pleiades-ansible/nyu-security.yml at master · isawnyu/pleiades-ansible · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---

- hosts: all
  become: yes
  become_method: sudo
  gather_facts: yes

  tasks:

    - name: Gather service facts
      ansible.builtin.service_facts:
      tags:
        - insightvm

    - name: Set fact if ir_agent service is running
      set_fact:
        ir_agent_exists: true
      when:
        - "'ir_agent.service' in ansible_facts.services"

    - name: Set fact if ir_agent service is not running
      set_fact:
        ir_agent_exists: false
      when: ir_agent_exists is not defined

    - name: Check that the InsightVM tools exist
      stat:
        path: /opt/rapid7/ir_agent/ir_agent
      register: ir_agent_stat
      tags:
        - insightvm

    - name: Upload InsightVM Files
      ansible.builtin.copy:
        src: files/insightvm
        dest: /var/lib
        owner: root
        group: root
        mode: "0700"
        force: false
      when: not ir_agent_exists
      tags:
        - insightvm

    - name: Install InsightVM package
      apt:
        deb: /var/lib/insightvm/rapid7-insight-agent_4.0.15.31-1_arm64.deb
        state: present
      when: not ir_agent_exists
      tags:
        - insightvm

    - name: Configure and enable agent
      ansible.builtin.command:
        cmd: /opt/rapid7/ir_agent/components/insight_agent/4.0.18.46/configure_agent.sh --certificate_package_installation=/var/lib/insightvm -v --attributes="ISAW" --start
      when: not ir_agent_exists
      tags:
        - insightvm

    - name: Create cortex config directory
      ansible.builtin.file:
        path: /etc/panw
        state: directory
        owner: root
        group: root
        mode: "0700"
      tags:
        - cortex

    - name: Install Cortex config
      ansible.builtin.copy:
        src: files/cortex/cortex.conf
        dest: /etc/panw/
        owner: root
        group: root
        mode: "0700"
      tags:
        - cortex

    - name: Check that the cytool exists
      stat:
        path: /opt/traps/bin/cytool
      register: cytool_stat
      tags:
        - cortex

    - name: Upload Cortex installer to tmp dir
      ansible.builtin.copy:
        src: files/cortex/cortex-8.7.0.131661.deb
        dest: /tmp/
        owner: root
        group: root
        mode: "0700"
      when: not cytool_stat.stat.exists
      tags:
        - cortex

    - name: Install cortex
      ansible.builtin.apt:
        deb: /tmp/cortex-8.7.0.131661.deb
        state: present
      when: not cytool_stat.stat.exists
      tags:
        - cortex

    - name: Remove cortex installer
      ansible.builtin.file:
        path: /tmp/cortex-8.7.0.131661.deb
        state: absent
      tags:
        - cortex