-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added legacy sentinelone_agent role to colleciton
- Loading branch information
1 parent
662b13a
commit a5cec6e
Showing
31 changed files
with
478 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
tests/output/ | ||
.idea/ | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
sentinelone_client_legacy |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
skip_list: | ||
- fqcn-builtins | ||
- command-instead-of-module | ||
- no-changed-when |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
*.rpm | ||
*.deb | ||
__pycache__ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
"MD013": false # line-length | ||
"MD014": false # show commands output | ||
"MD024": false # duplicate headings | ||
"MD025": false # multiple top-level headings in the same document | ||
"MD026": false # no trailing punction (? at the end) | ||
"MD033": false # inline HTML | ||
"MD036": true # no emphasis as heading (command descriptions) | ||
"MD041": false # leading comments (beginning not heading) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
language: python | ||
python: "2.7" | ||
|
||
# Use the new container infrastructure | ||
sudo: false | ||
|
||
# Install ansible | ||
addons: | ||
apt: | ||
packages: | ||
- python-pip | ||
|
||
install: | ||
# Install ansible | ||
- pip install ansible | ||
|
||
# Check ansible version | ||
- ansible --version | ||
|
||
# Create ansible.cfg with correct roles_path | ||
- printf '[defaults]\nroles_path=../' >ansible.cfg | ||
|
||
script: | ||
# Basic role syntax check | ||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check | ||
|
||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
# Based on ansible-lint config | ||
extends: default | ||
|
||
rules: | ||
braces: | ||
max-spaces-inside: 1 | ||
level: error | ||
brackets: | ||
max-spaces-inside: 1 | ||
level: error | ||
colons: | ||
max-spaces-after: -1 | ||
level: error | ||
commas: | ||
max-spaces-after: -1 | ||
level: error | ||
comments: disable | ||
comments-indentation: disable | ||
document-start: disable | ||
empty-lines: | ||
max: 3 | ||
level: error | ||
hyphens: | ||
level: error | ||
indentation: disable | ||
key-duplicates: enable | ||
line-length: disable | ||
new-line-at-end-of-file: disable | ||
new-lines: | ||
type: unix | ||
trailing-spaces: disable | ||
truthy: disable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# sentinelone_client_legacy (Alias: sentinelone_client) | ||
|
||
**This role was merged to this collection from the Ansible role [sentinelone_client](https://github.com/stdevel/ansible-sentinelone_client) by [@stdevel](https://github.com/stdevel).** | ||
|
||
For greater flexibility, it’s recommended to use the install_agent role if you have access to both the management console and an API access token. However, if you don’t have console access and need to install the agent packages from an alternate source, this role is designed for that scenario. Please note that the agent package must be accessible via a web server to use this role. | ||
|
||
Installs and registers the SentinelOne Endpoint agent with provided os packages (linux only). | ||
|
||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Role Variables | ||
|
||
| Variable | Default | Description | | ||
| -------- | ------- | ----------- | | ||
| `sentinelone_client_filename` | *(empty)* | Package file to install | | ||
| `sentinelone_client_token` | *(empty)* | Group/Site token | | ||
| `sentinelone_client_gpgkey` | *(empty)* | GPG signing key to import | | ||
|
||
## Dependencies | ||
|
||
No dependencies. | ||
|
||
## Example Playbook | ||
|
||
```yml | ||
- hosts: clients | ||
roles: | ||
- role: sva.sentinelone.sentinelone_client_legacy | ||
sentinelone_client_filename: SentinelAgent_linux_v21_10_3_3.rpm | ||
sentinelone_client_token: trustno1 | ||
``` | ||
Repository installation: | ||
```yml | ||
- hosts: clients | ||
roles: | ||
- role: sva.sentinelone.sentinelone_client_legacy | ||
sentinelone_client_filename: https://simone.giertz.dev/SentinelAgent_linux_v13_37.deb | ||
sentinelone_client_token: trustno1 | ||
``` | ||
## Development / testing | ||
Use [Ansible Molecule](https://molecule.readthedocs.io/en/latest/index.html) for running tests: | ||
```shell | ||
$ molecule create | ||
$ molecule converge | ||
$ molecule verify | ||
``` | ||
|
||
## License | ||
|
||
BSD | ||
|
||
## Author Information | ||
|
||
Christian Stankowic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
sentinelone_client_token: '' | ||
sentinelone_client_gpgkey: '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
- name: Create initialization file | ||
ansible.builtin.file: | ||
path: /opt/sentinelone/.INITIALIZATION_COMPLETE | ||
owner: root | ||
group: root | ||
mode: '0644' | ||
state: touch | ||
become: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
galaxy_info: | ||
role_name: sentinelone_client | ||
author: Christian Stankowic | ||
description: Installs the SentinelOne agent on linux | ||
license: BSD-3-Clause | ||
|
||
min_ansible_version: '2.10' | ||
|
||
# If this a Container Enabled role, provide the minimum Ansible Container version. | ||
# min_ansible_container_version: | ||
|
||
# | ||
# Provide a list of supported platforms, and for each platform a list of versions. | ||
# If you don't wish to enumerate all versions for a particular platform, use 'all'. | ||
# To view available platforms and versions (or releases), visit: | ||
# https://galaxy.ansible.com/api/v1/platforms/ | ||
# | ||
platforms: | ||
- name: Ubuntu | ||
- name: Fedora | ||
- name: Debian | ||
- name: EL | ||
versions: | ||
- '8' | ||
|
||
|
||
galaxy_tags: | ||
- sentinelone | ||
- sentinel | ||
- antivirus | ||
- legacy | ||
|
||
dependencies: [] |
Binary file not shown.
23 changes: 23 additions & 0 deletions
23
roles/sentinelone_client_legacy/molecule/default/INSTALL.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
********************************* | ||
Vagrant driver installation guide | ||
********************************* | ||
|
||
Requirements | ||
============ | ||
|
||
* Vagrant | ||
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop | ||
|
||
Install | ||
======= | ||
|
||
Please refer to the `Virtual environment`_ documentation for installation best | ||
practices. If not using a virtual environment, please consider passing the | ||
widely recommended `'--user' flag`_ when invoking ``pip``. | ||
|
||
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ | ||
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site | ||
|
||
.. code-block:: bash | ||
$ pip install 'molecule_vagrant' |
16 changes: 16 additions & 0 deletions
16
roles/sentinelone_client_legacy/molecule/default/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Testing | ||
|
||
In order to test the role you'll need Ansible, Molecule and a supported provider such as Vagrant. | ||
|
||
If you also want to test registration, add the following line to [`converge.yml`](converge.yml): | ||
|
||
```yml | ||
sentinelone_client_token: "..." | ||
``` | ||
Copy the SentinelONE installation files (`sentinelone_latest.deb`, `sentinelone_latest.rpm`) into this directory and run `molecule`: | ||
|
||
```shell | ||
$ molecule create | ||
$ molecule converge | ||
``` |
24 changes: 24 additions & 0 deletions
24
roles/sentinelone_client_legacy/molecule/default/converge.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
- name: Converge | ||
hosts: all | ||
pre_tasks: | ||
- name: Set SentinelONE client installation file (Debian) | ||
ansible.builtin.set_fact: | ||
file_sentinelone: sentinelone_latest.deb | ||
when: ansible_os_family == 'Debian' | ||
|
||
- name: Set SentinelONE client installation file (Red Hat) | ||
ansible.builtin.set_fact: | ||
file_sentinelone: sentinelone_latest.rpm | ||
when: ansible_os_family == 'RedHat' | ||
|
||
- name: Set SentinelONE client installation file (SUSE) | ||
ansible.builtin.set_fact: | ||
file_sentinelone: sentinelone_latest.rpm | ||
when: ansible_os_family == 'Suse' | ||
|
||
roles: | ||
- role: sva.sentinelone.sentinelone_client_legacy | ||
sentinelone_client_filename: "{{ file_sentinelone }}" | ||
# sentinelone_client_token: '...' | ||
# sentinelone_client_gpgkey: '...' |
22 changes: 22 additions & 0 deletions
22
roles/sentinelone_client_legacy/molecule/default/molecule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
dependency: | ||
name: galaxy | ||
driver: | ||
name: vagrant | ||
platforms: | ||
- name: s1-ubuntu | ||
box: generic/ubuntu2204 | ||
- name: s1-fedora | ||
box: generic/fedora38 | ||
- name: s1-almalinux | ||
box: almalinux/9 | ||
- name: s1-opensuse | ||
box: opensuse/Tumbleweed.x86_64 | ||
provisioner: | ||
name: ansible | ||
verifier: | ||
name: testinfra | ||
lint: | | ||
yamllint . | ||
ansible-lint | ||
flake8 |
23 changes: 23 additions & 0 deletions
23
roles/sentinelone_client_legacy/molecule/default/tests/conftest.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
"""PyTest Fixtures.""" | ||
from __future__ import absolute_import | ||
|
||
import os | ||
|
||
import pytest | ||
|
||
|
||
def pytest_runtest_setup(item): | ||
"""Run tests only when under molecule with testinfra installed.""" | ||
try: | ||
import testinfra | ||
except ImportError: | ||
pytest.skip("Test requires testinfra", allow_module_level=True) | ||
if "MOLECULE_INVENTORY_FILE" in os.environ: | ||
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( | ||
os.environ["MOLECULE_INVENTORY_FILE"] | ||
).get_hosts("all") | ||
else: | ||
pytest.skip( | ||
"Test should run only from inside molecule.", | ||
allow_module_level=True | ||
) |
42 changes: 42 additions & 0 deletions
42
roles/sentinelone_client_legacy/molecule/default/tests/test_default.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
""" | ||
Role unit tests | ||
""" | ||
|
||
|
||
def test_packages(host): | ||
""" | ||
Ensure that packages are installed | ||
""" | ||
os = host.ansible("setup")["ansible_facts"]["ansible_os_family"].lower() | ||
if os == "debian": | ||
pkg = 'sentinelagent' | ||
else: | ||
pkg = 'SentinelAgent' | ||
assert host.package(pkg).is_installed | ||
|
||
|
||
def test_service(host): | ||
""" | ||
Ensure that service is enabled and running | ||
""" | ||
srv = 'sentinelone.service' | ||
_srv = host.service(srv) | ||
assert _srv.is_enabled | ||
assert _srv.is_running | ||
|
||
|
||
def test_registration(host): | ||
""" | ||
Ensure that registration has succeeded | ||
""" | ||
with host.sudo(): | ||
cmd = host.run( | ||
"sentinelctl management status" | ||
).stdout.strip().split("\n") | ||
# check that URL and UUID are not undefined | ||
_url = [x for x in cmd if "URL" in x] | ||
_uuid = [x for x in cmd if "UUID" in x] | ||
_connect = [x for x in cmd if "Connectivity" in x] | ||
assert "undefined" not in _url[0] | ||
assert "undefined" not in _uuid[0] | ||
assert "Off" not in _connect[0] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
- name: Gather RPM package version | ||
ansible.builtin.command: "rpm -qp --queryformat '%{VERSION}' /tmp/{{ sentinelone_client_filename | basename }}" | ||
register: sentinelone_client_rpm_version | ||
changed_when: false | ||
|
||
- name: Set nodigest flag, if required | ||
ansible.builtin.set_fact: | ||
sentinelone_client_digest: '--nodigest' | ||
when: | ||
- "sentinelone_client_rpm_version.stdout is version('23.3.2.12', '<')" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
- name: Import GPG key | ||
ansible.builtin.apt_key: | ||
url: "{{ sentinelone_client_gpgkey }}" | ||
become: true | ||
when: sentinelone_client_gpgkey | ||
|
||
- name: Install package | ||
ansible.builtin.apt: | ||
deb: "/tmp/{{ sentinelone_client_filename | basename }}" | ||
update_cache: true | ||
become: true |
Oops, something went wrong.