added more params

made config do less on windows

manifests/configure.pp

@@ -60,12 +60,18 @@
   } else {
       $config_args_content = ''
   }
-
-  exec { 'threatstack-agent-setup':
-    command   => "${cloudsight_bin} setup --deploy-key='${::threatstack::deploy_key}' --hostname='${::threatstack::ts_hostname}' ${full_setup_args}",
-    subscribe => Package[$threatstack::ts_package],
-    creates   => "${confdir}/.audit",
-    path      => ['/bin', '/usr/bin'],
-    unless    => 'ps auwwwx| grep [t]sagentd'
+  case $facts['os']['family'] {
+    'Windows': {
+      notice("Windows agent setup should be done at install time.")
+    }
+    default: {
+      exec { 'threatstack-agent-setup':
+        command   => "${cloudsight_bin} setup --deploy-key='${::threatstack::deploy_key}' --hostname='${::threatstack::ts_hostname}' ${full_setup_args}",
+        subscribe => Package[$threatstack::ts_package],
+        creates   => "${confdir}/.audit",
+        path      => $::threatstack::binpath,
+        unless    => $::threatstack::setup_unless
+      }
+    }
   }
 }

manifests/init.pp

@@ -8,6 +8,10 @@
 #   Arguments to be passed to `tsagent setup`
 #   type: array
 #
+# [*binpath*]
+#   Used to set bin path for exec in the config class
+#   type: Array
+#
 # [*disable_auditd*]
 #   Required to work around issues with auditd on some distros
 #   type: bool
@@ -54,6 +58,10 @@
 #   Ruleset(s) to apply to host.
 #   type: array
 #
+# [*setup_unless*]
+#   Used in the setup exec in the configure class
+#   type: String
+#
 # [*tmpdir*]
 #   Used to download Windows agent MSI
 #   type: string
@@ -114,10 +122,12 @@
   $ts_hostname             = $::fqdn,
   $disable_auditd          = $::threatstack::params::disable_auditd,
   $disable_auditd_cmd      = $::threatstack::params::disable_auditd_cmd,
+  $binpath                 = $::threatstack::params::binpath,
+  $setup_unless            = $::threatstack::params::setup_unless,
   $windows_download_url    = $::threatstack::params::download_url,
   $windows_tmp_path        = $::threatstack::params::tmp_path,
   $windows_ts_package      = $::threatstack::params::ts_package,
-  $windows_install_options = ["TSDEPLOYKEY=${deploy_key}"]
+  $windows_install_options = $::threatstack::params::windows_install_options
 
 ) inherits ::threatstack::params {
 

manifests/params.pp

@@ -29,18 +29,29 @@
   }
 
   $cloudsight_bin  = $facts['os']['family'] ? {
-    'Windows' => 'C:\\Program Files\\Threat Stack\\tsagent.exe',
+    'Windows' => "C:\\Program Files\\Threat Stack\\tsagent.exe",
     default   => '/usr/bin/tsagent'
   }
 
+  $binpath = $facts['os']['family'] ? {
+    'Windows' => ["C:\\Program Files\\Threat Stack\\"],
+    default   => ['/bin', '/usr/bin']
+  }
+
+  $setup_unless = $facts['os']['family'] ? {
+    'Windows' => 'tasklist.exe /fi "Imagename eq tsagent*"',
+    default   =>'ps auwwwx| grep [t]sagentd'
+  }
+
   $confdir = $facts['os']['family'] ? {
-    'Windows' => 'C:\\ProgramData\\Threat Stack\\config\\',
+    'Windows' => "C:\\ProgramData\\Threat Stack\\config\\",
     default   => '/opt/threatstack/etc'
   }
 
   $package_version = 'installed'
   $rulesets        = ['Base Rule Set']
   $extra_args      = undef
+  $windows_install_options = ["TSDEPLOYKEY=${deploy_key}", "TSEVENTLOGLIST=Security,Microsoft-Windows-Sysmon/Operational"]
 
   case $facts['os']['family'] {
     'Windows': {