@@christianlempathis advanced settings section I’m in here to change to dark mode is SO vast. Wow. You could do multiple videos on Wazuh. This tool is so powerful. I’m trying to integrate it with the clamav install on my Raspberry Pi. This is where very cool videos could be made IMHO. On the integrations and auto remediation capabilities.
Thanks for making this tutorial/demo video Christian. I can't imagine any more obtuse and nonsensical and non-user friendly pieces of software to run in my homelab than Wazuh and Traefik and combining them seems like a genuine nightmare that you make look easy. Someday I'll get there, but neither are for me
Hi@@gardnerjp1- I have spent several hours of my extremely limited free time trying to get both Traefik and Wazuh up and running in my lab with no success despite there being countless guides and resources available. I'm sure it is a simple proficiency issue hence my compliments to Christian on making it look so easy. Ultimately, it's software I'd like to explore but doesn't seem packaged appropriately for people who don't have more highly skilled experience in IT. I'm sorry you felt that my comment was cause to hurl unwarranted verbal abuse my way. I hope you eventually have more going for you in life so that you don't need to turn to negative interaction on the internet to satisfy some need for socialization.
Love and peace guys! :D I know both technologies are targeted at intermediate/advanced level, so take your time, I also needed a lot of time to get through understanding traefik :P
The commentary by @ilovestitch shows how complicated IT security is today. If you don't have the confidence, you should leave it alone. There are users who only need the Home Lab to listen to music and watch videos. That's fine with me. Nobody is perfect.
@@gardnerjp1 calm down. Everybody starts somewhere. @ilovestitch may be just getting into this and it takes years of experience to be able to get to this level. Man, I hate how toxic IT can be sometimes. How about let's not be stuck up gatekeepers and instead try teaching and encouraging. smh. BTW I'm a cloud engineer and at the advanced level and I still wouldn't treat a stranger like this.
@@willisiswillis As a DEV and regular code contributor to Traefik, I see all types. The only thing I find obtuse in this is thread is the attack on the software and all the people who don't use it who are making excuses for the attacker. It's like monkeys in a barrel, climbing over each other to win an argument about a solution they don't even understand! Laughable really
It's refreshing to find an opensource XDR/SIEM that isn't trying to make a profit off tools that are already free and open source. Many others are charging for the use of OSSEC, Kibana, Elastasearch, etc. I ran it today for the first time against one system attached to a domain controller. So many GPO remediations were recommended, well over 200! I have yet to attach it to Azure to find out how much of a mess my employers' tenancy is at the moment.
All these tools and and agents being installed on every node in the system can sometimes feels like we're adding more vulnerabilities (solarwind fiasco) or points of failures (crowdstrike). Hopefully this being open source and self hosted to a certain degree levels the failure domain to ones own network or sphere of influence. Thanks for the video. Very informative. Got to look around because somehow management needs one setup and I have no clue which systems to pick. This one looks like elasticsearch/opensearch BTW which we use extensively for entirely different purpose. Might be the same tool behind the scenes. Thanks for the video!
Very cool. Looks a little like a self hosted version of netdata in some ways, but with your metadata remaining on your own network. I like it and will play with it. Do you find it gives a lot of false-positives? I think an updated video in a month or so giving your spin on the pros and cons would be helpful. Thank you!!
As you're a SOPHOS user, it would be great to have some comparative feedback on their EDR compared to this one. The Crowdstrike fiasco is yet another example of how closed source boxes can become a world-class problem.
It wouldn't be honest to make a comparison with a software from a company I'm affiliated with, but I hope to make more follow-up videos on Wazuh and dive into the technology and configuration, to learn more about how these tools work.
@@christianlempa I understand your point, but as long as you declare your conflicts of interest I don't see any problem, it would be illusory to demand a totally objective judgement. Even when there is no affiliation, we still have personal preferences, and objective benchmarks are a bit sad I find, I prefer to form my opinion on arguments and critics.
@@Gnanmankoudji I suspect Christian is politely indicating that comparing his company affiliation product vs a competitor may not be a great career move for him. I understand his desire to remain objective.
@@pdp2296 It's possible I don't know, but I don't think Wazuh could be a business competitor to Sophos, Fortinet, etc because most companies wants compliance, insurances, support, not "free" security. For a homelab and my general culture, on the other hand, I'm very interested in this kind of comparative.
Hi Christian, thanks for putting the effort into this video, I tried to follow and also add wazuh, but unfortunately I could not make a working wazuh after following the video. Hope the next ones you make will be easier so that the flowers will have a working instance after all the hours spent. You do a lot of custom staff from a lot of videos you made, and even looking at the other videos just made me more confused. I guess the short and strate forward variant would be the most appreciated.
Don't worry, Wazuh is kinda difficult and weird to set up, start with something easier. For example, my Docker Series on Patreon, or videos like Dockge are good for beginners.
Great one, just out of curiosity what terminal are you using. On windows I use Mobba but I see you are on Mac and was amazed about the functionality that that one that you are using.
This is a great video! My issue with any piece of software though is trusting the manufacturer / creator enough to e.g. install the agents everywhere - and basically let it have a ton of data. Perhaps after seeing stuff happen, I am just really paranoid in regards to installing new software.
Since it doesn't support configuring an SMTP server, is it possible to configure it to send a POST request to an API endpoint when a notification is needed, so that I can use a service like ntfy?
this was just posted a days ago, but already the commands, even the cert generator is outdated (event at 4.8.2). tried the simplest single node --- failed at the onset during cert building. So many big changes, not yet ready for primetime :/
great video, many thanks for that. I also wanted to give it a try, but failed when executing “docker compose -f generate-indexer-certs.yml run --rm generator”. certs.yml is always a directory and not a file. What am I doing wrong? I have carried out all the steps up to this point in exactly the same way as in your video
I have installed vim with yum inside the docker image to edit /var/ossec/etc/ossec.conf. this seems to work but after a reboot everything is the same as before. what needs to be done differently? 🤔
Getting this to work behind Traefik would be wonderful. I'd like to see this is as well! I've been trying to configure wazuh to work with my domain on traefik rather than just the ip address with limited success.
i was doing this but my wazuh agent download to another server not show in wazuh dashboard I reverse proxy to nginx but no change in wazuh server ran is default simple my IP or DNS would not work in the agent command and I changed my password followed all bellow commands I don now where was a problem can you please out another video to change password and proxy by nginx to other servers please thank you for the video❤❤❤❤❤❤❤❤❤
Hey, can you maybe do a video of frr x Proxmox. I'm currently setting up a 3-Node Proxmox Cluster with 3x MS-01 and want the two 10GBit Ports on each Node to be configured with frr and used for Ceph. Do you think it's a good idea? Are there better solutions?
Christian i have it setup and running, i wasnt using labels because im dumb and was was using the dynamic config but here is my question which i didnt find a document on, for remote agents they would need to have access to the internal 1514 1515 pots. Port 1515 can use ssl/ tls enrollement and set traefik to do a passthrough, but 1514 has no tls setup and i tried forcing it but Wazuh doesnt like it as its not impelemented on that port. However, if there is no encryption on a service, you could easily have a man in a middle to listen into the traffic. What do you do then?
Really enjoyed this tutorial, @christianlempa Excellent as always! I also enjoyed your bind9 running in docker tutorial. Would love to see a follow-on to that showing how to run secure bind9 with DoT or DoH.
One thing I noticed while briefly using this and going through the list of rules, is that some of them contradict one another, so I guess it's technically impossible to ever reach 100% compliance?
@Christian, excellent video, as always. QQ - in the agent deploy config, are you sure to add the dashboard address as the server? Is it not the actual wazuh server address?
Great video I've been going between setting up security onion or wazuh in my homelab. One question I had was did you install the agents on all of your hypervisors, or the individual vms, or both?
Very nice tutorial! I'm looking to implement this in my homelab soon! Question, do you use local dns names along side traefik? Or cloudflare tunnels? Public facing?
Awesome! :D No, I'm using a local authoritative DNS server that resolves the "home" zone of my public domain "clcreative.de" to my local servers. Then I'm using Traefik with cloudflare DNS challenge to issue trusted TLS certs for that domain.
Thanks Christian, this seems like just the tools one needs in a homelab. Do you know if the openscap implementation also has its own Ansible environment to have the ansible playbooks which sometimes come with it fixes the benchmarks are also part of the wazuh setup? Great content on your channel and thanks for all your time and effort educating us 🙏🏻
@@christianlempa for what I have seen OpenSCAP seems to be disabled from the 3.9 release onward. I tried (only for an hour) to get the wodle from github with the phyton scripts to be enabled but failes. So I have a steep learning curve to go and solve 😅. Thanks again for your content and tremendous time and effort you spend in educating us. 🙏🏻
Hi Christian, this looks really interesting but I don’t know much about cybersecurity. Is there any course out there that you would recommend to be able to use wazuh and understand it?
I actually installed it on my Proxmox a while ago, but got overwhelmed with all the results and couldn't keep up with it. It would be great to have an example of a Home Assistant LXC. Also, the firewall rule is kind of annoying. My Proxmox server handles many VLANs, and I need to allow connections with Wazuh, etc. Question: Mine is installed on the Proxmox host. I wonder if others also install both the server and a client on the Proxmox host (to check security flow on the actual Proxmox host).
As a security professional who deals with vuln management... I died when I saw 200+ high vulns. But I know this is homelab and hopefully not all of that is net facing/external. If I may suggest, crowdsec will help block a ton of malicious IPs and repeated attempts (like F2B). Otherwise sudo apt update && sudo apt upgrade 😅😅
🤣, once I reviewed some of the CVEs, the main problem seemed to be Ubuntu LTS with missing ESM, that would fix a bunch of them as well as upgrading to newer LTS versions. But as you said, nothing is facing external networks so technically it doesn’t matter really.
Great video! I love your work, but the Docker Compose layout could use an update. Simple tasks like setting new passwords and creating certificates are more complicated than they should be. For example, why not generate the certificate at startup and store it in a volume? Thanks for your videos-I really enjoy them!
Thanks, the docker compose layout mainly comes from the Wazuh files, but I'm open for suggestions! Maybe we should upload it to my boilerplates repo and take care of this
From my understanding and what I’ve seen so far it would be complementary. However I haven’t seen a way to integrate them, maybe that would be interesting too
I want to note, the Secure Configuration Assessment is currently only valid for machines with english localizations. For example, every check with "net account" will fail on non-english machines.
Sophos XDR is a more managed complete solution for businesses that comes with many useful features. Wazuh is the open-source tool that helps you building a service like this yourself.
I tried that tool and got instantly overwhelmed by the results. Wasn't able to figure out what's important and what's not. So this doesn't seem right for my level
Don't worry, you don't have to use all of the features, I agree it is overwhelming. But maybe start with the config assessment, this should be good for beginners as well
Start by disabling the CIS hardening checks. This will remove a bunch of noise. Cycle back when you are ready to setup configuration management for each OS type to satisfy CIS hardening standards
Thank you :D However, it's gonna be hard to make this, as my channel doesn't focus too heavily on security. I want to focus on a few tools that I like most and then make follow-up tutorials for those.
@@christianlempa That makes sense. Your videos seem to incorporate security naturally while you're setting things up, which is great, so keep up the great work :)
GIbts eigentlich einen Grund wieso du die Testinstallation nicht in einem LXC Container gemacht hast? Ich denke aus Performancegründen in einer Homelab Umgebung wäre dies sicher die bessere Variante. Auch die gesamte Installation und KOnfiguration wäre dort wesentlich einfacher. Muss ja nicht immer alles in Docker sein ;)
Ich habe mich tatsächlich nicht viel mit LXC beschäftigt, da ich Docker für die bessere Technologie halte, wenn es um Container geht, aber sicherlich wäre das mit LXC genau so möglich gewesen.
While cool, bit overkill for a homelab. This stuff (or similar) is used by big companies, European institutions, etc. to comply with regulations. Maintaining compliance is a day job for certain people in the security sector. Great to learn a thing or two, but CIS benchmarking your homelab... no.
I got this error when running "sudo docker compose -f generate-indexer-certs.yml run --rm generator" [+] Creating 1/0 ✘ Network single-node_default Error 0.0s failed to create network single-node_default: Error response from daemon: all predefined address pools have been fully subnetted
Most important security setting :: Wazuh Menu > Dashboard Management > Dashboards Management > Advanced Settings > Appearance > Dark Mode == On 🙂
Oh what I completely forgot this one 🙈🙈 sry
@@christianlempathis advanced settings section I’m in here to change to dark mode is SO vast. Wow. You could do multiple videos on Wazuh. This tool is so powerful. I’m trying to integrate it with the clamav install on my Raspberry Pi. This is where very cool videos could be made IMHO. On the integrations and auto remediation capabilities.
@@christianlempa All good, just joking :) Good topic/platform - love to see it & looking forward to the stack evolution ^^
Thanks for making this tutorial/demo video Christian.
I can't imagine any more obtuse and nonsensical and non-user friendly pieces of software to run in my homelab than Wazuh and Traefik and combining them seems like a genuine nightmare that you make look easy. Someday I'll get there, but neither are for me
Hi@@gardnerjp1- I have spent several hours of my extremely limited free time trying to get both Traefik and Wazuh up and running in my lab with no success despite there being countless guides and resources available. I'm sure it is a simple proficiency issue hence my compliments to Christian on making it look so easy. Ultimately, it's software I'd like to explore but doesn't seem packaged appropriately for people who don't have more highly skilled experience in IT.
I'm sorry you felt that my comment was cause to hurl unwarranted verbal abuse my way. I hope you eventually have more going for you in life so that you don't need to turn to negative interaction on the internet to satisfy some need for socialization.
Love and peace guys! :D I know both technologies are targeted at intermediate/advanced level, so take your time, I also needed a lot of time to get through understanding traefik :P
The commentary by @ilovestitch shows how complicated IT security is today. If you don't have the confidence, you should leave it alone. There are users who only need the Home Lab to listen to music and watch videos. That's fine with me. Nobody is perfect.
@@gardnerjp1 calm down. Everybody starts somewhere. @ilovestitch may be just getting into this and it takes years of experience to be able to get to this level. Man, I hate how toxic IT can be sometimes. How about let's not be stuck up gatekeepers and instead try teaching and encouraging. smh. BTW I'm a cloud engineer and at the advanced level and I still wouldn't treat a stranger like this.
@@willisiswillis As a DEV and regular code contributor to Traefik, I see all types. The only thing I find obtuse in this is thread is the attack on the software and all the people who don't use it who are making excuses for the attacker. It's like monkeys in a barrel, climbing over each other to win an argument about a solution they don't even understand! Laughable really
I like that it uses Kibana for the dashboards, saves you the time needed to learn another dashboarding tool, great video!
Thank you! :)
It's refreshing to find an opensource XDR/SIEM that isn't trying to make a profit off tools that are already free and open source. Many others are charging for the use of OSSEC, Kibana, Elastasearch, etc. I ran it today for the first time against one system attached to a domain controller. So many GPO remediations were recommended, well over 200! I have yet to attach it to Azure to find out how much of a mess my employers' tenancy is at the moment.
...watching the game, having a bud.
WAZZUUUUAAAH!~
Exactly! They missed a great opportunity here.
Shorty: Whatchya doin' son?
Killer: Nothin.. Just chillin.. Killin..
Shorty: True true..
True.. True.
Yes please do a follow up when you've got everything configured !
happy homelab man always teaches me about new and flashy tools lol
nice! :D
All these tools and and agents being installed on every node in the system can sometimes feels like we're adding more vulnerabilities (solarwind fiasco) or points of failures (crowdstrike). Hopefully this being open source and self hosted to a certain degree levels the failure domain to ones own network or sphere of influence. Thanks for the video. Very informative. Got to look around because somehow management needs one setup and I have no clue which systems to pick. This one looks like elasticsearch/opensearch BTW which we use extensively for entirely different purpose. Might be the same tool behind the scenes. Thanks for the video!
Great video!
Keep going.. thanks from Saudi Arabia!
Thanks, will do!
amazing video brother I can say Ive learned a ton from you. I'll keep an eye out for more wazuh videos!
So cool, thank you! Glad it was helpful
Loved it! Was interested in ossec already. Lovely how they integrate it
Nice! :)
Hi Christian,
Thanks for all your videos and I really appreciate it if you do a follow up video on best practices on Linux and windows.
Thanks again 👍
Wow this is something I had no idea I needed!
Haha nice :D
Very cool. Looks a little like a self hosted version of netdata in some ways, but with your metadata remaining on your own network. I like it and will play with it. Do you find it gives a lot of false-positives? I think an updated video in a month or so giving your spin on the pros and cons would be helpful. Thank you!!
I've been looking for exactly this type of solution for a homelab. Thank you for profiling it; going to test it out soon.
Nice! Glad it is useful :D
Cool video will test it myself soon. What would be interesting if there was a kind of patch management about which you can keep the clients up to date
Thanks! Let me know how it's working for you
As you're a SOPHOS user, it would be great to have some comparative feedback on their EDR compared to this one. The Crowdstrike fiasco is yet another example of how closed source boxes can become a world-class problem.
It wouldn't be honest to make a comparison with a software from a company I'm affiliated with, but I hope to make more follow-up videos on Wazuh and dive into the technology and configuration, to learn more about how these tools work.
@@christianlempa I understand your point, but as long as you declare your conflicts of interest I don't see any problem, it would be illusory to demand a totally objective judgement. Even when there is no affiliation, we still have personal preferences, and objective benchmarks are a bit sad I find, I prefer to form my opinion on arguments and critics.
@@Gnanmankoudji I suspect Christian is politely indicating that comparing his company affiliation product vs a competitor may not be a great career move for him. I understand his desire to remain objective.
@@pdp2296 It's possible I don't know, but I don't think Wazuh could be a business competitor to Sophos, Fortinet, etc because most companies wants compliance, insurances, support, not "free" security. For a homelab and my general culture, on the other hand, I'm very interested in this kind of comparative.
Hi Christian, thanks for putting the effort into this video, I tried to follow and also add wazuh, but unfortunately I could not make a working wazuh after following the video. Hope the next ones you make will be easier so that the flowers will have a working instance after all the hours spent. You do a lot of custom staff from a lot of videos you made, and even looking at the other videos just made me more confused.
I guess the short and strate forward variant would be the most appreciated.
Don't worry, Wazuh is kinda difficult and weird to set up, start with something easier. For example, my Docker Series on Patreon, or videos like Dockge are good for beginners.
Great. Thanks. Is it free for commercial usage?
Great one, just out of curiosity what terminal are you using. On windows I use Mobba but I see you are on Mac and was amazed about the functionality that that one that you are using.
Thanks, I'm using Warp, I've also done some videos about it
@@christianlempa I found it yesterday 1 hour after I asked, but thanks for the reply.
Hi, could you create an tutorial for making cluster Wazuh to avoid SPOF
This is a great video! My issue with any piece of software though is trusting the manufacturer / creator enough to e.g. install the agents everywhere - and basically let it have a ton of data. Perhaps after seeing stuff happen, I am just really paranoid in regards to installing new software.
Thank you :)
Thanks - Could you also make a video " How to deploy wazuh on Kubernetes cluster" much appreciated.
Thanks! Maybe, I'll have to look into that
Since it doesn't support configuring an SMTP server, is it possible to configure it to send a POST request to an API endpoint when a notification is needed, so that I can use a service like ntfy?
this was just posted a days ago, but already the commands, even the cert generator is outdated (event at 4.8.2). tried the simplest single node --- failed at the onset during cert building. So many big changes, not yet ready for primetime :/
I just deployed 4.8.1 this month and upgraded to 4.8.2 without issues
Thank you! Very informative video.
This is awesome
Thanks! :)
great video, many thanks for that. I also wanted to give it a try, but failed when executing “docker compose -f generate-indexer-certs.yml run --rm generator”. certs.yml is always a directory and not a file. What am I doing wrong? I have carried out all the steps up to this point in exactly the same way as in your video
the repository had to be copied to the host first so that the certs.yml is already present, after that it works
Oh nice, glad you sorted it out! Thanks for the feedback :)
I have installed vim with yum inside the docker image to edit /var/ossec/etc/ossec.conf. this seems to work but after a reboot everything is the same as before. what needs to be done differently? 🤔
I would love to get the follow up video with the configuration! Please!
Already planned! THank you :D
Getting this to work behind Traefik would be wonderful. I'd like to see this is as well! I've been trying to configure wazuh to work with my domain on traefik rather than just the ip address with limited success.
I love seeing in videos like this, in which you like the effort I made and made to have the new vulnerability detector 4.8
Thank you! :)
i was doing this but my wazuh agent download to another server not show in wazuh dashboard I reverse proxy to nginx but no change in wazuh server ran is default simple my IP or DNS would not work in the agent command and I changed my password followed all bellow commands I don now where was a problem can you please out another video to change password and proxy by nginx to other servers please thank you for the video❤❤❤❤❤❤❤❤❤
Hey, can you maybe do a video of frr x Proxmox. I'm currently setting up a 3-Node Proxmox Cluster with 3x MS-01 and want the two 10GBit Ports on each Node to be configured with frr and used for Ceph. Do you think it's a good idea? Are there better solutions?
Sounds like a good idea to me :) If the MS-01 would have a rack mount I probably would use it too
@@christianlempa Yeah, i'm currently looking to buy the DeskPi RackMate. I think it will fit nicely.
M720q and m920q tinys have 3d printable rack mounts
as always very indepth !
Thank you! :)
I think there is a small cutting mistake in 1:49
Thanks, that's when you always work to the limit, I'm sorry 🙈
@@christianlempa Don't worry, it's super minor, doesn't take away from the video at all :D
Christian i have it setup and running, i wasnt using labels because im dumb and was was using the dynamic config but here is my question which i didnt find a document on, for remote agents they would need to have access to the internal 1514 1515 pots. Port 1515 can use ssl/ tls enrollement and set traefik to do a passthrough, but 1514 has no tls setup and i tried forcing it but Wazuh doesnt like it as its not impelemented on that port. However, if there is no encryption on a service, you could easily have a man in a middle to listen into the traffic. What do you do then?
I'd like to see a follow up video on monitoring network devices with Wazuh. Like sending logs from a network firewall to wazah.
That's a great idea!
Really enjoyed this tutorial, @christianlempa Excellent as always! I also enjoyed your bind9 running in docker tutorial. Would love to see a follow-on to that showing how to run secure bind9 with DoT or DoH.
Thank you! That's a good idea, but maybe for somewhere next year :)
One thing I noticed while briefly using this and going through the list of rules, is that some of them contradict one another, so I guess it's technically impossible to ever reach 100% compliance?
No idea, I haven't looked into compliance a lot
@Christian, excellent video, as always. QQ - in the agent deploy config, are you sure to add the dashboard address as the server? Is it not the actual wazuh server address?
Thank you so much! :) Yes it is the server address, in my case it's the same, but yeah you're right
Great video I've been going between setting up security onion or wazuh in my homelab. One question I had was did you install the agents on all of your hypervisors, or the individual vms, or both?
I only installed it on the VMs, not the HyperV, but that probably should be done as well
This is so cool
It is! :D
Very nice tutorial! I'm looking to implement this in my homelab soon! Question, do you use local dns names along side traefik? Or cloudflare tunnels? Public facing?
Awesome! :D No, I'm using a local authoritative DNS server that resolves the "home" zone of my public domain "clcreative.de" to my local servers. Then I'm using Traefik with cloudflare DNS challenge to issue trusted TLS certs for that domain.
Thanks Christian, this seems like just the tools one needs in a homelab. Do you know if the openscap implementation also has its own Ansible environment to have the ansible playbooks which sometimes come with it fixes the benchmarks are also part of the wazuh setup? Great content on your channel and thanks for all your time and effort educating us 🙏🏻
Thank you so much! :) I've not tested anything regarding openscap, so no idea unfortunately
@@christianlempa for what I have seen OpenSCAP seems to be disabled from the 3.9 release onward. I tried (only for an hour) to get the wodle from github with the phyton scripts to be enabled but failes. So I have a steep learning curve to go and solve 😅. Thanks again for your content and tremendous time and effort you spend in educating us. 🙏🏻
Is there a way to install it without VS code step?
Wazuh is awesome!! :D
It is! :D
Hi Christian, this looks really interesting but I don’t know much about cybersecurity. Is there any course out there that you would recommend to be able to use wazuh and understand it?
I think you can start with this video, and I'm gonna release more videos about protective cybersecurity :)
They really should have named this "Wassap!"
:D
how to setup 2fa authentication to user login for wazuh. hope you can help me with this
Its nice yeah, great for SMB, for a HomeLab? Thats a stretch, if you need something like this in your Home, you don't have a Lab, you have a problem.
Thanks for the video, great as always. I moved to Caddy recently. Do you think this will work out for me with Caddy as my RPM? :)
Thank you so much! :D Wazuh doesn't care which proxy is in front of it, could be anything like Caddy as well.
What do you think about security onion which include wazuh?
I haven't looked into that, yet.
I actually installed it on my Proxmox a while ago, but got overwhelmed with all the results and couldn't keep up with it. It would be great to have an example of a Home Assistant LXC. Also, the firewall rule is kind of annoying. My Proxmox server handles many VLANs, and I need to allow connections with Wazuh, etc.
Question: Mine is installed on the Proxmox host. I wonder if others also install both the server and a client on the Proxmox host (to check security flow on the actual Proxmox host).
As a security professional who deals with vuln management...
I died when I saw 200+ high vulns.
But I know this is homelab and hopefully not all of that is net facing/external. If I may suggest, crowdsec will help block a ton of malicious IPs and repeated attempts (like F2B). Otherwise sudo apt update && sudo apt upgrade 😅😅
🤣, once I reviewed some of the CVEs, the main problem seemed to be Ubuntu LTS with missing ESM, that would fix a bunch of them as well as upgrading to newer LTS versions. But as you said, nothing is facing external networks so technically it doesn’t matter really.
*sudo dist-upgrade if Proxmox
Great video! I love your work, but the Docker Compose layout could use an update. Simple tasks like setting new passwords and creating certificates are more complicated than they should be. For example, why not generate the certificate at startup and store it in a volume? Thanks for your videos-I really enjoy them!
Thanks, the docker compose layout mainly comes from the Wazuh files, but I'm open for suggestions! Maybe we should upload it to my boilerplates repo and take care of this
What is the tool that you use as terminal? Thanks
Warp 🥳
Mr. Lempa, what about a piece on Hashicorp Vault?
That's still on my list, but honestly not so high on the priority, so probably not in the near future :/ I'm sorry
@@christianlempa I am struggling through it!
Would this be complimentary or replacement for crowdsec?
From my understanding and what I’ve seen so far it would be complementary. However I haven’t seen a way to integrate them, maybe that would be interesting too
Can you please make a video on how to change wazuh dashboard password, and also fix ip address changing any time i open the ova server
how do i get it so i can copy paste files like this i get permissions denied?
Can the agent also be a docker container?
As the agent needs access to the system I think it's much easier to do it without docker
hi Chris, video is interesting!, u can make one video talk about iptable, plss
Thank you! Maybe that's gonna be part of my follow-up configuration best-practices video
that was the longest advertisement i’ve ever watched on youtube and somehow it didn’t bother me one bit
Nice! That's exactly how I want these Ads to integrate into useful content :) Thank you for the feedback
Lucky you. Go back to sleep.
I want to note, the Secure Configuration Assessment is currently only valid for machines with english localizations. For example, every check with "net account" will fail on non-english machines.
How did you figure it out?
@@niko7915 github issues
@@niko7915 I've seen wrong results on my machines and found a bug report explaining the problem.
Damn, I randomly assign a different locale to every machine on my network, just to keep myself sharp.
@@espressomatic it turns out that 4.8x still has bugs that were not in previous versions (((And I just thought about updating version 4.7.5.
would you try Security Onion?
I don't think so, since Wazuh is already so much work :D but well... I never say never
You keep saying homelab? Is it no good for enterprise? Is this a good competitor/alternative to sentinel?
It might be, but I only have experience with in my HomeLab :)
Christian, know that you can’t experience true enlightenment until your home lab is HIPAA compliant. 😷
If I cared about compliance, I'd prefer GDPR ;)
Great video,we need some practical skills-.
Thank you 😊
Great tutorial! But it could have been simpler. The reverse proxy thing is just making it over-complicated.
Thanks! True, but I think TLS certs are necessary in such a setup as we’re talking about security ;)
How is it against Sophos XDR ? ;-)
Sophos XDR is a more managed complete solution for businesses that comes with many useful features. Wazuh is the open-source tool that helps you building a service like this yourself.
So ... Similar to crowdstrike but opensource ! Great 👍🏻
Oh yeah! :D
I tried that tool and got instantly overwhelmed by the results. Wasn't able to figure out what's important and what's not. So this doesn't seem right for my level
Don't worry, you don't have to use all of the features, I agree it is overwhelming. But maybe start with the config assessment, this should be good for beginners as well
Start by disabling the CIS hardening checks. This will remove a bunch of noise. Cycle back when you are ready to setup configuration management for each OS type to satisfy CIS hardening standards
Awesome! Would love to see a video on Security Onion and OpenEDR or other free EDR solutions.... and UEM/MDM for mobile devices :)
Thank you :D However, it's gonna be hard to make this, as my channel doesn't focus too heavily on security. I want to focus on a few tools that I like most and then make follow-up tutorials for those.
@@christianlempa That makes sense. Your videos seem to incorporate security naturally while you're setting things up, which is great, so keep up the great work :)
Can you suggest some UEM/MDM open source solutions?
wth in a head of developer to deploy app without dark/light theme switch;
There is a dark mode existing, I just didn't find it at first 🙈
@@christianlempa 👍🏻good
GIbts eigentlich einen Grund wieso du die Testinstallation nicht in einem LXC Container gemacht hast? Ich denke aus Performancegründen in einer Homelab Umgebung wäre dies sicher die bessere Variante. Auch die gesamte Installation und KOnfiguration wäre dort wesentlich einfacher. Muss ja nicht immer alles in Docker sein ;)
Ich habe mich tatsächlich nicht viel mit LXC beschäftigt, da ich Docker für die bessere Technologie halte, wenn es um Container geht, aber sicherlich wäre das mit LXC genau so möglich gewesen.
Vote wazuh
+1 :D
Just wish it had UEBA capability 😢
so...result will be the same as CrowdStrike if hacked? (while installed agents)
That's a completely different story, by the way, Crowdstrike wasn't hacked, they messed up something in their update procedure.
Read on the Wazuh website (Blog) how Wazuh avoids similar risk.
Hi Christian,
How are you doing?
OMG, you skip the most interesting part changing password:(
Whaaaat now how did you copy paste to pve console? 😂😂😂
While cool, bit overkill for a homelab. This stuff (or similar) is used by big companies, European institutions, etc. to comply with regulations. Maintaining compliance is a day job for certain people in the security sector. Great to learn a thing or two, but CIS benchmarking your homelab... no.
Keep in mind, in HomeLab it's never about what you need, but more about what you're interested in playing around with.
Wazuh is too complicated and too cluttered for a small Homelab
I got this error when running "sudo docker compose -f generate-indexer-certs.yml run --rm generator"
[+] Creating 1/0
✘ Network single-node_default Error 0.0s
failed to create network single-node_default: Error response from daemon: all predefined address pools have been fully subnetted
wazaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahh
Not waza but wazoooo
Yo brother! I'm starting a podcast "Hacker vs Lawyer" I think you're a perfect candidate as a guest! Thoughts?