84 lines
2.7 KiB
Bash
84 lines
2.7 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# Ensure the script is run as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
# Generate a timestamp
|
|
TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
|
|
|
|
# Generate random alphanumeric credentials
|
|
USERNAME=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
|
PASSWORD=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
|
|
|
# Log file path for credentials
|
|
CREDENTIALS_LOG_FILE="/root/wazuh_credentials_${TIMESTAMP}.log"
|
|
|
|
# Save the generated credentials to the log file
|
|
{
|
|
echo "Wazuh Credentials - $TIMESTAMP"
|
|
echo "=============================="
|
|
echo "Username: $USERNAME"
|
|
echo "Password: $PASSWORD"
|
|
echo "=============================="
|
|
} >> $CREDENTIALS_LOG_FILE
|
|
|
|
# Step 1: Wazuh server node installation
|
|
|
|
# Install the necessary packages
|
|
apt-get install -y gnupg apt-transport-https
|
|
|
|
# Install the GPG key
|
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
|
|
|
|
# Overwrite the Wazuh repository list
|
|
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
|
|
|
|
# Update the package information
|
|
apt-get update
|
|
|
|
# Install the Wazuh manager package
|
|
apt-get -y install wazuh-manager
|
|
|
|
# Install Filebeat
|
|
apt-get -y install filebeat
|
|
|
|
# Configure Filebeat
|
|
curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml
|
|
|
|
# Create the Filebeat keystore (overwrite if it exists)
|
|
filebeat keystore create --force
|
|
|
|
# Add the randomly generated username and password to the Filebeat keystore
|
|
echo -n "$USERNAME" | filebeat keystore add username --stdin --force
|
|
echo -n "$PASSWORD" | filebeat keystore add password --stdin --force
|
|
|
|
# Download the alerts template for the Wazuh indexer
|
|
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.8.1/extensions/elasticsearch/7.x/wazuh-template.json
|
|
chmod go+r /etc/filebeat/wazuh-template.json
|
|
|
|
# Install the Wazuh module for Filebeat
|
|
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
|
|
|
|
# Skip the certificate deployment step if not needed
|
|
|
|
# Configure the Wazuh indexer connection
|
|
/var/ossec/bin/wazuh-keystore -f indexer -k username -v "$USERNAME"
|
|
/var/ossec/bin/wazuh-keystore -f indexer -k password -v "$PASSWORD"
|
|
|
|
# Enable and start the Wazuh manager service
|
|
systemctl daemon-reload
|
|
systemctl enable wazuh-manager
|
|
systemctl start wazuh-manager
|
|
|
|
# Enable and start the Filebeat service
|
|
systemctl enable filebeat
|
|
systemctl start filebeat
|
|
|
|
# Finished
|
|
echo "Wazuh setup complete. Credentials saved in $CREDENTIALS_LOG_FILE."
|