Created
November 12, 2025 17:16
-
-
Save rowland007/150ada78fd6e9f2cf1d5cd2f4704eab3 to your computer and use it in GitHub Desktop.
Installs the Wazuh Agent on to Ubuntu and connects it to Cloudflare tunnel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if the script is running as root or sudo | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "Please run as root or use sudo." | |
| exit 1 | |
| fi | |
| echo "Installing Cloudflared..." | |
| # Install Cloudflared | |
| mkdir -p --mode=0755 /usr/share/keyrings | |
| curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null | |
| echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main' | tee /etc/apt/sources.list.d/cloudflared.list | |
| apt update -qq && apt install -y cloudflared -qq | |
| echo "Cloudflared installation completed." | |
| # Login to Cloudflare | |
| echo "Logging in to Cloudflare..." | |
| cloudflared tunnel login | |
| # Setup Environment Variables | |
| CLOUDFLARED_PATH=$(which cloudflared) | |
| AGENT_REGISTRATION_HOSTNAME="agent-register.randar.app" | |
| AGENT_HOSTNAME="agent.randar.app" | |
| # Ask for Wazuh Agent's name | |
| echo "Please enter the Wazuh Agent's name (e.g., 'prod-Proxmox-LXCXXX-App' or 'linux-ws-CarbonX1-ubuntu')." | |
| echo "Note: The name cannot contain spaces. You may use an underscore (_) or hyphen (-)." | |
| read -r AGENT_NAME | |
| # Download and install the Wazuh Agent | |
| echo "Downloading and installing Wazuh Agent..." | |
| wget -q https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.14.0-1_amd64.deb && \ | |
| WAZUH_MANAGER='127.0.0.1' \ | |
| WAZUH_REGISTRATION_SERVER="127.0.0.1" \ | |
| WAZUH_REGISTRATION_PORT="1515" \ | |
| WAZUH_AGENT_GROUP='ubuntu,linux-servers' \ | |
| WAZUH_AGENT_NAME="$AGENT_NAME" \ | |
| apt install -y ./wazuh-agent_4.14.0-1_amd64.deb -qq && \ | |
| rm ./wazuh*.deb | |
| echo "Wazuh Agent installation completed." | |
| # Setup Cloudflare services | |
| echo "Setting up Cloudflare services for Wazuh Agent..." | |
| cat << EOF | tee /etc/systemd/system/wazuh-agent-registration-tunnel.service | |
| [Unit] | |
| Before=wazuh-agent.service | |
| Requires=wazuh-agent.service | |
| Description=Wazuh Agent Registration Cloudflared Tunnel | |
| [Service] | |
| ExecStart=$CLOUDFLARED_PATH access tcp --hostname $AGENT_REGISTRATION_HOSTNAME --url tcp://127.0.0.1:1515 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| cat << EOF | tee /etc/systemd/system/wazuh-agent-tunnel.service | |
| [Unit] | |
| Before=wazuh-agent.service | |
| Requires=wazuh-agent.service | |
| Description=Wazuh Agent Cloudflared Tunnel | |
| [Service] | |
| ExecStart=$CLOUDFLARED_PATH access tcp --hostname $AGENT_HOSTNAME --url tcp://127.0.0.1:1514 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| # Reload, enable, and start the services | |
| echo "Reloading systemd daemon and enabling services..." | |
| systemctl daemon-reload | |
| systemctl enable wazuh-agent wazuh-agent-registration-tunnel.service wazuh-agent-tunnel.service | |
| systemctl start wazuh-agent wazuh-agent-registration-tunnel.service wazuh-agent-tunnel.service | |
| echo "All services started successfully." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment