git: 8c9cf931f27f - main - security/wazuh-indexer: New port: A highly scalable, full-text search and analytics engine
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 25 Sep 2022 05:42:16 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8c9cf931f27fd827b57e6c3e5e438542a9cd72bf
commit 8c9cf931f27fd827b57e6c3e5e438542a9cd72bf
Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2022-09-25 05:40:47 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2022-09-25 05:42:07 +0000
security/wazuh-indexer: New port: A highly scalable, full-text search and analytics engine
Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.
Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.
---
security/Makefile | 1 +
security/wazuh-indexer/Makefile | 33 ++++++++++++++
security/wazuh-indexer/distinfo | 3 ++
security/wazuh-indexer/files/pkg-message.in | 69 +++++++++++++++++++++++++++++
security/wazuh-indexer/pkg-descr | 9 ++++
5 files changed, 115 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 35caf7d9f56e..077cac0c38a7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1277,6 +1277,7 @@
SUBDIR += vxquery
SUBDIR += wapiti
SUBDIR += wazuh-agent
+ SUBDIR += wazuh-indexer
SUBDIR += wazuh-manager
SUBDIR += webfwlog
SUBDIR += weggli
diff --git a/security/wazuh-indexer/Makefile b/security/wazuh-indexer/Makefile
new file mode 100644
index 000000000000..7ebb9bcf199f
--- /dev/null
+++ b/security/wazuh-indexer/Makefile
@@ -0,0 +1,33 @@
+PORTNAME= wazuh
+PORTVERSION= 4.3.8
+CATEGORIES= security
+MASTER_SITES= LOCAL/acm/${PORTNAME}/
+PKGNAMESUFFIX= -indexer
+DISTFILES= ${PORTNAME}${PKGNAMESUFFIX}.yml
+DIST_SUBDIR= ${PORTNAME}-${DISTVERSION}
+
+MAINTAINER= acm@FreeBSD.org
+COMMENT= A highly scalable, full-text search and analytics engine
+WWW= https://wazuh.com/
+
+LICENSE= GPLv2
+
+RUN_DEPENDS= ${LOCALBASE}/lib/opensearch/bin/opensearch:textproc/opensearch
+
+NO_BUILD= yes
+
+PLIST_FILES= etc/wazuh-indexer/wazuh-indexer.yml
+
+SUB_FILES= pkg-message
+
+ETCDIR= ${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX}
+
+do-extract:
+ @${MKDIR} ${WRKSRC}
+ ${CP} ${_DISTDIR}/wazuh-indexer.yml ${WRKSRC}
+
+do-install:
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/wazuh-indexer
+ ${INSTALL_DATA} ${WRKSRC}/wazuh-indexer.yml ${STAGEDIR}${PREFIX}/etc/wazuh-indexer/
+
+.include <bsd.port.mk>
diff --git a/security/wazuh-indexer/distinfo b/security/wazuh-indexer/distinfo
new file mode 100644
index 000000000000..cb09fde899d7
--- /dev/null
+++ b/security/wazuh-indexer/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1663822747
+SHA256 (wazuh-4.3.8/wazuh-indexer.yml) = f6bc1d4de01742268ca42ef285896c31b7a31fb82f0c9f13de32d383fa3669e0
+SIZE (wazuh-4.3.8/wazuh-indexer.yml) = 2123
diff --git a/security/wazuh-indexer/files/pkg-message.in b/security/wazuh-indexer/files/pkg-message.in
new file mode 100644
index 000000000000..156f632b9b72
--- /dev/null
+++ b/security/wazuh-indexer/files/pkg-message.in
@@ -0,0 +1,69 @@
+[
+{ type: install
+ message: <<EOM
+Wazuh indexer components were installed
+
+1) Wazuh indexer is based on opensearch project. This guide help you for adapt
+ wazuh configuration for it works on FreeBSD using apps are part of ports
+ tree.
+
+2) Copy %%PREFIX%%/etc/wazuh-indexer/wazuh-indexer.yml to %%PREFIX%%/etc/opensearch/opensearch.yml
+
+3) Edit %%PREFIX%%/etc/opensearch/opensearch.yml and changes options accord to your
+ setup. For example host, ssl, nodes options, etc. On this guide we will use
+ like host 10.0.0.10
+
+4) If you want use a simple way to generate wazuh infrastructure certificates
+ you can use a simplified version of certificates generator script located at:
+
+ https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz
+
+5) Wazuh needs opensearch-security features. Rename or copy samples files
+ into %%PREFIX%%/etc/opensearch/opensearch-security
+
+ # cd %%PREFIX%%/etc/opensearch/opensearch-security
+ # sh -c 'for i in $(ls *.sample ) ; do cp -p ${i} $(echo ${i} | sed "s|.sample||g") ; done'
+
+6) You can define a custom admin password modifying internal_users.yml file into
+ %%PREFIX%%/etc/opensearch/opensearch-security/
+
+ admin:
+ hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+
+ Hash password can be generated using opensearch-security hash script tool
+
+ # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/
+ # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./hash.sh -p adminpass"
+ $2y$12$XaEXmp4kGQpd6t8kNH03quyvpHDQZh.nywLLp9.b0NF2DxGl8FpJK
+
+7) Add OpenSearch to /etc/rc.conf
+
+ # sysrc opensearch_enable="YES"
+
+8) Start OpenSearch
+
+ # service opensearch start
+
+9) Finally you must initialize opensearch cluster
+
+ # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/
+ # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./securityadmin.sh \
+ -cd %%PREFIX%%/etc/opensearch/opensearch-security/ -cacert %%PREFIX%%/etc/opensearch/certs/root-ca.pem \
+ -cert %%PREFIX%%/etc/opensearch/certs/admin.pem -key %%PREFIX%%/etc/opensearch/certs/admin-key.pem -h 10.0.0.10 -p 9200 -icl -nhnv"
+
+10) You can look more useful information at the following link:
+
+ https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
+
+ Take on mind wazuh arquitecture on FreeBSD is configurated not similar like
+ you can read at wazuh guide
+
+11) Testing your server installation
+
+ # curl -k -u admin:adminpass https://10.0.0.10:9200
+ # curl -k -u admin:adminpass https://10.0.0.10:9200/_cat/nodes?v
+
+12) Enjoy it
+EOM
+}
+]
diff --git a/security/wazuh-indexer/pkg-descr b/security/wazuh-indexer/pkg-descr
new file mode 100644
index 000000000000..4486bd750b8c
--- /dev/null
+++ b/security/wazuh-indexer/pkg-descr
@@ -0,0 +1,9 @@
+Wazuh is a free and open source platform used for threat prevention, detection,
+and response. It is capable of protecting workloads across on-premises,
+virtualized, containerized, and cloud-based environments.
+
+Wazuh solution consists of an endpoint security agent, deployed to the
+monitored systems, and a management server, which collects and analyzes data
+gathered by the agents. Besides, Wazuh has been fully integrated with the
+Elastic Stack, providing a search engine and data visualization tool that
+allows users to navigate through their security alerts.