forked from osquery/osquery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmanage-osqueryd.ps1
131 lines (110 loc) · 4.49 KB
/
manage-osqueryd.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree. An additional grant
# of patent rights can be found in the PATENTS file in the same directory.
param(
[string] $args = "",
[switch] $install = $false,
[switch] $uninstall = $false,
[switch] $start = $false,
[switch] $stop = $false,
[switch] $help = $false,
[switch] $debug = $false
)
$kServiceName = "osquery daemon service"
$kServiceBinaryPath = Resolve-Path ([System.IO.Path]::Combine($PSScriptRoot, '..', 'osquery', 'osqueryd', 'osqueryd.exe'))
# Adapted from http://www.jonathanmedd.net/2014/01/testing-for-admin-privileges-in-powershell.html
function Test-IsAdmin {
return ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(
[Security.Principal.WindowsBuiltInRole] "Administrator"
)
}
function Do-Help {
$programName = (Get-Item $PSCommandPath ).Name
Write-Host "Usage: $programName (-install|-uninstall|-start|-stop|-help)" -foregroundcolor Yellow
Write-Host ""
Write-Host " Only one of the following options can be used. Using multiple will result in "
Write-Host " options being ignored."
Write-Host " -install Install the osqueryd service"
Write-Host " -args Specifies additional arguments for the service (only used with -install)"
Write-Host " -uninstall Uninstall the osqueryd service"
Write-Host " -start Start the osqueryd service"
Write-Host " -stop Stop the osqueryd service"
Write-Host ""
Write-Host " -help Shows this help screen"
Exit 1
}
function Do-Service {
if (-not (Test-Path $kServiceBinaryPath)) {
Write-Host "'$kServiceBinaryPath' is not a valid file. Did you build the osquery daemon?" -foregroundcolor Red
Exit -1
}
$osquerydService = Get-WmiObject -Class Win32_Service -Filter "Name='$kServiceName'"
if ($install) {
if ($osquerydService) {
Write-Host "'$kServiceName' is already installed." -foregroundcolor Yellow
Exit 1
} else {
New-Service -BinaryPathName "$kServiceBinaryPath $args" -Name $kServiceName -DisplayName $kServiceName -StartupType Automatic
Write-Host "Installed '$kServiceName' system service." -foregroundcolor Cyan
Exit 0
}
} elseif ($uninstall) {
if ($osquerydService) {
Stop-Service $kServiceName
Write-Host "Found '$kServiceName', stopping the system service..."
Start-Sleep -s 5
Write-Host "System service should be stopped."
$osquerydService.Delete()
Write-Host "System service '$kServiceName' uninstalled." -foregroundcolor Cyan
Exit 0
} else {
Write-Host "'$kServiceName' is not an installed system service." -foregroundcolor Yellow
Exit 1
}
} elseif ($start) {
if ($osquerydService) {
Start-Service $kServiceName
Write-Host "'$kServiceName' system service is started." -foregroundcolor Cyan
} else {
Write-Host "'$kServiceName' is not an installed system service." -foregroundcolor Yellow
Exit 1
}
} elseif ($stop) {
if ($osquerydService) {
Stop-Service $kServiceName
Write-Host "'$kServiceName' system service is stopped." -foregroundcolor Cyan
} else {
Write-Host "'$kServiceName' is not an installed system service." -foregroundcolor Yellow
Exit 1
}
} else {
Write-Host "Invalid state: this should not exist!" -foregroundcolor Red
Exit -1
}
}
function Main {
if (-not (Test-IsAdmin)) {
Write-Host "Please run this script with Admin privileges!" -foregroundcolor Red
Exit -1
}
if ($help) {
Do-Help
} elseif ($debug) {
$osquerydExists = Test-Path $kServiceBinaryPath
Write-Host "Service Information" -foregroundcolor Cyan
Write-Host " kServiceName = '$kServiceName'" -foregroundcolor Cyan
Write-Host " kServiceBinaryPath = '$kServiceBinaryPath'" -foregroundcolor Cyan
Write-Host " +exists = $osquerydExists" -foregroundcolor Cyan
Exit 0
} elseif (($install.ToBool() + $uninstall.ToBool() + $start.ToBool() + $stop.ToBool()) -Eq 1) {
# The above is a dirty method of determining if only one of the following booleans are true.
Do-Service
} else {
Write-Host "Invalid option selected: please see -help for usage details." -foregroundcolor Red
Exit -1
}
}
$null = Main