From 91e9e6739b7282d1d12e5648e93b4c46dcf62395 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 17 May 2024 10:23:34 -0400 Subject: [PATCH] Remove resources that support the Tanium CDM agent The Tanium CDM agent is being retired. --- src/cdm.yml | 20 -------------------- src/requirements.yml | 2 -- terraform-build-user/main.tf | 21 --------------------- terraform-build-user/remote_states.tf | 13 ------------- 4 files changed, 56 deletions(-) diff --git a/src/cdm.yml b/src/cdm.yml index 9b3b2ed..a401f2b 100644 --- a/src/cdm.yml +++ b/src/cdm.yml @@ -4,12 +4,6 @@ become: true become_method: ansible.builtin.sudo tasks: - - name: Install CDM Tanium client - ansible.builtin.include_role: - name: cdm_tanium - vars: - cdm_tanium_server_name: "{{ lookup('aws_ssm', '/cdm/tanium_hostname') }}" - cdm_tanium_third_party_bucket_name: "{{ build_bucket }}" - name: Install CDM Nessus agent ansible.builtin.include_role: name: cdm_nessus_agent @@ -42,20 +36,6 @@ - direction: out port: 443 proto: tcp - # Tanium - - direction: in - port: 17472 - proto: tcp - - direction: out - port: 17472 - proto: tcp - # Tanium threat response - - direction: in - port: 17475 - proto: tcp - - direction: out - port: 17475 - proto: tcp # Tenable - direction: in port: 8834 diff --git a/src/requirements.yml b/src/requirements.yml index 05fdc68..6b3c524 100644 --- a/src/requirements.yml +++ b/src/requirements.yml @@ -10,8 +10,6 @@ roles: src: https://github.com/cisagov/ansible-role-banner - name: cdm_nessus_agent src: https://github.com/cisagov/ansible-role-cdm-nessus-agent - - name: cdm_tanium - src: https://github.com/cisagov/ansible-role-cdm-tanium-client - name: chrony_aws src: https://github.com/cisagov/ansible-role-chrony-aws - name: clamav diff --git a/terraform-build-user/main.tf b/terraform-build-user/main.tf index e867233..a15f7de 100644 --- a/terraform-build-user/main.tf +++ b/terraform-build-user/main.tf @@ -10,7 +10,6 @@ module "iam_user" { } ssm_parameters = [ - "/cdm/tanium_hostname", "/cyhy/dev/users", "/openvpn/server/*", "/ssh/public_keys/*", @@ -18,26 +17,6 @@ module "iam_user" { user_name = "build-openvpn-packer" } -# Attach 3rd party S3 bucket read-only policy from -# cisagov/ansible-role-cdm-tanium-client to the production -# EC2AMICreate role -resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_production" { - provider = aws.images-production-ami - - policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.production_bucket_policy.arn - role = module.iam_user.ec2amicreate_role_production.name -} - -# Attach 3rd party S3 bucket read-only policy from -# cisagov/ansible-role-cdm-tanium-client to the staging EC2AMICreate -# role -resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_staging" { - provider = aws.images-staging-ami - - policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.staging_bucket_policy.arn - role = module.iam_user.ec2amicreate_role_staging.name -} - # Attach 3rd party S3 bucket read-only policy from # cisagov/ansible-role-cdm-nessus-agent to the production # EC2AMICreate role diff --git a/terraform-build-user/remote_states.tf b/terraform-build-user/remote_states.tf index bcbf3b9..87059da 100644 --- a/terraform-build-user/remote_states.tf +++ b/terraform-build-user/remote_states.tf @@ -90,19 +90,6 @@ data "terraform_remote_state" "ansible_role_cdm_nessus_agent" { } } -data "terraform_remote_state" "ansible_role_cdm_tanium_client" { - backend = "s3" - - config = { - encrypt = true - bucket = "cisa-cool-terraform-state" - dynamodb_table = "terraform-state-lock" - profile = "cool-terraform-backend" - region = "us-east-1" - key = "ansible-role-cdm-tanium-client/terraform.tfstate" - } -} - data "terraform_remote_state" "ansible_role_crowdstrike" { backend = "s3"