108 lines
3.4 KiB
Bash
108 lines
3.4 KiB
Bash
#!/bin/bash
|
|
# =============================================================================
|
|
# Wazuh agent installation module
|
|
# =============================================================================
|
|
|
|
# Set script directory
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# Source common functions and variables
|
|
source "./common.sh"
|
|
|
|
# Function to install Wazuh agent
|
|
install_wazuh_agent() {
|
|
log_message "INFO" "Installing Wazuh agent"
|
|
|
|
# Install dependencies
|
|
log_message "INFO" "Installing dependencies for Wazuh agent"
|
|
apt-get install -y curl apt-transport-https lsb-release gnupg2
|
|
|
|
if [ $? -ne 0 ]; then
|
|
log_message "ERROR" "Failed to install dependencies for Wazuh agent"
|
|
return 1
|
|
fi
|
|
|
|
# Import GPG key
|
|
log_message "INFO" "Importing Wazuh GPG key"
|
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import
|
|
chmod 644 /usr/share/keyrings/wazuh.gpg
|
|
|
|
# Add Wazuh repository
|
|
log_message "INFO" "Adding Wazuh repository"
|
|
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
|
|
|
|
# Update package lists
|
|
apt-get update
|
|
|
|
# Install Wazuh agent
|
|
log_message "INFO" "Installing Wazuh agent package"
|
|
apt-get install -y wazuh-agent
|
|
|
|
if [ $? -ne 0 ]; then
|
|
log_message "ERROR" "Failed to install Wazuh agent"
|
|
return 1
|
|
fi
|
|
|
|
# Configure Wazuh agent
|
|
log_message "INFO" "Configuring Wazuh agent"
|
|
|
|
local wazuh_conf="/var/ossec/etc/ossec.conf"
|
|
|
|
# Backup existing configuration
|
|
if [ -f "$wazuh_conf" ]; then
|
|
backup_file "$wazuh_conf"
|
|
fi
|
|
|
|
# Modify the configuration to point to your Wazuh server
|
|
# Replace with your actual Wazuh server IP address
|
|
local WAZUH_MANAGER="YOUR_WAZUH_MANAGER_IP"
|
|
|
|
# Configure Wazuh agent to connect to the manager
|
|
/var/ossec/bin/agent-auth -m "$WAZUH_MANAGER"
|
|
|
|
# Update the ossec.conf file with the manager IP
|
|
sed -i "s/<address>.*<\/address>/<address>$WAZUH_MANAGER<\/address>/" "$wazuh_conf"
|
|
|
|
log_message "INFO" "Wazuh agent configured to connect to manager: $WAZUH_MANAGER"
|
|
|
|
# Create a README file to explain how to update the manager IP
|
|
cat > "/root/wazuh-agent-setup.txt" << EOF
|
|
# Wazuh Agent Configuration
|
|
# Generated by security hardening script
|
|
|
|
To update the Wazuh manager IP address, edit the following file:
|
|
$wazuh_conf
|
|
|
|
And change the <address> tag to point to your Wazuh manager:
|
|
<address>YOUR_WAZUH_MANAGER_IP</address>
|
|
|
|
Then, register the agent with your Wazuh manager:
|
|
/var/ossec/bin/agent-auth -m YOUR_WAZUH_MANAGER_IP
|
|
|
|
Finally, restart the Wazuh agent:
|
|
systemctl restart wazuh-agent
|
|
|
|
For more information, see the Wazuh documentation:
|
|
https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/index.html
|
|
EOF
|
|
|
|
log_message "SUCCESS" "Wazuh agent setup documentation created at /root/wazuh-agent-setup.txt"
|
|
|
|
# Enable and start Wazuh agent
|
|
log_message "INFO" "Enabling and starting Wazuh agent"
|
|
systemctl daemon-reload
|
|
service enable wazuh-agent
|
|
service restart wazuh-agent
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_message "SUCCESS" "Wazuh agent service enabled and started"
|
|
else
|
|
log_message "ERROR" "Failed to enable or start Wazuh agent service"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Main execution for Wazuh agent
|
|
install_wazuh_agent
|
|
|
|
log_message "SUCCESS" "Wazuh agent installation completed" |