commit 03af0abd53029498fe0f41ae75f6e5828a28e2b2
Author: colin <colin@git@nixc.us>
Date:   Sun Aug 11 11:20:16 2024 -0400

    Add install.sh

diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..3a51389
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+set -e
+
+# Ensure the script is run as root
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root"
+  exit
+fi
+
+# Step 1: Wazuh server node installation
+# Install the necessary packages
+apt-get install -y gnupg apt-transport-https
+
+# Install the GPG key
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+
+# Overwrite the Wazuh repository list
+echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
+
+# Update the package information
+apt-get update
+
+# Install the Wazuh manager package
+apt-get -y install wazuh-manager
+
+# Install Filebeat
+apt-get -y install filebeat
+
+# Configure Filebeat
+curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml
+
+# Create the Filebeat keystore (overwrite if it exists)
+filebeat keystore create --force
+
+# Add the username and password to the Filebeat keystore
+echo -n "admin" | filebeat keystore add username --stdin --force
+echo -n "admin" | filebeat keystore add password --stdin --force
+
+# Download the alerts template for the Wazuh indexer
+curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json
+chmod go+r /etc/filebeat/wazuh-template.json
+
+# Install the Wazuh module for Filebeat
+curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
+
+# Check if the directory exists before creating it
+if [ ! -d "/etc/filebeat/certs" ]; then
+  mkdir /etc/filebeat/certs
+fi
+
+# Check if the wazuh-certificates.tar file exists
+if [ -f "./wazuh-certificates.tar" ]; then
+  # Deploy certificates
+  NODE_NAME=wazuh.nixc.us
+  tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
+  mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
+  mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
+  chmod 500 /etc/filebeat/certs
+  chmod 400 /etc/filebeat/certs/*
+  chown -R root:root /etc/filebeat/certs
+else
+  echo "Error: wazuh-certificates.tar not found. Please ensure the file is in the correct location."
+  exit 1
+fi
+
+# Configure the Wazuh indexer connection
+/var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
+/var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>
+
+# Start the Wazuh manager
+systemctl daemon-reload
+systemctl enable wazuh-manager
+systemctl start wazuh-manager
+
+# Verify the Wazuh manager status
+systemctl status wazuh-manager
+
+# Start the Filebeat service
+systemctl enable filebeat
+systemctl start filebeat
+
+# Verify Filebeat installation
+filebeat test output