| Port details on branch 2023Q4 |
- wazuh-server Components for analyze the data received from the agents
- 4.5.4 security
 =0      4.5.4Version of this port present on the latest quarterly branch. - Maintainer: acm@FreeBSD.org
- Port Added: 2023-10-23 19:18:05
- Last Update: 2023-10-23 23:03:19
- Commit Hash: b725c06
- License: GPLv2
- WWW:
- https://wazuh.com/
- Description:
- Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- wazuh-server>0:security/wazuh-server
- To install the port:
- cd /usr/ports/security/wazuh-server/ && make install clean
- To add the package, run one of these commands:
- pkg install security/wazuh-server
- pkg install wazuh-server
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: wazuh-server
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1698093501
SHA256 (wazuh-4.5.4/filebeat.yml) = bbcf6fe806a32b505b0848386d71684868be85965bfb91b117dff15c9de7c247
SIZE (wazuh-4.5.4/filebeat.yml) = 1120
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Runtime dependencies:
-
- filebeat : sysutils/beats7
- logstash : sysutils/logstash8
- wazuh-control : security/wazuh-manager
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for wazuh-server-4.5.4:
FILEBEAT=on: Install filebeat component
LOGSTASH=on: Install logstash component
WAZUH-MANAGER=on: Install wazuh manager component
===> Use 'make config' to modify these settings
- Options name:
- security_wazuh-server
- USES:
- dos2unix
- pkg-message:
- For install:
- Wazuh server components were installed
1) Wazuh server componenets are based on Wazuh manager and Filebeat projects.
This guide help you to adapt wazuh configuration for it works on FreeBSD
using apps are part of ports tree. We are using an alternative way to
configure wazuh server components on FreeBSD. It is necessary configure
logstash between filebeat and opensearch because FreeBSD does not include
versions lesser or equal to 7.16.x of Filebeat into ports tree.
2) Do not forget take a look to wazuh-manager post install message to configure
the wazuh-server component.
# pkg info -D -x wazuh-manager | less
3) Copy /usr/local/etc/wazuh-server/filebeat.yml to /usr/local/etc/beats/
directory
4) Copy /usr/local/etc/wazuh-server/logstash.yml and /usr/local/etc/wazuh-server/wazuh-template.json
files to /usr/local/etc/logstash/ directory
5) You can use my own version of wazuh certificates generator for generate
root, admin, indexer, server and dashboard certificates used by wazuh
components.
https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz
6) Edit filebeat.yml and logstash.yml files and changes options accord to your
setup. For example host, ssl, filter, etc. Sample files can give you a good
guide about that.
7) Install logstash-output-opensearch plugin
# cd /usr/local/logstash/bin
# sh -c "JAVA_HOME=/usr/local/openjdk11 ./logstash-plugin install logstash-output-opensearch"
8) Check if logstash-output-opensearch plugin was installed
# sh -c "JAVA_HOME=/usr/local/openjdk11 ./logstash-plugin list | grep logstash-output-opensearch"
9) Add Filebeat and Logstash to /etc/rc.conf
# sysrc filebeat_enable="YES"
# sysrc logstash_enable="YES"
10) Start Filebeat and Logstash services
# service filebeat start
# service logstash start
11) You can look more useful information at the following link:
https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html
Take on mind wazuh arquitecture on FreeBSD is configurated not similar like
you can read at wazuh guide. Some times you could decided configure logstash
on another host. If it is your case you must adapt some points in this guide.
12) Enjoy it
- Master Sites:
- There is no master site for this port.
|
As an Amazon Associate I earn from qualifying purchases.
