Port details |
- wazuh-indexer A highly scalable, full-text search and analytics engine
- 4.7.5 security =3 4.7.5Version of this port present on the latest quarterly branch.
- Maintainer: acm@FreeBSD.org
- Port Added: 2022-09-25 05:45:10
- Last Update: 2024-06-15 17:38:13
- Commit Hash: e9a4fa1
- People watching this port, also watch:: prestashop, courier-authlib-userdb, rubygem-fluent-plugin-file-alternative, nagios-check_hdd_health, pure-ftpd
- License: GPLv2
- WWW:
- https://wazuh.com/
- Description:
- Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.
- ¦ ¦ ¦ ¦
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- wazuh-indexer>0:security/wazuh-indexer
- To install the port:
- cd /usr/ports/security/wazuh-indexer/ && make install clean
- To add the package, run one of these commands:
- pkg install security/wazuh-indexer
- pkg install wazuh-indexer
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: wazuh-indexer
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1718434348
SHA256 (wazuh-4.7.5/wazuh-4.7.5-indexer.yml) = 15290a6e81026d970891d7e1805afe4a87420984893948b5dd7a65789d62f5c5
SIZE (wazuh-4.7.5/wazuh-4.7.5-indexer.yml) = 2216
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Runtime dependencies:
-
- opensearch : textproc/opensearch210
- There are no ports dependent upon this port
Configuration Options:
- No options to configure
- Options name:
- security_wazuh-indexer
- pkg-message:
- For install:
- Wazuh indexer components were installed
1) Wazuh indexer is based on opensearch project. This guide help you for adapt
wazuh configuration for it works on FreeBSD using apps are part of ports
tree.
2) Copy /usr/local/etc/wazuh-indexer/wazuh-indexer.yml to /usr/local/etc/opensearch/opensearch.yml
3) Edit /usr/local/etc/opensearch/opensearch.yml and changes options accord to your
setup. For example host, ssl, nodes options, etc. On this guide we will use
like host 10.0.0.10
4) If you want use a simple way to generate wazuh infrastructure certificates
you can use a simplified version of certificates generator script located at:
https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz
5) Wazuh needs opensearch-security features. Rename or copy samples files
into /usr/local/etc/opensearch/opensearch-security
# cd /usr/local/etc/opensearch/opensearch-security
# sh -c 'for i in $(ls *.sample ) ; do cp -p ${i} $(echo ${i} | sed "s|.sample||g") ; done'
6) You can define a custom admin password modifying internal_users.yml file into
/usr/local/etc/opensearch/opensearch-security/
admin:
hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
Hash password can be generated using opensearch-security hash script tool
# cd /usr/local/lib/opensearch/plugins/opensearch-security/tools/
# sh -c "OPENSEARCH_JAVA_HOME=/usr/local/openjdk11 ./hash.sh -p adminpass"
$2y$12$XaEXmp4kGQpd6t8kNH03quyvpHDQZh.nywLLp9.b0NF2DxGl8FpJK
7) Add OpenSearch to /etc/rc.conf
# sysrc opensearch_enable="YES"
8) Start OpenSearch
# service opensearch start
9) Finally you must initialize opensearch cluster
# cd /usr/local/lib/opensearch/plugins/opensearch-security/tools/
# sh -c "OPENSEARCH_JAVA_HOME=/usr/local/openjdk11 ./securityadmin.sh \
-cd /usr/local/etc/opensearch/opensearch-security/ -cacert /usr/local/etc/opensearch/certs/root-ca.pem \
-cert /usr/local/etc/opensearch/certs/admin.pem -key /usr/local/etc/opensearch/certs/admin-key.pem -h 10.0.0.10 -p 9200 -icl -nhnv"
10) You can look more useful information at the following link:
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
Take on mind wazuh arquitecture on FreeBSD is configurated not similar like
you can read at wazuh guide
11) Testing your server installation
# curl -k -u admin:adminpass https://10.0.0.10:9200
# curl -k -u admin:adminpass https://10.0.0.10:9200/_cat/nodes?v
12) Enjoy it
- Master Sites:
|
Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
4.7.5 15 Jun 2024 17:38:13 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.7.5
- Fix build/installation on aarch64
- Fix runtime issues on 14.x and 15.x because of openssl3 support [1]
PR: 279363
Reported by: girgen [1] |
4.7.4 11 May 2024 01:51:29 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.7.4
- Fix wazuh-agent segment fault (agent and manager) [1]
- Improve configuration files (agent and manager)
- Update py-pyarrow into cache file to 15.0.2 (manager)
- Update cache files used by wazuh-manager.
- Other minor modifications
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-7-4.html
Obtained from: https://github.com/wazuh/wazuh/issues/23154 [1] |
4.7.3 23 Mar 2024 22:22:45 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.7.3
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-7-3.html |
4.7.2 16 Jan 2024 04:57:46 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.7.2
- Install FreeBSD rules, decoders and SCA files by default
- Strip python binary and so files
- Add devel/libffi and databases/arrow to LIB_DEPENDS
- Update pkg-message files
- Othe minor modifications
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-7-2.html |
4.7.1 22 Dec 2023 17:57:24 |
Jose Alonso Cardenas Marquez (acm) |
securty/wazuh-*: Update to 4.7.1
- Remove support for 12.x (EoL)
- Change some config files to sample files
- Fix syscollector issue when network port is equal to *
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html |
4.7.0 16 Dec 2023 21:36:43 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh: Update to 4.7.0
- Fix ssl=openssl build [1]
- Fix permissions of backup/db directory. Now backup are generated without
problems
- Add support for get ports info
- Add support for get processes info
- Add a better way for get memory info
- Add new decoders and rules files (https://github.com/alonsobsd/wazuh-freebsd)
- Update FreeBSD sca files (https://github.com/alonsobsd/wazuh-freebsd)
- Minor changes to SysInfo::getPackages function
- Another minor modifications
PR: 275008
Reported by: franco _at_ opnsense.org [1] |
4.6.0 03 Nov 2023 18:47:31 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.6.0
- security/wazuh-manager: Deactivate CIS files. The are renamed to
yml.deprecated
- security/wazuh-agent: Don't install all CIS files
- Turn security.keys a sample file. It helps to avoid remove client.keys on
update
- Update pkg-message.in files
- Another minor modifications |
4.5.4 23 Oct 2023 23:02:07 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.5.4
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html |
4.5.3 19 Oct 2023 22:21:22 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.5.3
- security/wazuh-agent: Enable INOTIFY option by default. It enables Kevent
based real time monitoring. See some examples like use it at:
https://wazuh.com/blog/detecting-common-linux-persistence-techniques-with-wazuh/
- security/wazuh-manager: Add entries to pkg-message.in about FreeBSD SCA files
and FreeBSD decoders and rules files. I'll maintain update versions of these
files at https://github.com/alonsobsd/wazuh-freebsd
- security/wazuh-dashboard: Update project url to new one
- Othe minor modifications |
4.5.2 03 Oct 2023 05:27:34 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: update to 4.5.2
- wazuh-indexer and wazuh-dashboards now use 2.10.0 version of opensearch and
opensearch-dashboard
ChangeLog
at: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html |
4.5.0 18 Aug 2023 05:25:50 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.5.0
- wazuh-indexer and wazuh-dashboards now use 2.9.0 version of opensearch and
opensearch-dashboard
- Revert beats dependency to beats7 (filebeat) at security/wazuh-server. beats8
has some issues with filebeat (Take a look at PR/272701) |
4.4.4 21 Jun 2023 19:19:06 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.4.4
- Add python path files from lang/python39/files
- wazuh-indexer and wazuh-dashboards now use 2.8.0 version of opensearch and
opensearch-dashboard
- Update beats dependency to beats8 (filebeat) at security/wazuh-server |
4.4.3 30 May 2023 04:24:56 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.4.3
- Mark IGNORE on FreeBSD 12-aarch64
- Use makepatch to generate patch files
- Fix typo at wazuh-agent and wazuh-manager pkg-message files [1]
- Fix some linking issues when devel/libsysinfo is installed (using ports).
wazuh-manager compile/install a library with the same name like libsysinfo and
it is used by syscollector feature.
- wazuh-dashboard use opensearch-dashboards 2.7.0
- Some other modifications
ChangeLog at: https://github.com/wazuh/wazuh/releases
PR: 271376
Reported by: lambert _ at _ sanesecurityguy.com [1] |
4.4.1 17 Apr 2023 23:51:44 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: update to 4.4.1
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.4.1 |
4.4.0 31 Mar 2023 03:30:20 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.4.0
- security/wazuh-manager: Add support for aarch64
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.4.0 |
4.3.10_1 07 Dec 2022 00:32:57 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Make compatible with opensearch and dashboards 2.4.0
- Bump PORTREVISION |
4.3.10 18 Nov 2022 03:39:27 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: Update to 4.3.10
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.3.10 |
4.3.9 30 Oct 2022 21:37:32 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-*: update to 4.3.9
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.3.9 |
4.3.8 25 Sep 2022 05:42:07 |
Jose Alonso Cardenas Marquez (acm) |
security/wazuh-indexer: New port: A highly scalable, full-text search and
analytics engine
Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts. |