Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Puppet module fixes #546

Merged
merged 1 commit into from
Mar 1, 2019
Merged

Puppet module fixes #546

merged 1 commit into from
Mar 1, 2019

Conversation

JPLachance
Copy link
Contributor

@JPLachance JPLachance commented Mar 1, 2019
edited
Loading

Greetings,

We created a simple class that calls the falco class:

# == Class: profile::security::falco::install
#
# Installs Falco with some custom configuration
#
class profile::security::falco::install (
  $log_level       = 'info',
  $package_ensure  = 'installed',
  $service_ensure  = 'running',
  $service_enable  = true,
  $service_restart = true,
) {
  $falco_config_folder = '/etc/falco'

  Class [ '::falco' ]
  -> File [ "$falco_config_folder/falco_rules.local.yaml" ]
  ~> Service['falco']

  class { '::falco':
    log_level       => $log_level,
    log_stderr      => false,
    json_output     => true,
    syslog_output   => {
      'enabled' => false
    },
    file_output     => {
      'enabled'    => true,
      'keep_alive' => true,
      'filename'   => '/var/log/falco-events.log'
    },
    stdout_output   => {
      'enabled' => false
    },
    package_ensure  => $package_ensure,
    service_ensure  => $service_ensure,
    service_enable  => $service_enable,
    service_restart => $service_restart,
  }

  file { "$falco_config_folder/falco_rules.local.yaml":
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => template('profile/security/falco/falco_rules.local.yaml.erb')
  }

  filebeat::prospector { 'falco':
    paths             => [
      '/var/log/falco-events.log'
    ],
    doc_type          => 'json',
    fields            => {
      'ES_INDEX' => 'falco'
    },
    json              => {
      keys_under_root => true,
      message_key     => 'output'
    },
    max_bytes         => 524288,
    fields_under_root => true,
  }
}

We then encoutered multiple bugs and this PR fixes them!

Changes:
! Make sure we add the Sysdig repo and call an update before trying to install Falco
! Remove the require in the service class to fix a dependencies loop
* Bump the version to 0.4.0

The module now installs Falco on dozens of Ubuntu hosts without any issue! :famouslastwords: 😄

falco-CLA-1.0-contributing-entity: Coveo Solutions Inc.
falco-CLA-1.0-signed-off-by: Jean-Philippe Lachance jplachance@coveo.com

@JPLachance
Puppet module fixes
9aa254d 
! Make sure we add the Sysdig repo and call an update before trying to install Falco
! Remove the require in the service class to fix a dependencies loop
* Bump the version to 0.4.0

falco-CLA-1.0-contributing-entity: Coveo Solutions Inc.
falco-CLA-1.0-signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
@mstemm mstemm self-requested a review March 1, 2019 18:53
@mstemm mstemm merged commit e486af6 into falcosecurity:dev Mar 1, 2019
@JPLachance JPLachance deleted the fix/puppet-falco-install-issues branch March 7, 2019 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mstemm mstemm mstemm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JPLachance @mstemm