trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into patch-3

Browse Source
This commit is contained in:
Chris Long
2018-09-25 22:44:47 -07:00
committed by GitHub
parent 4d21d2e885 63e4b29e4a
commit 3af54d5003
15 changed files with 317 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Vagrant/scripts/install-caldera-agent.ps1
View File

@@ -2,7 +2,7 @@
If (-not (Test-Path 'C:\Program Files\cagent\cagent.exe')) {
# Add /etc/hosts entry
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.5 logger"
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.105 logger"
# Make the directory
New-Item "c:\Program Files\cagent" -type directory

2
Vagrant/scripts/install-osquery.ps1
View File

@@ -19,7 +19,7 @@ If (-not ($service)) {
### --- TLS CONFIG BEGINS ---
### COMMENT ALL LINES BELOW UNTIL "TLS CONFIG ENDS" if using local configuration
## Add entry to hosts file for Kolide for SSL validation
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.5 kolide"
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.105 kolide"
## Add kolide secret and avoid BOM
$Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False
[System.IO.File]::WriteAllLines("c:\ProgramData\osquery\kolide_secret.txt", "enrollmentsecret", $Utf8NoBomEncoding)

2
Vagrant/scripts/install-splunkuf.ps1
View File

@@ -6,7 +6,7 @@ If (-not (Test-Path "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"))
Write-Host "Installing & Starting Splunk"
(New-Object System.Net.WebClient).DownloadFile('https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=windows&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-x64-release.msi&wget=true', $msiFile)
Start-Process -FilePath "c:\windows\system32\msiexec.exe" -ArgumentList '/i', "$msiFile", 'RECEIVING_INDEXER="192.168.38.5:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 AGREETOLICENSE=Yes SERVICESTARTTYPE=1 LAUNCHSPLUNK=1 SPLUNKPASSWORD=changeme /quiet' -Wait
Start-Process -FilePath "c:\windows\system32\msiexec.exe" -ArgumentList '/i', "$msiFile", 'RECEIVING_INDEXER="192.168.38.105:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 AGREETOLICENSE=Yes SERVICESTARTTYPE=1 LAUNCHSPLUNK=1 SPLUNKPASSWORD=changeme /quiet' -Wait
} Else {
Write-Host "Splunk is already installed. Moving on."
}

2
Vagrant/scripts/join-domain.ps1
View File

@@ -4,7 +4,7 @@
Write-Host 'Join the domain'
Write-Host "First, set DNS to DC to join the domain"
$newDNSServers = "192.168.38.2"
$newDNSServers = "192.168.38.102"
$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.38."}
$adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}

2
Vagrant/scripts/provision.ps1
View File

@@ -26,7 +26,7 @@ if ($env:COMPUTERNAME -imatch 'vagrant') {
}
if ($env:COMPUTERNAME -imatch 'dc') {
. c:\vagrant\scripts\create-domain.ps1 192.168.38.2
. c:\vagrant\scripts\create-domain.ps1 192.168.38.102
} else {
. c:\vagrant\scripts\join-domain.ps1
}