-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOSSEC-NetworkDeploy.ps1
executable file
·137 lines (112 loc) · 3.23 KB
/
OSSEC-NetworkDeploy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Deploy OSSEC from a network share
param(
[string]$clientid = $args[1]
)
$ossecinstaller = "ossec-win32-agent-2.8.3.exe"
$ossecshare = "\\192.168.1.1\Security"
$ossecsrc = "Infrastructure\OSSEC\Installer"
$osseccfg = "Infrastructure\OSSEC\Configs"
$ossecdst = "C:\Temp"
function Am-I-Admin {
$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$principal = new-object System.Security.Principal.WindowsPrincipal($identity)
$admin = [System.Security.Principal.WindowsBuiltInRole]::Administrator
$principal.IsInRole($admin)
}
function Map-Drive{
"[INFO] Mapping network drive"
try {
$mount = (New-Object -Com WScript.Network).MapNetworkDrive("o:", $ossecshare)
}
catch {
Write-Warning "Something has gone horriby wrong"
}
}
function Copy-Installer {
if (!(Test-Path -path $ossecdst))
{
New-Item $ossecdst -type directory | Out-Null
}
"[INFO] Copying Installer"
Copy-Item "o:\$ossecsrc\$ossecinstaller" $ossecdst
"[INFO] Copying Configs"
Copy-Item "o:\$osseccfg\$clientid.zip" $ossecdst
}
function OSSEC-Install {
"[INFO] Installing OSSEC Quietly"
$install = Start-Process -FilePath $ossecinstaller -WorkingDirectory $ossecdst -ArgumentList '/S'
}
function Extract-Config($file, $destination) {
$shell = New-Object -com shell.application
$zip = $shell.NameSpace($file)
foreach($item in $zip.items())
{
$shell.Namespace($destination).copyhere($item)
}
}
function OSSEC-Config {
"[INFO] OSSEC Configuration"
"[INFO] Removing default configuration"
try {
Remove-Item "C:\Program Files (x86)\ossec-agent\client.keys" -ErrorAction Continue | Out-Null
}
catch {
# TODO: Better way to do this ?
}
try {
Remove-Item "C:\Program Files (x86)\ossec-agent\ossec.conf" -ErrorAction Continue | Out-Null
}
catch {
# TODO: Better way to do this ?
}
try {
"[INFO] Extracting config: $clientid"
Extract-Config -File "$ossecdst\$clientid.zip" -Destination "C:\Program Files (x86)\ossec-agent"
}
catch {
Write-Warning "Wrong Client ID used."
Exit
}
}
function OSSEC-Start {
"[INFO] Starting OSSEC"
"[INFO] Sleeping 5secs before starting service"
Start-Sleep -s 5
try {
Start-Service OssecSvc
}
catch {
Write-Warning "Something has gone horribly wrong"
}
}
function Cleanup {
try {
"[INFO] Unmapping drive..."
(New-Object -Com WScript.Network).RemoveNetworkDrive("o:")
}
catch {
Write-Warning "Error unmapping drive."
}
try {
Remove-Item "$ossecdst\$ossecinstaller" -ErrorAction Stop
Remove-Item "$ossecdst\$clientid.zip" -ErrorAction Stop
}
catch {
Write-Warning "Clean up failed"
}
}
# Get this party started
if (!(Am-I-Admin)) {
Write-Warning "Not running as administrator"
Exit
}
else {
"[INFO] Starting deployment of OSSEC..."
Map-Drive
Copy-Installer
OSSEC-Install
OSSEC-Config
OSSEC-Start
Cleanup
"`n[INFO] Install Complete."
}