Date: Sun, 25 Sep 2022 05:42:16 GMT From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 8c9cf931f27f - main - security/wazuh-indexer: New port: A highly scalable, full-text search and analytics engine Message-ID: <202209250542.28P5gGFH023529@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by acm: URL: https://cgit.FreeBSD.org/ports/commit/?id=8c9cf931f27fd827b57e6c3e5e438542a9cd72bf commit 8c9cf931f27fd827b57e6c3e5e438542a9cd72bf Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> AuthorDate: 2022-09-25 05:40:47 +0000 Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> CommitDate: 2022-09-25 05:42:07 +0000 security/wazuh-indexer: New port: A highly scalable, full-text search and analytics engine Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts. --- security/Makefile | 1 + security/wazuh-indexer/Makefile | 33 ++++++++++++++ security/wazuh-indexer/distinfo | 3 ++ security/wazuh-indexer/files/pkg-message.in | 69 +++++++++++++++++++++++++++++ security/wazuh-indexer/pkg-descr | 9 ++++ 5 files changed, 115 insertions(+) diff --git a/security/Makefile b/security/Makefile index 35caf7d9f56e..077cac0c38a7 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1277,6 +1277,7 @@ SUBDIR += vxquery SUBDIR += wapiti SUBDIR += wazuh-agent + SUBDIR += wazuh-indexer SUBDIR += wazuh-manager SUBDIR += webfwlog SUBDIR += weggli diff --git a/security/wazuh-indexer/Makefile b/security/wazuh-indexer/Makefile new file mode 100644 index 000000000000..7ebb9bcf199f --- /dev/null +++ b/security/wazuh-indexer/Makefile @@ -0,0 +1,33 @@ +PORTNAME= wazuh +PORTVERSION= 4.3.8 +CATEGORIES= security +MASTER_SITES= LOCAL/acm/${PORTNAME}/ +PKGNAMESUFFIX= -indexer +DISTFILES= ${PORTNAME}${PKGNAMESUFFIX}.yml +DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} + +MAINTAINER= acm@FreeBSD.org +COMMENT= A highly scalable, full-text search and analytics engine +WWW= https://wazuh.com/ + +LICENSE= GPLv2 + +RUN_DEPENDS= ${LOCALBASE}/lib/opensearch/bin/opensearch:textproc/opensearch + +NO_BUILD= yes + +PLIST_FILES= etc/wazuh-indexer/wazuh-indexer.yml + +SUB_FILES= pkg-message + +ETCDIR= ${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX} + +do-extract: + @${MKDIR} ${WRKSRC} + ${CP} ${_DISTDIR}/wazuh-indexer.yml ${WRKSRC} + +do-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/wazuh-indexer + ${INSTALL_DATA} ${WRKSRC}/wazuh-indexer.yml ${STAGEDIR}${PREFIX}/etc/wazuh-indexer/ + +.include <bsd.port.mk> diff --git a/security/wazuh-indexer/distinfo b/security/wazuh-indexer/distinfo new file mode 100644 index 000000000000..cb09fde899d7 --- /dev/null +++ b/security/wazuh-indexer/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1663822747 +SHA256 (wazuh-4.3.8/wazuh-indexer.yml) = f6bc1d4de01742268ca42ef285896c31b7a31fb82f0c9f13de32d383fa3669e0 +SIZE (wazuh-4.3.8/wazuh-indexer.yml) = 2123 diff --git a/security/wazuh-indexer/files/pkg-message.in b/security/wazuh-indexer/files/pkg-message.in new file mode 100644 index 000000000000..156f632b9b72 --- /dev/null +++ b/security/wazuh-indexer/files/pkg-message.in @@ -0,0 +1,69 @@ +[ +{ type: install + message: <<EOM +Wazuh indexer components were installed + +1) Wazuh indexer is based on opensearch project. This guide help you for adapt + wazuh configuration for it works on FreeBSD using apps are part of ports + tree. + +2) Copy %%PREFIX%%/etc/wazuh-indexer/wazuh-indexer.yml to %%PREFIX%%/etc/opensearch/opensearch.yml + +3) Edit %%PREFIX%%/etc/opensearch/opensearch.yml and changes options accord to your + setup. For example host, ssl, nodes options, etc. On this guide we will use + like host 10.0.0.10 + +4) If you want use a simple way to generate wazuh infrastructure certificates + you can use a simplified version of certificates generator script located at: + + https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz + +5) Wazuh needs opensearch-security features. Rename or copy samples files + into %%PREFIX%%/etc/opensearch/opensearch-security + + # cd %%PREFIX%%/etc/opensearch/opensearch-security + # sh -c 'for i in $(ls *.sample ) ; do cp -p ${i} $(echo ${i} | sed "s|.sample||g") ; done' + +6) You can define a custom admin password modifying internal_users.yml file into + %%PREFIX%%/etc/opensearch/opensearch-security/ + + admin: + hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" + + Hash password can be generated using opensearch-security hash script tool + + # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/ + # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./hash.sh -p adminpass" + $2y$12$XaEXmp4kGQpd6t8kNH03quyvpHDQZh.nywLLp9.b0NF2DxGl8FpJK + +7) Add OpenSearch to /etc/rc.conf + + # sysrc opensearch_enable="YES" + +8) Start OpenSearch + + # service opensearch start + +9) Finally you must initialize opensearch cluster + + # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/ + # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./securityadmin.sh \ + -cd %%PREFIX%%/etc/opensearch/opensearch-security/ -cacert %%PREFIX%%/etc/opensearch/certs/root-ca.pem \ + -cert %%PREFIX%%/etc/opensearch/certs/admin.pem -key %%PREFIX%%/etc/opensearch/certs/admin-key.pem -h 10.0.0.10 -p 9200 -icl -nhnv" + +10) You can look more useful information at the following link: + + https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html + + Take on mind wazuh arquitecture on FreeBSD is configurated not similar like + you can read at wazuh guide + +11) Testing your server installation + + # curl -k -u admin:adminpass https://10.0.0.10:9200 + # curl -k -u admin:adminpass https://10.0.0.10:9200/_cat/nodes?v + +12) Enjoy it +EOM +} +] diff --git a/security/wazuh-indexer/pkg-descr b/security/wazuh-indexer/pkg-descr new file mode 100644 index 000000000000..4486bd750b8c --- /dev/null +++ b/security/wazuh-indexer/pkg-descr @@ -0,0 +1,9 @@ +Wazuh is a free and open source platform used for threat prevention, detection, +and response. It is capable of protecting workloads across on-premises, +virtualized, containerized, and cloud-based environments. + +Wazuh solution consists of an endpoint security agent, deployed to the +monitored systems, and a management server, which collects and analyzes data +gathered by the agents. Besides, Wazuh has been fully integrated with the +Elastic Stack, providing a search engine and data visualization tool that +allows users to navigate through their security alerts.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202209250542.28P5gGFH023529>