Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove resources that support the Tanium CDM agent #109

Merged
merged 4 commits into from
May 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 0 additions & 20 deletions src/cdm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@
become: true
become_method: ansible.builtin.sudo
tasks:
- name: Install CDM Tanium client
ansible.builtin.include_role:
name: cdm_tanium
vars:
cdm_tanium_server_name: "{{ lookup('aws_ssm', '/cdm/tanium_hostname') }}"
cdm_tanium_third_party_bucket_name: "{{ build_bucket }}"
- name: Install CDM Nessus agent
ansible.builtin.include_role:
name: cdm_nessus_agent
Expand Down Expand Up @@ -42,20 +36,6 @@
- direction: out
port: 443
proto: tcp
# Tanium
- direction: in
port: 17472
proto: tcp
- direction: out
port: 17472
proto: tcp
# Tanium threat response
- direction: in
port: 17475
proto: tcp
- direction: out
port: 17475
proto: tcp
# Tenable
- direction: in
port: 8834
Expand Down
2 changes: 0 additions & 2 deletions src/requirements.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ roles:
src: https://github.com/cisagov/ansible-role-banner
- name: cdm_nessus_agent
src: https://github.com/cisagov/ansible-role-cdm-nessus-agent
- name: cdm_tanium
src: https://github.com/cisagov/ansible-role-cdm-tanium-client
- name: chrony_aws
src: https://github.com/cisagov/ansible-role-chrony-aws
- name: clamav
Expand Down
2 changes: 1 addition & 1 deletion src/version.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "0.4.1"
__version__ = "0.4.2"
21 changes: 0 additions & 21 deletions terraform-build-user/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,34 +10,13 @@ module "iam_user" {
}

ssm_parameters = [
"/cdm/tanium_hostname",
"/cyhy/dev/users",
"/openvpn/server/*",
"/ssh/public_keys/*",
]
user_name = "build-openvpn-packer"
}

# Attach 3rd party S3 bucket read-only policy from
# cisagov/ansible-role-cdm-tanium-client to the production
# EC2AMICreate role
resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_production" {
provider = aws.images-production-ami

policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.production_bucket_policy.arn
role = module.iam_user.ec2amicreate_role_production.name
}

# Attach 3rd party S3 bucket read-only policy from
# cisagov/ansible-role-cdm-tanium-client to the staging EC2AMICreate
# role
resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_staging" {
provider = aws.images-staging-ami

policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.staging_bucket_policy.arn
role = module.iam_user.ec2amicreate_role_staging.name
}

# Attach 3rd party S3 bucket read-only policy from
# cisagov/ansible-role-cdm-nessus-agent to the production
# EC2AMICreate role
Expand Down
13 changes: 0 additions & 13 deletions terraform-build-user/remote_states.tf
Original file line number Diff line number Diff line change
Expand Up @@ -90,19 +90,6 @@ data "terraform_remote_state" "ansible_role_cdm_nessus_agent" {
}
}

data "terraform_remote_state" "ansible_role_cdm_tanium_client" {
backend = "s3"

config = {
encrypt = true
bucket = "cisa-cool-terraform-state"
dynamodb_table = "terraform-state-lock"
profile = "cool-terraform-backend"
region = "us-east-1"
key = "ansible-role-cdm-tanium-client/terraform.tfstate"
}
}

data "terraform_remote_state" "ansible_role_crowdstrike" {
backend = "s3"

Expand Down
Loading