-
Notifications
You must be signed in to change notification settings - Fork 99
Expand file tree
/
Copy pathinstall-endpoint-windows.ps1
More file actions
105 lines (90 loc) · 3.57 KB
/
Copy pathinstall-endpoint-windows.ps1
File metadata and controls
105 lines (90 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Downloads and installs Aikido Endpoint Protection on Windows
#
# Usage: iex "& { $(iwr '<url>' -UseBasicParsing) } -token <TOKEN> [-is-mdm]"
param(
[string]$token,
[switch]${is-mdm}
)
# Configuration
$InstallUrl = "https://github.com/AikidoSec/safechain-internals/releases/download/v1.7.9/EndpointProtection.msi"
$DownloadSha256 = "58adf33cef7af4015d89548698f419f65fe88c1ee72ca4f6da38753b9fca24a3"
# Ensure TLS 1.2 is enabled for downloads
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Helper functions
function Write-Info {
param([string]$Message)
Write-Host "[INFO] $Message" -ForegroundColor Green
}
function Write-Error-Custom {
param([string]$Message)
Write-Host "[ERROR] $Message" -ForegroundColor Red
exit 1
}
# Check if running as Administrator
function Test-Administrator {
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($identity)
return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}
# Main installation
function Install-Endpoint {
# 1. Check if we're running as Administrator
if (-not (Test-Administrator)) {
Write-Error-Custom "Administrator privileges required. Please run this script in an elevated terminal (Run as Administrator)."
}
# Check if token is provided, prompt if not
if ([string]::IsNullOrWhiteSpace($token)) {
$token = Read-Host "Enter your Aikido endpoint token"
if ([string]::IsNullOrWhiteSpace($token)) {
Write-Error-Custom "Token is required. Pass it with -token <TOKEN> or enter it when prompted."
}
}
# Validate token to prevent command/property injection via msiexec
if ($token -match '[";`$\s]') {
Write-Error-Custom "Invalid token format. Token must not contain quotes, semicolons, backticks, dollar signs, or whitespace."
}
# 2. Download the .msi
$msiFile = Join-Path $env:TEMP "AikidoEndpoint-$([System.Guid]::NewGuid().ToString('N')).msi"
Write-Info "Downloading Aikido Endpoint Protection..."
try {
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri $InstallUrl -OutFile $msiFile -UseBasicParsing
$ProgressPreference = 'Continue'
}
catch {
Write-Error-Custom "Failed to download from $InstallUrl : $_"
}
try {
# Verify SHA256 checksum
Write-Info "Verifying checksum..."
$actualHash = (Get-FileHash -Path $msiFile -Algorithm SHA256).Hash.ToLower()
if ($actualHash -ne $DownloadSha256) {
Write-Error-Custom "Checksum verification failed. Expected: $DownloadSha256, Got: $actualHash"
}
Write-Info "Checksum verified successfully."
# 3. Install the package with token passed as MSI property
Write-Info "Installing Aikido Endpoint Protection..."
$msiArgs = @("/i", "`"$msiFile`"", "/qn", "/norestart", "AIKIDO_TOKEN=$token")
if (${is-mdm}) {
$msiArgs += "IS_MDM=1"
}
$process = Start-Process -FilePath "msiexec" -ArgumentList $msiArgs -Wait -PassThru
if ($process.ExitCode -ne 0) {
Write-Error-Custom "MSI installer failed (exit code: $($process.ExitCode))."
}
Write-Info "Aikido Endpoint Protection installed successfully!"
}
finally {
# Cleanup
if (Test-Path $msiFile) {
Remove-Item -Path $msiFile -Force -ErrorAction SilentlyContinue
}
}
}
# Run installation
try {
Install-Endpoint
}
catch {
Write-Error-Custom "Installation failed: $_"
}