2. Hardening and breaking everything

9.28.2025

I did some basic hardening of this new desktop server by enabling UFW with basic rules, Fail2Ban, and installed OpenSSH to connect to it from my main Win11 laptop.

I then proceeded to attempt the installation of Wazuh using Docker.

Installing Docker Desktop seemed pretty straightforward, but I made the mistake of trying to use Linux' GUI to install it instead of through apt. Linux people really don't like GUIs. I think I ended up using apt to download snap and then was able to finally double click the installation file. …wait a second, so I just downloaded a downloader to download an installer that will host an installer..??

Anyways, I got Docker Desktop working, went through the tutorial and got my first hello-world Docker container going, yay!

Now to install Wazuh using Docker Compose.

I followed the instructions on Wazuh's website on how to install the single node setup using Linux and Docker. Most of the instructions were pretty straightforward and I was able to get the dashboard working and was able to login using the default credentials. Great, the dashboard is already up and running!

But Default credentials — those two words sent my security senses tingling.

Even if it's my private homelab, it doesn't matter — best practice dictates that I need to immediately change default credentials. It's time to form good habits. I don't want to one day be setting up a public facing product and accidentally forget to change default creds. I'm in security and this is security 101.

Before continuing any further, I had to figure out how to change the defaults.

Well, in the process of changing the default creds I didn't read carefully and the documentation clearly states to only change one account at a time. I changed both at the same time AND I didn't log out before changing them.

I ended up totally locking myself out of my own Wazuh Docker stack 🤦

I spent hours troubleshooting and managed to fix the credentials, but now there was another problem. When I tried restarting the Docker stack using Docker Compose, I kept getting an error saying that the ports were already being used.

I felt pretty defeated, overwhelmed and confused. I thought, I'm not cut out for this stuff. I decided to take a break for a while and come back with some fresh ideas.

Security is hard.

← Blog
© 2025 A project by Luke Jacobson