Auditd fix (#34)

* created auditd test branch * don't reassign that variable * move that down a bit in the case statements * fix amazon linux repo url and auditd disabling * updated spec for yum/amazon test * use old style os fact * ensure facts are in specs * wow, okay. missed another spot. * disable auditd on rhel like oses * don't set param twice * updated readme and changelog * updated metadata
threatstack · Feb 12, 2019 · cbdfcda · cbdfcda
1 parent f969423
commit cbdfcda
Show file tree

Hide file tree

Showing 12 changed files with 54 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 We'll track changes here starting with details about the 2.0 release and reference to earlier releases.
 
+## 2.0.1
+### Changed
+- added optional parameter `disable_auditd` to handle issues users reported installing on RHEL-like OSes
+
+### Fixed
+- fixed amazon linux 2 yum repo assignment
+
 ## 2.0
 ### This release tracks the release of the Threat Stack Agent 2.0
 

diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ For more see https://www.threatstack.com.
 Platforms
 ---------
 
-* Amazon Linux
+* Amazon Linux 2
 * CentOS
 * Debian
 * RedHat
@@ -40,6 +40,7 @@ Parameters
 * `threatstack::rulesets` [optional array] - Set the ruleset or rulesets the node will be added to (Default: 'Base Rule Set').
 * `threatstack::configure_agent` [optiona bool] - Set to false to just install agent without configuring. Useful for image building.
 * `threatstack::agent_config_args` [optional array of hashes] - Extra arguments to pass during agent activation. Useful for enabling new platform features.
+* `threatstack::disable_auditd` [optional bool] - Disable `auditd` service to avoid installation issues. (Default is 'true' on RHEL-like OSes.)
 * `threatstack::extra_args` [optional array of hashes] - optional array of hashes to define setup options for the threatstack agent (Default: `undef`)
 * `threatstack::confdir` [optional string] - path to config directory for the threatstack service (Default: '/opt/threatstack/etc')
 * `threatstack::ts_hostname` [optional string] - hostname of your node (Default: `$::fqdn`)

diff --git a/data/os/Amazon.yaml b/data/os/Amazon.yaml
@@ -2,3 +2,4 @@
 threatstack::params:
     repo_class: '::threatstack::yum'
     gpg_key: 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK'
+    disable_auditd: true
diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml
@@ -2,3 +2,4 @@
 threatstack::params:
     repo_class: '::threatstack::yum'
     gpg_key: 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK'
+    disable_auditd: true
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -8,6 +8,10 @@
 #   Arguments to be passed to `tsagent setup`
 #   type: array
 #
+# [*disable_auditd*]
+#   Required to work around issues with auditd on some distros
+#   type: bool
+#
 # [*extra_args*]
 #   Extra arguments to pass on the command line during agent activation.
 #   type: array of hashes
@@ -86,7 +90,8 @@
   $gpg_key           = $::threatstack::params::gpg_key,
   $rulesets          = $::threatstack::params::rulesets,
   $confdir           = $::threatstack::params::confdir,
-  $ts_hostname       = $::fqdn
+  $ts_hostname       = $::fqdn,
+  $disable_auditd    = $::threatstack::params::disable_auditd
 ) inherits ::threatstack::params {
 
   $ts_package = $::threatstack::params::ts_package

diff --git a/manifests/package.pp b/manifests/package.pp
@@ -20,12 +20,27 @@
 
   class { $::threatstack::repo_class: }
 
+  if $::threatstack::disable_auditd {
+    exec { 'stop_auditd':
+      command => '/sbin/service auditd stop',
+      onlyif  => '/sbin/service auditd status'
+    }
+
+    exec { 'disable_auditd':
+      command => '/bin/systemctl disable auditd',
+      require => Exec['stop_auditd']
+    }
+
+  $required = [ Class[$::threatstack::repo_class], Exec['stop_auditd'] ]
+  } else {
+    $required = Class[$::threatstack::repo_class]
+  }
+
   # NOTE: We do not signal the tsagent service to restart because the
   # package takes care of this.  The workflow differs between fresh
   # installation and upgrades.
   package { $::threatstack::ts_package:
     ensure  => $::threatstack::package_version,
-    require => Class[$::threatstack::repo_class]
+    require => $required
   }
-
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -32,20 +32,26 @@
       $gpg_key          = 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK'
       $gpg_key_file     = '/etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK'
       $gpg_key_file_uri = "file://${gpg_key_file}"
+      $disable_auditd   = true
 
       case $facts['os']['name'] {
-        'Amazon': { $repo_url = 'https://pkg.threatstack.com/v2/Amazon'}
-        /(CentOS|RedHat)/: { $repo_url = "https://pkg.threatstack.com/v2/EL/${::operatingsystemmajrelease}" }
+        'Amazon': {
+              $repo_url       = "https://pkg.threatstack.com/v2/Amazon/${::operatingsystemmajrelease}"
+            }
+        /(CentOS|RedHat)/: {
+              $repo_url         = "https://pkg.threatstack.com/v2/EL/${::operatingsystemmajrelease}"
+            }
         default: { fail("Module ${module_name} does not support ${::operatingsystem}") }
       }
     }
     'Debian': {
-      $repo_class   = '::threatstack::apt'
-      $repo_url     = 'https://pkg.threatstack.com/v2/Ubuntu'
-      $repo_gpg_id  = 'ACCC2B02EA3A2409557B0AB991BB3B3C6EE04BD4'
-      $release      = $facts['os']['distro']['codename']
-      $repos        = 'main'
-      $gpg_key      = 'https://app.threatstack.com/APT-GPG-KEY-THREATSTACK'
+      $repo_class     = '::threatstack::apt'
+      $repo_url       = 'https://pkg.threatstack.com/v2/Ubuntu'
+      $repo_gpg_id    = 'ACCC2B02EA3A2409557B0AB991BB3B3C6EE04BD4'
+      $release        = $facts['os']['distro']['codename']
+      $repos          = 'main'
+      $gpg_key        = 'https://app.threatstack.com/APT-GPG-KEY-THREATSTACK'
+      $disable_auditd = false
     }
     default: {
       fail("Module ${module_name} does not support ${::operatingsystem}")

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "threatstack-threatstack",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "author": "Threat Stack",
   "license": "Apache-2.0",
   "summary": "Installs the Threat Stack agent",

diff --git a/spec/classes/configure_spec.rb b/spec/classes/configure_spec.rb
@@ -60,7 +60,7 @@
   end
 
   context 'on Amazon Linux' do
-    let(:facts) {  {'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
+    let(:facts) {  {'operatingsystemmajrelease' => '2', 'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
     let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
 
     it { should contain_exec('threatstack-agent-setup').with(

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -61,7 +61,7 @@
   end
 
   context 'on Amazon' do
-    let(:facts) {  {'os' => { 'name' => 'Amazon', 'family' => 'RedHat'} } }
+    let(:facts) { { 'operatingsystemmajrelease' => '2', 'os' => { 'name' => 'Amazon', 'family' => 'RedHat'} } }
     let(:params) { { :deploy_key => "#{deploy_key}" } }
 
     it 'should compile' do should create_class('threatstack') end

diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb
@@ -22,7 +22,7 @@
   end
 
   context 'on Amazon Linux' do
-    let(:facts) {  {'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
+    let(:facts) {  {'operatingsystemmajrelease' => '2', 'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
     let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', gpg_key => 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK', repo_class => '::threatstack::yum' }" }
 
     context 'package' do

diff --git a/spec/classes/yum_spec.rb b/spec/classes/yum_spec.rb
@@ -36,14 +36,14 @@
   end
 
   context 'on Amazon' do
-    let(:facts) {  {'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
+    let(:facts) {  {'operatingsystemmajrelease' => '2', 'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
     let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', gpg_key => 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK' }" }
 
     context 'default' do
       it { should contain_yumrepo('threatstack').with(
         :descr     => 'Threat Stack Package Repository',
         :enabled   => 1,
-        :baseurl   => 'https://pkg.threatstack.com/v2/Amazon',
+        :baseurl   => 'https://pkg.threatstack.com/v2/Amazon/2',
         :gpgcheck  => 1,
         :gpgkey    => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK'
       ) }