From cbdfcda2d447dc1c8738674e58009799952c99be Mon Sep 17 00:00:00 2001 From: nate Date: Tue, 12 Feb 2019 12:05:17 -0500 Subject: [PATCH] Auditd fix (#34) * created auditd test branch * don't reassign that variable * move that down a bit in the case statements * fix amazon linux repo url and auditd disabling * updated spec for yum/amazon test * use old style os fact * ensure facts are in specs * wow, okay. missed another spot. * disable auditd on rhel like oses * don't set param twice * updated readme and changelog * updated metadata --- CHANGELOG.md | 7 +++++++ README.md | 3 ++- data/os/Amazon.yaml | 1 + data/os/RedHat.yaml | 1 + manifests/init.pp | 7 ++++++- manifests/package.pp | 19 +++++++++++++++++-- manifests/params.pp | 22 ++++++++++++++-------- metadata.json | 2 +- spec/classes/configure_spec.rb | 2 +- spec/classes/init_spec.rb | 2 +- spec/classes/package_spec.rb | 2 +- spec/classes/yum_spec.rb | 4 ++-- 12 files changed, 54 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c46be5eb..2c43c2bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ We'll track changes here starting with details about the 2.0 release and reference to earlier releases. +## 2.0.1 +### Changed +- added optional parameter `disable_auditd` to handle issues users reported installing on RHEL-like OSes + +### Fixed +- fixed amazon linux 2 yum repo assignment + ## 2.0 ### This release tracks the release of the Threat Stack Agent 2.0 diff --git a/README.md b/README.md index ebe12e4c..4b0404b6 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ For more see https://www.threatstack.com. Platforms --------- -* Amazon Linux +* Amazon Linux 2 * CentOS * Debian * RedHat @@ -40,6 +40,7 @@ Parameters * `threatstack::rulesets` [optional array] - Set the ruleset or rulesets the node will be added to (Default: 'Base Rule Set'). * `threatstack::configure_agent` [optiona bool] - Set to false to just install agent without configuring. Useful for image building. * `threatstack::agent_config_args` [optional array of hashes] - Extra arguments to pass during agent activation. Useful for enabling new platform features. +* `threatstack::disable_auditd` [optional bool] - Disable `auditd` service to avoid installation issues. (Default is 'true' on RHEL-like OSes.) * `threatstack::extra_args` [optional array of hashes] - optional array of hashes to define setup options for the threatstack agent (Default: `undef`) * `threatstack::confdir` [optional string] - path to config directory for the threatstack service (Default: '/opt/threatstack/etc') * `threatstack::ts_hostname` [optional string] - hostname of your node (Default: `$::fqdn`) diff --git a/data/os/Amazon.yaml b/data/os/Amazon.yaml index 239e4e29..0faa1d8d 100644 --- a/data/os/Amazon.yaml +++ b/data/os/Amazon.yaml @@ -2,3 +2,4 @@ threatstack::params: repo_class: '::threatstack::yum' gpg_key: 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK' + disable_auditd: true diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml index 239e4e29..0faa1d8d 100644 --- a/data/os/RedHat.yaml +++ b/data/os/RedHat.yaml @@ -2,3 +2,4 @@ threatstack::params: repo_class: '::threatstack::yum' gpg_key: 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK' + disable_auditd: true diff --git a/manifests/init.pp b/manifests/init.pp index 853efc9c..fbc85a8e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,6 +8,10 @@ # Arguments to be passed to `tsagent setup` # type: array # +# [*disable_auditd*] +# Required to work around issues with auditd on some distros +# type: bool +# # [*extra_args*] # Extra arguments to pass on the command line during agent activation. # type: array of hashes @@ -86,7 +90,8 @@ $gpg_key = $::threatstack::params::gpg_key, $rulesets = $::threatstack::params::rulesets, $confdir = $::threatstack::params::confdir, - $ts_hostname = $::fqdn + $ts_hostname = $::fqdn, + $disable_auditd = $::threatstack::params::disable_auditd ) inherits ::threatstack::params { $ts_package = $::threatstack::params::ts_package diff --git a/manifests/package.pp b/manifests/package.pp index 74810d37..7f0e15f1 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -20,12 +20,27 @@ class { $::threatstack::repo_class: } + if $::threatstack::disable_auditd { + exec { 'stop_auditd': + command => '/sbin/service auditd stop', + onlyif => '/sbin/service auditd status' + } + + exec { 'disable_auditd': + command => '/bin/systemctl disable auditd', + require => Exec['stop_auditd'] + } + + $required = [ Class[$::threatstack::repo_class], Exec['stop_auditd'] ] + } else { + $required = Class[$::threatstack::repo_class] + } + # NOTE: We do not signal the tsagent service to restart because the # package takes care of this. The workflow differs between fresh # installation and upgrades. package { $::threatstack::ts_package: ensure => $::threatstack::package_version, - require => Class[$::threatstack::repo_class] + require => $required } - } diff --git a/manifests/params.pp b/manifests/params.pp index 2f6a76f5..09abd7d0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,20 +32,26 @@ $gpg_key = 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK' $gpg_key_file = '/etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK' $gpg_key_file_uri = "file://${gpg_key_file}" + $disable_auditd = true case $facts['os']['name'] { - 'Amazon': { $repo_url = 'https://pkg.threatstack.com/v2/Amazon'} - /(CentOS|RedHat)/: { $repo_url = "https://pkg.threatstack.com/v2/EL/${::operatingsystemmajrelease}" } + 'Amazon': { + $repo_url = "https://pkg.threatstack.com/v2/Amazon/${::operatingsystemmajrelease}" + } + /(CentOS|RedHat)/: { + $repo_url = "https://pkg.threatstack.com/v2/EL/${::operatingsystemmajrelease}" + } default: { fail("Module ${module_name} does not support ${::operatingsystem}") } } } 'Debian': { - $repo_class = '::threatstack::apt' - $repo_url = 'https://pkg.threatstack.com/v2/Ubuntu' - $repo_gpg_id = 'ACCC2B02EA3A2409557B0AB991BB3B3C6EE04BD4' - $release = $facts['os']['distro']['codename'] - $repos = 'main' - $gpg_key = 'https://app.threatstack.com/APT-GPG-KEY-THREATSTACK' + $repo_class = '::threatstack::apt' + $repo_url = 'https://pkg.threatstack.com/v2/Ubuntu' + $repo_gpg_id = 'ACCC2B02EA3A2409557B0AB991BB3B3C6EE04BD4' + $release = $facts['os']['distro']['codename'] + $repos = 'main' + $gpg_key = 'https://app.threatstack.com/APT-GPG-KEY-THREATSTACK' + $disable_auditd = false } default: { fail("Module ${module_name} does not support ${::operatingsystem}") diff --git a/metadata.json b/metadata.json index 0f75235d..f1a6240b 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "threatstack-threatstack", - "version": "2.0.0", + "version": "2.0.1", "author": "Threat Stack", "license": "Apache-2.0", "summary": "Installs the Threat Stack agent", diff --git a/spec/classes/configure_spec.rb b/spec/classes/configure_spec.rb index 07202441..69f0ba73 100644 --- a/spec/classes/configure_spec.rb +++ b/spec/classes/configure_spec.rb @@ -60,7 +60,7 @@ end context 'on Amazon Linux' do - let(:facts) { {'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } + let(:facts) { {'operatingsystemmajrelease' => '2', 'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" } it { should contain_exec('threatstack-agent-setup').with( diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5e69e248..5bcf7a35 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -61,7 +61,7 @@ end context 'on Amazon' do - let(:facts) { {'os' => { 'name' => 'Amazon', 'family' => 'RedHat'} } } + let(:facts) { { 'operatingsystemmajrelease' => '2', 'os' => { 'name' => 'Amazon', 'family' => 'RedHat'} } } let(:params) { { :deploy_key => "#{deploy_key}" } } it 'should compile' do should create_class('threatstack') end diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb index 068dd1de..fb8b390e 100644 --- a/spec/classes/package_spec.rb +++ b/spec/classes/package_spec.rb @@ -22,7 +22,7 @@ end context 'on Amazon Linux' do - let(:facts) { {'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } + let(:facts) { {'operatingsystemmajrelease' => '2', 'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', gpg_key => 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK', repo_class => '::threatstack::yum' }" } context 'package' do diff --git a/spec/classes/yum_spec.rb b/spec/classes/yum_spec.rb index 0c965202..71aa81f6 100644 --- a/spec/classes/yum_spec.rb +++ b/spec/classes/yum_spec.rb @@ -36,14 +36,14 @@ end context 'on Amazon' do - let(:facts) { {'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } + let(:facts) { {'operatingsystemmajrelease' => '2', 'os' => { 'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } } let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', gpg_key => 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK' }" } context 'default' do it { should contain_yumrepo('threatstack').with( :descr => 'Threat Stack Package Repository', :enabled => 1, - :baseurl => 'https://pkg.threatstack.com/v2/Amazon', + :baseurl => 'https://pkg.threatstack.com/v2/Amazon/2', :gpgcheck => 1, :gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK' ) }