-
Notifications
You must be signed in to change notification settings - Fork 21
/
siemagent_installer.sh
266 lines (248 loc) · 7.81 KB
/
siemagent_installer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
#!/bin/bash
WMANAGER_IP=0.0.0.0
CONFIG_FILE=/var/ossec/etc/ossec.conf
logit()
{
echo "[$(date +%d/%m/%Y-%T)] - ${*}"
}
add_labels()
{
cat << EOF >> ${CONFIG_FILE}
<ossec_config>
<labels>
<label key="projectName">${TAGPROJECTNAME}</label>
<label key="appName">${TAGAPPNAME}</label>
<label key="Name">${TAGNAME}</label>
</labels>
</ossec_config>
EOF
}
update_labels()
{
sed -i "s/.*<label key=\"projectName\".*/ <label key=\"projectName\">${TAGPROJECTNAME}<\/label>/" ${CONFIG_FILE}
sed -i "s/.*<label key=\"appName\".*/ <label key=\"appName\">${TAGAPPNAME}<\/label>/" ${CONFIG_FILE}
sed -i "s/.*label key=\"Name\".*/ <label key=\"Name\">${TAGNAME}<\/label>/" ${CONFIG_FILE}
}
update_ip()
{
sed -i "s/.*<address>.*/ <address>${WMANAGER_IP}<\/address>/" ${CONFIG_FILE}
}
restart_service()
{
systemctl restart wazuh-agent
logit "Restarted SIEM Agent service."
}
uninstall_agent()
{
check_distribution
if [ "$ubuntu" = true ]; then
apt-get remove wazuh-agent -y
elif [ "$centos" = true ]; then
yum remove wazuh-agent -y
fi
systemctl daemon-reload
logit "SIEM Agent is removed from system."
}
upgrade_agent()
{
check_distribution
if [ "$ubuntu" = true ]; then
ubuntu_upgrade
elif [ "$centos" = true ]; then
centos_upgrade
fi
logit "SIEM Agent is upgraded successfully."
}
ubuntu_upgrade()
{
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update
apt-get install wazuh-agent
sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
apt-get update
}
centos_upgrade()
{
rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
cat > /etc/yum.repos.d/wazuh.repo << EOF
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-\$releasever - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
EOF
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
yum clean all
yum upgrade wazuh-agent
}
ubuntu_installation()
{
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update
apt-get -y install wazuh-agent
update_ip
add_labels
sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
apt-get update
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
}
centos_installation()
{
rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
cat > /etc/yum.repos.d/wazuh.repo << EOF
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-\$releasever - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
EOF
WAZUH_MANAGER="$WMANAGER_IP" yum -y install wazuh-agent
add_labels
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
}
#OS support to be added in this block
check_distribution()
{
distro_name=$(awk -F '=' '/PRETTY_NAME/ { print $2 }' /etc/os-release)
echo $distro_name
if [[ "$distro_name" == *"Ubuntu"* ]]; then
ubuntu=true
elif [[ "$distro_name" == *"CentOS"* ]] || [[ "$distro_name" == *"Amazon Linux"* ]]; then
centos=true
fi
}
case "$1" in
install)
if [ -z "$2" ]
then
read -p "Continue installation without SIEM Appliance IP (y/n)? " choice
case "$choice" in
y|Y ) echo "";;
n|N ) echo "Exiting installation!" && exit 1;;
* ) echo "invalid response" && exit 1;;
esac
else
WMANAGER_IP=$2
fi
TAGPROJECTNAME=${3:-"CHANGEME"}
TAGAPPNAME=${4:-"CHANGEME"}
TAGNAME=${5:-"CHANGEME"}
echo "####-----------------------####"
echo "SIEM Appliance IP -> " $WMANAGER_IP
echo "Tag projectName -> " $TAGPROJECTNAME
echo "Tag appName -> " $TAGAPPNAME
echo "Tag Name -> " $TAGNAME
echo "####-----------------------####"
printf "Usage: $0 install <ip> <projectName> <appName> <Name>\n\n"
read -p "Continue installation with the following parameters (y/n)? " choice
case "$choice" in
y|Y ) echo "";;
n|N ) echo "Exiting installation!" && exit 1;;
* ) echo "invalid response" && exit 1;;
esac
logit "Starting installation of SIEM Agent..."
check_distribution
if [ "$ubuntu" = true ]; then
ubuntu_installation
elif [ "$centos" = true ]; then
centos_installation
fi
;;
update_ip)
if [ -z "$2" ]
then
printf "Usage: $0 update_ip 0.0.0.0\n"
exit 1
else
WMANAGER_IP=$2
update_ip
restart_service
printf "\nUpdated SIEM Appliance IP in config file: ${CONFIG_FILE}\n"
fi
;;
update_tags)
TAGPROJECTNAME=${2:-"CHANGEME"}
TAGAPPNAME=${3:-"CHANGEME"}
TAGNAME=${4:-"CHANGEME"}
echo "####-----------------------####"
echo "Tag projectName -> " $TAGPROJECTNAME
echo "Tag appName -> " $TAGAPPNAME
echo "Tag Name -> " $TAGNAME
echo "####-----------------------####"
printf "Usage: $0 update_tags <projectName> <appName> <Name>\n\n"
read -p "Continue to update the following tags (y/n)? " choice
case "$choice" in
y|Y ) echo "";;
n|N ) echo "Exiting installation!" && exit 1;;
* ) echo "invalid response" && exit 1;;
esac
update_labels
restart_service
logit "Updated Labels in config file : ${CONFIG_FILE}\n"
;;
stop)
systemctl stop wazuh-agent
logit "Stopped SIEM agent service."
;;
start)
systemctl start wazuh-agent
logit "Started SIEM agent service."
;;
restart)
systemctl restart wazuh-agent
logit "Restarting SIEM agent service."
;;
status)
logit "Fetching status of SIEM agent service."
systemctl status wazuh-agent
;;
view)
cat $CONFIG_FILE
;;
upgrade)
logit "Upgrading SIEM Agent"
upgrade_agent
;;
uninstall)
read -p "Remove SIEM agent (y/n)? " choice
case "$choice" in
y|Y ) logit "Uninstalling SIEM agent ..." && uninstall_agent;;
n|N ) echo "Exit." && exit 1;;
* ) echo "invalid response" && exit 1;;
esac
;;
--help)
echo "SIEM Agent Installer User Guide"
echo ""
cat << EOF
Usage : $0 [OPTIONS]
Options:
install <ip> <projectName> <appName> <Name> -> installs siem agent
update_ip <ip> -> to update ip in config file
update_tags <projectName> <appName> <Name> -> to update labels in config file
stop -> to stop the service temporarily
start -> start service
status -> check status of service
view -> view the config file
restart -> to restart the service
upgrade -> upgrade SIEM agent(Note: Take back up of config file before upgrading)
uninstall -> Remove siem agent from system
EOF
;;
*)
printf "\nUsage: $0 {install|update_ip|update_tags|stop|start|restart|status|view|upgrade|uninstall}\n"
echo "use --help to view SIEM Agent Installer User Guide"
;;
esac
exit 0