Most important security setting :: Wazuh Menu > Dashboard Management > Dashboards Management > Advanced Settings > Appearance > Dark Mode == On 🙂
@christianlempa3 ай бұрын
Oh what I completely forgot this one 🙈🙈 sry
@FrontLineNerd3 ай бұрын
@@christianlempathis advanced settings section I’m in here to change to dark mode is SO vast. Wow. You could do multiple videos on Wazuh. This tool is so powerful. I’m trying to integrate it with the clamav install on my Raspberry Pi. This is where very cool videos could be made IMHO. On the integrations and auto remediation capabilities.
@RiskSanchez2 ай бұрын
@@christianlempa All good, just joking :) Good topic/platform - love to see it & looking forward to the stack evolution ^^
@ilovestitch3 ай бұрын
Thanks for making this tutorial/demo video Christian. I can't imagine any more obtuse and nonsensical and non-user friendly pieces of software to run in my homelab than Wazuh and Traefik and combining them seems like a genuine nightmare that you make look easy. Someday I'll get there, but neither are for me
@ilovestitch3 ай бұрын
Hi@@gardnerjp1- I have spent several hours of my extremely limited free time trying to get both Traefik and Wazuh up and running in my lab with no success despite there being countless guides and resources available. I'm sure it is a simple proficiency issue hence my compliments to Christian on making it look so easy. Ultimately, it's software I'd like to explore but doesn't seem packaged appropriately for people who don't have more highly skilled experience in IT. I'm sorry you felt that my comment was cause to hurl unwarranted verbal abuse my way. I hope you eventually have more going for you in life so that you don't need to turn to negative interaction on the internet to satisfy some need for socialization.
@christianlempa3 ай бұрын
Love and peace guys! :D I know both technologies are targeted at intermediate/advanced level, so take your time, I also needed a lot of time to get through understanding traefik :P
@eaglefn49183 ай бұрын
The commentary by @ilovestitch shows how complicated IT security is today. If you don't have the confidence, you should leave it alone. There are users who only need the Home Lab to listen to music and watch videos. That's fine with me. Nobody is perfect.
@willisiswillis2 ай бұрын
@@gardnerjp1 calm down. Everybody starts somewhere. @ilovestitch may be just getting into this and it takes years of experience to be able to get to this level. Man, I hate how toxic IT can be sometimes. How about let's not be stuck up gatekeepers and instead try teaching and encouraging. smh. BTW I'm a cloud engineer and at the advanced level and I still wouldn't treat a stranger like this.
@gardnerjp12 ай бұрын
@@willisiswillis As a DEV and regular code contributor to Traefik, I see all types. The only thing I find obtuse in this is thread is the attack on the software and all the people who don't use it who are making excuses for the attacker. It's like monkeys in a barrel, climbing over each other to win an argument about a solution they don't even understand! Laughable really
@ywywywyw6123 ай бұрын
I like that it uses Kibana for the dashboards, saves you the time needed to learn another dashboarding tool, great video!
@christianlempa2 ай бұрын
Thank you! :)
@vestrille12303 ай бұрын
...watching the game, having a bud. WAZZUUUUAAAH!~
Yes please do a follow up when you've got everything configured !
@samsh0-q3a3 ай бұрын
happy homelab man always teaches me about new and flashy tools lol
@christianlempa3 ай бұрын
nice! :D
@bangonkali2 ай бұрын
All these tools and and agents being installed on every node in the system can sometimes feels like we're adding more vulnerabilities (solarwind fiasco) or points of failures (crowdstrike). Hopefully this being open source and self hosted to a certain degree levels the failure domain to ones own network or sphere of influence. Thanks for the video. Very informative. Got to look around because somehow management needs one setup and I have no clue which systems to pick. This one looks like elasticsearch/opensearch BTW which we use extensively for entirely different purpose. Might be the same tool behind the scenes. Thanks for the video!
@Gnanmankoudji3 ай бұрын
As you're a SOPHOS user, it would be great to have some comparative feedback on their EDR compared to this one. The Crowdstrike fiasco is yet another example of how closed source boxes can become a world-class problem.
@christianlempa3 ай бұрын
It wouldn't be honest to make a comparison with a software from a company I'm affiliated with, but I hope to make more follow-up videos on Wazuh and dive into the technology and configuration, to learn more about how these tools work.
@Gnanmankoudji3 ай бұрын
@@christianlempa I understand your point, but as long as you declare your conflicts of interest I don't see any problem, it would be illusory to demand a totally objective judgement. Even when there is no affiliation, we still have personal preferences, and objective benchmarks are a bit sad I find, I prefer to form my opinion on arguments and critics.
@phillippeerman22962 ай бұрын
@@Gnanmankoudji I suspect Christian is politely indicating that comparing his company affiliation product vs a competitor may not be a great career move for him. I understand his desire to remain objective.
@Gnanmankoudji2 ай бұрын
@@phillippeerman2296 It's possible I don't know, but I don't think Wazuh could be a business competitor to Sophos, Fortinet, etc because most companies wants compliance, insurances, support, not "free" security. For a homelab and my general culture, on the other hand, I'm very interested in this kind of comparative.
@franciscopena78598 күн бұрын
Loved it! Was interested in ossec already. Lovely how they integrate it
@christianlempa8 күн бұрын
Nice! :)
@reynold.lariza3 ай бұрын
this was just posted a days ago, but already the commands, even the cert generator is outdated (event at 4.8.2). tried the simplest single node --- failed at the onset during cert building. So many big changes, not yet ready for primetime :/
@OverlordZim2 ай бұрын
I just deployed 4.8.1 this month and upgraded to 4.8.2 without issues
@andrewwilson71692 ай бұрын
Very cool. Looks a little like a self hosted version of netdata in some ways, but with your metadata remaining on your own network. I like it and will play with it. Do you find it gives a lot of false-positives? I think an updated video in a month or so giving your spin on the pros and cons would be helpful. Thank you!!
@tjym2305Ай бұрын
Hi Christian, Thanks for all your videos and I really appreciate it if you do a follow up video on best practices on Linux and windows. Thanks again 👍
@Jniklas23 ай бұрын
I think there is a small cutting mistake in 1:49
@christianlempa3 ай бұрын
Thanks, that's when you always work to the limit, I'm sorry 🙈
@fotamucker73083 ай бұрын
@@christianlempa Don't worry, it's super minor, doesn't take away from the video at all :D
@FrozenRizeax2 ай бұрын
Cool video will test it myself soon. What would be interesting if there was a kind of patch management about which you can keep the clients up to date
@christianlempa2 ай бұрын
Thanks! Let me know how it's working for you
@initcyber3 ай бұрын
As a security professional who deals with vuln management... I died when I saw 200+ high vulns. But I know this is homelab and hopefully not all of that is net facing/external. If I may suggest, crowdsec will help block a ton of malicious IPs and repeated attempts (like F2B). Otherwise sudo apt update && sudo apt upgrade 😅😅
@christianlempa3 ай бұрын
🤣, once I reviewed some of the CVEs, the main problem seemed to be Ubuntu LTS with missing ESM, that would fix a bunch of them as well as upgrading to newer LTS versions. But as you said, nothing is facing external networks so technically it doesn’t matter really.
@seansingh44213 ай бұрын
*sudo dist-upgrade if Proxmox
@nigelnovelo279Ай бұрын
amazing video brother I can say Ive learned a ton from you. I'll keep an eye out for more wazuh videos!
@christianlempaАй бұрын
So cool, thank you! Glad it was helpful
@Fayaz-Rehman2 ай бұрын
Thanks - Could you also make a video " How to deploy wazuh on Kubernetes cluster" much appreciated.
@christianlempa2 ай бұрын
Thanks! Maybe, I'll have to look into that
@Flackon2 ай бұрын
One thing I noticed while briefly using this and going through the list of rules, is that some of them contradict one another, so I guess it's technically impossible to ever reach 100% compliance?
@christianlempa2 ай бұрын
No idea, I haven't looked into compliance a lot
@AndreiCosmАй бұрын
Hi Christian, thanks for putting the effort into this video, I tried to follow and also add wazuh, but unfortunately I could not make a working wazuh after following the video. Hope the next ones you make will be easier so that the flowers will have a working instance after all the hours spent. You do a lot of custom staff from a lot of videos you made, and even looking at the other videos just made me more confused. I guess the short and strate forward variant would be the most appreciated.
@christianlempaАй бұрын
Don't worry, Wazuh is kinda difficult and weird to set up, start with something easier. For example, my Docker Series on Patreon, or videos like Dockge are good for beginners.
@KapaGT3 ай бұрын
Its nice yeah, great for SMB, for a HomeLab? Thats a stretch, if you need something like this in your Home, you don't have a Lab, you have a problem.
@octaviovallelopez32633 ай бұрын
I love seeing in videos like this, in which you like the effort I made and made to have the new vulnerability detector 4.8
@christianlempa3 ай бұрын
Thank you! :)
@avataros1112 ай бұрын
No need for funny faces Chris... Thanks for the most interesting videos!
@RezaDastmalchian2 ай бұрын
I'd like to see a follow up video on monitoring network devices with Wazuh. Like sending logs from a network firewall to wazah.
@christianlempa2 ай бұрын
That's a great idea!
@hennibadger5120Ай бұрын
Great. Thanks. Is it free for commercial usage?
@mohammadpourghadiri76722 ай бұрын
Christian i have it setup and running, i wasnt using labels because im dumb and was was using the dynamic config but here is my question which i didnt find a document on, for remote agents they would need to have access to the internal 1514 1515 pots. Port 1515 can use ssl/ tls enrollement and set traefik to do a passthrough, but 1514 has no tls setup and i tried forcing it but Wazuh doesnt like it as its not impelemented on that port. However, if there is no encryption on a service, you could easily have a man in a middle to listen into the traffic. What do you do then?
@Dycell3 ай бұрын
Christian, know that you can’t experience true enlightenment until your home lab is HIPAA compliant. 😷
@christianlempa3 ай бұрын
If I cared about compliance, I'd prefer GDPR ;)
@TheKeirsunishi3 ай бұрын
Wow this is something I had no idea I needed!
@christianlempa3 ай бұрын
Haha nice :D
@espressomatic3 ай бұрын
They really should have named this "Wassap!"
@christianlempa3 ай бұрын
:D
@btw.2 ай бұрын
Hey, can you maybe do a video of frr x Proxmox. I'm currently setting up a 3-Node Proxmox Cluster with 3x MS-01 and want the two 10GBit Ports on each Node to be configured with frr and used for Ceph. Do you think it's a good idea? Are there better solutions?
@christianlempa2 ай бұрын
Sounds like a good idea to me :) If the MS-01 would have a rack mount I probably would use it too
@btw.2 ай бұрын
@@christianlempa Yeah, i'm currently looking to buy the DeskPi RackMate. I think it will fit nicely.
@MrLordbeavis2 ай бұрын
M720q and m920q tinys have 3d printable rack mounts
@igordasunddas3377Ай бұрын
This is a great video! My issue with any piece of software though is trusting the manufacturer / creator enough to e.g. install the agents everywhere - and basically let it have a ton of data. Perhaps after seeing stuff happen, I am just really paranoid in regards to installing new software.
@christianlempaАй бұрын
Thank you :)
@nr3-gp9euАй бұрын
great video, many thanks for that. I also wanted to give it a try, but failed when executing “docker compose -f generate-indexer-certs.yml run --rm generator”. certs.yml is always a directory and not a file. What am I doing wrong? I have carried out all the steps up to this point in exactly the same way as in your video
@nr3-gp9euАй бұрын
the repository had to be copied to the host first so that the certs.yml is already present, after that it works
@christianlempaАй бұрын
Oh nice, glad you sorted it out! Thanks for the feedback :)
@geozeke2 ай бұрын
Really enjoyed this tutorial, @christianlempa Excellent as always! I also enjoyed your bind9 running in docker tutorial. Would love to see a follow-on to that showing how to run secure bind9 with DoT or DoH.
@christianlempa2 ай бұрын
Thank you! That's a good idea, but maybe for somewhere next year :)
@Kevin-oj2uo3 ай бұрын
I would love to get the follow up video with the configuration! Please!
@christianlempa3 ай бұрын
Already planned! THank you :D
@ryanbuzar539223 күн бұрын
Getting this to work behind Traefik would be wonderful. I'd like to see this is as well! I've been trying to configure wazuh to work with my domain on traefik rather than just the ip address with limited success.
@kevin9732 ай бұрын
I actually installed it on my Proxmox a while ago, but got overwhelmed with all the results and couldn't keep up with it. It would be great to have an example of a Home Assistant LXC. Also, the firewall rule is kind of annoying. My Proxmox server handles many VLANs, and I need to allow connections with Wazuh, etc. Question: Mine is installed on the Proxmox host. I wonder if others also install both the server and a client on the Proxmox host (to check security flow on the actual Proxmox host).
@zilla853 ай бұрын
I want to note, the Secure Configuration Assessment is currently only valid for machines with english localizations. For example, every check with "net account" will fail on non-english machines.
@niko79153 ай бұрын
How did you figure it out?
@sergeygr3 ай бұрын
@@niko7915 github issues
@zilla853 ай бұрын
@@niko7915 I've seen wrong results on my machines and found a bug report explaining the problem.
@espressomatic3 ай бұрын
Damn, I randomly assign a different locale to every machine on my network, just to keep myself sharp.
@niko79153 ай бұрын
@@espressomatic it turns out that 4.8x still has bugs that were not in previous versions (((And I just thought about updating version 4.7.5.
@LasseStorgaardАй бұрын
Thank you! Very informative video.
@pddekock2 ай бұрын
Great video! I love your work, but the Docker Compose layout could use an update. Simple tasks like setting new passwords and creating certificates are more complicated than they should be. For example, why not generate the certificate at startup and store it in a volume? Thanks for your videos-I really enjoy them!
@christianlempa2 ай бұрын
Thanks, the docker compose layout mainly comes from the Wazuh files, but I'm open for suggestions! Maybe we should upload it to my boilerplates repo and take care of this
@DamjanKumin3 ай бұрын
@Christian, excellent video, as always. QQ - in the agent deploy config, are you sure to add the dashboard address as the server? Is it not the actual wazuh server address?
@christianlempa3 ай бұрын
Thank you so much! :) Yes it is the server address, in my case it's the same, but yeah you're right
@DigiDoc1013 ай бұрын
Very nice tutorial! I'm looking to implement this in my homelab soon! Question, do you use local dns names along side traefik? Or cloudflare tunnels? Public facing?
@christianlempa3 ай бұрын
Awesome! :D No, I'm using a local authoritative DNS server that resolves the "home" zone of my public domain "clcreative.de" to my local servers. Then I'm using Traefik with cloudflare DNS challenge to issue trusted TLS certs for that domain.
@CTWilliams893 ай бұрын
Great video I've been going between setting up security onion or wazuh in my homelab. One question I had was did you install the agents on all of your hypervisors, or the individual vms, or both?
@christianlempa3 ай бұрын
I only installed it on the VMs, not the HyperV, but that probably should be done as well
@edwardvanhazendonk3 ай бұрын
Thanks Christian, this seems like just the tools one needs in a homelab. Do you know if the openscap implementation also has its own Ansible environment to have the ansible playbooks which sometimes come with it fixes the benchmarks are also part of the wazuh setup? Great content on your channel and thanks for all your time and effort educating us 🙏🏻
@christianlempa2 ай бұрын
Thank you so much! :) I've not tested anything regarding openscap, so no idea unfortunately
@edwardvanhazendonk2 ай бұрын
@@christianlempa for what I have seen OpenSCAP seems to be disabled from the 3.9 release onward. I tried (only for an hour) to get the wodle from github with the phyton scripts to be enabled but failes. So I have a steep learning curve to go and solve 😅. Thanks again for your content and tremendous time and effort you spend in educating us. 🙏🏻
@jeffreyschlieve590Ай бұрын
Is there a way to install it without VS code step?
@obedappiah17072 ай бұрын
Can you please make a video on how to change wazuh dashboard password, and also fix ip address changing any time i open the ova server
@romayojr3 ай бұрын
that was the longest advertisement i’ve ever watched on youtube and somehow it didn’t bother me one bit
@christianlempa3 ай бұрын
Nice! That's exactly how I want these Ads to integrate into useful content :) Thank you for the feedback
@eaglefn49183 ай бұрын
Lucky you. Go back to sleep.
@odebroqueville2 ай бұрын
Hi Christian, this looks really interesting but I don’t know much about cybersecurity. Is there any course out there that you would recommend to be able to use wazuh and understand it?
@christianlempa2 ай бұрын
I think you can start with this video, and I'm gonna release more videos about protective cybersecurity :)
@TheRealAnthony_realАй бұрын
as always very indepth !
@christianlempaАй бұрын
Thank you! :)
@bikambawdar2 ай бұрын
What is the tool that you use as terminal? Thanks
@christianlempa2 ай бұрын
Warp 🥳
@DennisPantonial-f3r27 күн бұрын
how to setup 2fa authentication to user login for wazuh. hope you can help me with this
@thefirebuilds3 ай бұрын
Mr. Lempa, what about a piece on Hashicorp Vault?
@christianlempa3 ай бұрын
That's still on my list, but honestly not so high on the priority, so probably not in the near future :/ I'm sorry
@thefirebuilds2 ай бұрын
@@christianlempa I am struggling through it!
@muhammadahmod3342 ай бұрын
You keep saying homelab? Is it no good for enterprise? Is this a good competitor/alternative to sentinel?
@christianlempa2 ай бұрын
It might be, but I only have experience with in my HomeLab :)
2 ай бұрын
What do you think about security onion which include wazuh?
@christianlempa2 ай бұрын
I haven't looked into that, yet.
@hendb202 ай бұрын
how do i get it so i can copy paste files like this i get permissions denied?
@doodlemania23 ай бұрын
Would this be complimentary or replacement for crowdsec?
@christianlempa3 ай бұрын
From my understanding and what I’ve seen so far it would be complementary. However I haven’t seen a way to integrate them, maybe that would be interesting too
@mario21ic3 ай бұрын
Wazuh is awesome!! :D
@christianlempa3 ай бұрын
It is! :D
@RTF963 ай бұрын
Thanks for the video, great as always. I moved to Caddy recently. Do you think this will work out for me with Caddy as my RPM? :)
@christianlempa3 ай бұрын
Thank you so much! :D Wazuh doesn't care which proxy is in front of it, could be anything like Caddy as well.
@t288msd3 ай бұрын
Can the agent also be a docker container?
@christianlempa3 ай бұрын
As the agent needs access to the system I think it's much easier to do it without docker
@rainerwahnsinn32653 ай бұрын
I tried that tool and got instantly overwhelmed by the results. Wasn't able to figure out what's important and what's not. So this doesn't seem right for my level
@christianlempa3 ай бұрын
Don't worry, you don't have to use all of the features, I agree it is overwhelming. But maybe start with the config assessment, this should be good for beginners as well
@OverlordZim2 ай бұрын
Start by disabling the CIS hardening checks. This will remove a bunch of noise. Cycle back when you are ready to setup configuration management for each OS type to satisfy CIS hardening standards
@22manohar083 ай бұрын
So ... Similar to crowdstrike but opensource ! Great 👍🏻
@christianlempa3 ай бұрын
Oh yeah! :D
@johnvardy95592 ай бұрын
Great video,we need some practical skills-.
@christianlempa2 ай бұрын
Thank you 😊
@RenaudSchweingruber3 ай бұрын
How is it against Sophos XDR ? ;-)
@christianlempa2 ай бұрын
Sophos XDR is a more managed complete solution for businesses that comes with many useful features. Wazuh is the open-source tool that helps you building a service like this yourself.
@Byc8452 ай бұрын
This is so cool
@christianlempa2 ай бұрын
It is! :D
@HaiHoang-nc7mp3 ай бұрын
hi Chris, video is interesting!, u can make one video talk about iptable, plss
@christianlempa2 ай бұрын
Thank you! Maybe that's gonna be part of my follow-up configuration best-practices video
@joumardchikhani1529Ай бұрын
would you try Security Onion?
@christianlempaАй бұрын
I don't think so, since Wazuh is already so much work :D but well... I never say never
@Josh-mo2ib3 ай бұрын
Awesome! Would love to see a video on Security Onion and OpenEDR or other free EDR solutions.... and UEM/MDM for mobile devices :)
@christianlempa3 ай бұрын
Thank you :D However, it's gonna be hard to make this, as my channel doesn't focus too heavily on security. I want to focus on a few tools that I like most and then make follow-up tutorials for those.
@Josh-mo2ib3 ай бұрын
@@christianlempa That makes sense. Your videos seem to incorporate security naturally while you're setting things up, which is great, so keep up the great work :)
@tuanhungnguyen13423 ай бұрын
Can you suggest some UEM/MDM open source solutions?
@denzfarid3 ай бұрын
Vote wazuh
@christianlempa3 ай бұрын
+1 :D
@particula2024Ай бұрын
wth in a head of developer to deploy app without dark/light theme switch;
@christianlempaАй бұрын
There is a dark mode existing, I just didn't find it at first 🙈
@particula2024Ай бұрын
@@christianlempa 👍🏻good
@harry198326013 ай бұрын
GIbts eigentlich einen Grund wieso du die Testinstallation nicht in einem LXC Container gemacht hast? Ich denke aus Performancegründen in einer Homelab Umgebung wäre dies sicher die bessere Variante. Auch die gesamte Installation und KOnfiguration wäre dort wesentlich einfacher. Muss ja nicht immer alles in Docker sein ;)
@christianlempa3 ай бұрын
Ich habe mich tatsächlich nicht viel mit LXC beschäftigt, da ich Docker für die bessere Technologie halte, wenn es um Container geht, aber sicherlich wäre das mit LXC genau so möglich gewesen.
@ukrolelo2 ай бұрын
Whaaaat now how did you copy paste to pve console? 😂😂😂
@user-co8kh8jt5t3 ай бұрын
Just wish it had UEBA capability 😢
@MarcelHoffs3 ай бұрын
While cool, bit overkill for a homelab. This stuff (or similar) is used by big companies, European institutions, etc. to comply with regulations. Maintaining compliance is a day job for certain people in the security sector. Great to learn a thing or two, but CIS benchmarking your homelab... no.
@christianlempa3 ай бұрын
Keep in mind, in HomeLab it's never about what you need, but more about what you're interested in playing around with.
@a.g85173 ай бұрын
so...result will be the same as CrowdStrike if hacked? (while installed agents)
@christianlempa3 ай бұрын
That's a completely different story, by the way, Crowdstrike wasn't hacked, they messed up something in their update procedure.
@eaglefn49183 ай бұрын
Read on the Wazuh website (Blog) how Wazuh avoids similar risk.
@SU3D33 ай бұрын
Yo brother! I'm starting a podcast "Hacker vs Lawyer" I think you're a perfect candidate as a guest! Thoughts?
I got this error when running "sudo docker compose -f generate-indexer-certs.yml run --rm generator" [+] Creating 1/0 ✘ Network single-node_default Error 0.0s failed to create network single-node_default: Error response from daemon: all predefined address pools have been fully subnetted