I am trying to make a server hardening script for my work, part of it is to install wazuh-agent on the servers that will be connected to a SIEM manager.
The script has 2 parts, one where it adds the repo entry - that works fine.
The second part installs the wazuh agent (code below). When I run the commands on the shell, they work fine but with the script it gives me the following error.
import os
import subprocess
wazuhrepofile = "/etc/yum.repos.d/wazuh.repo"
wazuh = "wazuh-agent"
wazuhmanager = 'WAZUHMANAGER="10.0.0.2"'
def install_wazuh(wazuh, wazuhmanager, wazuhrepofile):
subprocess.run([wazuhmgr ,'yum', 'install', '-y', wazuh], check=True)
print("Wazuh Agent Installed")
subprocess.run(['systemctl', 'daemon-reload'], check=True)
print("Daemon Reloaded")
subprocess.run(['systemctl', 'enable', wazuh])
print("Wazuh Agent Enabled")
subprocess.run(['systemctl', 'start', wazuh], check=True)
print("Wazuh-Agent Service Started!")
subprocess.run(['sed', '-i', '"s/^enabled=1/enabled=0/"', wazuhrepofile])
install_wazuh(wazuh, wazuhmgr, wazuhrepofile)
and the following is the error [run error]
hj. Thanks for choosing Wazuh.
As it was stated, subprocess.run accepts a series of parameters, but it seems that the first one needs to be an actual command instead of a variable assignment.
What you are doing is passing the Manager IP to have the Agent auto-enroll to the Manager. Another possible way, would be to install the Agent and then use the agent-auth located on the /var/ossec/bin/ folder. This commands also allows the Agent to pass an Agent Name to the Manager, so it will show with on the alerts and the UI, for easier identification.
the command is: /var/ossec/bin/agent-auth -m MANAGER-IP -A AGENT-NAME
For more information on agent registration visit here and for info on agent-auth tool, here
In case you have any further questions, don't hesitate to ask. Cheers