CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1804 from Security-Onion-Solutions/fix/wazuh_api_creds_remove

Browse Source 
Remove Wazuh API creds after registering initial agent
This commit is contained in:
weslambert
2020-11-03 09:57:58 -05:00
committed by GitHub
parent f007ef0ef5 7dca988c11
commit e040009d0b
1 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
salt/wazuh/files/agent/wazuh-register-agent
View File

@@ -47,6 +47,10 @@ cat <<HELP_USAGE
HELP_USAGE HELP_USAGE
} }
cleanup_creds() {
/usr/sbin/so-wazuh-user-remove $USER
}
register_agent() { register_agent() {
# Adding agent and getting Id from manager # Adding agent and getting Id from manager
echo "" echo ""
@@ -57,27 +61,25 @@ register_agent() {
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo -e $API_RESULT | sed -rn 's/.*"message":"(.+)".*/\1/p' echo -e $API_RESULT | sed -rn 's/.*"message":"(.+)".*/\1/p'
exit 0 else
# Get agent id and agent key
AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1)
AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1)
echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added."
echo "Key for agent '$AGENT_ID' received."
# Importing key
echo ""
echo "Importing authentication key:"
echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY
# Restarting agent
echo ""
echo "Restarting:"
echo ""
/var/ossec/bin/ossec-control restart
fi fi
# Get agent id and agent key
AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1)
AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1)
echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added."
echo "Key for agent '$AGENT_ID' received."
# Importing key
echo ""
echo "Importing authentication key:"
echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY
# Restarting agent
echo ""
echo "Restarting:"
echo ""
/var/ossec/bin/ossec-control restart
exit 0
} }
remove_agent() { remove_agent() {
@@ -135,11 +137,15 @@ shift $(($OPTIND - 1))
# fi # fi
# Default action -> try to register the agent # Default action -> try to register the agent
echo "Waiting before registering agent..."
sleep 30s sleep 30s
STATUS=$(curl -s -k -u $USER:$PASSWORD -L $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g') if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then
if [[ $STATUS == "Active" ]]; then
echo "Agent $AGENT_ID already registered!" echo "Agent $AGENT_ID already registered!"
exit 0
else else
register_agent register_agent
cleanup_creds
echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log
exit 0
fi fi
#remove_agent #remove_agent