This repository has been archived by the owner on Jul 19, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Powershell-Download-Script.ps1
51 lines (48 loc) · 2.13 KB
/
Powershell-Download-Script.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
$OutputLocation = $env:TEMP + "\osquery4.5.1.msi"
$OSQueryURL = "https://pkg.osquery.io/windows/osquery-4.5.0.msi"
$OSQueryPath = $env:ProgramFiles + "\osquery"
$OSQuerySecretFile = $OSQueryPath + "\________INSERT_____FLEET_SECRET_FILE____.txt"
$OSQueryFlagFile = $OSqueryPath + "\osquery.flags"
$OSQuerySecret = "____INSERT_____SECRET_________"
$OSQueryFlags= "
--enroll_secret_path=______INSERT____SECRET____LOCATION_____
--tls_hostname=_____INSERT___OSQUERY____URL______
--host_identifier=uuid
--enroll_tls_endpoint=/api/v1/osquery/enroll
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_refresh=10
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
--disable_events=false
--disable_forensic=false
--enable_windows_events_publisher=true
--enable_windows_events_subscriber=true
--windows_events_channel=System,Application,Setup,Security,Microsoft-Windows-PowerShell
--windows_event_channels=Microsoft-Windows-PowerShell/Operational
"
# Install OSQuery if not already installed
If (-Not (Test-Path -Path $OSQueryFlagFile -ErrorAction SilentlyContinue)){
Write-Output "Getting Ready To Install"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $OSQueryURL -OutFile $OutputLocation
Start-Process -FilePath $OutputLocation -Wait -ArgumentList "/quiet", "/promptrestart"
New-Item -Path $OSQuerySecretFile -Force -ErrorAction SilentlyContinue
Set-Content -Path $OSQuerySecretFile -Value $OSQuerySecret
New-Item -Path $OSQueryFlagFile -Force -ErrorAction SilentlyContinue
Set-Content -Path $OSQueryFlagFile -Value $OSQueryFlags
} Else {
Write-Output "Already Installed, Updating Configuration"
$OSQueryFlags | Out-File -FilePath $OSQueryFlagFile
}
Write-Output "Restarting Service"
Set-Service -Name osqueryd -Status Stopped
Set-Service -Name osqueryd -Status Running
Write-Output "Done!!"