Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #splunkinstaller.ps1
- #default parameters and other options
- ###CHANGED INSTALL PATH
- Param(
- [string][alias("id")] $installdir = $(if((Test-Path -Path "D:\")){"`"D:\Program Files\SplunkUniversalForwarder`""}else{"`"C:\Program Files\SplunkUnuversalForwarder`""}),#change directory for UnivFor
- [string][alias("ds")] $deployserver = "hellokitty`:8089",#changed by User
- [switch][alias("du")]$defaultUser,
- [ValidateSet(0,1)][int][alias("s")]$start = 1,
- [string][alias("u")]$domainuser = $(if($defaultUser){"mydomain\\myuser"}),#default login
- [string][alias("p")]$password = $(if($defaultUser){"Y2ldmU="})#change login credentials
- )
- #var initallization
- $splunkprocesses = @()
- #passwords, need new ones
- ##THESE PASSWORDS ENCRYPTED VIA 64BIT so the plaintext isn't transmitted over a network
- $pw1='JHBsrMQDQ='
- $pw2="YldmWU="
- $match = 0
- #might need to change regex's
- ###CHANGED REGEX2 FROM splunkbeta to splunkforwarder
- $regex2 = [regex]'(?i)[\\d\\w\\W\\D]+splunkforwarder[\\d\\w\\W\\D]+'
- ###REGEX1 doesn't seem to be used anywhere
- $regex1 = [regex]'[\\d\\w]+VM[\\d\\w]+'
- #Functions, generic don't need to change anything here
- #decodes encoded string
- Function decoder($decode)
- {
- $decoded = [System.Convert]::FromBase64String($decode)
- $decodedpd = [System.Text.Encoding]::UTF8.GetString($decoded)
- return $decodedpd
- }
- #Checks if app is installed
- Function ckinst($appname)
- {
- $installed = Get-WmiObject -Class Win32_Product | Where-object{$_.name -like "*$appname*"}
- If($installed){ return "True"}else{return "False"}
- }
- #starts process
- Function pstart([string]$exec,[string]$argments)
- {
- $process = New-Object System.Diagnostics.Process
- $process.StartInfo.FileName = $exec
- $process.StartInfo.RedirectStandardError = 1
- $process.StartInfo.RedirectStandardOutput = 1
- $process.StartInfo.UseShellExecute = 0
- #if there's arguments, append them
- if($argments){write-host $args;$process.StartInfo.Arguments = $argments}
- $process.Start() | Out-Null
- $process.WaitForExit() | Out-Null
- $errorstream = $process.StandardError.ReadToEnd()
- $stdoutstream = $process.StandardOutput.ReadToEnd()
- #if errors occur, write them
- if($errorstream)
- {
- write-host "Error occurred during Execution of $exec with the following arguments: $argments"
- Exit 4
- }elseif($stdoutstream)
- {
- write-host $stdoutstream
- }
- }
- #building command line string for install
- #change this to fit Universal installer
- #check UF install page for flags we need
- ###MODIFY THIS FOR ADDITIONAL FLAGS
- $comstr = " AGREETOLICENSE=Yes INSTALLDIR=$installdir DEPLOYMENT_SERVER=`"$deployserver`" LAUNCHSPLUNK=$start"
- #get passwords for user type, leave these alone
- if($defaultUser)
- {
- $password = decoder($password)
- $comstr += " LOGON_USERNAME=`"$domainuser`" LOGON_PASSWORD=$password"
- }
- elseif($domainuser -and $password)
- {
- $comstr += " LOGON_USERNAME=""$domainuser"" LOGON_PASSWORD=`"$password`""
- }elseif(($domainuser -and !$password) -or (!$domainuser -and $password))
- {
- write-host "Warn: domainuser and password must both be defined"
- Exit 4
- }
- #finding running path and executables
- $scriptpath = $MyInvocation.Mycommand.Path
- $rdir = Split-Path $scriptpath
- $files = get-childitem $rdir
- $match = $files | ForEach-Object {$regex2.Matches($_.FullName)}
- #checking to see if Splunk is already installed
- $x = ckinst("UniversalForwarder") #Change this too
- if($x -eq "True"){write-host "Splunk already installed Exiting";Exit}else{Write-Host "Installing Splunk"}
- #running installation, change string outputs, leave rest
- if($match -ne 0)
- {
- pstart "msiexec" "/i $match$comstr /quiet"
- Start-Sleep -s 10
- $x = ckinst("UniversalForwarder")
- if($x -eq "True"){write-host "UF successfully installed"}else{Write-Host "UF installed failed"; Exit}
- }else
- {
- write-host "msi or executable not found"
- Exit 4
- }
- #run splunk, add users, modify admin password
- #probably need a lot of modifications here
- #ASK ABOUT MISSING QUOTATION ON LINE BELOW
- ##ASSUMING EXTRA WAS ADDED, REMOVED FROM ADJACENT TO ' ON RIGHT LIKE SO "'""
- $installdir = $installdir.Replace("`"","")
- #verifing services
- write-host "Verifying Services"
- #does this work with UF? need to change splunk probably
- ##running the UF seems to be the same as running the Splunk mainline
- $splunkprocesses = get-service | where-object{$_.Name -like "*splunk*"}
- if ($splunkprocesses.length -ne 0)
- {
- write-host "services verified"
- #changing user information
- write-host "changing user info"
- ###CHANGE SIMILAR TO ABOVE REGARDING QUOTATION MARKS
- $installdir = $installdir.Replace("`"","")
- $splunkexe = "`"$installdir\\bin\\splunk.exe`""
- $pw1 = decoder($pw1)
- $pw2 = decoder($pw2)
- #modify passwords for new user (maybe keep?)
- pstart $splunkexe "add user splunk_local -password $pw1 -role admin -auth admin:changeme"
- #modify admin password
- pstart $splunkexe "edit user admin -password $pw2 -role admin -auth admin:changeme"
- New-Item "$installdir\\etc\.ui_login" -type "file" -force | Out-Null
- write-host "User Info Changed"
- if($start -eq 1)
- {
- write-host "Restarting Splunk"
- pstart $splunkexe "restart"
- Start-Sleep -s 2
- write-host "Restart Complete"
- }
- }elsen #failed install check
- {
- write-host "Services do not appear to be installed correctly. Verification required."
- Exit 4
- }
- write-host "Done"
- Exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement