diff --git a/unattended_scripts/install_functions/opendistro/common.sh b/unattended_scripts/install_functions/opendistro/common.sh index c3e334d74e..0f420199d0 100644 --- a/unattended_scripts/install_functions/opendistro/common.sh +++ b/unattended_scripts/install_functions/opendistro/common.sh @@ -1,3 +1,10 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH" repobaseurl="https://packages.wazuh.com/4.x" diff --git a/unattended_scripts/install_functions/opendistro/elasticsearch.sh b/unattended_scripts/install_functions/opendistro/elasticsearch.sh index 647402ee59..14526e55b7 100644 --- a/unattended_scripts/install_functions/opendistro/elasticsearch.sh +++ b/unattended_scripts/install_functions/opendistro/elasticsearch.sh @@ -1,11 +1,18 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + installElasticsearch() { logger "Installing Open Distro for Elasticsearch..." if [ ${sys_type} == "yum" ]; then - eval "yum install opendistroforelasticsearch-${OD_VER}-${OD_REV} -y ${debug}" + eval "yum install opendistroforelasticsearch-${opendistro_version}-${opendistro_revision} -y ${debug}" elif [ ${sys_type} == "zypper" ]; then - eval "zypper -n install opendistroforelasticsearch=${OD_VER}-${OD_REV} ${debug}" + eval "zypper -n install opendistroforelasticsearch=${opendistro_version}-${opendistro_revision} ${debug}" elif [ ${sys_type} == "apt-get" ]; then eval "apt install elasticsearch-oss opendistroforelasticsearch -y ${debug}" fi diff --git a/unattended_scripts/install_functions/opendistro/filebeat.sh b/unattended_scripts/install_functions/opendistro/filebeat.sh index d1f11b1068..0b0e39da33 100644 --- a/unattended_scripts/install_functions/opendistro/filebeat.sh +++ b/unattended_scripts/install_functions/opendistro/filebeat.sh @@ -1,3 +1,10 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + installFilebeat() { if [[ -f /etc/filebeat/filebeat.yml ]]; then @@ -8,9 +15,9 @@ installFilebeat() { logger "Installing Filebeat..." if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install filebeat-${ELK_VER} ${debug}" + eval "zypper -n install filebeat-${elastic_oss_version} ${debug}" else - eval "${sys_type} install filebeat${sep}${ELK_VER} -y -q ${debug}" + eval "${sys_type} install filebeat${sep}${elastic_oss_version} -y -q ${debug}" fi if [ "$?" != 0 ] then diff --git a/unattended_scripts/install_functions/opendistro/kibana.sh b/unattended_scripts/install_functions/opendistro/kibana.sh index 85cb4a6016..0a064f1a28 100644 --- a/unattended_scripts/install_functions/opendistro/kibana.sh +++ b/unattended_scripts/install_functions/opendistro/kibana.sh @@ -1,10 +1,17 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + installKibana() { logger "Installing Open Distro for Kibana..." if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install opendistroforelasticsearch-kibana=${OD_VER} ${debug}" + eval "zypper -n install opendistroforelasticsearch-kibana=${opendistro_version} ${debug}" else - eval "${sys_type} install opendistroforelasticsearch-kibana${sep}${OD_VER} -y ${debug}" + eval "${sys_type} install opendistroforelasticsearch-kibana${sep}${opendistro_version} -y ${debug}" fi if [ "$?" != 0 ]; then logger -e "Kibana installation failed" @@ -22,7 +29,7 @@ configureKibanaAIO() { eval "mkdir /usr/share/kibana/data ${debug}" eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install '${repobaseurl}'/ui/kibana/wazuh_kibana-${WAZUH_VER}_${ELK_VER}-${WAZUH_KIB_PLUG_REV}.zip ${debug}" + eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install '${repobaseurl}'/ui/kibana/wazuh_kibana-${wazuh_version}_${elastic_oss_version}-${wazuh_kibana_plugin_revision}.zip ${debug}" eval "cd ${base_path} ${debug}" if [ "$?" != 0 ]; then logger -e "Wazuh Kibana plugin could not be installed." @@ -46,7 +53,7 @@ configureKibana() { eval "mkdir /usr/share/kibana/data ${debug}" eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install '${repobaseurl}'/ui/kibana/wazuh_kibana-${WAZUH_VER}_${ELK_VER}-${WAZUH_KIB_PLUG_REV}.zip ${debug}" + eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install '${repobaseurl}'/ui/kibana/wazuh_kibana-${wazuh_version}_${elastic_oss_version}-${wazuh_kibana_plugin_revision}.zip ${debug}" if [ "$?" != 0 ]; then logger -e "Wazuh Kibana plugin could not be installed." exit 1; diff --git a/unattended_scripts/install_functions/opendistro/wazuh-cert-tool.sh b/unattended_scripts/install_functions/opendistro/wazuh-cert-tool.sh index 06ee37feae..444d7a4303 100644 --- a/unattended_scripts/install_functions/opendistro/wazuh-cert-tool.sh +++ b/unattended_scripts/install_functions/opendistro/wazuh-cert-tool.sh @@ -1,7 +1,7 @@ #!/bin/bash # Program to generate the certificates necessary for Wazuh installation -# Copyright (C) 2015-2020, Wazuh Inc. +# Copyright (C) 2015-2021, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public @@ -9,12 +9,12 @@ # Foundation. debug='> /dev/null 2>&1' -ELASTICINSTANCES="elasticsearch-nodes:" -FILEBEATINSTANCES="wazuh-servers:" -KIBANAINSTANCES="kibana:" -ELASTICHEAD='# Elasticsearch nodes' -FILEBEATHEAD='# Wazuh server nodes' -KIBANAHEAD='# Kibana node' +elasticinstances="elasticsearch-nodes:" +filebeatinstances="wazuh-servers:" +kibanainstances="kibana:" +elastichead='# Elasticsearch nodes' +filebeathead='# Wazuh server nodes' +kibanahead='# Kibana node' ## Prints information logger() { @@ -53,43 +53,49 @@ readInstances() { getHelp() { echo "" - echo "Usage: $0 arguments" - echo -e "\t-a | --admin-certificates Creates the admin certificates." - echo -e "\t-ca | --root-ca-certificates Creates the root-ca certificates." - echo -e "\t-a | --elasticsearch-certificates Creates the Elasticsearch certificates." - echo -e "\t-w | --wazuh-certificates Creates the Wazuh server certificates." - echo -e "\t-k | --kibana-certificates Creates the Kibana certificates." - echo -e "\t-d | --debug Enables verbose mode." + echo "Usage: $0 options" + echo -e " -a, --admin-certificates" + echo -e " Creates the admin certificates." + echo -e " -ca, --root-ca-certificates" + echo -e " Creates the root-ca certificates." + echo -e " -e, --elasticsearch-certificates" + echo -e " Creates the Elasticsearch certificates." + echo -e " -w, --wazuh-certificates" + echo -e " Creates the Wazuh server certificates." + echo -e " -k, --kibana-certificates" + echo -e " Creates the Kibana certificates." + echo -e " -d, --debug" + echo -e " Enables verbose mode." exit 1 # Exit script after printing help } readFile() { - IFS=$'\r\n' GLOBIGNORE='*' command eval 'INSTANCES=($(cat ${base_path}/instances.yml))' - for i in "${!INSTANCES[@]}"; do - if [[ "${INSTANCES[$i]}" == "${ELASTICINSTANCES}" ]]; then - ELASTICLIMITT=${i} + IFS=$'\r\n' GLOBIGNORE='*' command eval 'instances=($(cat ${base_path}/instances.yml))' + for i in "${!instances[@]}"; do + if [[ "${instances[$i]}" == "${elasticinstances}" ]]; then + elasticlimitt=${i} fi - if [[ "${INSTANCES[$i]}" == "${FILEBEATINSTANCES}" ]]; then - ELASTICLIMIB=${i} + if [[ "${instances[$i]}" == "${filebeatinstances}" ]]; then + elasticlimib=${i} fi - if [[ "${INSTANCES[$i]}" == "${FILEBEATINSTANCES}" ]]; then - FILEBEATLIMITT=${i} + if [[ "${instances[$i]}" == "${filebeatinstances}" ]]; then + filebeatlimitt=${i} fi - if [[ "${INSTANCES[$i]}" == "${KIBANAINSTANCES}" ]]; then - FILEBEATLIMIB=${i} + if [[ "${instances[$i]}" == "${kibanainstances}" ]]; then + filebeatlimib=${i} fi done ## Read Elasticsearch nodes - counter=${ELASTICLIMITT} + counter=${elasticlimitt} i=0 - while [ "${counter}" -le "${ELASTICLIMIB}" ] + while [ "${counter}" -le "${elasticlimib}" ] do - if [ "${INSTANCES[counter]}" != "${ELASTICINSTANCES}" ] && [ "${INSTANCES[counter]}" != "${FILEBEATINSTANCES}" ] && [ "${INSTANCES[counter]}" != "${FILEBEATHEAD}" ] && [ "${INSTANCES[counter]}" != " ip:" ] && [ -n "${INSTANCES[counter]}" ]; then - ELASTICNODES[i]+="$(echo "${INSTANCES[counter]}" | tr -d '\011\012\013\014\015\040')" + if [ "${instances[counter]}" != "${elasticinstances}" ] && [ "${instances[counter]}" != "${filebeatinstances}" ] && [ "${instances[counter]}" != "${filebeathead}" ] && [ "${instances[counter]}" != " ip:" ] && [ -n "${instances[counter]}" ]; then + elasticnodes[i]+="$(echo "${instances[counter]}" | tr -d '\011\012\013\014\015\040')" ((i++)) fi @@ -97,12 +103,12 @@ readFile() { done ## Read Filebeat nodes - counter=${FILEBEATLIMITT} + counter=${filebeatlimitt} i=0 - while [ "${counter}" -le "${FILEBEATLIMIB}" ] + while [ "${counter}" -le "${filebeatlimib}" ] do - if [ "${INSTANCES[counter]}" != "${FILEBEATINSTANCES}" ] && [ "${INSTANCES[counter]}" != "${KIBANAINSTANCES}" ] && [ "${INSTANCES[counter]}" != "${KIBANAHEAD}" ] && [ "${INSTANCES[counter]}" != " ip:" ] && [ -n "${INSTANCES[counter]}" ]; then - FILEBEATNODES[i]+="$(echo "${INSTANCES[counter]}" | tr -d '\011\012\013\014\015\040')" + if [ "${instances[counter]}" != "${filebeatinstances}" ] && [ "${instances[counter]}" != "${kibanainstances}" ] && [ "${instances[counter]}" != "${kibanahead}" ] && [ "${instances[counter]}" != " ip:" ] && [ -n "${instances[counter]}" ]; then + filebeatnodes[i]+="$(echo "${instances[counter]}" | tr -d '\011\012\013\014\015\040')" ((i++)) fi @@ -110,12 +116,12 @@ readFile() { done ## Read Kibana nodes - counter=${FILEBEATLIMIB} + counter=${filebeatlimib} i=0 - while [ "${counter}" -le "${#INSTANCES[@]}" ] + while [ "${counter}" -le "${#instances[@]}" ] do - if [ "${INSTANCES[counter]}" != "${KIBANAINSTANCES}" ] && [ "${INSTANCES[counter]}" != "${KIBANAHEAD}" ] && [ "${INSTANCES[counter]}" != " ip:" ] && [ -n "${INSTANCES[counter]}" ]; then - KIBANANODES[i]+="$(echo "${INSTANCES[counter]}" | tr -d '\011\012\013\014\015\040')" + if [ "${instances[counter]}" != "${kibanainstances}" ] && [ "${instances[counter]}" != "${kibanahead}" ] && [ "${instances[counter]}" != " ip:" ] && [ -n "${instances[counter]}" ]; then + kibananodes[i]+="$(echo "${instances[counter]}" | tr -d '\011\012\013\014\015\040')" ((i++)) fi @@ -193,9 +199,9 @@ generateElasticsearchcertificates() { logger "Creating the Elasticsearch certificates..." i=0 - while [ ${i} -lt ${#ELASTICNODES[@]} ]; do - cname=${ELASTICNODES[i]} - cip=${ELASTICNODES[i+1]} + while [ ${i} -lt ${#elasticnodes[@]} ]; do + cname=${elasticnodes[i]} + cip=${elasticnodes[i+1]} rname="-name:" cname="${cname//$rname}" rip="-" @@ -217,9 +223,9 @@ generateFilebeatcertificates() { logger "Creating Wazuh server certificates..." i=0 - while [ ${i} -lt ${#FILEBEATNODES[@]} ]; do - cname=${FILEBEATNODES[i]} - cip=${FILEBEATNODES[i+1]} + while [ ${i} -lt ${#filebeatnodes[@]} ]; do + cname=${filebeatnodes[i]} + cip=${filebeatnodes[i+1]} rname="-name:" cname="${cname//$rname}" rip="-" @@ -240,9 +246,9 @@ generateKibanacertificates() { logger "Creating Kibana certificate..." i=0 - while [ ${i} -lt ${#KIBANANODES[@]} ]; do - cname=${KIBANANODES[i]} - cip=${KIBANANODES[i+1]} + while [ ${i} -lt ${#kibananodes[@]} ]; do + cname=${kibananodes[i]} + cip=${kibananodes[i+1]} rname="-name:" cname="${cname//$rname}" rip="-" diff --git a/unattended_scripts/install_functions/opendistro/wazuh.sh b/unattended_scripts/install_functions/opendistro/wazuh.sh index 58810317ae..91e4992447 100644 --- a/unattended_scripts/install_functions/opendistro/wazuh.sh +++ b/unattended_scripts/install_functions/opendistro/wazuh.sh @@ -1,10 +1,17 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + installWazuh() { logger "Installing the Wazuh manager..." if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install wazuh-manager=${WAZUH_VER}-${WAZUH_REV} ${debug}" + eval "zypper -n install wazuh-manager=${wazuh_version}-${wazuh_revision} ${debug}" else - eval "${sys_type} install wazuh-manager${sep}${WAZUH_VER}-${WAZUH_REV} -y ${debug}" + eval "${sys_type} install wazuh-manager${sep}${wazuh_version}-${wazuh_revision} -y ${debug}" fi if [ "$?" != 0 ]; then logger -e "Wazuh installation failed" diff --git a/unattended_scripts/tools/wazuh-cert-tool.sh b/unattended_scripts/tools/wazuh-cert-tool.sh index 8118858b74..9a99c30d55 100644 --- a/unattended_scripts/tools/wazuh-cert-tool.sh +++ b/unattended_scripts/tools/wazuh-cert-tool.sh @@ -1,7 +1,7 @@ #!/bin/bash # Program to generate the certificates necessary for Wazuh installation -# Copyright (C) 2015-2020, Wazuh Inc. +# Copyright (C) 2015-2021, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public diff --git a/unattended_scripts/unattended_installation.sh b/unattended_scripts/wazuh_install.sh similarity index 61% rename from unattended_scripts/unattended_installation.sh rename to unattended_scripts/wazuh_install.sh index 0120451f4a..a7d3825dff 100755 --- a/unattended_scripts/unattended_installation.sh +++ b/unattended_scripts/wazuh_install.sh @@ -1,19 +1,27 @@ #!/bin/bash +# Wazuh installer +# Copyright (C) 2015-2021, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + ## Package vars -WAZUH_MAJOR="4.2" -WAZUH_VER="4.2.5" -WAZUH_REV="1" -ELK_VER="7.10.2" -ELKB_VER="7.12.1" -OD_VER="1.13.2" -OD_REV="1" -WAZUH_KIB_PLUG_REV="1" +wazuh_major="4.2" +wazuh_version="4.2.5" +wazuh_revision="1" +elastic_oss_version="7.10.2" +elastic_basic_version="7.12.1" +opendistro_version="1.13.2" +opendistro_revision="1" +wazuh_kibana_plugin_revision="1" ## Links and paths to resources functions_path="install_functions/opendistro" config_path="config/opendistro" -resources="https://s3.us-west-1.amazonaws.com/packages-dev.wazuh.com/resources/${WAZUH_MAJOR}" +resources="https://s3.us-west-1.amazonaws.com/packages-dev.wazuh.com/resources/${wazuh_major}" resources_functions="${resources}/${functions_path}" resources_config="${resources}/${config_path}" base_path="$(dirname $(readlink -f $0))" @@ -21,21 +29,50 @@ base_path="$(dirname $(readlink -f $0))" ## Show script usage getHelp() { - echo "" - echo "Usage: $0 arguments" - echo -e "\t-A | --AllInOne All-In-One installation" - echo -e "\t-w | --wazuh Wazuh installation" - echo -e "\t-e | --elasticsearch Elasticsearch installation" - echo -e "\t-k | --kibana Kibana installation" - echo -e "\t-c | --create-certificates Create certificates from instances.yml file" - echo -e "\t-en | --elastic-node-name Name of the elastic node, used for distributed installations" - echo -e "\t-wn | --wazuh-node-name Name of the wazuh node, used for distributed installations" - - echo -e "\t-wk | --wazuh-key Use this option as well as a wazuh_cluster_config.yml configuration file to automatically configure the wazuh cluster when using a multi-node installation" - echo -e "\t-v | --verbose Shows the complete installation output" - echo -e "\t-i | --ignore-health-check Ignores the health-check" - echo -e "\t-l | --local Use local files" - echo -e "\t-h | --help Shows help" + echo -e "" + echo -e "NAME" + echo -e " $(basename $0) - Install and configure Wazuh All-In-One components." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename $0) [OPTIONS]" + echo -e "" + echo -e "DESCRIPTION" + echo -e " -a, --all-in-one" + echo -e " All-In-One installation." + echo -e "" + echo -e " -w, --wazuh-server" + echo -e " Wazuh server installation. It includes Filebeat." + echo -e "" + echo -e " -e, --elasticsearch" + echo -e " Elasticsearch installation." + echo -e "" + echo -e " -k, --kibana" + echo -e " Kibana installation." + echo -e "" + echo -e " -c, --create-certificates" + echo -e " Create certificates from instances.yml file." + echo -e "" + echo -e " -en, --elastic-node-name" + echo -e " Name of the elastic node, used for distributed installations." + echo -e "" + echo -e " -wn, --wazuh-node-name" + echo -e " Name of the wazuh node, used for distributed installations." + echo -e "" + echo -e " -wk, --wazuh-key " + echo -e " Use this option as well as a wazuh_cluster_config.yml configuration file to automatically configure the wazuh cluster when using a multi-node installation." + echo -e "" + echo -e " -v, --verbose" + echo -e " Shows the complete installation output." + echo -e "" + echo -e " -i, --ignore-health-check" + echo -e " Ignores the health-check." + echo -e "" + echo -e " -l, --local" + echo -e " Use local files." + echo -e "" + echo -e " -h, --help" + echo -e " Shows help." + echo -e "" exit 1 # Exit script after printing help } @@ -51,19 +88,19 @@ importFunction() { } main() { - if [ "$EUID" -ne 0 ]; then - echo "Error: This script must be run as root." - exit 1; - fi + + if [ ! -n "$1" ]; then + getHelp + fi while [ -n "$1" ] do case "$1" in - "-A"|"--AllInOne") + "-a"|"--all-in-one") AIO=1 shift 1 ;; - "-w"|"--wazuh") + "-w"|"--wazuh-server") wazuh=1 shift 1 ;; @@ -88,7 +125,7 @@ main() { certificates=1 shift 1 ;; - "-i"|"--ignore-healthcheck") + "-i"|"--ignore-health-check") ignore=1 shift 1 ;; @@ -109,10 +146,16 @@ main() { getHelp ;; *) + echo "Unknow option: $1" getHelp esac done + if [ "$EUID" -ne 0 ]; then + echo "Error: This script must be run as root." + exit 1; + fi + importFunction "common.sh" importFunction "wazuh-cert-tool.sh" @@ -191,9 +234,7 @@ main() { if [ -n "${ignore}" ]; then logger -w "Health-check ignored." else - healthCheck elasticsearch - healthCheck kibana - healthCheck wazuh + healthCheck AIO fi checkSystem installPrerequisites