Last active
April 13, 2020 05:06
-
-
Save OsamaMahmood/14138e456be9fe2ca75118448e807ac0 to your computer and use it in GitHub Desktop.
Deploy Wazuh agents using Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
#Mandatory | |
[switch]$Elevated, | |
[string]$address = "", #Wazuh Server IP | |
#Optionals | |
[string]$app_folder = "", | |
[string]$port = "1514", | |
[string]$protocol = "tcp", | |
[string]$auth_server = "", | |
[string]$auth_port = "1515", | |
[string]$password = "", | |
[string]$group = "", | |
[string]$agent_name = $env:computername, | |
[Int]$use_fqdns = 0, | |
[Int]$prompt_agent_name = 0, | |
switch]$help | |
) | |
if(($help.isPresent)) { | |
" | |
Usage: agent_deploy.ps1 -server_ip Manager_IP -ossec_exe installer name | |
Arguments description: | |
Mandatory: | |
-address server.example.com Wazuh Manager Hostname | |
Optionals: | |
-app_folder Installation path | |
-port Wazuh manager connection port (default: 1514) | |
-protocol Wazuh manager connection protocol (default: udp) | |
-auth_server authd registration address (default: same as address) | |
-auth_protocol authd registration port (default: 1515) | |
-password authd shared password (default: null) | |
-agent_name Wazuh Agent Name [Default windows hostname or FQDNS if use_fqdns is enable] | |
-use_fqdns [0|1] Use FQDNS for Agent Name [Default: 0] | |
-prompt_agent_name [0|1] Prompt to enter Agent name [Default: 0] | |
-help print this message | |
" | |
Exit | |
} | |
# Common variables | |
$installer_url = "https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.2-1.msi" | |
$installer_md5 = "DC64C8BEE53DF0430E9E03E578BA334D" | |
$installer_filename = $installer_url.Substring($installer_url.LastIndexOf("/") + 1) | |
$Wazuh_msi = (Get-Item -Path ".\" -Verbose).FullName+"\$installer_filename" | |
$Wazuh_service = 'OssecSvc' | |
$protocol = $protocol.ToLower() | |
Write-Host "Auth_server selected: $auth_server" | |
if($auth_server -eq ""){ | |
Write-Host "Empty auth_server, using address: $address" | |
$auth_server = $address | |
} | |
if($use_fqdns){ | |
$agent_name = [System.Net.Dns]::GetHostEntry([string]$env:computername).HostName | |
} | |
Write-Host "Auth_server to be used: $auth_server" | |
# Opening powershell as Administrator | |
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
Write-Host "This script requires Administrator privileges" | |
Write-Host "Press any key to continue ..." | |
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
Exit | |
} | |
# Checking Administrator privilegies | |
function Test-Admin { | |
$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) | |
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) | |
} | |
if ((Test-Admin) -eq $false) { | |
Write-Host "This script requires Administrator privileges." | |
Write-Host "Press any key to continue ..." | |
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
Exit | |
} | |
# Checking arguments | |
if($address -eq "" ){ | |
Write-Host "-address is required. Try -help to display arguments list." | |
Write-Host "Press any key to continue ..." | |
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
Exit | |
} | |
################# | |
# Aux functions | |
################# | |
function AgentName | |
{ | |
$read_agent_name = "" | |
while(!($read_agent_name -match "^[A-Za-z0-9\\-_]+$") -Or !($read_agent_name.length -gt 2 -And $read_agent_name.length -lt 33)){ | |
$read_agent_name = Read-Host 'Enter Wazuh Agent name (Name must contain only alphanumeric characters min=2 max=32)' | |
} | |
$read_agent_name | |
} | |
# Check for already Wazuh installed | |
Get-Service -Name $Wazuh_service -ErrorAction SilentlyContinue | Restart-Service -ErrorAction SilentlyContinue | |
if ($? -eq $true) { | |
Write-Host "INFO: Wazuh SERVICE already installed. Reinstalling." | |
} | |
# Prompt: Agent name | |
if($prompt_agent_name){ | |
$agent_name = AgentName | |
} | |
# Download Wazuh Agent installer | |
Write-Host "Downloading Wazuh Agent installer." | |
$downloader = New-Object System.Net.WebClient | |
$downloaded = $downloader.DownloadFile($installer_url, $Wazuh_msi) | |
# Verifying installer checksum | |
if(Test-Path -Path $Wazuh_msi){ | |
$md5 = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider | |
$hash = [System.BitConverter]::ToString($md5.ComputeHash([System.IO.File]::ReadAllBytes($Wazuh_msi))).ToLower() -replace '-','' | |
if ($hash -ne $installer_md5){ | |
Write-Host "Wazuh Installer bad checksum, please try again." | |
Exit | |
} | |
Write-Host "Wazuh Installer downloaded correctly, saved in $Wazuh_msi." | |
} else { | |
Write-Host "Wazuh Installer not downloaded, please try again." | |
Exit | |
} | |
# Generate installation path. | |
if (${env:ProgramFiles(x86)} -ne $null) { | |
$app_folder = ${env:ProgramFiles(x86)}+"\ossec-agent\" | |
} else { | |
$app_folder = $env:ProgramFiles+"\ossec-agent\" | |
} | |
# Filling up MSI installer arguments | |
$all_args = @( | |
"/i $Wazuh_msi" | |
"/q" | |
"ADDRESS=`"$address`"" | |
"AUTHD_SERVER=`"$auth_server`"" | |
"AGENT_NAME=`"$agent_name`"" | |
"GROUP=`"$group`"" | |
) | |
# Installing and registering Wazuh Agent | |
if(Test-Path -Path "$Wazuh_msi"){ | |
Write-Host "executing command as: $all_args" | |
Start-Process "msiexec.exe" -ArgumentList $all_args -Wait | |
}else{ | |
Write-Host "Wazuh Executable does not exist: $run" | |
Exit 1001 | |
} | |
# Restart Wazuh agent. | |
Write-Host "Restarting agent... " | |
Start-Sleep -s 5 | |
Get-Service -Name $Wazuh_service -ErrorAction SilentlyContinue | Restart-Service -ErrorAction SilentlyContinue | |
Write-Host "Wazuh Agent has been registered and installed" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment