diff --git a/configure_commands_wazuh_agent.ps1 b/configure_commands_wazuh_agent.ps1 new file mode 100644 index 00000000..14ab9fd7 --- /dev/null +++ b/configure_commands_wazuh_agent.ps1 @@ -0,0 +1,154 @@ +#------------------------- Gather parameters --------------------------# + +param ( + [switch]$Elevated, + [switch]$help + ) + +#------------------------- Gather parameters --------------------------# + +# ------------------------- Common functions ------------------------- # + +# Restart agent service +function restartAgent { + $service="OssecSvc" + $status= (Get-Service $service).status + + if($status -eq "Running"){ + Restart-Service $service -Force + } + elseif($status -eq "Stopped"){ + Start-Service $service + } +} + +# Get agent version + +function getVersion +{ + $version = "" + $version_path = "$($path)\VERSION" + if (Test-Path $version_path) { + $version_path = "$($path)\VERSION" + } else { + $version_path = "$($path)\VERSION.txt" + } + + foreach($line in Get-Content "$($version_path)") { + if ($line -like '*v2.*'){ + $version = "v2" + } + if ($line -like '*v3.*'){ + if ($line -like '*v3.0.*'){ + $version = "v3.0" + } else{ + $version = "v3" + } + } + } + + if ($wazuh_version -eq ""){ + "The agent version could not be obtained." + Exit + } else{ + return $version + } +} + +# Agent configuration +function confAgent +{ + + "Updating local_internal_options.conf file..." + + $local_conf_path = "$($path)\local_internal_options.conf" + $local_conf_path + if (Test-Path $local_conf_path) { + "local_internal_options.conf already exists. Proceeding with the changes. " + } else{ + "Creating local_internal_options.conf" + New-Item "$($path)\local_internal_options.conf" -ItemType file + Add-Content "$($path)\local_internal_options.conf" -value "# local_internal_options.conf`r`n +#`r`n +# This file should be handled with care. It contains`r`n +# run time modifications that can affect the use`r`n +# of OSSEC. Only change it if you know what you`r`n +# are doing. Look first at ossec.conf`r`n +# for most of the things you want to change.`r`n +#`r`n +# This file will not be overwritten during upgrades.`r`n" + } + + + if ($wazuh_version -eq "v3") { + $contain_output = Select-String -Path "$($path)\local_internal_options.conf" -pattern wazuh_command.remote_commands + + if ($contain_output -ne $null) { + (Get-Content "$($path)\local_internal_options.conf") -replace('wazuh_command.remote_commands.*', 'wazuh_command.remote_commands=1') | Set-Content "$($path)\local_internal_options.conf" + } else { + Add-Content "$($path)\local_internal_options.conf" -value "# Wazuh Command Module - If it should accept remote commands from the manager`r`nwazuh_command.remote_commands=1`r`n" + } + } + + $contain_output = Select-String -Path "$($path)\local_internal_options.conf" -pattern 'logcollector.remote_commands' + + if ($contain_output -ne $null) { + (Get-Content "$($path)\local_internal_options.conf") -replace('logcollector.remote_commands.*', 'logcollector.remote_commands=1') | Set-Content "$($path)\local_internal_options.conf" + } else { + Add-Content "$($path)\local_internal_options.conf" -value "# Logcollector - If it should accept remote commands from the manager`r`nlogcollector.remote_commands=1`r`n" + } +} + +# Usage function +function Usage +{ + " + /\__/\ + / \ WAZUH agent - Windows deploy + \ \ / / Site: http://www.wazuh.com + \ VV / + \__/ + USE: ./configure_commands_wazuh_agent.ps1 [options] + -help: usage information. + Examples: + ./configure_commands_wazuh_agent.ps1 + " +} + +# ------------------------- Common functions ------------------------- # + +#------------------------- Analyze parameters -------------------------# + +if(($help.isPresent)) { + Usage + Exit +} + +#------------------------- Analyze parameters -------------------------# + +#------------------------- Main workflow --------------------------# + +# Opening powershell as Administrator +if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { + Write-Host "This script requires Administrator privileges" + Exit +} + + +$path = "C:\Program Files (x86)\ossec-agent\" +if (Test-Path $path) { + $path = "C:\Program Files (x86)\ossec-agent\" +} else { + $path = "C:\Program Files\ossec-agent\" +} + +# Get agent version +$wazuh_version = getVersion +"Agent version: $wazuh_version" +# Configure agent +confAgent + +# Restart agent +restartAgent + +#------------------------- Main workflow --------------------------# \ No newline at end of file