh indexer node, you can separate the addresses using commas. For example, ``hosts: ["10.0.0.1:9200", "10.0.0.2:9200", "10.0.0.3:9200"]``
+
+   .. code-block:: yaml
       :emphasize-lines: 3
 
-       # Wazuh - Filebeat configuration file
-       output.elasticsearch:
-       hosts: ["10.0.0.1:9200"]
-       protocol: https
-       username: ${username}
-       password: ${password}
-         
+      # Wazuh - Filebeat configuration file
+      output.elasticsearch:
+      hosts: ["10.0.0.1:9200"]
+      protocol: https
+      username: ${username}
+      password: ${password}
 
 .. End of include file
diff --git a/source/_templates/installations/filebeat/opensearch/copy_certificates_filebeat_wazuh_cluster.rst b/source/_templates/installations/filebeat/opensearch/copy_certificates_filebeat_wazuh_cluster.rst
@@ -2,16 +2,16 @@
 
 .. code-block:: console
 
-  # NODE_NAME=<SERVER_NODE_NAME>
+   # NODE_NAME=<SERVER_NODE_NAME>
 
 .. code-block:: console
-  
-  # mkdir /etc/filebeat/certs
-  # tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
-  # mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
-  # mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
-  # chmod 500 /etc/filebeat/certs
-  # chmod 400 /etc/filebeat/certs/*
-  # chown -R root:root /etc/filebeat/certs
-  
+
+   # mkdir /etc/filebeat/certs
+   # tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
+   # mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
+   # mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
+   # chmod 500 /etc/filebeat/certs
+   # chmod 400 /etc/filebeat/certs/*
+   # chown -R root:root /etc/filebeat/certs
+
 .. End of copy_certificates_filebeat_wazuh_cluster.rst
diff --git a/source/_templates/installations/manager/configure_indexer_connection.rst b/source/_templates/installations/manager/configure_indexer_connection.rst
@@ -23,7 +23,7 @@ By default, the indexer settings have one host configured. It's set to ``0.0.0.0
 
 - Ensure the Filebeat certificate and key name match the certificate files in ``/etc/filebeat/certs``.
 
-If you are running a cluster infrastructure, add a ``<host>`` entry for each one of your nodes. For example, in a two-node configuration:
+If you are running a Wazuh indexer cluster infrastructure, add a ``<host>`` entry for each one of your nodes. For example, in a two-node configuration:
 
 .. code-block:: xml
 
@@ -32,6 +32,6 @@ If you are running a cluster infrastructure, add a ``<host>`` entry for each one
      <host>https://10.0.0.2:9200</host>
    </hosts>
 
-Vulnerability detection prioritizes reporting to the first node in the list. It switches to the next node in case it is not available.
+The Wazuh server prioritizes reporting to the first Wazuh indexer node in the list. It switches to the next node in case it is not available.
 
 .. End of include file
diff --git a/source/_templates/installations/manager/configure_wazuh_worker_node.rst b/source/_templates/installations/manager/configure_wazuh_worker_node.rst
@@ -1,22 +1,22 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
-Configure the cluster node by editing the following settings in the ``/var/ossec/etc/ossec.conf`` file.
+Configure the cluster node by editing the following settings in the ``/var/ossec/etc/ossec.conf`` file and configure the necessary parameters:
 
 .. code-block:: xml
 
-  <cluster>
-      <name>wazuh</name>
-      <node_name>worker-node</node_name>
-      <node_type>worker</node_type>
-      <key>c98b62a9b6169ac5f67dae55ae4a9088</key>      
-      <port>1516</port>
-      <bind_addr>0.0.0.0</bind_addr>
-      <nodes>
-          <node><WAZUH_MASTER_ADDRESS></node>
-      </nodes>
-      <hidden>no</hidden>
-      <disabled>no</disabled>
-  </cluster>
+   <cluster>
+       <name>wazuh</name>
+       <node_name>worker-node</node_name>
+       <node_type>worker</node_type>
+       <key>c98b62a9b6169ac5f67dae55ae4a9088</key>
+       <port>1516</port>
+       <bind_addr>0.0.0.0</bind_addr>
+       <nodes>
+           <node><WAZUH_MASTER_ADDRESS></node>
+       </nodes>
+       <hidden>no</hidden>
+       <disabled>no</disabled>
+   </cluster>
 
 Parameters to be configured:
 
diff --git a/source/_templates/installations/manager/restart_wazuh_manager.rst b/source/_templates/installations/manager/restart_wazuh_manager.rst
@@ -2,20 +2,17 @@
 
 .. tabs::
 
+   .. group-tab:: Systemd
 
-  .. group-tab:: Systemd
+      .. code-block:: console
 
+         # systemctl restart wazuh-manager
 
-    .. code-block:: console
+   .. group-tab:: SysV init
 
-      # systemctl restart wazuh-manager
+      .. code-block:: console
 
-
-  .. group-tab:: SysV init
-
-    .. code-block:: console
-
-      # service wazuh-manager restart
+         # service wazuh-manager restart
 
 .. End of include file
 
diff --git a/source/installation-guide/wazuh-server/step-by-step.rst b/source/installation-guide/wazuh-server/step-by-step.rst
@@ -10,17 +10,15 @@ Install and configure the Wazuh server as a single-node or multi-node cluster fo
 
 The installation process is divided into two stages.
 
-#. Wazuh server node installation
-
-#. Cluster configuration for multi-node deployment
+#. `Wazuh server node installation`_
+#. `Cluster configuration for multi-node deployment`_
 
 .. note:: You need root user privileges to run all the commands described below.
 
-1. Wazuh server node installation
-----------------------------------
-.. raw:: html
+Wazuh server node installation
+------------------------------
 
-  <div class="accordion-section open">
+Follow these steps to install a single-node or multi-node cluster Wazuh server.
 
 Adding the Wazuh repository
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -102,52 +100,53 @@ Installing Filebeat
 Configuring Filebeat
 ^^^^^^^^^^^^^^^^^^^^
 
-  #. Download the preconfigured Filebeat configuration file.
+#. Download the preconfigured Filebeat configuration file.
 
-      .. code-block:: console
+   .. code-block:: console
 
-        # curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/tpl/wazuh/filebeat/filebeat.yml
+      # curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/tpl/wazuh/filebeat/filebeat.yml
 
 
-  #. Edit the ``/etc/filebeat/filebeat.yml`` configuration file and replace the following value:
+#. Edit the ``/etc/filebeat/filebeat.yml`` configuration file and replace the following value:
 
-     .. include:: /_templates/installations/filebeat/opensearch/configure_filebeat.rst
+   .. include:: /_templates/installations/filebeat/opensearch/configure_filebeat.rst
 
-  #. Create a Filebeat keystore to securely store authentication credentials.
+#. Create a Filebeat keystore to securely store authentication credentials.
 
-      .. code-block:: console
+   .. code-block:: console
 
-        # filebeat keystore create
+      # filebeat keystore create
 
-  #. Add the default username and password ``admin``:``admin`` to the secrets keystore.
+#. Add the default username and password ``admin``:``admin`` to the secrets keystore.
 
-      .. code-block:: console
+   .. code-block:: console
 
-        # echo admin | filebeat keystore add username --stdin --force
-        # echo admin | filebeat keystore add password --stdin --force
+      # echo admin | filebeat keystore add username --stdin --force
+      # echo admin | filebeat keystore add password --stdin --force
 
-  #. Download the alerts template for the Wazuh indexer.
+#. Download the alerts template for the Wazuh indexer.
 
-     .. code-block:: console
+   .. code-block:: console
 
-        # curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v|WAZUH_CURRENT|/extensions/elasticsearch/7.x/wazuh-template.json
-        # chmod go+r /etc/filebeat/wazuh-template.json
+      # curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v|WAZUH_CURRENT|/extensions/elasticsearch/7.x/wazuh-template.json
+      # chmod go+r /etc/filebeat/wazuh-template.json
 
-  #. Install the Wazuh module for Filebeat.
+#. Install the Wazuh module for Filebeat.
 
-      .. code-block:: console
+   .. code-block:: console
 
-        # curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
+      # curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
 
 Deploying certificates
 ^^^^^^^^^^^^^^^^^^^^^^
 
-  .. note::
-    Make sure that a copy of the ``wazuh-certificates.tar`` file, created during the initial configuration step, is placed in your working directory.
+.. note::
+
+   Make sure that a copy of the ``wazuh-certificates.tar`` file, created during the initial configuration step, is placed in your working directory.
 
-  #. Replace ``<SERVER_NODE_NAME>`` with your Wazuh server node certificate name, the same one used in ``config.yml`` when creating the certificates. Then, move the certificates to their corresponding location.
+#. Replace ``<SERVER_NODE_NAME>`` with your Wazuh server node certificate name, the same one used in ``config.yml`` when creating the certificates. Then, move the certificates to their corresponding location.
 
-      .. include:: /_templates/installations/filebeat/opensearch/copy_certificates_filebeat_wazuh_cluster.rst
+   .. include:: /_templates/installations/filebeat/opensearch/copy_certificates_filebeat_wazuh_cluster.rst
 
 Configuring the Wazuh indexer connection
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -156,7 +155,7 @@ Configuring the Wazuh indexer connection
 
    You can skip this step if you are not going to use the vulnerability detection capability.
 
-#. Save the Wazuh indexer username and password into the Wazuh manager keystore using the wazuh-keystore tool:
+#. Save the Wazuh indexer username and password into the Wazuh manager keystore using the wazuh-keystore tool. Replace ``<WAZUH_INDEXER_USERNAME>`` and ``<WAZUH_INDEXER_PASSWORD>`` with the Wazuh indexer username and password:
 
    .. code-block:: console
 
@@ -185,36 +184,35 @@ Starting the Wazuh manager
 Starting the Filebeat service
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-  #. Enable and start the Filebeat service.
-
-      .. include:: /_templates/installations/filebeat/common/enable_filebeat.rst
+#. Enable and start the Filebeat service.
 
-  #. Run the following command to verify that Filebeat is successfully installed.
+   .. include:: /_templates/installations/filebeat/common/enable_filebeat.rst
 
-     .. code-block:: console
+#. Run the following command to verify that Filebeat is successfully installed.
 
-        # filebeat test output
+   .. code-block:: console
 
-     Expand the output to see an example response.
+      # filebeat test output
 
-     .. code-block:: none
-          :class: output accordion-output
+   Expand the output to see an example response.
 
-          elasticsearch: https://127.0.0.1:9200...
-            parse url... OK
-            connection...
-              parse host... OK
-              dns lookup... OK
-              addresses: 127.0.0.1
-              dial up... OK
-            TLS...
-              security: server's certificate chain verification is enabled
-              handshake... OK
-              TLS version: TLSv1.3
-              dial up... OK
-            talk to server... OK
-            version: 7.10.2
+   .. code-block:: none
+      :class: output accordion-output
 
+      elasticsearch: https://127.0.0.1:9200...
+        parse url... OK
+        connection...
+          parse host... OK
+          dns lookup... OK
+          addresses: 127.0.0.1
+          dial up... OK
+        TLS...
+          security: server's certificate chain verification is enabled
+          handshake... OK
+          TLS version: TLSv1.3
+          dial up... OK
+        talk to server... OK
+        version: 7.10.2
 
 Your Wazuh server node is now successfully installed. Repeat this stage of the installation process for every Wazuh server node in your Wazuh cluster, then proceed with configuring the Wazuh cluster. If you want a Wazuh server single-node cluster, everything is set and you can proceed directly with :doc:`../wazuh-dashboard/step-by-step`.
 
@@ -223,11 +221,8 @@ Disable Wazuh updates
 
 .. include:: /_templates/installations/disable-wazuh-updates.rst
 
-2. Cluster configuration for multi-node deployment
---------------------------------------------------
-.. raw:: html
-
-  <div class="accordion-section">
+Cluster configuration for multi-node deployment
+-----------------------------------------------
 
 After completing the installation of the Wazuh server on every node, you need to configure one server node only as the master and the rest as workers.
 
@@ -236,33 +231,33 @@ After completing the installation of the Wazuh server on every node, you need to
 Configuring the Wazuh server master node
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-  #. Edit the following settings in the ``/var/ossec/etc/ossec.conf`` configuration file.
+#. Edit the following settings in the ``/var/ossec/etc/ossec.conf`` file and configure the necessary parameters:
 
-      .. include:: /_templates/installations/manager/configure_wazuh_master_node.rst
+   .. include:: /_templates/installations/manager/configure_wazuh_master_node.rst
 
-  #. Restart the Wazuh manager.
+#. Restart the Wazuh manager.
 
-      .. include:: /_templates/installations/manager/restart_wazuh_manager.rst
+   .. include:: /_templates/installations/manager/restart_wazuh_manager.rst
 
 .. _wazuh_server_worker_nodes:
 
 Configuring the Wazuh server worker nodes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-  #. .. include:: /_templates/installations/manager/configure_wazuh_worker_node.rst
+#. .. include:: /_templates/installations/manager/configure_wazuh_worker_node.rst
 
-  #. Restart the Wazuh manager.
+#. Restart the Wazuh manager.
 
-      .. include:: /_templates/installations/manager/restart_wazuh_manager.rst
+   .. include:: /_templates/installations/manager/restart_wazuh_manager.rst
 
   Repeat these configuration steps for every Wazuh server worker node in your cluster.
 
 Testing Wazuh server cluster
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-To verify that the Wazuh cluster is enabled and all the nodes are connected, execute the following command:
+Run the following command to verify that the Wazuh cluster is enabled and all the nodes are connected:
 
-  .. code-block:: console
+.. code-block:: console
 
     # /var/ossec/bin/cluster_control -l
 
