Remove Wazuh API creds after registering intial agent

2025-12-06 09:12:45 +01:00 · 2020-11-03 14:53:50 +00:00
parent f007ef0ef5
commit 7dca988c11
1 changed files with 28 additions and 22 deletions
--- a/salt/wazuh/files/agent/wazuh-register-agent
+++ b/salt/wazuh/files/agent/wazuh-register-agent
@@ -47,6 +47,10 @@ cat <<HELP_USAGE
 HELP_USAGE
 }

+cleanup_creds() {
+  /usr/sbin/so-wazuh-user-remove $USER
+}
+
 register_agent() {
  # Adding agent and getting Id from manager
  echo ""
@@ -57,27 +61,25 @@ register_agent() {

  if [ "$?" != "0" ]; then
    echo -e $API_RESULT | sed -rn 's/.*"message":"(.+)".*/\1/p'
-    exit 0
+  else
+    # Get agent id and agent key
+    AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1)
+    AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1)
+
+    echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added."
+    echo "Key for agent '$AGENT_ID' received."
+
+    # Importing key
+    echo ""
+    echo "Importing authentication key:"
+    echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY
+
+    # Restarting agent
+    echo ""
+    echo "Restarting:"
+    echo ""
+    /var/ossec/bin/ossec-control restart
  fi
-  # Get agent id and agent key
-  AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1)
-  AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1)
-
-  echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added."
-  echo "Key for agent '$AGENT_ID' received."
-
-  # Importing key
-  echo ""
-  echo "Importing authentication key:"
-  echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY
-
-  # Restarting agent
-  echo ""
-  echo "Restarting:"
-  echo ""
-  /var/ossec/bin/ossec-control restart
-
-  exit 0
 }

 remove_agent() {
@@ -135,11 +137,15 @@ shift $(($OPTIND - 1))
 #  fi

 # Default action -> try to register the agent
+echo "Waiting before registering agent..."
 sleep 30s
-STATUS=$(curl -s -k -u $USER:$PASSWORD -L $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g')
-if [[ $STATUS == "Active" ]]; then
+if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then
  echo "Agent $AGENT_ID already registered!"
+  exit 0
 else
  register_agent
+  cleanup_creds
+  echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log
+  exit 0
 fi
 #remove_agent