Created
October 2, 2025 11:12
-
-
Save 1ARdotNO/020a5287712a1da40dd9059b149065a6 to your computer and use it in GitHub Desktop.
Installation script for wazuh agent, with update and repair functionality(reinstall if the agent is not successfully connecting)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #================================================================================ | |
| # Wazuh Agent Installer for macOS with Update and Health Check Logic (v2) | |
| #================================================================================ | |
| # --- Configuration --- | |
| # Path where the Wazuh agent is installed. | |
| WAZUH_AGENT_PATH="/Library/Ossec" | |
| # Define the target agent version. The script will ensure this version is installed. | |
| TARGET_VERSION="4.12.0" | |
| # Wazuh Manager details for agent registration. | |
| WAZUH_MANAGER_IP="mycloudinstanceID.cloud.wazuh.com" | |
| WAZUH_REG_PASSWORD="MYPASSWORD" | |
| WAZUH_AGENT_GROUP="macOS" | |
| # --- Functions --- | |
| ## | |
| # Downloads and installs (or updates) the Wazuh agent. | |
| ## | |
| install_or_update_agent() { | |
| echo "π Starting the installation/update process..." | |
| # Determine architecture and construct package name/URL. | |
| ARCH=$(uname -m) | |
| local PKG_NAME="" | |
| if [ "$ARCH" == "x86_64" ]; then | |
| PKG_NAME="wazuh-agent-${TARGET_VERSION}-1.intel64.pkg" | |
| elif [ "$ARCH" == "arm64" ]; then | |
| PKG_NAME="wazuh-agent-${TARGET_VERSION}-1.arm64.pkg" | |
| else | |
| echo "β Error: Unsupported architecture: $ARCH" | |
| exit 1 | |
| fi | |
| local WAZUH_AGENT_DOWNLOAD_URL="https://packages.wazuh.com/4.x/macos/${PKG_NAME}" | |
| local DOWNLOAD_PATH="/tmp/wazuh-agent.pkg" | |
| # Download the installer package. | |
| echo "Downloading Wazuh agent installer for $ARCH architecture..." | |
| if ! curl -sLo "$DOWNLOAD_PATH" "$WAZUH_AGENT_DOWNLOAD_URL"; then | |
| echo "β Error: Failed to download the Wazuh agent package. Please check the URL and network connection." | |
| exit 1 | |
| fi | |
| # Prepare environment variables in the location the installer expects. | |
| echo "Preparing environment variables for registration..." | |
| HOSTNAME=$(hostname -s) | |
| echo "WAZUH_MANAGER='${WAZUH_MANAGER_IP}' WAZUH_REGISTRATION_PASSWORD='${WAZUH_REG_PASSWORD}' WAZUH_AGENT_NAME='${HOSTNAME}' WAZUH_AGENT_GROUP='${WAZUH_AGENT_GROUP}'" > /tmp/wazuh_envs | |
| # Run the macOS installer. | |
| echo "Running the installer. This may require a password..." | |
| if ! sudo installer -pkg "$DOWNLOAD_PATH" -target /; then | |
| echo "β Error: Wazuh agent installation failed." | |
| rm "$DOWNLOAD_PATH" | |
| exit 1 | |
| fi | |
| # Clean up the downloaded package. | |
| echo "Cleaning up installer file..." | |
| rm "$DOWNLOAD_PATH" | |
| rm /tmp/wazuh_envs | |
| # Start the agent service. | |
| echo "Starting Wazuh agent service..." | |
| sudo "${WAZUH_AGENT_PATH}/bin/wazuh-control" start | |
| echo "β Wazuh agent installation/update process completed successfully." | |
| } | |
| ## | |
| # Uninstalls an existing Wazuh agent. | |
| ## | |
| uninstall_agent() { | |
| echo "Uninstalling existing Wazuh agent..." | |
| local UNINSTALL_SCRIPT="${WAZUH_AGENT_PATH}/bin/uninstall.sh" | |
| if [ -f "$UNINSTALL_SCRIPT" ]; then | |
| sudo "$UNINSTALL_SCRIPT" | |
| # Wait a few seconds for services to be fully removed. | |
| sleep 5 | |
| else | |
| echo "β οΈ Warning: Uninstall script not found. Proceeding with re-installation attempt anyway." | |
| fi | |
| } | |
| # --- Main Script Logic --- | |
| echo "--- Wazuh Agent Deployment Script ---" | |
| # Pre-flight check: Abort if the hostname suggests it's a personal laptop. | |
| HOSTNAME=$(hostname -s) | |
| if [[ "$HOSTNAME" == *"MacBook"* ]] || [[ "$HOSTNAME" == *"MBP"* ]]; then | |
| echo "β Installation aborted because the hostname contains 'MacBook' or 'MBP'." | |
| exit 1 | |
| fi | |
| # Primary check: Does the Wazuh agent directory exist? | |
| if [ -d "$WAZUH_AGENT_PATH" ]; then | |
| echo "Wazuh agent is already installed. Checking its status and version..." | |
| # 1. VERSION CHECK: Compare installed version with the target version. | |
| INSTALLED_VERSION=$(sudo "${WAZUH_AGENT_PATH}/bin/wazuh-agentd" -V 2>&1 | awk '/Wazuh v/ {print $2}' | sed 's/v//') | |
| if [ -z "$INSTALLED_VERSION" ]; then | |
| echo "β οΈ Could not determine installed version. Assuming reinstall is needed." | |
| uninstall_agent | |
| install_or_update_agent | |
| exit 0 | |
| fi | |
| if [ "$(printf '%s\n' "$TARGET_VERSION" "$INSTALLED_VERSION" | sort -V | head -n1)" != "$TARGET_VERSION" ]; then | |
| echo "Agent version ($INSTALLED_VERSION) is older than target ($TARGET_VERSION). Updating..." | |
| install_or_update_agent | |
| exit 0 | |
| else | |
| echo "Agent version ($INSTALLED_VERSION) is up to date." | |
| fi | |
| # 2. CONNECTION CHECK: Verify connection by inspecting the agent log file. | |
| LOG_FILE="/Library/Ossec/logs/ossec.log" | |
| echo "Checking connection status via agent logs..." | |
| sleep 5 # Give the agent a moment to log its status. | |
| if [ -f "$LOG_FILE" ] && tail -n 500 "$LOG_FILE" | grep -q "Connected to the server"; then | |
| echo "β Agent is installed, up to date, and connected to the manager. No action needed." | |
| exit 0 | |
| else | |
| echo "Agent is not connected (no success message in recent logs). Performing a full reinstall to fix..." | |
| uninstall_agent | |
| install_or_update_agent | |
| fi | |
| else | |
| # Agent is not installed, so perform a fresh installation. | |
| echo "Wazuh agent not found. Proceeding with a fresh installation." | |
| install_or_update_agent | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment