update regarding modules, lint and expand puppet manifest.

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2025-05-18 08:17:23 +00:00 · 2020-02-27 23:48:36 +01:00 · 2020-02-27 23:48:36 +01:00 · c9fb9f514d
commit c9fb9f514d
parent c1f29d099a
1 changed files with 54 additions and 35 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@ -60,7 +60,7 @@ Download the onboarding package from Microsoft Defender Security Center:

 ## Create a Puppet manifest

-You need to create a Puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by a Puppet server. This example makes use of the *apt* module available from puppetlabs, and assumes that the apt module has been installed on your Puppet server.
+You need to create a Puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by a Puppet server. This example makes use of the *apt* and *yumrepo* module available from puppetlabs, and assumes that the modules has been installed on your Puppet server.

 Create the folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your Puppet installation. This is typically located in */etc/puppetlabs/code/environments/production/modules* on your Puppet server. Copy the mdatp_onboard.json file created above to the *install_mdatp/files* folder. Create an *init.pp* file that contains the deployment instructions:

@ -86,44 +86,63 @@ In order to preview new features and provide early feedback, it is recommended t

 Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`.

-In the below commands, replace *[distro]* and *[version]* with the information you've identified:
-
-> [!NOTE]
-> In case of Oracle EL and CentOS 8, replace *[distro]* with “rhel”.
-
 ```puppet
-class install_mdatp {
+# Puppet manifest to install Microsoft Defender ATP.
+# @param channel The release channel based on your environment, insider-fast or prod.
+# @param distro The Linux distribution in lowercase. In case of RedHat, Oracle EL and CentOS 8, the distro variable should be 'rhel'.
+# @param version The Linux distribution release number, e.g. 7.4.

-    if ($osfamily == 'Debian') {
+class install_mdatp (
+$channel = 'insiders-fast',
+$distro = undef,
+$version = undef
+){
+    case $::osfamily {
+        'Debian' : {
            apt::source { 'microsoftpackages' :
-            location => 'https://packages.microsoft.com/[distro]/[version]/prod', # change the version and distro based on your OS 
-            release  => '[channel]',
+                location => "https://packages.microsoft.com/${distro}/${version}/prod",
+                release  => $channel,
                repos    => 'main',
                key      => {
                    'id'     => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF',
-                'server' => 'https://packages.microsoft.com/keys/microsoft.asc',
+                    'server' => 'keyserver.ubuntu.com',
                },
            }
        }
-    else {
+        'RedHat' : {
            yumrepo { 'microsoftpackages' :
-            baseurl  => 'https://packages.microsoft.com/[distro]/[version]/[channel]', # change the version and distro based on your OS 
+                baseurl  => "https://packages.microsoft.com/${distro}/${version}/${channel}",
                enabled  => 1,
                gpgcheck => 1,
                gpgkey   => 'https://packages.microsoft.com/keys/microsoft.asc'
            }
        }
+        default : { fail("${::osfamily} is currently not supported.") }
+    }
+
+    case $::osfamily {
+        /(Debian|RedHat)/: {
+            file { ['/etc/opt', '/etc/opt/microsoft', '/etc/opt/microsoft/mdatp']:
+                ensure => directory,
+                owner  => root,
+                group  => root,
+                mode   => '0755'
+            }
+
+            file { '/etc/opt/microsoft/mdatp/mdatp_onboard.json':
+                source  => 'puppet:///modules/mdatp/mdatp_onboard.json',
+                owner   => root,
+                group   => root,
+                mode    => '0600',
+                require => File['/etc/opt/microsoft/mdatp']
+            }

            package { 'mdatp':
                ensure  => 'installed',
+                require => File['/etc/opt/microsoft/mdatp/mdatp_onboard.json']
            }
-
-    file { ['/etc', '/etc/opt', '/etc/opt/microsoft', '/etc/opt/microsoft/mdatp']:
-        ensure => directory,
        }
-    file { '/etc/opt/microsoft/mdatp/mdatp_onboard.json':
-        mode => "0644",
-        source => 'puppet:///modules/install_mdatp/mdatp_onboard.json',
+        default : { fail("${::osfamily} is currently not supported.") }
    }
 }
 ```