gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd54253f66
secubox-openwrt/package/secubox/secubox-app-wazuh/files/etc/init.d/wazuh
CyberMind-FR 6f777761e7 feat(wazuh): Add Wazuh security agent package 
New package secubox-app-wazuh provides:
- Wazuh Agent installation and management for ARM64/OpenWrt
- File Integrity Monitoring (FIM) for /etc, /usr/sbin, /etc/config
- Log analysis: syslog, CrowdSec, firewall
- Rootcheck and Security Configuration Assessment
- CrowdSec integration for threat sync
- CLI: wazuhctl with install/configure/register/status commands

Wazuh provides SIEM/XDR capabilities complementing CrowdSec:
- Endpoint detection and response
- Compliance monitoring (PCI-DSS, GDPR, HIPAA)
- Vulnerability detection
- Active response automation

Requires external Wazuh Manager or future secubox-wazuh-manager LXC.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-14 13:28:00 +01:00

52 lines
1.0 KiB
Bash
Raw Blame History

#!/bin/sh /etc/rc.common
# Wazuh Agent init script for SecuBox
START=95
STOP=10
USE_PROCD=1
WAZUH_DIR="/var/ossec"
WAZUH_BIN="$WAZUH_DIR/bin/wazuh-agentd"
WAZUH_CONTROL="$WAZUH_DIR/bin/wazuh-control"
start_service() {
local enabled
config_load wazuh
config_get enabled main enabled '0'
[ "$enabled" != "1" ] && return 0
# Check if agent is installed
[ ! -x "$WAZUH_CONTROL" ] && {
logger -t wazuh "Wazuh agent not installed. Run: wazuhctl install"
return 1
}
procd_open_instance
procd_set_param command "$WAZUH_CONTROL" start
procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
logger -t wazuh "Wazuh agent started"
}
stop_service() {
[ -x "$WAZUH_CONTROL" ] && "$WAZUH_CONTROL" stop 2>/dev/null
logger -t wazuh "Wazuh agent stopped"
}
reload_service() {
[ -x "$WAZUH_CONTROL" ] && "$WAZUH_CONTROL" reload 2>/dev/null
logger -t wazuh "Wazuh agent reloaded"
}
service_triggers() {
procd_add_reload_trigger "wazuh"
}
status() {
[ -x "$WAZUH_CONTROL" ] && "$WAZUH_CONTROL" status
}
Reference in New Issue View Git Blame Copy Permalink