Merge branch '169-soc' into 'master'

Resolve "Security Center Bugfixes"

Closes #169

See merge request cyber5k/mistborn!78

scripts/services/wazuh/agent.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # detect if already installed
-if [ $(dpkg -s wazuh-agent &> /dev/null) -eq 0 ]; then
+if dpkg -s wazuh-agent &> /dev/null; then
     echo "Wazuh agent already installed"
     exit 0
 fi

scripts/subinstallers/extra/wazuh.sh

@@ -48,6 +48,45 @@ echo "API_PASSWORD=${API_PASSWORD}" >> $WAZUH_PROD_FILE
 # https://elasticsearch:9200
 echo "ELASTICSEARCH_URL=https://10.2.3.1:9200" >> $WAZUH_PROD_FILE
 
+
+cat >> ${WAZUH_PROD_FILE}<< EOF
+
+PATTERN="wazuh-alerts-*"
+
+CHECKS_PATTERN=true
+CHECKS_TEMPLATE=true
+CHECKS_API=true
+CHECKS_SETUP=true
+
+EXTENSIONS_PCI=true
+EXTENSIONS_GDPR=true
+EXTENSIONS_HIPAA=true
+EXTENSIONS_NIST=true
+EXTENSIONS_TSC=true
+EXTENSIONS_AUDIT=true
+EXTENSIONS_OSCAP=false
+EXTENSIONS_CISCAT=false
+EXTENSIONS_AWS=false
+EXTENSIONS_GCP=false
+EXTENSIONS_VIRUSTOTAL=true
+EXTENSIONS_OSQUERY=true
+EXTENSIONS_DOCKER=true
+
+APP_TIMEOUT=20000
+
+API_SELECTOR=true
+IP_SELECTOR=true
+IP_IGNORE="[]"
+
+WAZUH_MONITORING_ENABLED=true
+WAZUH_MONITORING_FREQUENCY=900
+WAZUH_MONITORING_SHARDS=2
+WAZUH_MONITORING_REPLICAS=0
+
+ADMIN_PRIVILEGES=true
+
+EOF
+
 echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE
 
 chmod 600 $WAZUH_PROD_FILE