nullzilla

Security - DNS Filter

Nov 12th, 2019 (edited)
226
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Import-Module $env:SyncroModule -WarningAction SilentlyContinue
  2.  
  3. if (!$sitekey) {
  4.     $sitekey = 'yourdefaultkeyhere'
  5. }
  6. $arguments = "NKEY=$sitekey TRAYICON=disabled ARPSYSTEMCOMPONENT=1"
  7. $agenturl = 'https://download.dnsfilter.com/User_Agent/Windows/DNS_Agent_Setup.msi'
  8. $certurl = 'https://app.dnsfilter.com/certs/NetAlerts.cer'
  9. $homepath = 'c:\yourfolderhere'
  10. if (-not (Test-Path "$homepath")) { mkdir "$homepath" }
  11. Set-Location $homepath
  12.  
  13. # Check for service and install if missing
  14. if (Get-Service 'DNS Agent' -ErrorAction SilentlyContinue) {
  15.     Write-Output 'DNSFilter installed'
  16. }
  17. else {
  18.     Write-Output 'DNSFilter not found, installing'
  19.     # Remove registry keys from any previous installs
  20.     if (Test-Path 'HKLM:\SOFTWARE\DNSFilter') { Remove-Item 'HKLM:\SOFTWARE\DNSFilter' -Recurse }
  21.     if (Test-Path 'HKLM:\SOFTWARE\DNSAgent') { Remove-Item 'HKLM:\SOFTWARE\DNSAgent' -Recurse }
  22.     # Download Agent
  23.     (New-Object Net.WebClient).DownloadFile("$agenturl", "$homepath\dnsfilter.msi")
  24.     if (Test-Path 'dnsfilter.msi') {
  25.         Write-Output 'Agent downloaded'
  26.     }
  27.     else {
  28.         Write-Output 'Agent download failed'
  29.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Agent download failed'
  30.         exit 1
  31.     }
  32.     # Install Agent
  33.     $arguments = "/qn /i $homepath\dnsfilter.msi $arguments"
  34.     Write-Output "Installing with arguments: $arguments"
  35.     Start-Process -File msiexec -Arg $arguments -Wait
  36.     ipconfig /flushdns | Out-Null
  37.     Start-Sleep -s 20
  38.     # Set service to automatically restart
  39.     New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\DNS Agent' -Name 'FailureActions' -Value ([byte[]](0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00)) -PropertyType Binary -Force | Out-Null
  40.     if (Get-Service 'DNS Agent' -ErrorAction SilentlyContinue) {
  41.         Write-Output 'Agent installed'
  42.         exit 0
  43.     }
  44.     else {
  45.         Write-Output 'Agent install failed'
  46.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Agent install failed'
  47.         exit 1
  48.     }
  49. }
  50.  
  51. # Check if certificate installed
  52. if (Test-Path cert:\LocalMachine\root\C1FC30A63636A84E8EF3A79039E3EE9EBA60D33F) {
  53.     Write-Output 'Certficate installed'
  54. }
  55. else {
  56.     Write-Output 'Certificate not installed, installing'
  57.     # Download Certificate
  58.     [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  59.     (New-Object Net.WebClient).DownloadFile("$certurl", "$homepath\NetAlerts.cer")
  60.     if (Test-Path 'NetAlerts.cer') {
  61.         Write-Output 'Certificate downloaded'
  62.     }
  63.     else {
  64.         Write-Output 'Certificate download failed'
  65.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Certificate download failed'
  66.         exit 1
  67.     }
  68.     # Install Certificate
  69.     $arguments = "-addstore -enterprise -f Root NetAlerts.cer"
  70.     Start-Process -File certutil -Arg $arguments -Wait
  71.     if (Test-Path cert:\LocalMachine\root\C1FC30A63636A84E8EF3A79039E3EE9EBA60D33F) {
  72.         Write-Output 'Certificate installed'
  73.     }
  74.     else {
  75.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Certificate not installed'
  76.         exit 1
  77.     }
  78. }
  79.  
  80. # Check for a recent kernel power event and if found, wait a bit to avoid false positives
  81. $lastkp = Get-EventLog -LogName system -Source Microsoft-Windows-Kernel-Power -Newest 1 | Select -ExpandProperty TimeGenerated
  82. $recent = (New-Timespan -Start $lastkp -End (Get-Date)).TotalMinutes -le 2
  83. if ($recent) {
  84.     Start-Sleep -Seconds 120
  85. }
  86.  
  87. # Check if DNS setting is correct
  88. if((Get-DNSClientServerAddress).ServerAddresses -contains '127.0.0.2') {
  89.     Write-Output "DNS Server set to 127.0.0.2"
  90. }
  91. else {
  92.     Write-Output "DNS Server setting incorrect:"
  93.     (Get-DNSClientServerAddress)
  94.     Rmm-Alert -Category 'Security - DNS Filter' -Body 'DNS Server setting incorrect'
  95.     Exit 1
  96. }
  97.  
RAW Paste Data