Update install.sh
This commit is contained in:
parent
dc73936fae
commit
713112a707
114
install.sh
114
install.sh
|
|
@ -15,95 +15,69 @@ TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
|
||||||
USERNAME=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
USERNAME=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
||||||
PASSWORD=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
PASSWORD=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
||||||
|
|
||||||
# Log file path
|
# Log file path for credentials
|
||||||
LOG_FILE="/root/wazuh_installation_${TIMESTAMP}.log"
|
CREDENTIALS_LOG_FILE="/root/wazuh_credentials_${TIMESTAMP}.log"
|
||||||
|
|
||||||
# Create the log file and set permissions
|
# Save the generated credentials to the log file
|
||||||
touch $LOG_FILE
|
|
||||||
chmod 600 $LOG_FILE
|
|
||||||
|
|
||||||
# Save the generated credentials and other details to the log file
|
|
||||||
{
|
{
|
||||||
echo "Wazuh Installation Log - $TIMESTAMP"
|
echo "Wazuh Credentials - $TIMESTAMP"
|
||||||
echo "========================================"
|
echo "=============================="
|
||||||
echo "Username: $USERNAME"
|
echo "Username: $USERNAME"
|
||||||
echo "Password: $PASSWORD"
|
echo "Password: $PASSWORD"
|
||||||
echo "----------------------------------------"
|
echo "=============================="
|
||||||
} >> $LOG_FILE
|
} >> $CREDENTIALS_LOG_FILE
|
||||||
|
|
||||||
# Step 1: Wazuh server node installation
|
# Step 1: Wazuh server node installation
|
||||||
{
|
|
||||||
echo "Installing necessary packages..." >> $LOG_FILE
|
|
||||||
apt-get install -y gnupg apt-transport-https
|
|
||||||
|
|
||||||
echo "Installing GPG key..." >> $LOG_FILE
|
# Install the necessary packages
|
||||||
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
|
apt-get install -y gnupg apt-transport-https
|
||||||
|
|
||||||
echo "Overwriting Wazuh repository list..." >> $LOG_FILE
|
# Install the GPG key
|
||||||
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
|
||||||
|
|
||||||
echo "Updating package information..." >> $LOG_FILE
|
# Overwrite the Wazuh repository list
|
||||||
apt-get update
|
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
|
||||||
|
|
||||||
echo "Installing Wazuh manager..." >> $LOG_FILE
|
# Update the package information
|
||||||
apt-get -y install wazuh-manager
|
apt-get update
|
||||||
|
|
||||||
echo "Installing Filebeat..." >> $LOG_FILE
|
# Install the Wazuh manager package
|
||||||
apt-get -y install filebeat
|
apt-get -y install wazuh-manager
|
||||||
|
|
||||||
echo "Configuring Filebeat..." >> $LOG_FILE
|
# Install Filebeat
|
||||||
curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml
|
apt-get -y install filebeat
|
||||||
|
|
||||||
echo "Creating Filebeat keystore..." >> $LOG_FILE
|
# Configure Filebeat
|
||||||
filebeat keystore create --force
|
curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml
|
||||||
|
|
||||||
echo "Adding credentials to keystore..." >> $LOG_FILE
|
# Create the Filebeat keystore (overwrite if it exists)
|
||||||
echo -n "$USERNAME" | filebeat keystore add username --stdin --force
|
filebeat keystore create --force
|
||||||
echo -n "$PASSWORD" | filebeat keystore add password --stdin --force
|
|
||||||
|
|
||||||
echo "Downloading Wazuh alerts template..." >> $LOG_FILE
|
# Add the randomly generated username and password to the Filebeat keystore
|
||||||
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json
|
echo -n "$USERNAME" | filebeat keystore add username --stdin --force
|
||||||
chmod go+r /etc/filebeat/wazuh-template.json
|
echo -n "$PASSWORD" | filebeat keystore add password --stdin --force
|
||||||
|
|
||||||
echo "Installing Wazuh module for Filebeat..." >> $LOG_FILE
|
# Download the alerts template for the Wazuh indexer
|
||||||
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
|
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json
|
||||||
|
chmod go+r /etc/filebeat/wazuh-template.json
|
||||||
|
|
||||||
echo "Checking and creating certs directory..." >> $LOG_FILE
|
# Install the Wazuh module for Filebeat
|
||||||
if [ ! -d "/etc/filebeat/certs" ]; then
|
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
|
||||||
mkdir /etc/filebeat/certs
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "./wazuh-certificates.tar" ]; then
|
# Skip the certificate deployment step if not needed
|
||||||
echo "Deploying certificates..." >> $LOG_FILE
|
|
||||||
NODE_NAME=wazuh.nixc.us
|
|
||||||
tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
|
|
||||||
mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
|
|
||||||
mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
|
|
||||||
chmod 500 /etc/filebeat/certs
|
|
||||||
chmod 400 /etc/filebeat/certs/*
|
|
||||||
chown -R root:root /etc/filebeat/certs
|
|
||||||
else
|
|
||||||
echo "Error: wazuh-certificates.tar not found. Exiting." >> $LOG_FILE
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Configuring Wazuh indexer connection..." >> $LOG_FILE
|
# Configure the Wazuh indexer connection
|
||||||
/var/ossec/bin/wazuh-keystore -f indexer -k username -v "$USERNAME"
|
/var/ossec/bin/wazuh-keystore -f indexer -k username -v "$USERNAME"
|
||||||
/var/ossec/bin/wazuh-keystore -f indexer -k password -v "$PASSWORD"
|
/var/ossec/bin/wazuh-keystore -f indexer -k password -v "$PASSWORD"
|
||||||
|
|
||||||
echo "Starting Wazuh manager..." >> $LOG_FILE
|
# Enable and start the Wazuh manager service
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable wazuh-manager
|
systemctl enable wazuh-manager
|
||||||
systemctl start wazuh-manager
|
systemctl start wazuh-manager
|
||||||
|
|
||||||
echo "Starting Filebeat service..." >> $LOG_FILE
|
# Enable and start the Filebeat service
|
||||||
systemctl enable filebeat
|
systemctl enable filebeat
|
||||||
systemctl start filebeat
|
systemctl start filebeat
|
||||||
|
|
||||||
echo "Testing Filebeat output..." >> $LOG_FILE
|
# Finished
|
||||||
filebeat test output >> $LOG_FILE
|
echo "Wazuh setup complete. Credentials saved in $CREDENTIALS_LOG_FILE."
|
||||||
|
|
||||||
echo "Installation complete." >> $LOG_FILE
|
|
||||||
} 2>&1 | tee -a $LOG_FILE
|
|
||||||
|
|
||||||
# All information, including any errors, is now logged in /root/wazuh_installation_${TIMESTAMP}.log
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue