Added ansible instructions

2025-05-15 14:57:23 +00:00 · 2020-02-18 20:29:02 +05:30 · 2020-02-18 20:29:02 +05:30 · f2c1bbecf1
commit f2c1bbecf1
parent 5e1bbff0a3
2 changed files with 241 additions and 13 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@ -0,0 +1,228 @@
 ---
 title: Installing Microsoft Defender ATP for Linux with Puppet
 ms.reviewer: 
 description: Describes how to install Microsoft Defender ATP for Linux, using Puppet.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Ansible based deployment
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
 This topic describes how to deploy Microsoft Defender ATP for Linux through Ansible. A successful deployment requires the completion of all of the following steps:
 - [Download the onboarding packages](#download-onboarding-package)
 - [Create Ansible YAML files](#create-ansible-yaml-files)
 - [Deployment](#deployment)
 - [Check onboarding status](#check-onboarding-status)
 - [References](#references)
 ## Prerequisites and system requirements
 Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
 - Ansible needs to be installed at least on one computer (we will call it master)
 - Password less SSH must be configured for root user between Master and all clients
 - Below software must be installed on all clients
  - python-apt
  - curl
  - unzip
 - All host must be listed in the following format in `/etc/ansible/hosts` file
    ```bash
    [servers]
    host1 ansible_ssh_host=10.171.134.39
    host2 ansible_ssh_host=51.143.50.51
    ```
 - Ping test
    ```$ ansible -m ping all```
 ## Download onboarding package
 Download the onboarding package from Microsoft Defender Security Center:
 1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**.
 2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**.
 3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip.
    ![Windows Defender Security Center screenshot](images/atp-portal-onboarding-win-intune.png)
 4. From a command prompt, verify that you have the file.
    Extract the contents of the .zip file and create mdatp_onboard.json file as follows:
    ```bash
    $ ls -l
    total 8
    -rw-r--r-- 1 test  staff  6287 Oct 21 11:22 WindowsDefenderATPOnboardingPackage.zip
    $ unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' >mdatp_onboard.json
    ```
 ## Create Ansible YAML files
 Create subtask / role files which contribute to an actual task. Create below files under `/etc/ansible/roles` directory.
 - Copy onboarding package on all client machines  
    ```bash
    $ cat /etc/ansible/roles/copy_onboarding_pkg.yml
    - name: Copy the zip file
        copy:
            src:  /root/WindowsDefenderATPOnboardingPackage.zip
            dest: /root/WindowsDefenderATPOnboardingPackage.zip
            owner: root
            group: root
            mode: '0644'
    ```
 - Create a `setup.sh` script which operates on onboarding blob
    ```bash
    $ cat /root/setup.sh
    #!/bin/bash
    # Unzip the file and creates license blob
    mkdir -p /etc/opt/microsoft/mdatp/
    unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' > /etc/opt/microsoft/mdatp/mdatp_onboard.json
    # get the GPG key
    curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
    sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/
    ```
 - Create onboarding blob
    ```bash
    $ cat setup_blob.yml
    - name: Copy the setup script file
        copy:
            src: /root/setup.sh
            dest: /root/setup.sh
            owner: root
            group: root
            mode: '0744'
    - name: Run a script to create license blob
        script: /root/setup.sh
    ```
 - Add the Microsoft Defender ATP repository and key
    ```bash
    $ cat add_apt_repo.yml
    - name: Add Microsoft repository for MDATP
        apt_repository:
            repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/ubuntu/16.04/prod insiders-fast main
            update_cache: yes
            state: present
            filename: microsoft-insiders-fast.list
    - name: Add Microsoft APT key
            apt_key:
                keyserver: https://packages.microsoft.com/
                id: BC528686B50D79E339D3721CEB3E94ADBE1229C
    ```
 - For Yum based distributions use the following YML file
    ```bash
    $ cat add_yum_repo.yml
    - name: Add  Microsoft repository for MDATP
         yum_repository:
            name: packages-microsoft-com-prod-insiders-fast
            description: Microsoft Defender ATP
            file: microsoft-insiders-fast
            baseurl: https://packages.microsoft.com/centos/7/insiders-fast/
            gpgcheck: yes
            enabled: Yes
    ```
 - Now create the actual install/uninstall YAML files under /etc/ansible/playbooks
    ```bash
    $ cat install_mdatp.yml
    - hosts: servers
        tasks:
            - include: ../roles/download_copy_blob.yml
            - include: ../roles/setup_blob.yml
            - include: ../roles/add_apt_repo.yml
            - apt:
                name: mdatp
                state: latest
                update_cache: yes
    ```
    ```bash
    $ cat uninstall_mdatp.yml
    - hosts: servers
      tasks:
        - apt:
            name: mdatp
            state: absent
    ```
 - For the Yum based distribution
    ```bash
    $ cat install_mdatp_yum.yml
    - hosts: servers
      tasks:
        - include: ../roles/download_copy_blob.yml
        - include: ../roles/setup_blob.yml
        - include: ../roles/add_yum_repo.yml
        - yum:
            name: mdatp
            state: latest
            enablerepo: packages-microsoft-com-prod-insiders-fast
    ```
    ```bash
    $ cat uninstall_mdatp_yum.yml
    - hosts: servers
      tasks:
        - yum:
            name: mdatp
            state: absent
    ```
 ## Deployment
 Now run the tasks files under `/etc/ansible/playbooks/`
 - Installation
    `# ansible-playbook /etc/ansible/playbooks/install_mdatp.yml -i /etc/ansible/hosts`
 - Validation / Configuration
    `# ansible -m shell -a 'mdatp --connectivity-test' all`<br/>
    `# ansible -m shell -a 'mdatp --health' all`
 - Un-Installation
    `# ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts`
 ## References
 [Add or remove YUM repositories](https://docs.ansible.com/ansible/2.3/yum_repository_module.html)<br/>
 [Manage packages with the yum package manager](https://docs.ansible.com/ansible/latest/modules/yum_module.html)<br/>
 [Add and remove APT repositories](https://docs.ansible.com/ansible/latest/modules/apt_repository_module.html)<br/>
 [Manage apt-packages](https://docs.ansible.com/ansible/latest/modules/apt_module.html)
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@ -255,7 +255,7 @@ The following configuration profile will:
   "cloudService":{
      "automaticSampleSubmission":true,
      "enabled":true,
-   },
+   }
 }
 ```
@ -266,45 +266,45 @@ The following configuration profile contains entries for all settings described
 ### Full profile
 ```JSON
-{ 
+{
-   "antivirusEngine":{ 
+   "antivirusEngine":{
      "enableRealTimeProtection":true,
      "passiveMode":false,
-      "exclusions":[ 
+      "exclusions":[
-         { 
+         {
            "$type":"excludedPath",
            "isDirectory":false,
            "path":"/var/log/system.log"
         },
-         { 
+         {
            "$type":"excludedPath",
            "isDirectory":true,
            "path":"/home"
         },
-         { 
+         {
            "$type":"excludedFileExtension",
            "extension":"pdf"
         }
      ],
-      "allowedThreats":[ 
+      "allowedThreats":[
         "EICAR-Test-File (not a virus)"
      ],
-      "threatTypeSettings":[ 
+      "threatTypeSettings":[
-         { 
+         {
            "key":"potentially_unwanted_application",
            "value":"block"
         },
-         { 
+         {
            "key":"archive_bomb",
            "value":"audit"
         }
      ]
   },
-   "cloudService":{ 
+   "cloudService":{
      "enabled":true,
      "diagnosticLevel":"optional",
      "automaticSampleSubmission":true,
-   },
+   }
 }
 ```