Good : full update

modules/wazuh_agent.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+# =============================================================================
+# Wazuh agent installation module
+# =============================================================================
+
+# Set script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Source common functions and variables
+source "./common.sh"
+
+# Function to install Wazuh agent
+install_wazuh_agent() {
+  log_message "INFO" "Installing Wazuh agent"
+  
+  # Install dependencies
+  log_message "INFO" "Installing dependencies for Wazuh agent"
+  apt-get install -y curl apt-transport-https lsb-release gnupg2
+  
+  if [ $? -ne 0 ]; then
+    log_message "ERROR" "Failed to install dependencies for Wazuh agent"
+    return 1
+  fi
+  
+  # Import GPG key
+  log_message "INFO" "Importing Wazuh GPG key"
+  curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import
+  chmod 644 /usr/share/keyrings/wazuh.gpg
+  
+  # Add Wazuh repository
+  log_message "INFO" "Adding Wazuh repository"
+  echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+  
+  # Update package lists
+  apt-get update
+  
+  # Install Wazuh agent
+  log_message "INFO" "Installing Wazuh agent package"
+  apt-get install -y wazuh-agent
+  
+  if [ $? -ne 0 ]; then
+    log_message "ERROR" "Failed to install Wazuh agent"
+    return 1
+  fi
+  
+  # Configure Wazuh agent
+  log_message "INFO" "Configuring Wazuh agent"
+  
+  local wazuh_conf="/var/ossec/etc/ossec.conf"
+  
+  # Backup existing configuration
+  if [ -f "$wazuh_conf" ]; then
+    backup_file "$wazuh_conf"
+  fi
+  
+  # Modify the configuration to point to your Wazuh server
+  # Replace with your actual Wazuh server IP address
+  local WAZUH_MANAGER="YOUR_WAZUH_MANAGER_IP"
+  
+  # Configure Wazuh agent to connect to the manager
+  /var/ossec/bin/agent-auth -m "$WAZUH_MANAGER"
+  
+  # Update the ossec.conf file with the manager IP
+  sed -i "s/<address>.*<\/address>/<address>$WAZUH_MANAGER<\/address>/" "$wazuh_conf"
+  
+  log_message "INFO" "Wazuh agent configured to connect to manager: $WAZUH_MANAGER"
+  
+  # Create a README file to explain how to update the manager IP
+  cat > "/root/wazuh-agent-setup.txt" << EOF
+# Wazuh Agent Configuration
+# Generated by security hardening script
+
+To update the Wazuh manager IP address, edit the following file:
+$wazuh_conf
+
+And change the <address> tag to point to your Wazuh manager:
+<address>YOUR_WAZUH_MANAGER_IP</address>
+
+Then, register the agent with your Wazuh manager:
+/var/ossec/bin/agent-auth -m YOUR_WAZUH_MANAGER_IP
+
+Finally, restart the Wazuh agent:
+systemctl restart wazuh-agent
+
+For more information, see the Wazuh documentation:
+https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/index.html
+EOF
+
+  log_message "SUCCESS" "Wazuh agent setup documentation created at /root/wazuh-agent-setup.txt"
+  
+  # Enable and start Wazuh agent
+  log_message "INFO" "Enabling and starting Wazuh agent"
+  systemctl daemon-reload
+  service enable wazuh-agent
+  service restart wazuh-agent
+  
+  if [ $? -eq 0 ]; then
+    log_message "SUCCESS" "Wazuh agent service enabled and started"
+  else
+    log_message "ERROR" "Failed to enable or start Wazuh agent service"
+    return 1
+  fi
+}
+
+# Main execution for Wazuh agent
+install_wazuh_agent
+
+log_message "SUCCESS" "Wazuh agent installation completed"