Untitled

#splunkinstaller.ps1
#default parameters and other options
###CHANGED INSTALL PATH
Param(
   [string][alias("id")] $installdir = $(if((Test-Path -Path "D:\")){"`"D:\Program Files\SplunkUniversalForwarder`""}else{"`"C:\Program Files\SplunkUniversalForwarder`""}),#change directory for UnivFor
   [string][alias("ds")] $deployserver = "localhost:8089",#changed by User
   [switch][alias("du")]$defaultUser,
   [ValidateSet(0,1)][int][alias("s")]$start = 1,
   [string][alias("u")]$domainuser = $(if($defaultUser){"localhost\\myuser"}),#default login
   [string][alias("p")]$password = $(if($defaultUser){"Y2ldmU="})#change login credentials
)
#var initallization
$splunkprocesses = @()
#ENCRYPTION DOESNT WORK CHANGING TO PLAINTEXT
###PASSWORD 1 SETS UP A NEW USER
$pw1='N3o1OUJiSTNXZA=='
###PASSWORD 2 IS THE NEW ADMIN PASSWORD
$pw2="N3o1OUJiSTNXZA=="
$match = 0
###CHANGED REGEX2 FROM splunkbeta to splunkforwarder
##$regex2 = [regex]'(?i)[\\d\\w\\W\\D]+splunkforwarder[\\d\\w\\W\\D]+'
$regex2 = [regex]'splunkforwarder[\\d\\w\\W\\D]+'
###REGEX1 doesn't seem to be used anywhere
$regex1 = [regex]'[\\d\\w]+VM[\\d\\w]+'
#Functions, generic don't need to change anything here
#decodes encoded string
Function decoder($decode)
{
    $decoded = [System.Convert]::FromBase64String($decode)
    $decodedpd = [System.Text.Encoding]::UTF8.GetString($decoded)
    return $decodedpd
}

#Checks if app is installed
Function ckinst($appname)
{
    $installed = Get-WmiObject -Class Win32_Product | Where-object{$_.name -like "*$appname*"}
    If($installed){ return "True"}else{return "False"}
}
#starts process
Function pstart([string]$exec,[string]$argments)
{
    $process = New-Object System.Diagnostics.Process
    $process.StartInfo.FileName = $exec
    $process.StartInfo.RedirectStandardError = 1
    $process.StartInfo.RedirectStandardOutput = 1
    $process.StartInfo.UseShellExecute = 0
    #if there's arguments, append them
    if($argments){write-host $args;$process.StartInfo.Arguments = $argments}
    $process.Start() | Out-Null
    $process.WaitForExit() | Out-Null
    $errorstream = $process.StandardError.ReadToEnd()
    $stdoutstream = $process.StandardOutput.ReadToEnd()
    #if errors occur, write them
    if($errorstream)
    {
        write-host "Error occurred during Execution of $exec with the following arguments: $argments"
        Exit 4
    }elseif($stdoutstream)
    {
        write-host $stdoutstream
    }
}
write-host "starting"
#building command line string for install
#change this to fit Universal installer
#check UF install page for flags we need
###MODIFY THIS FOR ADDITIONAL FLAGS
$comstr = " AGREETOLICENSE=Yes INSTALLDIR=$installdir DEPLOYMENT_SERVER=$deployserver LAUNCHSPLUNK=$start"
#get passwords for user type, leave these alone
if($defaultUser)
{
    $password = decoder($password)
    $comstr += " LOGON_USERNAME=`"$domainuser`" LOGON_PASSWORD=$password"
}
elseif($domainuser -and $password)
{
   $comstr += " LOGON_USERNAME=""$domainuser"" LOGON_PASSWORD=`"$password`""
}elseif(($domainuser -and !$password) -or (!$domainuser -and $password))
{
   write-host "Warn: domainuser and password must both be defined"
   Exit 4
}

#finding running path and executables
$scriptpath = $MyInvocation.Mycommand.Path
write-host "$scriptpath"
$rdir = Split-Path $scriptpath
write-host "$rdir"
$files = get-childitem $rdir
write-host "$files"
$match = $files | ForEach-Object {$regex2.Matches($_.FullName)}
write-host "$match"
#checking to see if Splunk is already installed
$x = ckinst("UniversalForwarder") #Change this too
if($x -eq "True"){write-host "UF already installed Exiting";Exit}else{Write-Host "Installing Splunk"}
#running installation, change string outputs, leave rest
if($match -ne 0)
{   ###MODIFIED TO JSUT RUN THE FILE WITH NO MATCHING SHIT
    pstart "msiexec" "/i $match $comstr /quiet"
    Start-Sleep -s 10
    write-host "checking install"
    $x = ckinst("UniversalForwarder")
    if($x -eq "True"){write-host "UF successfully installed"}else{Write-Host "UF installed failed"; Exit}
}else
{
    write-host "msi or executable not found"
    Exit 4
}
#run splunk, add users, modify admin passwords
##ASSUMING EXTRA WAS ADDED, REMOVED FROM ADJACENT TO ' ON RIGHT LIKE SO "'""
##NEEDED TO PREVENT POWERSHELL FROM THROWING FIT, LEAVE IT BE
$installdir = $installdir.Replace("`"","")
#verifing services
write-host "Verifying Services"
#does this work with UF? need to change splunk probably
##running the UF seems to be the same as running the Splunk mainline
$splunkprocesses = get-service | where-object{$_.Name -like "*splunk*"}
if ($splunkprocesses.length -ne 0)
{
    write-host "services verified"
    #changing user information
    write-host "changing user info"
    ###CHANGE SIMILAR TO ABOVE REGARDING QUOTATION MARKS
    $installdir = $installdir.Replace("`"","")
    $splunkexe = "`"$installdir\\bin\\splunk.exe`""
    ##decrypt passwords for use
    $pw1 = decoder($pw1)
    $pw2 = decoder($pw2)
    #modify passwords for new user (maybe keep?)
    pstart $splunkexe "add user splunk_local -password $pw1 -role admin -auth admin:changeme"
    #modify admin password
    pstart $splunkexe "edit user admin -password $pw2 -role admin -auth admin:changeme"
    New-Item "$installdir\\etc\.ui_login" -type "file" -force | Out-Null
    write-host "User Info Changed"
    if($start -eq 1)
    {
        write-host "Restarting Splunk"
        pstart $splunkexe "restart"
        Start-Sleep -s 2
        write-host "Restart Complete"
    }
}else #failed install check
{
    write-host "Services do not appear to be installed correctly. Verification required."
    Exit 4
}
write-host "Done"
Exit