security/wazuh-indexer: New port: A highly scalable, full-text search and analytics engine

Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.

5 files changed, 115 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 35caf7d9f56e..077cac0c38a7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1277,6 +1277,7 @@
     SUBDIR += vxquery
     SUBDIR += wapiti
     SUBDIR += wazuh-agent
+    SUBDIR += wazuh-indexer
     SUBDIR += wazuh-manager
     SUBDIR += webfwlog
     SUBDIR += weggli
diff --git a/security/wazuh-indexer/Makefile b/security/wazuh-indexer/Makefile
new file mode 100644
index 000000000000..7ebb9bcf199f
--- /dev/null
+++ b/security/wazuh-indexer/Makefile
@@ -0,0 +1,33 @@
+PORTNAME=	wazuh
+PORTVERSION=	4.3.8
+CATEGORIES=	security
+MASTER_SITES=	LOCAL/acm/${PORTNAME}/
+PKGNAMESUFFIX=	-indexer
+DISTFILES=	${PORTNAME}${PKGNAMESUFFIX}.yml
+DIST_SUBDIR=	${PORTNAME}-${DISTVERSION}
+
+MAINTAINER=	acm@FreeBSD.org
+COMMENT=	A highly scalable, full-text search and analytics engine
+WWW=		https://wazuh.com/
+
+LICENSE=	GPLv2
+
+RUN_DEPENDS=	${LOCALBASE}/lib/opensearch/bin/opensearch:textproc/opensearch
+
+NO_BUILD=	yes
+
+PLIST_FILES=	etc/wazuh-indexer/wazuh-indexer.yml
+
+SUB_FILES=	pkg-message
+
+ETCDIR=		${PREFIX}/etc/${PORTNAME}${PKGNAMESUFFIX}
+
+do-extract:
+	@${MKDIR} ${WRKSRC}
+	${CP} ${_DISTDIR}/wazuh-indexer.yml ${WRKSRC}
+
+do-install:
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/wazuh-indexer
+	${INSTALL_DATA} ${WRKSRC}/wazuh-indexer.yml ${STAGEDIR}${PREFIX}/etc/wazuh-indexer/
+	
+.include <bsd.port.mk>
diff --git a/security/wazuh-indexer/distinfo b/security/wazuh-indexer/distinfo
new file mode 100644
index 000000000000..cb09fde899d7
--- /dev/null
+++ b/security/wazuh-indexer/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1663822747
+SHA256 (wazuh-4.3.8/wazuh-indexer.yml) = f6bc1d4de01742268ca42ef285896c31b7a31fb82f0c9f13de32d383fa3669e0
+SIZE (wazuh-4.3.8/wazuh-indexer.yml) = 2123
diff --git a/security/wazuh-indexer/files/pkg-message.in b/security/wazuh-indexer/files/pkg-message.in
new file mode 100644
index 000000000000..156f632b9b72
--- /dev/null
+++ b/security/wazuh-indexer/files/pkg-message.in
@@ -0,0 +1,69 @@
+[
+{ type: install
+  message: <<EOM
+Wazuh indexer components were installed
+
+1) Wazuh indexer is based on opensearch project. This guide help you for adapt
+   wazuh configuration for it works on FreeBSD using apps are part of ports
+   tree.
+
+2) Copy %%PREFIX%%/etc/wazuh-indexer/wazuh-indexer.yml to %%PREFIX%%/etc/opensearch/opensearch.yml
+
+3) Edit %%PREFIX%%/etc/opensearch/opensearch.yml and changes options accord to your
+   setup. For example host, ssl, nodes options, etc. On this guide we will use
+   like host 10.0.0.10
+
+4) If you want use a simple way to generate wazuh infrastructure certificates
+   you can use a simplified version of certificates generator script located at:
+
+   https://people.freebsd.org/~acm/ports/wazuh/wazuh-gen-certs.tar.gz
+
+5) Wazuh needs opensearch-security features. Rename or copy samples files
+   into %%PREFIX%%/etc/opensearch/opensearch-security
+
+   # cd %%PREFIX%%/etc/opensearch/opensearch-security
+   # sh -c 'for i in $(ls *.sample ) ; do cp -p ${i} $(echo ${i} | sed "s|.sample||g") ; done'
+
+6) You can define a custom admin password modifying internal_users.yml file into 
+   %%PREFIX%%/etc/opensearch/opensearch-security/
+
+   admin:
+     hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+
+   Hash password can be generated using opensearch-security hash script tool
+
+   # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/
+   # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./hash.sh -p adminpass"
+   $2y$12$XaEXmp4kGQpd6t8kNH03quyvpHDQZh.nywLLp9.b0NF2DxGl8FpJK
+
+7) Add OpenSearch to /etc/rc.conf
+
+   # sysrc opensearch_enable="YES"
+
+8) Start OpenSearch
+
+  # service opensearch start
+
+9) Finally you must initialize opensearch cluster
+
+  # cd %%PREFIX%%/lib/opensearch/plugins/opensearch-security/tools/
+  # sh -c "OPENSEARCH_JAVA_HOME=%%PREFIX%%/openjdk11 ./securityadmin.sh \
+    -cd %%PREFIX%%/etc/opensearch/opensearch-security/ -cacert %%PREFIX%%/etc/opensearch/certs/root-ca.pem \
+    -cert %%PREFIX%%/etc/opensearch/certs/admin.pem -key %%PREFIX%%/etc/opensearch/certs/admin-key.pem -h 10.0.0.10 -p 9200 -icl -nhnv"
+
+10) You can look more useful information at the following link:
+
+    https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
+
+    Take on mind wazuh arquitecture on FreeBSD is configurated not similar like
+    you can read at wazuh guide
+
+11) Testing your server installation
+
+   # curl -k -u admin:adminpass https://10.0.0.10:9200
+   # curl -k -u admin:adminpass https://10.0.0.10:9200/_cat/nodes?v
+
+12) Enjoy it
+EOM
+}
+]
diff --git a/security/wazuh-indexer/pkg-descr b/security/wazuh-indexer/pkg-descr
new file mode 100644
index 000000000000..4486bd750b8c
--- /dev/null
+++ b/security/wazuh-indexer/pkg-descr
@@ -0,0 +1,9 @@
+Wazuh is a free and open source platform used for threat prevention, detection,
+and response. It is capable of protecting workloads across on-premises,
+virtualized, containerized, and cloud-based environments.
+
+Wazuh solution consists of an endpoint security agent, deployed to the
+monitored systems, and a management server, which collects and analyzes data
+gathered by the agents. Besides, Wazuh has been fully integrated with the
+Elastic Stack, providing a search engine and data visualization tool that
+allows users to navigate through their security alerts.