add scaffolding for eventual use of crowdstrike.falcon collection

pulibrary · Sep 6, 2024 · 9ab3dc5 · 9ab3dc5
1 parent 45d17e3
commit 9ab3dc5
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/playbooks/utils/security_theater.yml b/playbooks/utils/security_theater.yml
@@ -46,10 +46,22 @@
       mode: "0644"
     when: "ansible_facts.services['besclient.service'] is not defined"
 
+  # WIP: use the crowdstrike collection
+
+  # we might want to gather auth using
+  # https://crowdstrike.github.io/ansible_collection_falcon/auth_module.html#ansible-collections-crowdstrike-falcon-auth-module
+
+  - name: get the hash of the sensor file to Download
+    crowdstrike.falcon.sensor_download_info:
+      # https://crowdstrike.github.io/ansible_collection_falcon/sensor_download_info_module.html
+      # add task details here
+
   - name: Download the Falcon sensor deb file
-    ansible.builtin.get_url:
-      url: "https://isoshare.cpaneldev.princeton.edu/isoShares/Agents/Falcon/Latest/linux/Ubuntu/14_16_18_20_22/falcon-sensor_7.05.0-16004_amd64.deb"
-      dest: "/tmp/falcon-sensor_7.05.0-16004_amd64.deb"
+    crowdstrike.falcon.sensor_download:
+      # https://crowdstrike.github.io/ansible_collection_falcon/sensor_download_module.html#ansible-collections-crowdstrike-falcon-sensor-download-module
+      client_id: "{{ vault_crowdstrike_client_id }}"
+      client_secret: "{{ vault_crowdstrike_secret }}"
+      dest: "/tmp/"
       owner: pulsys
       group: pulsys
       mode: "0644"
@@ -67,7 +79,7 @@
 
   - name: install crowdstrike falcon sensor agent
     ansible.builtin.apt:
-      deb: "/tmp/falcon-sensor_7.05.0-16004_amd64.deb"
+      deb: "/tmp/{{ some_registered_var }}"
     when:
       - "'falcon-sensor' not in ansible_facts.packages"