From 2f9f1acee792eb221e877f10f4c1ce2796b9106f Mon Sep 17 00:00:00 2001 From: Mathew Date: Thu, 19 Sep 2024 14:02:06 +0000 Subject: [PATCH] Initial commit --- Futuresens_zabbix_installer.ps1 | 205 ++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 Futuresens_zabbix_installer.ps1 diff --git a/Futuresens_zabbix_installer.ps1 b/Futuresens_zabbix_installer.ps1 new file mode 100644 index 0000000..304c538 --- /dev/null +++ b/Futuresens_zabbix_installer.ps1 @@ -0,0 +1,205 @@ +## Das history goes here + +# Self-elevate the script if required +if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) { + if ([int](Get-CimInstance -Class Win32_OperatingSystem | Select-Object -ExpandProperty BuildNumber) -ge 6000) { + $CommandLine = "-File `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments + Start-Process -FilePath PowerShell.exe -Verb Runas -ArgumentList $CommandLine + Exit + } +} + +# Needs TLS 1.2 now +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + +# Create and change directory +New-Item -ItemType Directory -Force -Path $env:ProgramFiles\Zabbix +Set-Location $env:ProgramFiles\Zabbix + +# Download and unpack Zabbix agent +$DOWNLOADURL = "https://www.zabbix.com/downloads/4.0.12/zabbix_agents-4.0.12-win-amd64-openssl.zip" +$helper = New-Object System.Net.WebClient +$helper.DownloadFile($DOWNLOADURL, "$env:ProgramFiles\Zabbix\agent.zip") +Expand-Archive -LiteralPath "$env:ProgramFiles\Zabbix\agent.zip" -DestinationPath "$env:ProgramFiles\Zabbix\" + +# Q&A for setup +Write-Host "" +Write-Host "Please answer the following questions to install Zabbix Agent on Windows" +Write-Host "" + +$HOSTNAME = Read-Host "Please enter the hostname of this system as configured in Zabbix UI [$env:computername]" +if ([String]::IsNullOrWhiteSpace($HOSTNAME)) { $HOSTNAME = $env:computername } + +$PROXY_IP = Read-Host "Enter DNS name or IP of Zabbix Proxy or Server that will monitor this agent" + +$AUTO_AGENT_IP = (Get-NetIPAddress -AddressFamily IPv4 | where { $_.AddressState -eq "Preferred" -and $_.InterfaceAlias -notmatch "Loopback" -and $_.IPv4Address -notlike "169.*" }).IPv4Address +$AGENT_IP = Read-Host "Enter local IP of THIS agent that the proxy/server will connect to [$AUTO_AGENT_IP]" +if ([String]::IsNullOrWhiteSpace($AGENT_IP)) { $AGENT_IP = $AUTO_AGENT_IP } + +$ALLOW_REMOTE_COMMANDS = Read-Host "Allow remote commands? [Yn]" +if ([String]::IsNullOrWhiteSpace($ALLOW_REMOTE_COMMANDS)) { $ALLOW_REMOTE_COMMANDS = "Y" } +if ($ALLOW_REMOTE_COMMANDS -ilike "n*") { $ALLOW_REMOTE_COMMANDS = "0" } else { $ALLOW_REMOTE_COMMANDS = "1" } + +Write-Host "" +$AUTO_CREATE_HOST = Read-Host "Automatically add this host to Zabbix? [Yn]" +if ([String]::IsNullOrWhiteSpace($AUTO_CREATE_HOST)) { $AUTO_CREATE_HOST = "Y" } + +# If auto-add selected, do it +if ($AUTO_CREATE_HOST -eq "Y" -or $AUTO_CREATE_HOST -eq "y") +{ + # Get URL + $AUTO_URL = Read-Host "Enter URL for Zabbix UI: [https://zabbix.example1.co.uk]" + if ([String]::IsNullOrWhiteSpace($AUTO_URL)) { $AUTO_URL = "https://zabbix.example1.co.uk" } + $AUTO_URL = $AUTO_URL.TrimEnd("/") + "/api_jsonrpc.php" + Write-Host "Connecting to $AUTO_URL" + + # Get and check authentication + while ($AUTH_KEY.result -eq $null) + { + Write-Host "" + $AUTO_ZBX_USERNAME = Read-Host "Enter your Zabbix username" + $AUTO_ZBX_PASSWORD = Read-Host -AsSecureString "Enter your Zabbix password" + Write-Host "Checking authentication..." + + $AUTH_BODY = @{ + "jsonrpc" = "2.0"; + "method" = "user.login"; + "params" = @{ + "user" = $AUTO_ZBX_USERNAME + "password" = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($AUTO_ZBX_PASSWORD)) + }; + "id" = "1"; + } + $AUTH_KEY = Invoke-RestMethod -Method Post -Uri $($AUTO_URL) -ContentType "application/json-rpc" -Body (ConvertTo-Json $AUTH_BODY) + if ( $AUTH_KEY.error -ne $null ) {Write-Host "error: "$AUTH_KEY.error.message } + } + + # Generate PSKID and PSK + $AGENT_PSKID = ([guid]::NewGuid()).Guid.ToString() + $AGENT_PSK = ([guid]::NewGuid()).Guid -replace '[-]','' + Set-Content -Path "$env:ProgramFiles\Zabbix\conf\zabbixagent.psk" -Value $AGENT_PSK + + # Edit settings to match Q&A above + $CONF_PATH = "$env:ProgramFiles\Zabbix\conf\zabbix_agentd.conf" + (Get-Content -Path $CONF_PATH) -Replace "^Server=.*$","Server=$PROXY_IP" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^ServerActive=.*$","ServerActive=$PROXY_IP" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^Hostname=.*$","Hostname=$HOSTNAME" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# EnableRemoteCommands=.*","EnableRemoteCommands=$ALLOW_REMOTE_COMMANDS" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# LogRemoteCommands=.*","LogRemoteCommands=$ALLOW_REMOTE_COMMANDS" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# TLSConnect=.*","TLSConnect=psk" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# TLSAccept=.*","TLSAccept=psk" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# TLSPSKIdentity=.*","TLSPSKIdentity=$AGENT_PSKID" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# TLSPSKFile=.*","TLSPSKFile=$env:ProgramFiles\Zabbix\conf\zabbixagent.psk" | Set-Content -Path $CONF_PATH + (Get-Content -Path $CONF_PATH) -Replace "^# Timeout=.*","Timeout=30" | Set-Content -Path $CONF_PATH + + # Check in to zabbix server + # Get Group ID for group "AutoRegistration/Windows Hosts". + $REQ_BODY = @{ + "jsonrpc" = "2.0"; + "method" = "hostgroup.get"; + "params" = @{ + "filter" = @{ + "name" = @( + "AutoRegistration/Windows Hosts" + ) + } + } + "id" = "5"; + "auth" = $AUTH_KEY.result + } + $REQ_BODY = (ConvertTo-Json -Depth 8 $REQ_BODY).ToString() + $AUTOREG_GROUP_ID = Invoke-RestMethod -Method Post -Uri $($AUTO_URL) -ContentType "application/json-rpc" -Body ($REQ_BODY) + # Create the group if it doesn't exist. + if ($AUTOREG_GROUP_ID.result.Length -eq 0) + { + $REQ_BODY = @{ + "jsonrpc" = "2.0"; + "method" = "hostgroup.create"; + "params" = @{ + "name" = "AutoRegistration/Windows Hosts" + } + "id" = "6"; + "auth" = $AUTH_KEY.result + } + $REQ_BODY = (ConvertTo-Json -Depth 8 $REQ_BODY).ToString() + $AUTOREG_GROUP_ID = Invoke-RestMethod -Method Post -Uri $($AUTO_URL) -ContentType "application/json-rpc" -Body ($REQ_BODY) + $AUTOREG_GROUP_ID = $AUTOREG_GROUP_ID.result[0].groupids[0] + } + else + { + $AUTOREG_GROUP_ID = $AUTOREG_GROUP_ID.result[0].groupid + } + + # Create the agent in Zabbix + $REQ_BODY = @{ + "jsonrpc" = "2.0"; + "method" = "host.create"; + "params" = @{ + "host" = $HOSTNAME; + "interfaces" = @( + @{ + "type" = 1; + "main" = 1; + "useip" = 1; + "ip" = "$AGENT_IP"; + "dns" = ""; + "port" = "10050"; + } + ) + "groups" = @( + @{ + "groupid" = $AUTOREG_GROUP_ID + } + ) + "tls_accept" = 2; + "tls_connect" = 2; + "tls_psk_identity" = $AGENT_PSKID; + "tls_psk" = $AGENT_PSK; + } + "id" = "8"; + "auth" = $AUTH_KEY.result + } + $REQ_BODY = (ConvertTo-Json -Depth 8 $REQ_BODY).ToString() + $CREATED_AGENT_ID = Invoke-RestMethod -Method Post -Uri $($AUTO_URL) -ContentType "application/json-rpc" -Body ($REQ_BODY) + + Write-Host "" + if ($CREATED_AGENT_ID.error.code -eq -32602) # Host already exists + { + Write-Host "The agent $HOSTNAME already exists in Zabbix" + Write-Host "You will need to manually update the existing agent $HOSTNAME in Zabbix to use the PSKID: $AGENT_PSKID and PSK: $AGENT_PSK" + } + elseif ($CREATED_AGENT_ID.error.code -eq -32500) # No permission + { + Write-Host "You do not have permission to create hosts in Zabbix. You must be Zabbix Admin to do this." + Write-Host "You will need to ask an Admin to manually add the host $HOSTNAME to Zabbix using the PSKID: $AGENT_PSKID and PSK: $AGENT_PSK" + } + + # Install and run Zabbix service + & "$env:ProgramFiles\Zabbix\bin\zabbix_agentd.exe" -i -c "$env:ProgramFiles\Zabbix\conf\zabbix_agentd.conf" + + Write-Host "Restarting Zabbix Agent for changes to take effect" + Restart-Service "Zabbix Agent" + + # Log out of Zabbix and clear password + $AUTH_BODY = @{ + "jsonrpc" = "2.0"; + "method" = "user.logout"; + "params" = @(); + "id" = "99"; + "auth" = $AUTH_KEY.result + } + $AUTH_KEY = Invoke-RestMethod -Method Post -Uri $($AUTO_URL) -ContentType "application/json-rpc" -Body (ConvertTo-Json $AUTH_BODY) + $AUTH_KEY = "" + $AUTO_ZBX_PASSWORD = "" + + Write-Host "" + Write-Host "Zabbix Agent has been successfully installed on $HOSTNAME." + Write-Host "The following PSK values were used - PSKID: $AGENT_PSKID and PSK: $AGENT_PSK" + Write-Host "You must now log in to Zabbix and do the following:" + Write-Host " 1) Move $HOSTNAME from 'AutoRegistration/Windows Hosts' to the appropriate group(s)" + Write-Host " 2) Add items and triggers (usually via a template)" + Write-Host " 3) Set $HOSTNAME to be monitored by the appropriate proxy (if required)" + Write-Host "" + Read-Host "Press return to quit." +} +