trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update bootstrap.sh with fleet fixes, remove duplicate registry key code

Browse Source
This commit is contained in:
Chris Long
2020-11-16 16:51:23 -08:00
parent 71bb917b12
commit 1a47c92d90
5 changed files with 7 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ESXi/ansible/roles/logger/tasks/main.yml
View File

@@ -383,8 +383,6 @@
fleetctl get options > /tmp/options.yaml fleetctl get options > /tmp/options.yaml
/usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.enroll_secret' 'enrollmentsecret' /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.enroll_secret' 'enrollmentsecret'
/usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' 'true' /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' 'true'
# Fleet 3.0 requires the "kind" to be "options" instead of "option"
# sed -i 's/kind: option/kind: options/g' /tmp/options.yaml # Not needed with change to fleetdm/fleet
fleetctl apply -f /tmp/options.yaml fleetctl apply -f /tmp/options.yaml
# Use fleetctl to import YAML files # Use fleetctl to import YAML files

6
Vagrant/logger_bootstrap.sh
View File

@@ -307,8 +307,6 @@ install_fleet_import_osquery_config() {
fleetctl get options >/tmp/options.yaml fleetctl get options >/tmp/options.yaml
/usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.enroll_secret' 'enrollmentsecret' /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.enroll_secret' 'enrollmentsecret'
/usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' 'true' /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' 'true'
# Fleet 3.0 requires the "kind" to be "options" instead of "option"
sed -i 's/kind: option/kind: options/g' /tmp/options.yaml
fleetctl apply -f /tmp/options.yaml fleetctl apply -f /tmp/options.yaml
# Use fleetctl to import YAML files # Use fleetctl to import YAML files
@@ -322,8 +320,8 @@ install_fleet_import_osquery_config() {
# Files must exist before splunk will add a monitor # Files must exist before splunk will add a monitor
touch /var/log/fleet/osquery_result touch /var/log/fleet/osquery_result
touch /var/log/fleet/osquery_status touch /var/log/fleet/osquery_status
/opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme' /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme' --accept-license --answer-yes --no-prompt
/opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme' /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme' --accept-license --answer-yes --no-prompt
fi fi
} }

5
Vagrant/scripts/configure-ou.ps1
View File

@@ -49,8 +49,3 @@ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Workstations OU..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong attempting to reach AD or create the OU." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong attempting to reach AD or create the OU."
} }
} }
# Sysprep breaks auto-login. Let's restore it here:
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"

5
Vagrant/scripts/join-domain.ps1
View File

@@ -32,11 +32,6 @@ If ($hostname -eq "wef") {
Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru Add-Computer -DomainName "windomain.local" -credential $DomainCred -PassThru
} }
# Set auto login
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
# Stop Windows Update # Stop Windows Update
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling Windows Updates and Windows Module Services" Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling Windows Updates and Windows Module Services"
Set-Service wuauserv -StartupType Disabled Set-Service wuauserv -StartupType Disabled

5
Vagrant/scripts/provision.ps1
View File

@@ -65,5 +65,10 @@ if ($env:COMPUTERNAME -imatch 'vagrant') {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing bginfo..." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing bginfo..."
. c:\vagrant\scripts\install-bginfo.ps1 . c:\vagrant\scripts\install-bginfo.ps1
} }
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting the registry for auto-login..."
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -Value 1 -Type String
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value "vagrant"
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value "vagrant"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Provisioning after joining domain..." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Provisioning after joining domain..."
} }