Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added legacy sentinelone_agent role to collection #39

Merged
merged 3 commits into from
Sep 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
tests/output/
.idea/
.vscode/
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ It provides several modules which helps to configure and manage SentinelOne Mana

- **Roles:**
- [install_agent](roles/install_agent/README.md)
- [sentinelone_client_legacy](roles/sentinelone_client_legacy/README.md)

## Requirements
### Ansible
Expand Down
1 change: 1 addition & 0 deletions roles/sentinelone_client
Binary file added roles/sentinelone_client_legacy/.DS_Store
Binary file not shown.
5 changes: 5 additions & 0 deletions roles/sentinelone_client_legacy/.config/ansible-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
skip_list:
- fqcn-builtins
- command-instead-of-module
- no-changed-when
3 changes: 3 additions & 0 deletions roles/sentinelone_client_legacy/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*.rpm
*.deb
__pycache__
9 changes: 9 additions & 0 deletions roles/sentinelone_client_legacy/.markdownlint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
"MD013": false # line-length
"MD014": false # show commands output
"MD024": false # duplicate headings
"MD025": false # multiple top-level headings in the same document
"MD026": false # no trailing punction (? at the end)
"MD033": false # inline HTML
"MD036": true # no emphasis as heading (command descriptions)
"MD041": false # leading comments (beginning not heading)
29 changes: 29 additions & 0 deletions roles/sentinelone_client_legacy/.travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
language: python
python: "2.7"

# Use the new container infrastructure
sudo: false

# Install ansible
addons:
apt:
packages:
- python-pip

install:
# Install ansible
- pip install ansible

# Check ansible version
- ansible --version

# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg

script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check

notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
33 changes: 33 additions & 0 deletions roles/sentinelone_client_legacy/.yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# Based on ansible-lint config
extends: default

rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
61 changes: 61 additions & 0 deletions roles/sentinelone_client_legacy/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# sentinelone_client_legacy (Alias: sentinelone_client)

**This role was merged to this collection from the Ansible role [sentinelone_client](https://github.com/stdevel/ansible-sentinelone_client) by [@stdevel](https://github.com/stdevel).**

For greater flexibility, it's recommended to use the install_agent role if you have access to both the management console and an API access token. However, if you don't have console access and need to install the agent packages from an alternate source, this role is designed for that scenario. Please note that the agent package must be accessible via a web server to use this role.

Installs and registers the SentinelOne Endpoint agent with provided os packages (linux only).

## Requirements

No requirements.

## Role Variables

| Variable | Default | Description |
| -------- | ------- | ----------- |
| `sentinelone_client_filename` | *(empty)* | Package file to install |
| `sentinelone_client_token` | *(empty)* | Group/Site token |
| `sentinelone_client_gpgkey` | *(empty)* | GPG signing key to import |

## Dependencies

No dependencies.

## Example Playbook

```yml
- hosts: clients
roles:
- role: sva.sentinelone.sentinelone_client_legacy
sentinelone_client_filename: SentinelAgent_linux_v21_10_3_3.rpm
sentinelone_client_token: trustno1
```

Repository installation:

```yml
- hosts: clients
roles:
- role: sva.sentinelone.sentinelone_client_legacy
sentinelone_client_filename: https://simone.giertz.dev/SentinelAgent_linux_v13_37.deb
sentinelone_client_token: trustno1
```

## Development / testing

Use [Ansible Molecule](https://molecule.readthedocs.io/en/latest/index.html) for running tests:

```shell
$ molecule create
$ molecule converge
$ molecule verify
```

## License

BSD

## Author Information

Christian Stankowic
3 changes: 3 additions & 0 deletions roles/sentinelone_client_legacy/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
sentinelone_client_token: ''
sentinelone_client_gpgkey: ''
9 changes: 9 additions & 0 deletions roles/sentinelone_client_legacy/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: Create initialization file
ansible.builtin.file:
path: /opt/sentinelone/.INITIALIZATION_COMPLETE
owner: root
group: root
mode: '0644'
state: touch
become: true
33 changes: 33 additions & 0 deletions roles/sentinelone_client_legacy/meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
galaxy_info:
role_name: sentinelone_client
author: Christian Stankowic
description: Installs the SentinelOne agent on linux
license: BSD-3-Clause

min_ansible_version: '2.10'

# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Ubuntu
- name: Fedora
- name: Debian
- name: EL
versions:
- '8'


galaxy_tags:
- sentinelone
- sentinel
- antivirus
- legacy

dependencies: []
Binary file not shown.
23 changes: 23 additions & 0 deletions roles/sentinelone_client_legacy/molecule/default/INSTALL.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
*********************************
Vagrant driver installation guide
*********************************

Requirements
============

* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop

Install
=======

Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.

.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site

.. code-block:: bash

$ pip install 'molecule_vagrant'
16 changes: 16 additions & 0 deletions roles/sentinelone_client_legacy/molecule/default/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Testing

In order to test the role you'll need Ansible, Molecule and a supported provider such as Vagrant.

If you also want to test registration, add the following line to [`converge.yml`](converge.yml):

```yml
sentinelone_client_token: "..."
```

Copy the SentinelONE installation files (`sentinelone_latest.deb`, `sentinelone_latest.rpm`) into this directory and run `molecule`:

```shell
$ molecule create
$ molecule converge
```
24 changes: 24 additions & 0 deletions roles/sentinelone_client_legacy/molecule/default/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
pre_tasks:
- name: Set SentinelONE client installation file (Debian)
ansible.builtin.set_fact:
file_sentinelone: sentinelone_latest.deb
when: ansible_os_family == 'Debian'

- name: Set SentinelONE client installation file (Red Hat)
ansible.builtin.set_fact:
file_sentinelone: sentinelone_latest.rpm
when: ansible_os_family == 'RedHat'

- name: Set SentinelONE client installation file (SUSE)
ansible.builtin.set_fact:
file_sentinelone: sentinelone_latest.rpm
when: ansible_os_family == 'Suse'

roles:
- role: sva.sentinelone.sentinelone_client_legacy
sentinelone_client_filename: "{{ file_sentinelone }}"
# sentinelone_client_token: '...'
# sentinelone_client_gpgkey: '...'
22 changes: 22 additions & 0 deletions roles/sentinelone_client_legacy/molecule/default/molecule.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
dependency:
name: galaxy
driver:
name: vagrant
platforms:
- name: s1-ubuntu
box: generic/ubuntu2204
- name: s1-fedora
box: generic/fedora38
- name: s1-almalinux
box: almalinux/9
- name: s1-opensuse
box: opensuse/Tumbleweed.x86_64
provisioner:
name: ansible
verifier:
name: testinfra
lint: |
yamllint .
ansible-lint
flake8
23 changes: 23 additions & 0 deletions roles/sentinelone_client_legacy/molecule/default/tests/conftest.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
"""PyTest Fixtures."""
from __future__ import absolute_import

import os

import pytest


def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.",
allow_module_level=True
)
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
"""
Role unit tests
"""


def test_packages(host):
"""
Ensure that packages are installed
"""
os = host.ansible("setup")["ansible_facts"]["ansible_os_family"].lower()
if os == "debian":
pkg = 'sentinelagent'
else:
pkg = 'SentinelAgent'
assert host.package(pkg).is_installed


def test_service(host):
"""
Ensure that service is enabled and running
"""
srv = 'sentinelone.service'
_srv = host.service(srv)
assert _srv.is_enabled
assert _srv.is_running


def test_registration(host):
"""
Ensure that registration has succeeded
"""
with host.sudo():
cmd = host.run(
"sentinelctl management status"
).stdout.strip().split("\n")
# check that URL and UUID are not undefined
_url = [x for x in cmd if "URL" in x]
_uuid = [x for x in cmd if "UUID" in x]
_connect = [x for x in cmd if "Connectivity" in x]
assert "undefined" not in _url[0]
assert "undefined" not in _uuid[0]
assert "Off" not in _connect[0]
11 changes: 11 additions & 0 deletions roles/sentinelone_client_legacy/tasks/digest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
- name: Gather RPM package version
ansible.builtin.command: "rpm -qp --queryformat '%{VERSION}' /tmp/{{ sentinelone_client_filename | basename }}"
register: sentinelone_client_rpm_version
changed_when: false

- name: Set nodigest flag, if required
ansible.builtin.set_fact:
sentinelone_client_digest: '--nodigest'
when:
- "sentinelone_client_rpm_version.stdout is version('23.3.2.12', '<')"
12 changes: 12 additions & 0 deletions roles/sentinelone_client_legacy/tasks/install_debian.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
- name: Import GPG key
ansible.builtin.apt_key:
url: "{{ sentinelone_client_gpgkey }}"
become: true
when: sentinelone_client_gpgkey

- name: Install package
ansible.builtin.apt:
deb: "/tmp/{{ sentinelone_client_filename | basename }}"
update_cache: true
become: true
Loading
Loading