Hi, Wazuh forked in 2015 from ossec (which is included in meta-security since 2021, cf. https://git.yoctoproject.org/meta-security/log/recipes-ids/ossec). - https://wazuh.com - https://github.com/wazuh/wazuh
Many aspects (including file names and configuration variables etc.) have remained the same and from my very little experience with ossec (and specifically googling for documentation and help) it is quite obvious that Wazuh is widely used, more active and a worthy contender in the FOSS IDS market. I do not intend to look further into writing a port at the moment (as ossec is fulfilling our requirements at this point) but I wanted to mention it here at least in the unlikely case anyone is looking for some work in the unfounded hope to get pleasantly surprised if I need Wazuh in the future ;) I assume a port can be based on the ossec recipe but the projects diverged quite a bit. For example, Wazuh comes with quite a bit of Python code and due to its "cloudiness" there might be dragons. -- with kind regards/mit freundlichen Grüßen, Stefan Tauner A&R-Tech Kernel Penguins FN 181686 k. HG Wien, UID-Nr. ATU 47056901, zertifiziert nach ISO 9001:2015 (Nr. AT-04036/0), ISO/TS 22163:2017 (IR-00009/0) und ISO 27001:2013 (Nr. I-00619/0) Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhaltes dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen und die E-Mail zu vernichten. Für Übermittlungsfehler oder sonstige Irrtümer bei der Übermittlung besteht keine Haftung. This e-mail is intended solely for the person to whom it is addressed and may contain confidential or legally privileged information. Access to this e-mail by anyone else is unauthorized. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and destroy this e-mail and any attachments. E-mail may be susceptible to data corruption, interception, unauthorized amendment, viruses and delays or the consequences thereof. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60658): https://lists.yoctoproject.org/g/yocto/message/60658 Mute This Topic: https://lists.yoctoproject.org/mt/100371561/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
