Configure Splunk for SSL - Windows
Log In or Register to download the BES file, and more.

0 Votes

Description

<enter a description of the task here>

Property Details

ID21108
StatusAlpha - Code that was just developed
TitleConfigure Splunk for SSL - Windows
DomainBESC
SourceInternal
Source Release Date7/22/2016 12:00:00 AM
Is TaskTrue
Added by on 7/22/2016 4:15:09 PM
Last Modified by on 7/22/2016 4:15:09 PM
Counters 2500 Views / 37 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1127 fixlets and 529 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 fixlet and 3 analyses   * Results in a true/false
Show indented relevance
( exists (folder it) of (it as string as trimmed string) of values "InstallLocation" of keys whose(exists values "DisplayName" whose(it as string contains "UniversalForwarder") of it AND exists values whose(it as string as lowercase contains "splunk") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries; x32 registries) ) OR ( exists services "SplunkForwarder" )
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists following texts of firsts "]." of items 0 whose(it as lowercase contains "].ssl") of ( variables whose(it starts with "[tcpout:") of it, unique values of following texts of firsts "[tcpout].defaultGroup=" of variables whose(it starts with "[tcpout].defaultGroup=") of it ) whose(item 0 of it starts with ("[tcpout:" & item 1 of it & "]")) of files "outputs.conf" of folders "etc\system\local" of (folder it) of (it as string as trimmed string) of values "InstallLocation" of keys whose(exists values "DisplayName" whose(it as string contains "UniversalForwarder") of it AND exists values whose(it as string as lowercase contains "splunk") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries; x32 registries)

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
parameter "FilePath" = "{ pathname of files "outputs.conf" of folders "etc\system\local" of (folder it) of (it as string as trimmed string) of values "InstallLocation" of keys whose(exists values "DisplayName" whose(it as string contains "UniversalForwarder") of it AND exists values whose(it as string as lowercase contains "splunk") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries; x32 registries) }"

parameter "FileSection" = "{ ("tcpout:"&it) of unique value of following texts of firsts "[tcpout].defaultGroup=" of variables whose(it starts with "[tcpout].defaultGroup=") of files "outputs.conf" of folders "etc\system\local" of (folder it) of (it as string as trimmed string) of values "InstallLocation" of keys whose(exists values "DisplayName" whose(it as string contains "UniversalForwarder") of it AND exists values whose(it as string as lowercase contains "splunk") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries; x32 registries) }"

delete __createfile
delete run.vbs

// http://www.robvanderwoude.com/vbstech_files_ini.php#WriteINI
// WriteIni "C:\filepath.ini", "section", "key", "value"
createfile until _END_OF_FILE_

Function ReadIni( myFilePath, mySection, myKey )
' This function returns a value read from an INI file
'
' Arguments:
' myFilePath [string] the (path and) file name of the INI file
' mySection [string] the section in the INI file to be searched
' myKey [string] the key whose value is to be returned
'
' Returns:
' the [string] value for the specified key in the specified section
'
' CAVEAT: Will return a space if key exists but value is blank
'
' Written by Keith Lacelle
' Modified by Denis St-Pierre and Rob van der Woude

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Dim intEqualPos
Dim objFSO, objIniFile
Dim strFilePath, strKey, strLeftString, strLine, strSection

Set objFSO = CreateObject( "Scripting.FileSystemObject" )

ReadIni = ""
strFilePath = Trim( myFilePath )
strSection = Trim( mySection )
strKey = Trim( myKey )

If objFSO.FileExists( strFilePath ) Then
Set objIniFile = objFSO.OpenTextFile( strFilePath, ForReading, False )
Do While objIniFile.AtEndOfStream = False
strLine = Trim( objIniFile.ReadLine )

' Check if section is found in the current line
If LCase( strLine ) = "[" & LCase( strSection ) & "]" Then
strLine = Trim( objIniFile.ReadLine )

' Parse lines until the next section is reached
Do While Left( strLine, 1 ) <> "["
' Find position of equal sign in the line
intEqualPos = InStr( 1, strLine, "=", 1 )
If intEqualPos > 0 Then
strLeftString = Trim( Left( strLine, intEqualPos - 1 ) )
' Check if item is found in the current line
If LCase( strLeftString ) = LCase( strKey ) Then
ReadIni = Trim( Mid( strLine, intEqualPos + 1 ) )
' In case the item exists but value is blank
If ReadIni = "" Then
ReadIni = " "
End If
' Abort loop when item is found
Exit Do
End If
End If

' Abort if the end of the INI file is reached
If objIniFile.AtEndOfStream Then Exit Do

' Continue with next line
strLine = Trim( objIniFile.ReadLine )
Loop
Exit Do
End If
Loop
objIniFile.Close
Else
WScript.Echo strFilePath & " doesn't exists. Exiting..."
Wscript.Quit 1
End If
End Function

Sub WriteIni( myFilePath, mySection, myKey, myValue )
' This subroutine writes a value to an INI file
'
' Arguments:
' myFilePath [string] the (path and) file name of the INI file
' mySection [string] the section in the INI file to be searched
' myKey [string] the key whose value is to be written
' myValue [string] the value to be written (myKey will be
' deleted if myValue is )
'
' Returns:
' N/A
'
' CAVEAT: WriteIni function needs ReadIni function to run
'
' Written by Keith Lacelle
' Modified by Denis St-Pierre, Johan Pol and Rob van der Woude

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Dim blnInSection, blnKeyExists, blnSectionExists, blnWritten
Dim intEqualPos
Dim objFSO, objNewIni, objOrgIni, wshShell
Dim strFilePath, strFolderPath, strKey, strLeftString
Dim strLine, strSection, strTempDir, strTempFile, strValue

strFilePath = Trim( myFilePath )
strSection = Trim( mySection )
strKey = Trim( myKey )
strValue = Trim( myValue )

Set objFSO = CreateObject( "Scripting.FileSystemObject" )
Set wshShell = CreateObject( "WScript.Shell" )

strTempDir = wshShell.ExpandEnvironmentStrings( "%TEMP%" )
strTempFile = objFSO.BuildPath( strTempDir, objFSO.GetTempName )

Set objOrgIni = objFSO.OpenTextFile( strFilePath, ForReading, True )
Set objNewIni = objFSO.CreateTextFile( strTempFile, False, False )

blnInSection = False
blnSectionExists = False
' Check if the specified key already exists
blnKeyExists = ( ReadIni( strFilePath, strSection, strKey ) <> "" )
blnWritten = False

' Check if path to INI file exists, quit if not
strFolderPath = Mid( strFilePath, 1, InStrRev( strFilePath, "\" ) )
If Not objFSO.FolderExists ( strFolderPath ) Then
WScript.Echo "Error: WriteIni failed, folder path (" _
& strFolderPath & ") to ini file " _
& strFilePath & " not found!"
Set objOrgIni = Nothing
Set objNewIni = Nothing
Set objFSO = Nothing
WScript.Quit 1
End If

While objOrgIni.AtEndOfStream = False
strLine = Trim( objOrgIni.ReadLine )
If blnWritten = False Then
If LCase( strLine ) = "[" & LCase( strSection ) & "]" Then
blnSectionExists = True
blnInSection = True
ElseIf InStr( strLine, "[" ) = 1 Then
blnInSection = False
End If
End If

If blnInSection Then
If blnKeyExists Then
intEqualPos = InStr( 1, strLine, "=", vbTextCompare )
If intEqualPos > 0 Then
strLeftString = Trim( Left( strLine, intEqualPos - 1 ) )
If LCase( strLeftString ) = LCase( strKey ) Then
' Only write the key if the value isn't empty
' Modification by Johan Pol
If strValue <> "" Then
objNewIni.WriteLine strKey & "=" & strValue
End If
blnWritten = True
blnInSection = False
End If
End If
If Not blnWritten Then
objNewIni.WriteLine strLine
End If
Else
objNewIni.WriteLine strLine
' Only write the key if the value isn't empty
' Modification by Johan Pol
If strValue <> "" Then
objNewIni.WriteLine strKey & "=" & strValue
End If
blnWritten = True
blnInSection = False
End If
Else
objNewIni.WriteLine strLine
End If
Wend

If blnSectionExists = False Then ' section doesn't exist
objNewIni.WriteLine
objNewIni.WriteLine "[" & strSection & "]"
' Only write the key if the value isn't empty
' Modification by Johan Pol
If strValue <> "" Then
objNewIni.WriteLine strKey & "=" & strValue
End If
End If

objOrgIni.Close
objNewIni.Close

' Delete old INI file
objFSO.DeleteFile strFilePath, True
' Rename new INI file
objFSO.MoveFile strTempFile, strFilePath

Set objOrgIni = Nothing
Set objNewIni = Nothing
Set objFSO = Nothing
Set wshShell = Nothing
End Sub

WriteIni "{ parameter "FilePath" }", "{ parameter "FileSection" }", "sslRootCAPath", "$SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem"
WriteIni "{ parameter "FilePath" }", "{ parameter "FileSection" }", "sslCertPath", "$SPLUNK_HOME/etc/auth/mycerts/myNewServerCertificate.pem"
WriteIni "{ parameter "FilePath" }", "{ parameter "FileSection" }", "sslPassword", "default"
WriteIni "{ parameter "FilePath" }", "{ parameter "FileSection" }", "sslVerifyServerCert", "true"

_END_OF_FILE_

move __createfile run.vbs
waithidden cscript run.vbs
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
This should write the data to the correct file, but I have not validated this in production to the point of actually having Splunk use SSL and making certain of that.