cookbook 'tripwire_agent', '~> 1.1.5'
tripwire_agent (16) Versions 1.1.5 Follow2
Installs/Configures tripwire_agent
cookbook 'tripwire_agent', '~> 1.1.5', :supermarket
knife supermarket install tripwire_agent
knife supermarket download tripwire_agent
tripwire_agent
Cookbook installs Tripwire Enterprise Agents, either Axon or Java. This cookbook also provides a resource to upgrade a Java agent
Features
This cookbook provides resources for the installation of Tripwire Enterprise Axon and Java agents. Users are able to include this cookbook in their own cookbooks or use the cookbook on its own to install their agents within their infrastructure. A recipe is also included to migrate a system from a Java agent to an Axon agent.
Requirements
- Chef 13 or higher
- Tripwire Enterprise installers available through a share or web service
Provider Documentation
Axon Parameters
Parameter | Definition | Type |
---|---|---|
installer |
Defines the path to the installer package or compressed tar/zip file for the axon agent, accepts urls to the installer | String |
eg_install |
If set to true, installs the event generator drivers and service (linux/debian only) | Boolean |
use_dkms_driver |
If set to true, uses the DKMS specific driver packaged in the compressed tar file (linux/debian only) | Boolean |
eg_driver_installer |
Defines the path to the installer package for the axon EG driver installer (linux/debian only), only required if not using a compressed tar file | String |
eg_service_installer |
Defines the path to the installer package for the axon EG service installer (linux/debian only), only required if not using a compressed tar file | String |
install_directory |
Install path for the Axon agent (current not in use) | String |
config_directory |
Configuration directory, for IP360 and TLC Axon agents | String |
service_name |
Service name for the IP360 and TLC Axon Agents | String |
dns_srvc_name |
Sets the DNS pointer for the Bridge service | String |
dns_srvc_domain |
Sets the DNS domain for the pointer | String |
bridge_auth_mode |
Registration type, password or PKI | String |
keystore_password |
PKI keystore password | String |
registration_filename |
Registration password file | String |
registration_key |
Registration password for the Bridge | String |
proxy_hostname |
Proxy hostname used by the Axon agent | String |
proxy_port |
Proxy port used by the Axon agent | Integer |
proxy_username |
Proxy username used by the Axon agent | String |
proxy_password |
Proxy password used by the Axon agent | String |
tls_version |
TLS version used by the agent, TLSv1.0, TLSv1.1, TLSv1.2 | String |
cipher_suites |
Cipher suites used by Axon to connect to the Bridge | String |
spool_size |
Spool size used by the agent, default 1g | String |
bridge |
Bridge hostname or IP if not using DNS to connect to the Bridge | String |
bridge_port |
'Bridge port, used to connect if the Bridge is set' | Integer |
start_service |
Start the agent service post install (See Gotchas) | Boolean |
tags |
Key/Value hash of tags used when registering to Tripwire Enterprise | Hash |
clean |
Used for the remove action, deletes the configuration directory | true |
Axon Actions
-
:install
- Default action, Installs the Axon agent -
:remove
- Removes an existing Axon agent
Java Parameters
Parameter | Definition | Type |
---|---|---|
installer |
Defines the path to the Java agent installer binary or compressed tar file | String |
console |
Defines the Tripwire Enterprise console server | String |
services_password |
Defines the services password used by the agent to connect to the Console server | String |
console_port |
Defines the port used by the Tripwire Enterprise console to connect the agent to the console | String |
install_directory |
Defines the directory the agent will be installed to on the target system | String |
install_rtm |
Tells the installer not to install EG services | Boolean |
rtm_port |
Defines the local port used by the EG services | Integer |
proxy_agent |
Configures the agent to become a proxy for other agents | Boolean |
proxy_hostname |
Defines the hostname or IP of another Java agent serving as a proxy to the Tripwire Enterprise Console | String |
proxy_port |
Defines the proxy port used by the proxy or to connect to a Java proxy agent | Integer |
fips |
Tells the installer to enable FIPS mode | Boolean |
integration_port |
Defines the integration port, if FIPS is set | Integer |
start_service |
Defines if the service starts once the agent is installed | Boolean |
tags |
Key/Value hash of tag sets and tags used when the agent first registers to the Tripwire Enterprise console | Hash |
Java Actions
-
:install
- Default action, Installs the Java agent -
:remove
- Removes the java agent
Required properties
Java
* installer
* console
* services_password
Axon
* installer
* eg_driver_installer (if installing EG/RTM, linux/debian only)
* eg_service_installer (if installing EG/RTM, linux/debain only)
* dns_srvc_name (if using DNS to direct agent to the bridge)
* dns_srvc_domain (if using DNS)
* bridge_server (if providing the IP/Hostname of the bridge)
* keystore_password (if using PKI)
* registration_key (if using a registration key to authenticate to the bridge)
Attributes
Key | Type | Description | Default | Java Required | Axon Required |
---|---|---|---|---|---|
['tripwire_agent']['installer'] | String | Path to the agent installer binary or original compressed tar/zip archive, accepts http and file paths | nil | Yes | Yes |
['tripwire_agent']['tags'] | Hash | Hash of tag sets and tags applied when the agent registers | {} | No | No |
['tripwire_agent']['proxy_hostname'] | String | Hostname/IP of the proxy server used by the agent | nil | No | No |
['tripwire_agent']['proxy_port'] | Integer | Proxy's listening port | 1080 | No | No |
['tripwire_agent']['install_rtm'] | Boolean | Installs Real-Time monitoring modules | true | No | No |
['tripwire_agent']['rtm_port'] | Integer | Port used by the Real-Time service | 1169 | No | No |
['tripwire_agent']['start_service'] | Boolean | Starts the agent once installation completes | true | No | No |
['tripwire_agent']['java']['console'] | String | Tripwire Enterprise hostname/IP | nil | Yes | - |
['tripwire_agent']['java']['services_password'] | String | Services password required to connect the java agent to the Tripwire Enterprise Console | nil | Yes | - |
['tripwire_agent']['java']['console_port'] | Integer | Port used by both the agent and console for communication | 9898 | No | - |
['tripwire_agent']['java']['proxy_agent'] | Boolean | Configures the agent to be a proxy | false | No | - |
['tripwire_agent']['java']['fips'] | Boolean | Enables FIPS mode on the java agent | false | No | - |
['tripwire_agent']['java']['integration_port'] | Integer | Configures the integration port used by the Tripwire Enterprise Console, only set if FIPS is enabled | 8080 | No | - |
['tripwire_agent']['java']['install_directory'] | String | Modifies the default installation directory for the agent | Windows: C:\Program Files\Tripwire\TE\Agent Linux: /usr/local/tripwire/te/agent
|
No | - |
['tripwire_agent']['axon']['eg_install'] | Boolean | Install the event generator driver and the event generator service (linux/debian only) | Yes | - | Yes |
['tripwire_agent']['axon']['use_dkms_driver'] | Boolean | If a tar file was set for the installer and eg_install is set to true , this flag instructs to install the DKMS driver if set to true |
false | - | No |
['tripwire_agent']['axon']['eg_driver_installer'] | String | Event Generator installer for linux | nil | - | No |
['tripwire_agent']['axon']['eg_service_installer'] | String | Event Generator service installer for linux | nil | - | No |
['tripwire_agent']['axon']['service_name'] | String | Service name for Axon | Linux: tripwire-axon-agent , Windows: TripwireAxonAgent
|
- | No |
['tripwire_agent']['axon']['config_directory'] | String | Path to the configuration directory for Axon | Linux: /etc/tripwire , Windows: C:\Program Files\Tripwire\Agent
|
- | No |
['tripwire_agent']['axon']['bridge'] | String | Hostname or IP of the bridge server | nil | - | Yes |
['tripwire_agent']['axon']['bridge_port'] | Integer | Bridge port listening for Axon agents | 5670 | - | No |
['tripwire_agent']['axon']['dns_srvc_name'] | String | PTR used by axon to connect to the bridge | _tw_gw | No | No |
['tripwire_agent']['axon']['dns_srvc_domain'] | String | Domain to find the PTR to connect to the bridge | nil | No | No |
['tripwire_agent']['axon']['bridge_auth_mode'] | String | Method used to register with the bridge, registration or pki | registration | - | No |
['tripwire_agent']['axon']['keystore_password'] | String | Password used to unlock the PKI keystore | nil | - | No |
['tripwire_agent']['axon']['registration_filename'] | String | File name used for the registration key file | registration_pre_shared_key.txt | - | No |
['tripwire_agent']['axon']['proxy_username'] | String | Username to authenticate to the Axon proxy | nil | - | No |
['tripwire_agent']['axon']['proxy_password'] | String | Password to authenticate to the Axon proxy | nil | - | No |
['tripwire_agent']['axon']['tls_version'] | String | TLS version(s) used by the Axon agent will use connecting to the bridge | nil | - | No |
['tripwire_agent']['axon']['cipher_suites'] | String | Cipher suites the Axon agent will use connecting to the bridge | nil | - | No |
['tripwire_agent']['axon']['spool_size'] | String | Set a custom spool size | 1g | - | No |
['tripwire_agent']['axon']['clean'] | Boolean | Used in uninstalling the agent to clean up the configuration directory | true | - | No |
Provider Usage
Axon
Place this dependency inside your cookbooks metadata.rb.
depends 'tripwire_agent'
Within your recipe specifying all of the installer binaries:
tripwire_agent_axon 'Installing the Tripwire Axon Agent' do installer '/mnt/share/tripwire/axon-agent-installer-linux-x64.rpm' eg_driver_installer '/mnt/share/tripwire/tw-eg-driver.x86_64.rpm' eg_service_installer '/mnt/share/tripwire/tw-eg-service.x86_64.rpm' bridge 'tw-console.example.com' registration_key 'PaS5w0rd!_K3y' tags "Platform" => "Red Hat", "Policy" => ["PCI", "SOX"], "Importance" => "High", "Org" => ["Payment", "Sales", "Production"] end
Within your recipe specifying the packaged tar file from Tripwire Customer Center:
ruby
tripwire_agent_axon 'Installing the Tripwire Axon Agent' do
installer '/mnt/share/tripwire/axon-agent-installer-linux-x64.tgz'
bridge 'tw-console.example.com'
registration_key 'PaS5w0rd!_K3y'
tags "Platform" => "Red Hat", "Policy" => ["PCI", "SOX"], "Importance" => "High", "Org" => ["Payment", "Sales", "Production"]
end
The configurations above will install the Axon agent, EG Driver, EG Service onto the platform. The twagent.conf file will be set to point to the bridge server and sets a registration password file (This file will be removed once the agent successfully registers with the bridge). Tagging file will also be created and will be used only once during the first time the agent connects to the bridge for Tripwire Enterprise.
Java
Place this dependency inside your cookbooks metadata.rb.
depends 'tripwire_agent'
Within your recipe:
tripwire_agent_java 'Install Tripwire Java Agent' do installer '/mnt/share/tripwire/te_agent.bin' console 'tw-console.example.com' services_password 'Pas5W0rd!_C0mp13x!Ty^' tags "Platform" => "Red Hat", "Policy" => ["PCI", "SOX"], "Importance" => "High", "Org" => ["Payment", "Sales", "Production"] end
The configuration above will install the Tripwire Java agent and point it at the Tripwire Enterprise console. It will register with a hash of tags when the agent first registers to the console server.
Recipe Usage
Axon
Sample Installation Role:
chef_type: role default_attributes: description: Axon agent install for Linux, no DNS record env_run_lists: json_class: Chef::Role name: axon_install_linux_x64 override_attributes: tripwire_agent: installer: '/mnt/share/tripwire/axon-agent-installer-linux-x64.tgz' tags: {"Platform": "Red Hat", "Policy": ["PCI", "SOX"], "Importance": "High", "Org": ["Payment", "Sales", "Production"]} axon: bridge: 'tw-console.example.com' registration_key: 'PaS5w0rd!_K3y' run_list: recipe[tripwire_agent::axon_agent]
Sample Migration Role:
chef_type: role default_attributes: description: Axon agent install for Linux, no DNS record env_run_lists: json_class: Chef::Role name: axon_install_linux_x64 override_attributes: tripwire_agent: installer: '/mnt/share/tripwire/axon-agent-installer-linux-x64.tgz' tags: {"Platform": "Red Hat", "Policy": ["PCI", "SOX"], "Importance": "High", "Org": ["Payment", "Sales", "Production"]} axon: bridge: 'tw-console.example.com' registration_key: 'PaS5w0rd!_K3y' run_list: recipe[tripwire_agent::migrate]
Java
Java recipes include a removal recipe and an installation recipe.
Sample Role:
chef_type: role default_attributes: description: Java agent install for Linux env_run_lists: json_class: Chef::Role name: java_install_linux_x64 override_attributes: tripwire_agent: installer: '/mnt/share/tripwire/te_agent.bin' tags: {"Platform": "Red Hat", "Policy": ["PCI", "SOX"], "Importance": "High", "Org": ["Payment", "Sales", "Production"]} java: console: 'tw-console.example.com' services_password: 'Pas5W0rd!_C0mp13x!Ty^' run_list: recipe[tripwire_agent::java_agent]
To-Do
- Support custom pki registration
Gotchas
- Axon agents requires some method of knowing about the bridge, either through DNS pointer record or manually configuring the bridge through the attribute or when using the resource in your cookbook.
- Please see the Installation and Maintenance guide for any additional information
- Installation of the DKMS driver for the event generator service requires that the DKMS package is already installed on the system.
- Axon Windows agents will automatically start post installation
- Linux Axon agents can be prevented from starting post installation
- Java agents for Windows and Linux can be prevented from starting post installation
- Alternative installation paths for Java agents are not supported on Debian platforms
- Alternative installation paths on Axon are currently not supported
- Integration Port for Java agents will only be set if FIPS is enabled
Contributing
See the contribution guidelines for more information.
Dependent cookbooks
windows ~> 3.0 |
tar ~> 2.2 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
tripwire_agent Cookbook CHANGELOG
1.1.0 (2019-01-14)
- Added support for Amazon Linux
1.0.0 (2018-12-12)
- Requires Chef 13 or later
- Added ability to accept zip/tar files for agent installer paths
- Updated the README for the new feature set
- Added the "use_dkms_driver" attribute to select the dkms driver when a tar file is set as the installer path
- Addressed foodcritic and linting warnings
- Updated kitchen tests
0.1.8 (2018-11-29)
- Fixed deprecation warnings on Chef 13
0.1.7 (2018-06-29)
- Fixed #22 EG driver install fails on early versions of RHEL 5 and 6
0.1.6 (2018-02-07)
Fixed a few issues introduced by 0.1.5
- Fixed tripwire_agent_axon property config_directory default
- Fixed proxy_hostname validation for Java agent
0.1.5 (2017-11-10)
Expanding axon's resources to support co-existing agents for TE, TLC, and IP360
Added service_name, install_directory, and config_directory property to allow
users to set the paths necessary for proper configuration of the agent.
- Inspec tests added for IP360's path changes
- Updated README
Fixes to enable axon to be used as a resource in other cookbooks:
- Template resource now includes the cookbook name
- Set proxy_hostname to nil (not sure why I changed it to string)
- fix in both the template and attributes
0.1.4 (2017-10-27)
Resolved nil issue when using the Java agent resource
Added new_resource to all properties in Axon and Java resources for Chef 13 support
0.1.3 (2017-10-02)
Resolved a issue with event generator driver/service for linux throwing an error if paths to the installers are not present in Axon
Resolved an issue with the DNS pointer being used when left at its default value
0.1.2 (2017-06-29)
Fix supported Chef version.
0.1.1 (2017-06-22)
Formatting fixes for documentation. No code changes.
0.1.0 (2017-06-22)
The first version released on GitHub and Chef Supermarket
Collaborator Number Metric
1.1.5 passed this metric
Contributing File Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.1.5 passed this metric
No Binaries Metric
1.1.5 passed this metric
Testing File Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.1.5 passed this metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.1.5 passed this metric
No Binaries Metric
1.1.5 passed this metric
Testing File Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.1.5 passed this metric
1.1.5 passed this metric
Testing File Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.1.5 failed this metric
1.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number