Wazuh – Create a script to remote update all agents

Wazuh is going through many updates a year, and it is very interesting to automate agent upgrade on a regular basis.

2 options there : leveraging the API or script it.

Let’s try the second option, and in the process see how ChatGPT can help 😉

Knowing that we can list all agent with their version by using “/var/ossec/bin/agent_upgrade -l” and then upgrade a single agent using its ID and the following command “/var/ossec/bin/agent_control -i AgentID”, we can ask ChatGPT how to process all the agent.

This gives the following script than can be used on a regular basis or even scheduled (be careful anyway and better have a staged roll out anyway, with pilot, test and then move to production)

#!/bin/bash

# List all Wazuh agents
agents=$(sudo /var/ossec/bin/agent_upgrade -l)

# Iterate over each line of the agents list
echo "$agents" | while read -r agent; do
    # Extract the agent ID
    agent_id=$(echo "$agent" | awk '{print $1}')  # assuming the agent ID is the first column

    # Skip header or lines that don't contain an agent ID
    if [[ $agent_id =~ ^[0-9]+$ ]]; then
        echo "Processing Agent ID: $agent_id"
        # Run the command for each agent ID
        sudo /var/ossec/bin/agent_control -i "$agent_id"
    fi
done