From d6641f295bf1cf39601af2319e59c0a7b78e133c Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Thu, 15 Apr 2021 09:18:37 -0400
Subject: [PATCH] wazuh agent

---
 scripts/services/Mistborn-wazuh.service |  2 ++
 scripts/services/wazuh/agent.sh         | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100755 scripts/services/wazuh/agent.sh

diff --git a/scripts/services/Mistborn-wazuh.service b/scripts/services/Mistborn-wazuh.service
index aaad8a7..856bc57 100644
--- a/scripts/services/Mistborn-wazuh.service
+++ b/scripts/services/Mistborn-wazuh.service
@@ -15,6 +15,8 @@ ExecStartPre=/usr/sbin/sysctl -w vm.max_map_count=262144
 ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml down
 # Start container when unit is started
 ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml up --build
+# Agent install
+ExecStartPost=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh /opt/mistborn/scripts/services/wazuh/agent.sh
 # Stop container when unit is stopped
 ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml down
 
diff --git a/scripts/services/wazuh/agent.sh b/scripts/services/wazuh/agent.sh
new file mode 100755
index 0000000..bc1aead
--- /dev/null
+++ b/scripts/services/wazuh/agent.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# detect if already installed
+if [ $(dpkg -s wazuh-agent &> /dev/null) -eq 0 ]; then
+    echo "Wazuh agent already installed"
+    exit 0
+fi
+
+# prepare repo
+echo "Adding Wazuh Repository"
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+
+apt-get update
+
+# wait for service to be listening
+while ! nc -z 10.2.3.1 55000; do
+    WAIT_TIME=10
+    echo "Waiting ${WAIT_TIME} seconds for Wazuh API..."
+    sleep ${WAIT_TIME}
+done
+
+# install
+echo "Installing Wazuh agent"
+WAZUH_MANAGER="10.2.3.1" apt-get install wazuh-agent