Puppet Class: threatstack

Inherits:
::threatstack::params
Defined in:
manifests/init.pp

Overview

Class: threatstack

Installs and configures the Threat Stack host based agent.

Parameters

agent_config_args

Arguments to be passed to ‘tsagent setup` type: array

binpath

Used to set bin path for exec in the config class type: Array

disable_auditd

Required to work around issues with auditd on some distros type: bool

enable_sysmon

Windows: optionally enable sysmon type: bool

extra_args

Extra arguments to pass on the command line during agent activation. type: array of hashes default: undef

configure_agent

Optionally disable agent configuration. Useful if installing agent into a base image. type: bool

deploy_key

Threat Stack agent deploy key. This value is required. type: string

feature_plan

Threat Stack feature plan. Available values are:

* investigate: Investigate plan
* monitor: Monitor plan
* legacy: Legacy Basic, Advanced, and Pro packaging

type: string

gpg_key

URL to repository GPG key. type: string

package_version

Manage agent package version. type: string

repo_url

URL of installation repo. Useful to change if managing own repository. See also ‘gpg_key`. type: string

rulesets

Ruleset(s) to apply to host. type: array

setup_unless

Used in the setup exec in the configure class type: String

tmpdir

Used to download Windows agent MSI type: string

ts_hostname

Hostname as reported to Threat Stack. type: string

service_provider

The Puppet Service provider used to manage the service. Defaults to undef on most distros type: string

windows_download_url

Windows MSI download url type: string

windows_install_options

Windows MSI install options type: array

windows_ts_package

Windows MSI package name type: string

Examples

Standard usage: class { ‘::threatstack’:

deploy_key => 'MyDeployKey',
rulesets   => ['MyRuleset']

}

Package mirror usage: class { ‘::threatstack’:

deploy_key => 'MyDeployKey',
rulesets   => ['MyRuleset'],
repo_url   => 'https://my-mirror.example.com/centos-6'
gpg_key    => 'https://my-mirror.example.com/RPM-GPG-KEY-THREATSTACK'

}

Authors

Pete Cheslock <pete.cheslock@threatstack.com> Tom McLaughlin <tom.mclaughlin@threatstack.com> Nate St. Germain <nate.stgermain@threatstack.com>

Copyright 2020 Threat Stack, Inc.

Parameters:

  • deploy_key (Any) (defaults to: undef)
  • package_version (Any) (defaults to: $::threatstack::params::package_version)
  • configure_agent (Any) (defaults to: true)
  • extra_args (Any) (defaults to: $::threatstack::params::extra_args)
  • agent_config_args (Any) (defaults to: undef)
  • repo_class (Any) (defaults to: $::threatstack::params::repo_class)
  • repo_url (Any) (defaults to: $::threatstack::params::repo_url)
  • gpg_key (Any) (defaults to: $::threatstack::params::gpg_key)
  • rulesets (Any) (defaults to: $::threatstack::params::rulesets)
  • confdir (Any) (defaults to: $::threatstack::params::confdir)
  • ts_hostname (Any) (defaults to: $::fqdn)
  • disable_auditd (Any) (defaults to: $::threatstack::params::disable_auditd)
  • binpath (Any) (defaults to: $::threatstack::params::binpath)
  • setup_unless (Any) (defaults to: $::threatstack::params::setup_unless)
  • enable_sysmon (Any) (defaults to: $::threatstack::params::enable_sysmon)
  • service_provider (Any) (defaults to: $::threatstack::params::service_provider)
  • windows_download_url (Any) (defaults to: $::threatstack::params::download_url)
  • windows_tmp_path (Any) (defaults to: $::threatstack::params::tmp_path)
  • windows_install_options (Any) (defaults to: concat(["TSDEPLOYKEY=${deploy_key}"],$::threatstack::params::windows_install_options)) 


115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
# File 'manifests/init.pp', line 115

class threatstack (
  $deploy_key              = undef,
  $package_version         = $::threatstack::params::package_version,
  $configure_agent         = true,
  $extra_args              = $::threatstack::params::extra_args,
  $agent_config_args       = undef,
  $repo_class              = $::threatstack::params::repo_class,
  $repo_url                = $::threatstack::params::repo_url,
  $gpg_key                 = $::threatstack::params::gpg_key,
  $rulesets                = $::threatstack::params::rulesets,
  $confdir                 = $::threatstack::params::confdir,
  $ts_hostname             = $::fqdn,
  $disable_auditd          = $::threatstack::params::disable_auditd,
  $binpath                 = $::threatstack::params::binpath,
  $setup_unless            = $::threatstack::params::setup_unless,
  $enable_sysmon           = $::threatstack::params::enable_sysmon,
  $service_provider        = $::threatstack::params::service_provider,
  $windows_download_url    = $::threatstack::params::download_url,
  $windows_tmp_path        = $::threatstack::params::tmp_path,
  $windows_install_options = concat(["TSDEPLOYKEY=${deploy_key}"],$::threatstack::params::windows_install_options)

) inherits ::threatstack::params {

  $ts_package = $::threatstack::params::ts_package

  anchor { '::threatstack::start': }
  -> class { '::threatstack::package': }
  anchor { '::threatstack::end': }


  if $configure_agent {
    if $deploy_key == undef {
      fail('$deploy_key must be defined.')
    }
    # if $feature_plan == undef {
    #  fail('$feature_plan needs to be set to "monitor", "investigate", or a "legacy". See https://www.threatstack.com/plans')
    # }

    class { '::threatstack::configure': }
    class { '::threatstack::service': }

    Class['::threatstack::package']
    -> Class['::threatstack::configure']
    -> Class['::threatstack::service']
    Anchor['::threatstack::end']
  }
}