Rename bootstrap.sh -> logger_bootstrap.sh

Vagrant/Vagrantfile

@@ -3,7 +3,7 @@ Vagrant.configure("2") do |config|
   config.vm.define "logger" do |cfg|
     cfg.vm.box = "bento/ubuntu-18.04"
     cfg.vm.hostname = "logger"
-    cfg.vm.provision :shell, path: "bootstrap.sh"
+    cfg.vm.provision :shell, path: "logger_bootstrap.sh"
     cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8"
 
     cfg.vm.provider "vmware_desktop" do |v, override|

Vagrant/logger_bootstrap.sh

@@ -1,18 +1,20 @@
 #! /usr/bin/env bash
 
-# Override existing DNS Settings using netplan, but don't do it for Terraform builds
+# This is the script that is used to provision the logger host
+
+# Override existing DNS Settings using netplan, but don't do it for Terraform AWS builds
 if ! curl -s 169.254.169.254 --connect-timeout 2 >/dev/null; then
   echo -e "    eth1:\n      dhcp4: true\n      nameservers:\n        addresses: [8.8.8.8,8.8.4.4]" >>/etc/netplan/01-netcfg.yaml
   netplan apply
 fi
 sed -i 's/nameserver 127.0.0.53/nameserver 8.8.8.8/g' /etc/resolv.conf && chattr +i /etc/resolv.conf
 
-# Get a free Maxmind license here: https://www.maxmind.com/en/geolite2/signup
-# Required for the ASNgen app to work: https://splunkbase.splunk.com/app/3531/
-export MAXMIND_LICENSE=
-if [ -n "$MAXMIND_LICENSE" ]; then
-  echo "Note: You have not entered a MaxMind license key on line 5 of bootstrap.sh, so the ASNgen Splunk app may not work correctly."
-  echo "However, it is not required and everything else should function correctly."
+# Source variables from logger_variables.sh
+source ./logger_variables.sh
+
+if [ -z "$MAXMIND_LICENSE" ]; then
+  echo "Note: You have not entered a MaxMind API key in logger_variables.sh, so the ASNgen Splunk app may not work correctly."
+  echo "However, it is optional and everything else should function correctly."
 fi
 
 export DEBIAN_FRONTEND=noninteractive
@@ -166,13 +168,20 @@ install_splunk() {
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/link-analysis-app-for-splunk_161.tgz -auth 'admin:changeme'
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_144.tgz -auth 'admin:changeme'
 
-    # Install the Maxmind license key for the ASNgen App
+    # Install the Maxmind license key for the ASNgen App if it was provided
     if [ -n "$MAXMIND_LICENSE" ]; then
       mkdir /opt/splunk/etc/apps/TA-asngen/local
       cp /opt/splunk/etc/apps/TA-asngen/default/asngen.conf /opt/splunk/etc/apps/TA-asngen/local/asngen.conf
       sed -i "s/license_key =/license_key = $MAXMIND_LICENSE/g" /opt/splunk/etc/apps/TA-asngen/local/asngen.conf
     fi
 
+    # Install a Splunk license if it was provided
+    if [ -n $BASE64_ENCODED_SPLUNK_LICENSE ]; then
+      echo "$BASE64_ENCODED_SPLUNK_LICENSE" | base64 -d > /tmp/Splunk.License
+      /opt/splunk/bin/splunk add licenses /tmp/Splunk.License -auth 'admin:changeme'
+      rm /tmp/Splunk.License
+    fi
+
     # Replace the props.conf for Sysmon TA and Windows TA
     # Removed all the 'rename = xmlwineventlog' directives
     # I know youre not supposed to modify files in "default",