• Wazuh

Wazuh

Wazuh is an open-source security platform, unofficially supported by FreeBSD.

Currently, we provide the manager, agent, indexer, and dashboard.

Tasks

• ☑ Agent communication using TCP/1514.
• ☐ sysinfo:
  • ☑ getMemory
  • ☑ getCpuMHz
  • ☑ getSerialNumber
  • ☑ getCpuCores
  • ☑ getCpuName
  • ☑ getHardware
  • ☑ getPackages
  • ☑ getProcessesInfo
  • ☑ getOsInfo
  • ☑ getPorts
  • ☑ getPackages
  • ☐ getHotFixes
  • ☑ getGroups
  • ☑ getUsers
  • ☐ getServices
  • ☐ getBrowserExtensions
• ☐ goal: Official support for FreeBSD:

  • ☑ Create a wazuh-freebsd repository with all merged patches for each wazuh port.

• ☐ Use FreeBSD's inotify implementation instead of devel/libinotify.
• ☑ Fix SIGSEGV in wazuh-modulesd when starting after a new deployment.
• ☐ automation: Ansible roles.
• ☑ automation: cluster-mode infrastructure in Makejails.
• ☐ Vulnerability Detection:

  • Serpico is an alternative for FreeBSD users to implement vulnerability detection in Wazuh.

Notes

Indexer

1. We use Logstash because Wazuh requires Beats7, which is currently not available in the ports tree.

Vulnerability Detection

1. https://freebsdfoundation.org/blog/freebsd-ports-and-packages-security-project/

2. https://github.com/freebsd/pkg/pull/2558

3. https://github.com/freebsd/pkg/pull/2453

Automation

• AppJail:

  • wazuh-manager.

  • wazuh-agent.

  • wazuh-indexer.

  • wazuh-certs-tool.

  • wazuh-dashboard.