mistborn/scripts/subinstallers/extra/wazuh.sh

#!/bin/bash

# Wazuh
WAZUH_PROD_FILE="$1"
echo "ELASTIC_USERNAME=mistborn" > $WAZUH_PROD_FILE
echo "ELASTIC_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE

echo "ELASTICSEARCH_USERNAME=mistborn" >> $WAZUH_PROD_FILE
echo "ELASTICSEARCH_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE

# kibana odfe
# kibana-odfe/config/wazuh_app_config.sh
# https://wazuh
echo "WAZUH_API_URL=https://10.2.3.1" >> $WAZUH_PROD_FILE
echo "API_PORT=55000" >> $WAZUH_PROD_FILE
echo "API_USERNAME=wazuh-wui" >> $WAZUH_PROD_FILE

#API_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")

API_PASSWORD_PYTHON=$(cat << EOF

import secrets
import random
import string

random_pass = ([secrets.choice("@$!*?-"),
                           secrets.choice(string.digits),
                           secrets.choice(string.ascii_lowercase),
                           secrets.choice(string.ascii_uppercase),
                           ]
                          + [secrets.choice(string.ascii_lowercase
                                           + string.ascii_uppercase
                                           + "@$!*?-"
                                           + string.digits) for i in range(12)])

random.shuffle(random_pass)
random_pass = ''.join(random_pass)
print(random_pass)

EOF
)

API_PASSWORD=$(python3 -c "${API_PASSWORD_PYTHON}")

echo "API_PASSWORD=${API_PASSWORD}" >> $WAZUH_PROD_FILE

# kibana-odfe/config/entrypoint.sh:
# https://elasticsearch:9200
echo "ELASTICSEARCH_URL=https://10.2.3.1:9200" >> $WAZUH_PROD_FILE


cat >> ${WAZUH_PROD_FILE}<< EOF

PATTERN="wazuh-alerts-*"

CHECKS_PATTERN=true
CHECKS_TEMPLATE=true
CHECKS_API=true
CHECKS_SETUP=true

EXTENSIONS_PCI=true
EXTENSIONS_GDPR=true
EXTENSIONS_HIPAA=true
EXTENSIONS_NIST=true
EXTENSIONS_TSC=true
EXTENSIONS_AUDIT=true
EXTENSIONS_OSCAP=false
EXTENSIONS_CISCAT=false
EXTENSIONS_AWS=false
EXTENSIONS_GCP=false
EXTENSIONS_VIRUSTOTAL=true
EXTENSIONS_OSQUERY=true
EXTENSIONS_DOCKER=true

APP_TIMEOUT=20000

API_SELECTOR=true
IP_SELECTOR=true
IP_IGNORE="[]"

WAZUH_MONITORING_ENABLED=true
WAZUH_MONITORING_FREQUENCY=900
WAZUH_MONITORING_SHARDS=2
WAZUH_MONITORING_REPLICAS=0

ADMIN_PRIVILEGES=true

EOF

echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE

chmod 600 $WAZUH_PROD_FILE
Resolve "Wazuh" 5 years ago			`#!/bin/bash`

			`# Wazuh`
			`WAZUH_PROD_FILE="$1"`
			`echo "ELASTIC_USERNAME=mistborn" > $WAZUH_PROD_FILE`
			`echo "ELASTIC_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE`

			`echo "ELASTICSEARCH_USERNAME=mistborn" >> $WAZUH_PROD_FILE`
			`echo "ELASTICSEARCH_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE`

			`# kibana odfe`
			`# kibana-odfe/config/wazuh_app_config.sh`
			`# https://wazuh`
			`echo "WAZUH_API_URL=https://10.2.3.1" >> $WAZUH_PROD_FILE`
			`echo "API_PORT=55000" >> $WAZUH_PROD_FILE`
			`echo "API_USERNAME=wazuh-wui" >> $WAZUH_PROD_FILE`

			`#API_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")`

			`API_PASSWORD_PYTHON=$(cat << EOF`

			`import secrets`
			`import random`
			`import string`

Resolve "Wazuh is not Starting" 5 years ago			`random_pass = ([secrets.choice("@$!*?-"),`
Resolve "Wazuh" 5 years ago			`secrets.choice(string.digits),`
			`secrets.choice(string.ascii_lowercase),`
			`secrets.choice(string.ascii_uppercase),`
			`]`
			`+ [secrets.choice(string.ascii_lowercase`
			`+ string.ascii_uppercase`
Resolve "Wazuh is not Starting" 5 years ago			`+ "@$!*?-"`
Resolve "Wazuh" 5 years ago			`+ string.digits) for i in range(12)])`

			`random.shuffle(random_pass)`
			`random_pass = ''.join(random_pass)`
			`print(random_pass)`

			`EOF`
			`)`

			`API_PASSWORD=$(python3 -c "${API_PASSWORD_PYTHON}")`

			`echo "API_PASSWORD=${API_PASSWORD}" >> $WAZUH_PROD_FILE`

			`# kibana-odfe/config/entrypoint.sh:`
			`# https://elasticsearch:9200`
			`echo "ELASTICSEARCH_URL=https://10.2.3.1:9200" >> $WAZUH_PROD_FILE`

Resolve "Security Center Bugfixes" 5 years ago
			`cat >> ${WAZUH_PROD_FILE}<< EOF`

			`PATTERN="wazuh-alerts-*"`

			`CHECKS_PATTERN=true`
			`CHECKS_TEMPLATE=true`
			`CHECKS_API=true`
			`CHECKS_SETUP=true`

			`EXTENSIONS_PCI=true`
			`EXTENSIONS_GDPR=true`
			`EXTENSIONS_HIPAA=true`
			`EXTENSIONS_NIST=true`
			`EXTENSIONS_TSC=true`
			`EXTENSIONS_AUDIT=true`
			`EXTENSIONS_OSCAP=false`
			`EXTENSIONS_CISCAT=false`
			`EXTENSIONS_AWS=false`
			`EXTENSIONS_GCP=false`
			`EXTENSIONS_VIRUSTOTAL=true`
			`EXTENSIONS_OSQUERY=true`
			`EXTENSIONS_DOCKER=true`

			`APP_TIMEOUT=20000`

			`API_SELECTOR=true`
			`IP_SELECTOR=true`
			`IP_IGNORE="[]"`

			`WAZUH_MONITORING_ENABLED=true`
			`WAZUH_MONITORING_FREQUENCY=900`
			`WAZUH_MONITORING_SHARDS=2`
			`WAZUH_MONITORING_REPLICAS=0`

			`ADMIN_PRIVILEGES=true`

			`EOF`

Resolve "Wazuh" 5 years ago			`echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE`

			`chmod 600 $WAZUH_PROD_FILE`