KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
c5a504f9c8870646b2e1702e5dad3be8a11f5a4e
KNELConfigMgmt-FetchApply/initializers/wazuh/apply
Charles N Wyble afe61cae9d refactor: Remove librenms, add ansible/salt clients 
- Remove all librenms references from initializers and configuration
- Keep tailscale as requested (remove netbird plans)
- Add ansible-core (already present) and salt-minion packages
- Create salt-client initializer for minion configuration
- Update roles to replace librenms-agent with salt-client
- Simplify oam initializer to only handle up2date script
- Update README to reflect new architecture and tools

Prepares infrastructure for migration to Salt configuration management
while maintaining tailscale for VPN connectivity.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:43:35 -05:00

44 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# KNEL Wazuh Security Module
# Deploys and configures Wazuh security monitoring
set -euo pipefail
echo "Running Wazuh security module..."
# Check if this is the Wazuh server
export TSYS_NSM_CHECK="$(hostname | grep -c tsys-nsm || echo 0)"
if [[ $TSYS_NSM_CHECK -eq 0 ]]; then
echo "Setting up Wazuh agent..."
# Remove existing keyring if present
if [[ -f /usr/share/keyrings/wazuh.gpg ]]; then
rm -f /usr/share/keyrings/wazuh.gpg
fi
# Add Wazuh repository
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import
chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
# Install Wazuh agent
apt-get update
DEBIAN_FRONTEND="noninteractive" apt-get -y install wazuh-agent
# Configure Wazuh agent
if [[ -f ./configs/wazuh-agent.conf ]]; then
cp ./configs/wazuh-agent.conf /var/ossec/etc/ossec.conf
fi
# Start and enable Wazuh agent
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl restart wazuh-agent
else
echo "This is a Wazuh server, skipping agent setup"
fi
echo "Wazuh security module completed"
View Git Blame Copy Permalink