#!/bin/bash

set -e

# Ensure the script is run as root
if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit
fi

# Step 1: Wazuh server node installation
# Install the necessary packages
apt-get install -y gnupg apt-transport-https

# Install the GPG key
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg

# Overwrite the Wazuh repository list
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list

# Update the package information
apt-get update

# Install the Wazuh manager package
apt-get -y install wazuh-manager

# Install Filebeat
apt-get -y install filebeat

# Configure Filebeat
curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml

# Create the Filebeat keystore (overwrite if it exists)
filebeat keystore create --force

# Add the username and password to the Filebeat keystore
echo -n "admin" | filebeat keystore add username --stdin --force
echo -n "admin" | filebeat keystore add password --stdin --force

# Download the alerts template for the Wazuh indexer
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json

# Install the Wazuh module for Filebeat
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module

# Check if the directory exists before creating it
if [ ! -d "/etc/filebeat/certs" ]; then
  mkdir /etc/filebeat/certs
fi

# Check if the wazuh-certificates.tar file exists
if [ -f "./wazuh-certificates.tar" ]; then
  # Deploy certificates
  NODE_NAME=wazuh.nixc.us
  tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
  mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
  mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
  chmod 500 /etc/filebeat/certs
  chmod 400 /etc/filebeat/certs/*
  chown -R root:root /etc/filebeat/certs
else
  echo "Error: wazuh-certificates.tar not found. Please ensure the file is in the correct location."
  exit 1
fi

# Configure the Wazuh indexer connection
/var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
/var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>

# Start the Wazuh manager
systemctl daemon-reload
systemctl enable wazuh-manager
systemctl start wazuh-manager

# Verify the Wazuh manager status
systemctl status wazuh-manager

# Start the Filebeat service
systemctl enable filebeat
systemctl start filebeat

# Verify Filebeat installation
filebeat test output