Wazuh on FreeBSD
Links:
Wazuh URL: https://www.wazuh.com/
Contact: José Alonso Cárdenas Márquez <acm@FreeBSD.org>
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the Elastic Stack or OpenSearch Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts.
After a long break, ports has been updated to include Wazuh version 4.9.2. This version of Wazuh uses Python 3.11 instead of 3.10, and it includes some new features:
-
support to get ports info,
-
support to get processes info,
-
improved memory info,
-
FreeBSD decoder and rule files, and
-
FreeBSD Security Configuration Assessment files for 13.x, 14.x and 15-CURRENT.
Also, FreeBSD ports include a custom version of wazuh-dashboard-plugins for a better integration with FreeBSD.
Wazuh can easily be installed in a jail by following the Wazuh AppJail-Makejails tutorial.
Anyone interested in helping with the project or interested in aarch64 device donation for testing/packaging is welcome.
Current version: 4.9.2
TODO
-
Add Wazuh cluster-mode infrastructure AppJail makejails
-
Add vulnerability detection support to FreeBSD Wazuh agent
-
Add FreeBSD as officially supported platform by Wazuh Inc
-
Update FreeBSD SCA Policies to new FreeBSD CIS Benchmark
Last modified on: January 9, 2025 by José Alonso Cárdenas Márquez