Just wondering stumbled on https://wazuh.com/product/
Has anyone experience with this or is using this on a Nethserver setup.
Have not looked into the tech specs in-depth
but it seems like an open-source security system with agents that could help secure servers and more.
but Centos is supported so far.
It seems to include SIEM and HIDS with agents for Linux and Windows systems.
Regards
Shodan
Oh, that looks good indeed!
What do you want to know?
It doesn’t ‘secure’ anything but it is based on a great reporting and alerting platform.
I have it running standalone (centos) and it’s also embedded in my Security Onion installs.
I do not have it installed with Nethserver and I haven’t gotten around to installing agents in any of my NS installs, I do have agents in some of my Ubuntu server installs and I get alerts out of the box when I ssh in. example;
Wazuh Notification.
2021 Mar 15 21:00:44
Received From: (server.server.local) any->/var/log/auth.log
Rule: 40101 fired (level 12) -> "System user successfully logged to the system."
User: user
Portion of the log(s):
Mar 15 14:00:43 server3 sshd[9589]: pam_unix(sshd:session): session opened for user user by (uid=0)
uid: 0
--END OF NOTIFICATION
The agents are effective and certainly generate plenty of alerts out of the box. As with all these tools they require a lot of time to tune.
Yep due to the needed Resources and as it installs many additional packages I installed it in on an Ubuntu LXC on one of my Proxmox Server and deployed some Agents also on Nethserver Machines.
Looks indeed very interesting need to dig into it more to use more potential but there are some interesting features out of the box.
Correctly Configured it is a useful addition to the Thread Management system but it uses a lot of RAM if you attach more and more agents I assume.