The FreeBSD Project

Wazuh on FreeBSD

Links:
Wazuh URL: https://www.wazuh.com/

Contact: José Alonso Cárdenas Márquez <acm@FreeBSD.org>

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.

The Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Wazuh features include full integration with Elastic Stack and OpenSearch, providing a search engine and data visualization tool through which users can navigate security alerts.

Wazuh porting to FreeBSD was started by Michael Muenz. His first Wazuh addition to the ports tree was security/wazuh-agent in September 2021. In July 2022, I took maintainership of this port and started porting other Wazuh components.

Currently, all Wazuh components are ported or adapted: security/wazuh-manager, security/wazuh-agent, security/wazuh-server, security/wazuh-indexer, and security/wazuh-dashboard.

On FreeBSD, security/wazuh-manager and security/wazuh-agent are compiled from Wazuh source code. security/wazuh-indexer is an adapted textproc/opensearch used for storing agents data. security/wazuh-server includes FreeBSD-oriented adaptions to configuration files. Runtime dependencies comprise security/wazuh-manager, sysutils/beats8 (filebeat), and sysutils/logstash8. security/wazuh-dashboard uses an adapted textproc/opensearch-dashboards and the wazuh-kibana-app plugin generated from wazuh-kibana-app source code for FreeBSD.

The main goal of this work is enhancing visibility of FreeBSD as a useful platform for information security or cybersecurity.

Additionally, you can easily test a Wazuh single-node infrastructure (All-in-one) using https://github.com/alonsobsd/wazuh-makejail or https://github.com/AppJail-makejails/wazuh from AppJail. AppJail is a good tool for managing jail containers from the command line.

People interested in helping with the project are welcome.

Current version: 4.4.4

TODO

Add Wazuh cluster-mode infrastructure makejail (Work in progress)
Add FreeBSD to platforms officially supported by Wazuh Inc; see https://github.com/wazuh/wazuh-kibana-app/pull/5413
Add FreeBSD SCA Policy (Work in progress)

Last modified on: July 16, 2023 by Graham Perrin