Wazuh - jonatello/lab-musing GitHub Wiki

This is for installing Wazuh Server within a FreeBSD jail (11.2). The Elastic backend I'm using is 6.4.2, so this will be specifically for Wazuh version 3.7 (https://documentation.wazuh.com/3.7/installation-guide/compatibility_matrix/)

There is no specific installer available for FreeBSD so I'm going to attempt to build from source using this guide - https://documentation.wazuh.com/3.7/installation-guide/installing-wazuh-server/sources_installation.html

Install development tools and compilers

The linux equivalents listed are: make gcc policycoreutils-python automake autoconf libtool

make++ gcc python37 automake libtool curl gmake

Download version 3.7 of Wazuh and extract

curl -OL https://github.com/wazuh/wazuh/archive/v3.7.2.tar.gz

tar xzvf v3.7.2.tar.gz

Install Wazuh

Navigate to the downloaded Wazuh directory and run the install script

cd wazuh-*

./install.sh

You will be prompted during setup for language and then press enter to continue

• What kind of insallation do you want: Manager

• Choose where to install Wazuh: /var/ossec

• Do you want e-mail notification: n

• Do you want to run the integrity check daemon: y

• Do you want to run the rootkit detection agent: y

• Do you want to run policy monitoring checks (OpenSCAP): y

• Do you want to add more IPs to the white list: n

• Do you want to enable remote syslog (port 514 udp): y

• Do you want to run the Auth daemon: n

• Do you want to start Wazuh after the installation: y

Press enter to continue, observe for errors. On FreeBSD I first noticed I additionally needed to install gmake. After that I hit another error stating "This system (BSD-x86_64) is not supported. Bummer.