From 8009651e1e9096a7de7dbd26715ea48d7b395255 Mon Sep 17 00:00:00 2001
From: Charles N Wyble <reachableceo@turnsys.com>
Date: Wed, 25 Jun 2025 17:10:02 -0500
Subject: [PATCH] secops - wazuh . hackers quake!

---
 Modules/Security/secharden-ossec.sh |  1 -
 Modules/Security/secharden-wazuh.sh | 10 ++++++++++
 SetupNewSystem.sh                   | 25 ++++++++++++++++---------
 3 files changed, 26 insertions(+), 10 deletions(-)
 delete mode 100644 Modules/Security/secharden-ossec.sh
 create mode 100644 Modules/Security/secharden-wazuh.sh

diff --git a/Modules/Security/secharden-ossec.sh b/Modules/Security/secharden-ossec.sh
deleted file mode 100644
index a9bf588..0000000
--- a/Modules/Security/secharden-ossec.sh
+++ /dev/null
@@ -1 +0,0 @@
-#!/bin/bash
diff --git a/Modules/Security/secharden-wazuh.sh b/Modules/Security/secharden-wazuh.sh
new file mode 100644
index 0000000..624537d
--- /dev/null
+++ b/Modules/Security/secharden-wazuh.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+apt-get update
+WAZUH_MANAGER="tsys-nsm.knel.net" apt-get install wazuh-agent
+systemctl daemon-reload
+systemctl enable wazuh-agent
+systemctl start wazuh-agent
+echo "wazuh-agent hold" | dpkg --set-selections
\ No newline at end of file
diff --git a/SetupNewSystem.sh b/SetupNewSystem.sh
index 8523bdd..d9e8972 100644
--- a/SetupNewSystem.sh
+++ b/SetupNewSystem.sh
@@ -353,12 +353,18 @@ systemctl start postfix
 
 /usr/sbin/accton on
 
-#if [ $PHYSICAL_HOST -gt 0 ]; then
+
+if [ $PHYSICAL_HOST -gt 0 ]; then
+cpufreq-set -r -g performance
+cpupower frequency-set --governor performance
+
+# Potentially merge the below if needed.
 # power-profiles-daemon
 # powerprofilesctl set performance
 #tsys1# systemctl enable power-profiles-daemon
 #tsys1# systemctl start power-profiles-daemon
-#fi
+
+fi
 
 if [ "$VIRT_GUEST" = 1 ]; then
   tuned-adm profile virtual-guest
@@ -388,6 +394,13 @@ curl --silent ${DL_ROOT}/Modules/Security/secharden-ssh.sh|$(which bash)
 echo Completed running "$FUNCNAME"
 }
 
+function secharden-wazuh()
+{
+echo Now running "$FUNCNAME"
+curl --silent ${DL_ROOT}/Modules/Security/secharden-wazuh.sh|$(which bash)
+echo Completed running "$FUNCNAME"
+}
+
 function secharden-auto-upgrades()
 {
 echo Now running "$FUNCNAME"
@@ -409,12 +422,6 @@ echo Now running "$FUNCNAME"
 echo Completed running "$FUNCNAME"
 }
 
-function secharden-ossec()
-{
-echo Now running "$FUNCNAME"
-#curl --silent ${DL_ROOT}/Modules/Security/secharden-audit-agents.sh|$(which bash)
-echo Completed running "$FUNCNAME"
-}
 
 function secharden-scap-stig()
 {
@@ -447,9 +454,9 @@ global-systemServiceConfigurationFiles
 global-postPackageConfiguration
 
 secharden-ssh
+secharden-wazuh
 #secharden-2fa
 #secharden-auto-upgrades
 #secharden-audit-agents
-#secharden-ossec
 #secharden-scap-stig
 #auth-cloudron-ldap
\ No newline at end of file