Port details |
- wazuh-indexer A highly scalable, full-text search and analytics engine
- 4.3.10_1 security
=1 Version of this port present on the latest quarterly branch. - Maintainer: acm@FreeBSD.org
 - Port Added: 2022-09-25 05:45:10
- Last Update: 2022-12-07 00:32:57
- Commit Hash: 766fd9d
- People watching this port, also watch:: zrep
- License: GPLv2
- Description:
- Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.
¦ ¦ ¦ ¦ 
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- wazuh-indexer>0:security/wazuh-indexer
- To install the port:
- cd /usr/ports/security/wazuh-indexer/ && make install clean
- To add the package, run one of these commands:
- pkg install security/wazuh-indexer
- pkg install wazuh-indexer
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: wazuh-indexer
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1668734637
SHA256 (wazuh-4.3.10/wazuh-indexer.yml) = f6bc1d4de01742268ca42ef285896c31b7a31fb82f0c9f13de32d383fa3669e0
SIZE (wazuh-4.3.10/wazuh-indexer.yml) = 2123
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Runtime dependencies:
-
- opensearch : textproc/opensearch
- There are no ports dependent upon this port
Configuration Options:
- No options to configure
- Options name:
- security_wazuh-indexer
- pkg-message:
- For install:
- Wazuh indexer components were installed
1) Wazuh indexer is based on opensearch project. This guide help you for adapt
wazuh configuration for it works on FreeBSD using apps are part of ports
tree.
2) Copy /usr/local/etc/wazuh-indexer/wazuh-indexer.yml to /usr/local/etc/opensearch/opensearch.yml
3) Edit /usr/local/etc/opensearch/opensearch.yml and changes options accord to your
setup. For example host, ssl, nodes options, etc. On this guide we will use
like host 10.0.0.10
4) If you want use a simple way to generate wazuh infrastructure certificates
you can use a simplified version of certificates generator script located at:
https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz
5) Wazuh needs opensearch-security features. Rename or copy samples files
into /usr/local/etc/opensearch/opensearch-security
# cd /usr/local/etc/opensearch/opensearch-security
# sh -c 'for i in $(ls *.sample ) ; do cp -p ${i} $(echo ${i} | sed "s|.sample||g") ; done'
6) You can define a custom admin password modifying internal_users.yml file into
/usr/local/etc/opensearch/opensearch-security/
admin:
hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
Hash password can be generated using opensearch-security hash script tool
# cd /usr/local/lib/opensearch/plugins/opensearch-security/tools/
# sh -c "OPENSEARCH_JAVA_HOME=/usr/local/openjdk11 ./hash.sh -p adminpass"
$2y$12$XaEXmp4kGQpd6t8kNH03quyvpHDQZh.nywLLp9.b0NF2DxGl8FpJK
7) Add OpenSearch to /etc/rc.conf
# sysrc opensearch_enable="YES"
8) Start OpenSearch
# service opensearch start
9) Finally you must initialize opensearch cluster
# cd /usr/local/lib/opensearch/plugins/opensearch-security/tools/
# sh -c "OPENSEARCH_JAVA_HOME=/usr/local/openjdk11 ./securityadmin.sh \
-cd /usr/local/etc/opensearch/opensearch-security/ -cacert /usr/local/etc/opensearch/certs/root-ca.pem \
-cert /usr/local/etc/opensearch/certs/admin.pem -key /usr/local/etc/opensearch/certs/admin-key.pem -h 10.0.0.10 -p 9200 -icl -nhnv"
10) You can look more useful information at the following link:
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
Take on mind wazuh arquitecture on FreeBSD is configurated not similar like
you can read at wazuh guide
11) Testing your server installation
# curl -k -u admin:adminpass https://10.0.0.10:9200
# curl -k -u admin:adminpass https://10.0.0.10:9200/_cat/nodes?v
12) Enjoy it
- WWW: https://wazuh.com/
- Master Sites:
|
Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
4.3.10_1 07 Dec 2022 00:32:57
    |
Jose Alonso Cardenas Marquez (acm)  |
security/wazuh-*: Make compatible with opensearch and dashboards 2.4.0
- Bump PORTREVISION |
4.3.10 18 Nov 2022 03:39:27
    |
Jose Alonso Cardenas Marquez (acm)  |
security/wazuh-*: Update to 4.3.10
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.3.10 |
4.3.9 30 Oct 2022 21:37:32
    |
Jose Alonso Cardenas Marquez (acm)  |
security/wazuh-*: update to 4.3.9
ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.3.9 |
4.3.8 25 Sep 2022 05:42:07
    |
Jose Alonso Cardenas Marquez (acm)  |
security/wazuh-indexer: New port: A highly scalable, full-text search and
analytics engine
Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts. |