scripts/deploy.sh · soc-automation-lab

69 lines · bash

set -euo pipefail
 
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
CERT_DIR="${ROOT}/config/wazuh/certs"
 
cd "${ROOT}"
 
if [[ ! -f .env ]]; then
    echo "no .env found - copy .env.example to .env and fill it in first" >&2
    exit 1
fi
 
generate_certs() {
    if [[ -f "${CERT_DIR}/root-ca.pem" ]]; then
        echo "certs already present, skipping generation"
        return
    fi
    echo "generating indexer certificates"
    mkdir -p "${CERT_DIR}"
    docker run --rm \
        -v "${CERT_DIR}:/certificates" \
        -v "${ROOT}/config/wazuh/certs.yml:/config/certs.yml:ro" \
        wazuh/wazuh-certs-generator:0.0.2
    chmod 640 "${CERT_DIR}"/*.pem
}
 
wait_for_indexer() {
    echo "waiting for the indexer to come up"
    for _ in $(seq 1 40); do
        if curl -sk -u "${INDEXER_USERNAME}:${INDEXER_PASSWORD}" \
            https://localhost:9200/_cluster/health | grep -q '"status"'; then
            echo "indexer is responding"
            return 0
        fi
        sleep 10
    done
    echo "indexer did not become ready in time" >&2
    return 1
}
 
set -a
source .env
set +a
 
seed_cti_lists() {
    echo "seeding CTI watchlists into the manager"
    for list in cti-malicious-ip cti-malicious-domain cti-malware-hash; do
        docker compose cp "config/wazuh/lists/${list}" "wazuh.manager:/var/ossec/etc/lists/${list}"
    done
    docker compose exec -T wazuh.manager chown -R wazuh:wazuh /var/ossec/etc/lists
    docker compose exec -T wazuh.manager /var/ossec/bin/wazuh-control restart >/dev/null
}
 
generate_certs
docker compose up -d
wait_for_indexer
seed_cti_lists
 
cat <<EOF
 
stack is up.
 
  Wazuh dashboard   https://localhost:5601   (${DASHBOARD_USERNAME})
  TheHive           http://localhost:${THEHIVE_PORT}
  Cortex            http://localhost:${CORTEX_PORT}
 
Next: bring up Shuffle (cd shuffle && docker compose up -d), import the
workflow, and paste the webhook URL into config/wazuh/manager/ossec.conf.
EOF

1	set -euo pipefail
2
3	ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
4	CERT_DIR="${ROOT}/config/wazuh/certs"
5
6	cd "${ROOT}"
7
8	if [[ ! -f .env ]]; then
9	echo "no .env found - copy .env.example to .env and fill it in first" >&2
10	exit 1
11	fi
12
13	generate_certs() {
14	if [[ -f "${CERT_DIR}/root-ca.pem" ]]; then
15	echo "certs already present, skipping generation"
16	return
17	fi
18	echo "generating indexer certificates"
19	mkdir -p "${CERT_DIR}"
20	docker run --rm \
21	-v "${CERT_DIR}:/certificates" \
22	-v "${ROOT}/config/wazuh/certs.yml:/config/certs.yml:ro" \
23	wazuh/wazuh-certs-generator:0.0.2
24	chmod 640 "${CERT_DIR}"/*.pem
25	}
26
27	wait_for_indexer() {
28	echo "waiting for the indexer to come up"
29	for _ in $(seq 1 40); do
30	if curl -sk -u "${INDEXER_USERNAME}:${INDEXER_PASSWORD}" \
31	https://localhost:9200/_cluster/health \| grep -q '"status"'; then
32	echo "indexer is responding"
33	return 0
34	fi
35	sleep 10
36	done
37	echo "indexer did not become ready in time" >&2
38	return 1
39	}
40
41	set -a
42	source .env
43	set +a
44
45	seed_cti_lists() {
46	echo "seeding CTI watchlists into the manager"
47	for list in cti-malicious-ip cti-malicious-domain cti-malware-hash; do
48	docker compose cp "config/wazuh/lists/${list}" "wazuh.manager:/var/ossec/etc/lists/${list}"
49	done
50	docker compose exec -T wazuh.manager chown -R wazuh:wazuh /var/ossec/etc/lists
51	docker compose exec -T wazuh.manager /var/ossec/bin/wazuh-control restart >/dev/null
52	}
53
54	generate_certs
55	docker compose up -d
56	wait_for_indexer
57	seed_cti_lists
58
59	cat <<EOF
60
61	stack is up.
62
63	Wazuh dashboard https://localhost:5601 (${DASHBOARD_USERNAME})
64	TheHive http://localhost:${THEHIVE_PORT}
65	Cortex http://localhost:${CORTEX_PORT}
66
67	Next: bring up Shuffle (cd shuffle && docker compose up -d), import the
68	workflow, and paste the webhook URL into config/wazuh/manager/ossec.conf.
69	EOF