1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.FREEBSD.ANN

  • FreeBSD Status Report - Second Quarter 2023 (4/4)

    From Lorenzo Salvadore@21:1/5 to All on Fri Jul 28 00:00:06 2023
    [continued from previous message]

    On FreeBSD, security/wazuh-manager and security/wazuh-agent are compiled from Wazuh source code. security/wazuh-indexer is an adapted textproc/opensearch used for storing agents data. security/wazuh-server includes FreeBSD-oriented adaptions to configuration files. Runtime dependencies comprise security/ wazuh-manager, sysutils/beats8 (filebeat), and sysutils/logstash8. security/ wazuh-dashboard uses an adapted textproc/opensearch-dashboards and the wazuh-kibana-app plugin generated from wazuh-kibana-app source code for FreeBSD.

    The main goal of this work is enhancing visibility of FreeBSD as a useful platform for information security or cybersecurity.

    Additionally, you can easily test a Wazuh single-node infrastructure (All-in-one) using https://github.com/alonsobsd/wazuh-makejail or https:// github.com/AppJail-makejails/wazuh from AppJail. AppJail is a good tool for managing jail containers from the command line.

    People interested in helping with the project are welcome.

    Current version: 4.4.4

    TODO

    • Add Wazuh cluster-mode infrastructure makejail (Work in progress)

    • Add FreeBSD to platforms officially supported by Wazuh Inc; see https://
    github.com/wazuh/wazuh-kibana-app/pull/5413

    • Add FreeBSD SCA Policy (Work in progress)

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Third Party Projects

    Many projects build upon FreeBSD or incorporate components of FreeBSD into their project. As these projects may be of interest to the broader FreeBSD community, we sometimes include brief updates submitted by these projects in our quarterly report. The FreeBSD project makes no representation as to the accuracy or veracity of any claims in these submissions.

    PkgBase.live

    Links:
    Website URL: https://alpha.pkgbase.live/
    Source URL: https://codeberg.org/pkgbase

    Contact: Mina Galić <freebsd@igalic.co>

    PkgBase.live, an unofficial repository for the FreeBSD PkgBase project, is back alive.

    As a service, PkgBase.live was inspired by https://up.bsd.lv/, which provided freebsd-update(8) for STABLE and CURRENT branches. up.bsd.live itself has gone on hiatus, so it was all the more reason to bring back PkgBase.live.

    Right now, we provide builds for:

    • FreeBSD 13.2-RELEASE

    • FreeBSD 13-STABLE

    • FreeBSD 14-CURRENT

    each for the following platforms:

    • amd64

    • aarch64

    • armv7

    • i386

    You may notice that RISCv64 is gone for now.

    The hardware is a powerful VPS in Vultr. The server and the jails running build jobs and serving packages are "self-hosting", meaning they were installed and are kept up-to-date with PkgBase.

    Because we have not figured out yet how to configure Vultr’s IPv6 in FreeBSD jails, PkgBase.live is not available over IPv6 for now. If you have experience with that, please contact us!

    Along with users and testers, we still highly encourage copy-cats.

    Hardware for PkgBase is kindly sponsored by a member of the FreeBSD community.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Containers and FreeBSD: Pot, Potluck and Potman

    Links:
    Pot organization on GitHub URL: https://github.com/bsdpot

    Contact: Luca Pizzamiglio (Pot) <pizzamig@FreeBSD.org>
    Contact: Bretton Vine (Potluck) <bv@honeyguide.eu>
    Contact: Michael Gmelin (Potman) <grembo@FreeBSD.org>

    Pot is a jail management tool that also supports orchestration through Nomad.

    During this quarter, Pot 0.15.5 was released, containing a number of bugfixes and features to set attributes (i.e. jail sysctl variables) from various contributors. It will be available in the 2023Q3 quarterly package set.

    Potluck aims to be to FreeBSD and Pot what Dockerhub is to Linux and Docker: a repository of Pot flavours and complete container images for usage with Pot and in many cases Nomad.

    All Potluck containers have been rebuilt as FreeBSD 13.2 based images and are signed with Pot signify now.

    A Beginner’s Guide to Building a Virtual Datacenter on FreeBSD with Ansible, Pot and More has been written, explaining how a complex environment based on Pot and Potluck can be deployed with Ansible playbooks, including example nodes like MariaDB, Prometheus, Grafana, nginx, OpenLDAP or Traefik and container orchestration managed by Nomad and Consul.

    A patch by the pot team to improve Nomad security, a scheduler and orchestrator which supports Pot through sysutils/nomad-pot-driver, has been accepted upstream and will be part of Nomad 1.6.0.

    As always, feedback and patches are welcome.

    Sponsor: Honeyguide Group

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)