-
Notifications
You must be signed in to change notification settings - Fork 61
/
configure.yml
114 lines (103 loc) · 4.86 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
---
- name: Linux Block
when: ansible_facts['distribution'] != "MacOSX"
block:
- name: CrowdStrike Falcon | Configure Falcon Sensor Options (Linux)
crowdstrike.falcon.falconctl:
cid: "{{ falcon_cid if (falcon_cid != None) else omit }}"
provisioning_token: "{{ falcon_provisioning_token if (falcon_provisioning_token != None) else omit }}"
apd: "{{ falcon_apd if (falcon_apd != None) else omit }}"
aph: "{{ falcon_aph if (falcon_aph != None) else omit }}"
app: "{{ falcon_app if (falcon_app != None) else omit }}"
trace: "{{ falcon_trace if (falcon_trace != None) else omit }}"
feature: "{{ falcon_feature if (falcon_feature != None) else omit }}"
message_log: "{{ falcon_message_log if (falcon_message_log != None) else omit }}"
billing: "{{ falcon_billing if (falcon_billing != None) else omit }}"
tags: "{{ falcon_tags if (falcon_tags != None) else omit }}"
backend: "{{ falcon_backend if (falcon_backend != None) else omit }}"
state: "{{ 'present' if falcon_option_set else 'absent' }}"
register: falconctl_result
- name: CrowdStrike Falcon | Register Falcon Sensor Options
crowdstrike.falcon.falconctl_info:
register: info
- name: CrowdStrike Falcon | Restart Falcon Sensor on Changes
ansible.builtin.service:
name: falcon-sensor
state: "{{ falcon_service_state | default('restarted') }}"
enabled: yes
when:
- info.falconctl_info.cid
- falconctl_result.changed
become: yes
# noqa args[module]
# noqa no-handler
# Start of MacOSX Configuration
- name: CrowdStrike Falcon | Stat Falcon Sensor (macOS)
ansible.builtin.stat:
path: "/Applications/Falcon.app/Contents/Resources/falconctl"
register: falconctl_mac
when: ansible_facts['distribution'] == "MacOSX"
- name: MacOSX Block
when:
- ansible_facts['distribution'] == "MacOSX"
- falconctl_mac.stat.exists
become: yes
block:
- name: CrowdStrike Falcon | Associate Falcon Sensor with your Customer ID (CID) (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl license {{ falcon_cid }}"
when:
- falcon_cid != None
- not falcon_provisioning_token
failed_when: falconctl_license.rc > 1
register: falconctl_license
changed_when: falconctl_license.rc == 0
- name: CrowdStrike Falcon | Associate Falcon Sensor with your Provisioning Token (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl license {{ falcon_cid }} {{ falcon_provisioning_token }}"
when:
- falcon_cid != None
- falcon_provisioning_token != None
failed_when: falconctl_license.rc > 1
register: falconctl_license_prov
changed_when: falconctl_license_prov.rc == 0
- name: CrowdStrike Falcon | Check status of Falcon Sensor (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl stats"
failed_when: falconctl_stats.rc > 1
register: falconctl_stats
changed_when: false
- name: CrowdStrike Falcon | Ensure Falcon Sensor is running (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl load"
when:
- falconctl_stats.rc != 0
# noqa no-changed-when
- name: CrowdStrike Falcon | Get Grouping Tags (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl grouping-tags get"
register: falconctl_mac_tags_get
when:
- falcon_tags != None
changed_when: falconctl_mac_tags_get.stdout != grouping_tags
vars:
grouping_tags: "Grouping tags: {{ falcon_tags }}"
- name: CrowdStrike Falcon | Set Grouping Tags (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl grouping-tags set {{ falcon_tags }}"
when:
- falcon_tags != None
- falconctl_mac_tags_get.changed
- falcon_option_set
register: falconctl_mac_tags_set
changed_when: falconctl_mac_tags_set.stdout == "Grouping tags updated successfully."
# noqa no-handler
- name: CrowdStrike Falcon | Clear Grouping Tags (macOS)
ansible.builtin.command: "/Applications/Falcon.app/Contents/Resources/falconctl grouping-tags clear"
when:
- falcon_tags != None
- not falcon_option_set
register: falconctl_mac_tags_clear
changed_when: falconctl_mac_tags_clear.stdout == "Grouping tags updated successfully."
- name: CrowdStrike Falcon | Restart Falcon Sensor on Changes (macOS)
ansible.builtin.shell: |
/Applications/Falcon.app/Contents/Resources/falconctl unload
/Applications/Falcon.app/Contents/Resources/falconctl load
when:
- falconctl_mac_tags_set.changed or falconctl_mac_tags_clear.changed
# noqa no-changed-when
# noqa no-handler