From dc73936fae5029bd43f5bbb4e437906e78e0b9d7 Mon Sep 17 00:00:00 2001 From: colin Date: Sun, 11 Aug 2024 14:23:31 -0400 Subject: [PATCH] Update install.sh --- install.sh | 137 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 81 insertions(+), 56 deletions(-) diff --git a/install.sh b/install.sh index 3a51389..db731a9 100644 --- a/install.sh +++ b/install.sh @@ -8,77 +8,102 @@ if [ "$EUID" -ne 0 ]; then exit fi +# Generate a timestamp +TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S") + +# Generate random alphanumeric credentials +USERNAME=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32) +PASSWORD=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32) + +# Log file path +LOG_FILE="/root/wazuh_installation_${TIMESTAMP}.log" + +# Create the log file and set permissions +touch $LOG_FILE +chmod 600 $LOG_FILE + +# Save the generated credentials and other details to the log file +{ + echo "Wazuh Installation Log - $TIMESTAMP" + echo "========================================" + echo "Username: $USERNAME" + echo "Password: $PASSWORD" + echo "----------------------------------------" +} >> $LOG_FILE + # Step 1: Wazuh server node installation -# Install the necessary packages -apt-get install -y gnupg apt-transport-https +{ + echo "Installing necessary packages..." >> $LOG_FILE + apt-get install -y gnupg apt-transport-https -# Install the GPG key -curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg + echo "Installing GPG key..." >> $LOG_FILE + curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg -# Overwrite the Wazuh repository list -echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list + echo "Overwriting Wazuh repository list..." >> $LOG_FILE + echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list -# Update the package information -apt-get update + echo "Updating package information..." >> $LOG_FILE + apt-get update -# Install the Wazuh manager package -apt-get -y install wazuh-manager + echo "Installing Wazuh manager..." >> $LOG_FILE + apt-get -y install wazuh-manager -# Install Filebeat -apt-get -y install filebeat + echo "Installing Filebeat..." >> $LOG_FILE + apt-get -y install filebeat -# Configure Filebeat -curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml + echo "Configuring Filebeat..." >> $LOG_FILE + curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml -# Create the Filebeat keystore (overwrite if it exists) -filebeat keystore create --force + echo "Creating Filebeat keystore..." >> $LOG_FILE + filebeat keystore create --force -# Add the username and password to the Filebeat keystore -echo -n "admin" | filebeat keystore add username --stdin --force -echo -n "admin" | filebeat keystore add password --stdin --force + echo "Adding credentials to keystore..." >> $LOG_FILE + echo -n "$USERNAME" | filebeat keystore add username --stdin --force + echo -n "$PASSWORD" | filebeat keystore add password --stdin --force -# Download the alerts template for the Wazuh indexer -curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json -chmod go+r /etc/filebeat/wazuh-template.json + echo "Downloading Wazuh alerts template..." >> $LOG_FILE + curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json + chmod go+r /etc/filebeat/wazuh-template.json -# Install the Wazuh module for Filebeat -curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module + echo "Installing Wazuh module for Filebeat..." >> $LOG_FILE + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module -# Check if the directory exists before creating it -if [ ! -d "/etc/filebeat/certs" ]; then - mkdir /etc/filebeat/certs -fi + echo "Checking and creating certs directory..." >> $LOG_FILE + if [ ! -d "/etc/filebeat/certs" ]; then + mkdir /etc/filebeat/certs + fi -# Check if the wazuh-certificates.tar file exists -if [ -f "./wazuh-certificates.tar" ]; then - # Deploy certificates - NODE_NAME=wazuh.nixc.us - tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem - mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem - mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem - chmod 500 /etc/filebeat/certs - chmod 400 /etc/filebeat/certs/* - chown -R root:root /etc/filebeat/certs -else - echo "Error: wazuh-certificates.tar not found. Please ensure the file is in the correct location." - exit 1 -fi + if [ -f "./wazuh-certificates.tar" ]; then + echo "Deploying certificates..." >> $LOG_FILE + NODE_NAME=wazuh.nixc.us + tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem + mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem + mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem + chmod 500 /etc/filebeat/certs + chmod 400 /etc/filebeat/certs/* + chown -R root:root /etc/filebeat/certs + else + echo "Error: wazuh-certificates.tar not found. Exiting." >> $LOG_FILE + exit 1 + fi -# Configure the Wazuh indexer connection -/var/ossec/bin/wazuh-keystore -f indexer -k username -v -/var/ossec/bin/wazuh-keystore -f indexer -k password -v + echo "Configuring Wazuh indexer connection..." >> $LOG_FILE + /var/ossec/bin/wazuh-keystore -f indexer -k username -v "$USERNAME" + /var/ossec/bin/wazuh-keystore -f indexer -k password -v "$PASSWORD" -# Start the Wazuh manager -systemctl daemon-reload -systemctl enable wazuh-manager -systemctl start wazuh-manager + echo "Starting Wazuh manager..." >> $LOG_FILE + systemctl daemon-reload + systemctl enable wazuh-manager + systemctl start wazuh-manager -# Verify the Wazuh manager status -systemctl status wazuh-manager + echo "Starting Filebeat service..." >> $LOG_FILE + systemctl enable filebeat + systemctl start filebeat -# Start the Filebeat service -systemctl enable filebeat -systemctl start filebeat + echo "Testing Filebeat output..." >> $LOG_FILE + filebeat test output >> $LOG_FILE -# Verify Filebeat installation -filebeat test output + echo "Installation complete." >> $LOG_FILE +} 2>&1 | tee -a $LOG_FILE + +# All information, including any errors, is now logged in /root/wazuh_installation_${TIMESTAMP}.log