An agent always needs a master so yes it is possible to install an Wazuh agent but you would need also somewhere a master (hybrid installation is also possible).
Wazuh needed in my testings much more resources then OSSEC especially on master side with an ELK stack. ELK is not available from my side for IPFire.dnl wrote: ↑December 17th, 2018, 10:36 amI like the idea of Wazuh, but running all those components (as well most IPFire features and ntopng) would use a lot of resources/power and open a very large attack surface on a router (even if all the services are isolated from the network, I still have to trust a lot more sources of software on my router).
Both components are products which do have the focus on network but also host based security HIDS and are OpenSource so the code is available to read for everyone. I know this might not be the best argument since you might not have the time to read through all the lines of code to check for potential expolits or unwanted data collection but how sure are you with IPSec, SSH, OpenVPN, Squid, ... in that manner ? In the last years i haven´t heard something about serious security problems causing OSSEC (mainly) and Wazuh (which i currently do not use).
Another one might be that some bigger companies which probably have the resources/capabilities to research the code of projects like this one but uses it also --> https://aws.amazon.com/de/blogs/securit ... instances/ --> https://image.slidesharecdn.com/nebulat ... 1463033772 , Netflix, Apple and some others comes to mind --> https://www.atomicorp.com/ossec-people- ... cast-ep-7/ gives me a kind of little better trust of functionality but also better code reviews and further project development but who can be sure for 100% security at the internet in general ?
IPFire do provides everything which is needed to run OSSEC, there is no need to trust "a lot more sources" except OSSECs source itself. Wazuh comes also with 3rd party extensions if wanted which might in my humble opinion interesting for big environments (policy specific obligations) and/or interest/proficiency to handle also the big data thing (ELK Stack). <-- I think this is nice to investigate for the interested ones how much is meanwhile possible also for the small budget but big companies should also be perfectly fine with a good configured OSSEC installation in, again, my humble opinion.
Sorry for the long text .
If you are interested in this topic, i would recommend to RTFM and testing OSSEC first since it delivers also the core functionality for Wazuh but do needs also less system resources as Wazuh and is less complex.