#!/bin/bash # ============================================================================= # Wazuh agent installation module # ============================================================================= # Set script directory SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # Source common functions and variables source "./common.sh" # Function to install Wazuh agent install_wazuh_agent() { log_message "INFO" "Installing Wazuh agent" # Install dependencies log_message "INFO" "Installing dependencies for Wazuh agent" apt-get install -y curl apt-transport-https lsb-release gnupg2 if [ $? -ne 0 ]; then log_message "ERROR" "Failed to install dependencies for Wazuh agent" return 1 fi # Import GPG key log_message "INFO" "Importing Wazuh GPG key" curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import chmod 644 /usr/share/keyrings/wazuh.gpg # Add Wazuh repository log_message "INFO" "Adding Wazuh repository" echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list # Update package lists apt-get update # Install Wazuh agent log_message "INFO" "Installing Wazuh agent package" apt-get install -y wazuh-agent if [ $? -ne 0 ]; then log_message "ERROR" "Failed to install Wazuh agent" return 1 fi # Configure Wazuh agent log_message "INFO" "Configuring Wazuh agent" local wazuh_conf="/var/ossec/etc/ossec.conf" # Backup existing configuration if [ -f "$wazuh_conf" ]; then backup_file "$wazuh_conf" fi # Modify the configuration to point to your Wazuh server # Replace with your actual Wazuh server IP address local WAZUH_MANAGER="YOUR_WAZUH_MANAGER_IP" # Configure Wazuh agent to connect to the manager /var/ossec/bin/agent-auth -m "$WAZUH_MANAGER" # Update the ossec.conf file with the manager IP sed -i "s/
.*<\/address>/
$WAZUH_MANAGER<\/address>/" "$wazuh_conf" log_message "INFO" "Wazuh agent configured to connect to manager: $WAZUH_MANAGER" # Create a README file to explain how to update the manager IP cat > "/root/wazuh-agent-setup.txt" << EOF # Wazuh Agent Configuration # Generated by security hardening script To update the Wazuh manager IP address, edit the following file: $wazuh_conf And change the
tag to point to your Wazuh manager:
YOUR_WAZUH_MANAGER_IP
Then, register the agent with your Wazuh manager: /var/ossec/bin/agent-auth -m YOUR_WAZUH_MANAGER_IP Finally, restart the Wazuh agent: systemctl restart wazuh-agent For more information, see the Wazuh documentation: https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/index.html EOF log_message "SUCCESS" "Wazuh agent setup documentation created at /root/wazuh-agent-setup.txt" # Enable and start Wazuh agent log_message "INFO" "Enabling and starting Wazuh agent" systemctl daemon-reload service enable wazuh-agent service restart wazuh-agent if [ $? -eq 0 ]; then log_message "SUCCESS" "Wazuh agent service enabled and started" else log_message "ERROR" "Failed to enable or start Wazuh agent service" return 1 fi } # Main execution for Wazuh agent install_wazuh_agent log_message "SUCCESS" "Wazuh agent installation completed"