Skip to content

Instantly share code, notes, and snippets.

@swarupsro

swarupsro/wazuh_uninstall.sh

Last active June 12, 2025 11:03
Show Gist options
  • Save swarupsro/d23c0def23148cb75e879ff4e012da25 to your computer and use it in GitHub Desktop.
Save swarupsro/d23c0def23148cb75e879ff4e012da25 to your computer and use it in GitHub Desktop.
Download ZIP
Complete Wazuh Uninstallation Script
Raw
wazuh_uninstall.sh
#!/bin/bash
echo "[*] Stopping Wazuh-related services..."
sudo systemctl stop wazuh-manager wazuh-indexer filebeat wazuh-dashboard
echo "[*] Disabling services..."
sudo systemctl disable wazuh-manager wazuh-indexer filebeat wazuh-dashboard
echo "[*] Purging installed packages..."
sudo apt purge --yes wazuh-manager wazuh-indexer wazuh-dashboard filebeat
echo "[*] Removing systemd service files (if any)..."
sudo rm -f /etc/systemd/system/wazuh-manager.service
sudo rm -f /etc/systemd/system/wazuh-indexer.service
sudo rm -f /etc/systemd/system/wazuh-dashboard.service
sudo rm -f /etc/systemd/system/filebeat.service
echo "[*] Removing configuration, log, data, and certificate directories..."
sudo rm -rf \
/var/ossec \
/var/lib/filebeat \
/var/lib/wazuh-indexer \
/var/lib/elasticsearch \
/var/log/filebeat \
/var/log/wazuh* \
/var/log/elasticsearch \
/etc/filebeat \
/etc/wazuh* \
/etc/elasticsearch \
/etc/default/filebeat \
/usr/share/filebeat \
/usr/share/wazuh* \
/usr/share/elasticsearch \
/etc/systemd/system/multi-user.target.wants/wazuh-manager.service \
/etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service
echo "[*] Removing users if they exist..."
sudo userdel -r wazuh 2>/dev/null
sudo userdel -r filebeat 2>/dev/null
sudo userdel -r kibana 2>/dev/null
sudo userdel -r elasticsearch 2>/dev/null
echo "[*] Cleaning up APT..."
sudo apt autoremove --yes --purge
sudo apt clean
echo "[✔] Wazuh and all related components have been completely removed from the system."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment