if [ $# -ne 4 ]; then echo "Usage: <Name> <IP Forward Server> <Port Forward Server> <OS>"; exit
else
# IP
IP="10.x.y.z"
# VM Name
VMName=$1;
# IP Forward Server
IPFS=$2;
# Port Forward Server
PFS=$3;
OS=$4;
echo "[OK] Download Assets"
sudo wget -q -c http://$IP/splunkf &&
sudo wget -q -c http://$IP/inputs.conf &&
echo "[OK] Installing Cron" &&
sudo mv splunkf /etc/cron.d/ &&
sudo chmod 644 /etc/cron.d/splunkf &&
echo "[OK] Installing Splunk Forwarder & Depedencies"
if [ "$OS" == "CentOS" ]; then
sudo yum install deltarpm &&
sudo yum install epel-release rkhunter lynis -y &&
sudo wget -q -c http://$IP/splunkf.rpm &&
sudo rpm -i splunkf.rpm
elif [ "$OS" == "Ubuntu" ]; then
sudo apt install lynis rkhunter -y &&
sudo wget -q -c http://$IP/splunkf.deb &&
sudo dpkg -i splunkf.deb
elif [ "$OS" == "Debian" ]; then
sudo apt install lynis rkhunter -y &&
sudo wget -q -c http://$IP/splunkf.deb &&
sudo dpkg -i splunkf.deb
fi
if [ -d "/opt/splunkforwarder/etc/apps/search/local" ]; then
sudo rm /opt/splunkforwarder/etc/apps/search/local -R
fi
if [ ! -d "/opt/splunkforwarder/etc/apps/search/local" ]; then
sudo mkdir /opt/splunkforwarder/etc/apps/search/local
fi
sudo sed -i "s/localhost/$VMName/g" inputs.conf &&
sudo mv inputs.conf /opt/splunkforwarder/etc/apps/search/local/inputs.conf &&
# sudo /opt/splunkforwarder/bin/splunk remove forward-server $IPFS:$PFS &&
sudo /opt/splunkforwarder/bin/splunk add forward-server $IPFS:$PFS &&
sudo /opt/splunkforwarder/bin/splunk restart &&
sudo /opt/splunkforwarder/bin/splunk list forward-server &&
if [ "$OS" == "CentOS" ]; then
sudo rm splunkf.rpm
elif [ "$OS" == "Ubuntu" ]; then
sudo rm splunkf.deb
elif [ "$OS" == "Debian" ]; then
sudo rm splunkf.deb
fi
fi