Sure hope so. Put me down for vote “yes”.
I’m not that keen on the extras. Just my opinion. But I’m all ears.
I have Wazuh running. A lot of things could probably been easier, client adoption and such. I find it rather complex. Then again, I am not digging in to configuration or code, I use what I see and try to adapt to that, the Interface.
As I understand it it does only support clients on lan, as in connected via cable. If that is so, I find it a huge drawback. I do not see it connecting or detecting any of my wifi devices. Nor is there an obvious way to connect an android phone. I have yet to test a laptop, not done a lot so far.
I guess it has potential but I need to do more work with it to see it.
As a person with very little knowledge, I am hesitant to post a question. But I will chance looking like an idiot. Here is my question: All the wifi traffic to and from your system must at some point travel over cable. YES or NO? If yes, why can it not be monitored on the cable since none of the other wifi traffic has anything to do with your system?
Others may fill in, but yes, in theory that is the case.
However, regardless of how you try to implement wazuh listening on wifi, there is no current way to adopt any other devices but fixed linux, mac or windows based computers. Android and iOS has no adoption method.
I can not find anything related to android in their documentation. And that is very relevant for me.
But I just connected a laptop on wifi (only) and connection was established and working, so perhaps wifi works as well as per you reasoning, @maintech …
Wazuh apparently does not currently have native support for android or ios but there is this wazuh blog post on how to get your android device to send its system logs to wazuh
https://wazuh.com/blog/how-to-forward-android-syslog-to-wazuh/
There might be something similar for ios.
1 Like
Hi all,
OK, will fill in my 5 cents 
…there is a way since you can build it by your own since IPFire is based on LFS and offers a building system for the community with an, i would say, pretty good documentation of how to use it and to answer also the topic headline, yes it runs here pretty well as an agent on IPFire as mentioned in here →
Installing complementary monitoring with or on the IPFire server - #15 by ummeegge and as time went on the implementation and some more IPFire specific stuff comes in here BUT, if you want to know if the IPFire dev team wants to implement it, i simply can say i don´t know and i won´t ask them in the current progress since their time is less and i will not go therefor any further steps to this until may some more innovation comes out here for let´s say, building, testing but in general understanding of what it is or if it is in general useful or not for one or the other.
So to stay humble from my side, am currently happy with this and feel no need to feed ears or double the Wazuh documentation in here and if not needed am good with this anyway 
but to stay at the same time community friendly i would offer the building files so if someone feels good to step in and make some development in this topic i am happy with making some new progress together.
Best,
Erik
5 Likes
I am not a person with a lot of usable knowledge, especially with regards to abilities related to networking. However, just for my fun and no one has to know of all my stupid mistakes, I plan on trying to get a working setup. Right now I am just trying to get some old hardware gathered to use as my “test bed”. You most likely won’t hear from me on this subject again because I will most likely fail and I will not wish to embarrass myself explaining all the mistakes I made that even a 2nd grader would know better than make. But it does sound like fun. 
Wazuh agent for IPfire would be a useful package.
Wazuh server may be too much to run on an IPfire system.
ill take a look at the build files if you don’t mind sharing. looks like an interesting task.
Hi @siosios,
no problem the build of 4.7.2 is running but testing/further_development time is currently a little less (to stay true → not there). Should the package be included ? I think not since you are building it nevertheless by yourself ? But i will include then the build log since some things needs to be linked for better explanation. Wazuh have some external dependencies (procedure like in Netdata {build/etc/resolv.conf} modfication) some are in IPFire build env but some not, either way, the existing one are not helpful since they do not work but can may be linked to Wazuh ? Let´s see… May the time comes to ask such things the developers in Github cause this building scenario won´t be accepted in IPFire.
Some stuff from my side are not integrated since the whole building idea should stay as far as possible objective.
If the build is finish will post a link to it.
Best,
Erik
1 Like
Feel free to use it. Feedback as usual might be nice.
Best,
Erik
1 Like
Can this (link to repo) kindly be updated here here in the hardening guide so future users can find this quickly?
The forum posts are from 10 years ago with the last update being from 2018.
Hi @zzzmmm ,
i would delete the HIDS section in the Wiki since neither OSSEC nor Wazuh are official part of IPFire.
Best,
Erik
3 Likes
Still have same Wazuh on a Docker platform.
It was upgraded twice, I think, and these things work, it seems stable, but I am more and more feeling that this kind of software, monitoring on program and registry level and what not, is way to complex for me.
Having said that I still have to put some time in to configuring it for my windows systems and perhaps narrow down the Configuration and Modules to better reflect what I actually need monitored. It seems to require quite the bit of hands on effort for that.
It needs effort and even more if we speak about implementation not for Windows systems but for IPFire which needs surely a longer way but also more (i think a lot) of possibilities.
If you stuck with the principals did you looked for some Tutorials of what Wazuh is in general e.g. → https://www.youtube.com/results?search_query=wazuh or how you can use it ? May some more ideas are in there for you?
I left a lot of not needed files which should serve examples in the package → wazuh/build_files/ROOTFILE/wazuh at main · ummeegge/wazuh · GitHub to check which language can may be spoken for a possible IPFire specific configuration but will leave the rest of deeper insides apart (or to innovation/inspiration for others) in here.
Best,
Erik