if [ $# -ne 4 ]; then echo "Usage: <Name> <IP Forward Server> <Port Forward Server> <OS>"; exit
else
        # IP
        IP="x.y.z.z"
        # VM Name
        VMName=$1;
        # IP Forward Server
        IPFS=$2;
        # Port Forward Server
        PFS=$3;
        OS=$4;
        echo "[OK] Download Assets"
        sudo wget -q -c http://$IP/splunkf &&
        sudo wget -q -c http://$IP/inputs.conf &&
        echo "[OK] Installing Cron" &&
        sudo mv splunkf /etc/cron.d/ &&
        sudo chmod 644 /etc/cron.d/splunkf &&
        echo "[OK] Installing Splunk Forwarder & Depedencies"
        if [ "$OS" == "CentOS" ]; then
                sudo yum install deltarpm &&
                sudo yum install epel-release rkhunter lynis -y &&
                if [ ! -d "/opt/splunkforwarder" ]; then
                        sudo wget -q -c http://$IP/splunkf.rpm &&
                        sudo rpm -i splunkf.rpm
                fi
        elif [ "$OS" == "Ubuntu" ]; then
                sudo apt install apt-transport-https &&
                sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F &&
                sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add - &&
                sudo echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations &&
                sudo echo "deb https://packages.cisofy.com/community/lynis/deb/ `lsb_release --codename | cut -f2` main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list &&
                sudo apt update &&
                sudo apt install lynis rkhunter -y &&
                if [ ! -d "/opt/splunkforwarder" ]; then
                        sudo wget -q -c http://$IP/splunkf.deb &&
                        sudo dpkg -i splunkf.deb
                fi
        elif [ "$OS" == "Debian" ]; then
                sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F &&
                sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add - &&
                sudo echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations &&
                sudo echo "deb https://packages.cisofy.com/community/lynis/deb/ `lsb_release --codename | cut -f2` main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list &&
                sudo apt update &&
                sudo apt install lynis rkhunter -y &&
                if [ ! -d "/opt/splunkforwarder" ]; then
                        sudo wget -q -c http://$IP/splunkf.deb &&
                        sudo dpkg -i splunkf.deb
                fi
        fi

        if [ -d "/opt/splunkforwarder/etc/apps/search/local" ]; then
                sudo rm /opt/splunkforwarder/etc/apps/search/local -R
        fi

        if [ ! -d "/opt/splunkforwarder/etc/apps/search/local" ]; then
                sudo mkdir /opt/splunkforwarder/etc/apps/search/local
        fi

        sudo sed -i "s/localhost/$VMName/g" inputs.conf &&
        sudo mv inputs.conf /opt/splunkforwarder/etc/apps/search/local/inputs.conf &&
        # sudo /opt/splunkforwarder/bin/splunk remove forward-server $IPFS:$PFS &&
        sudo /opt/splunkforwarder/bin/splunk add forward-server $IPFS:$PFS &&
        sudo /opt/splunkforwarder/bin/splunk restart &&
        sudo /opt/splunkforwarder/bin/splunk list forward-server &&
        if [ "$OS" == "CentOS" ]; then
                sudo rm splunkf.rpm
        elif [ "$OS" == "Ubuntu" ]; then
                sudo rm splunkf.deb
        elif [ "$OS" == "Debian" ]; then
                sudo rm splunkf.deb
        fi
fi

results matching ""

    No results matching ""