feat: initial commit

terraform/scripts/company-bootstrap-ubuntu.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Run as root (sudo)." >&2
+  exit 1
+fi
+
+SSH_USER="${1:-devops}"
+SSH_PORT="${2:-42315}"
+SSH_PUBKEY="${3:-}"
+
+if [[ -z "${SSH_PUBKEY}" ]]; then
+  echo "Usage: $0 <ssh_user> <ssh_port> <ssh_public_key>" >&2
+  exit 1
+fi
+
+if ! id -u "${SSH_USER}" >/dev/null 2>&1; then
+  useradd -m -s /bin/bash "${SSH_USER}"
+fi
+
+usermod -aG sudo "${SSH_USER}"
+
+install -d -m 700 -o "${SSH_USER}" -g "${SSH_USER}" "/home/${SSH_USER}/.ssh"
+touch "/home/${SSH_USER}/.ssh/authorized_keys"
+chown "${SSH_USER}:${SSH_USER}" "/home/${SSH_USER}/.ssh/authorized_keys"
+chmod 600 "/home/${SSH_USER}/.ssh/authorized_keys"
+
+if ! grep -Fqx "${SSH_PUBKEY}" "/home/${SSH_USER}/.ssh/authorized_keys"; then
+  echo "${SSH_PUBKEY}" >>"/home/${SSH_USER}/.ssh/authorized_keys"
+fi
+
+cat >/etc/ssh/sshd_config.d/99-company.conf <<EOF
+Port ${SSH_PORT}
+PermitRootLogin no
+PasswordAuthentication no
+PubkeyAuthentication yes
+ChallengeResponseAuthentication no
+UsePAM yes
+EOF
+
+sshd -t
+systemctl restart ssh || systemctl restart sshd
+
+echo "Company baseline applied:"
+echo "- user: ${SSH_USER}"
+echo "- ssh port: ${SSH_PORT}"
+echo "- root login: disabled"
+echo "- password auth: disabled"
+

terraform/scripts/install-wazuh-aio.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Run as root (sudo)." >&2
+  exit 1
+fi
+
+echo "[1/4] System update and tools"
+apt-get update -y
+apt-get install -y curl tar
+
+echo "[2/4] Download Wazuh installer"
+cd /root
+curl -sSLO https://packages.wazuh.com/4.14/wazuh-install.sh
+chmod +x wazuh-install.sh
+
+echo "[3/4] Install Wazuh all-in-one"
+bash ./wazuh-install.sh -a
+
+echo "[4/4] Installation finished"
+echo "Open: https://$(hostname -I | awk '{print $1}')"
+echo "Installer output contains generated admin credentials."
+

terraform/scripts/verify-wazuh.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_IP="${1:-}"
+
+if [[ -z "${TARGET_IP}" ]]; then
+  echo "Usage: $0 <wazuh-vm-ip>" >&2
+  exit 1
+fi
+
+echo "[1/3] Dashboard HTTPS check"
+curl -kI "https://${TARGET_IP}" | head -n 1
+
+echo "[2/3] Enrollment port check"
+nc -zv "${TARGET_IP}" 1515
+
+echo "[3/3] Agent events port check"
+nc -zv "${TARGET_IP}" 1514
+