From c99c322c437b4cb67c5ddf7256985fa9e3129e58 Mon Sep 17 00:00:00 2001
From: Greg Malkov <Shplorf@users.noreply.github.com>
Date: Fri, 8 Feb 2019 11:21:49 -0500
Subject: [PATCH] Amazon2 tweaks (#48)

* account for different amazon2 syntax

* cleanup

* kill auditd on Amazon
---
 tasks/disable_auditd.yml | 14 ++++++++++++++
 tasks/main.yml           |  4 ++++
 tasks/tsagent_setup.yml  |  3 ---
 templates/threatstack.j2 |  2 +-
 4 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 tasks/disable_auditd.yml

diff --git a/tasks/disable_auditd.yml b/tasks/disable_auditd.yml
new file mode 100644
index 0000000..ad13e56
--- /dev/null
+++ b/tasks/disable_auditd.yml
@@ -0,0 +1,14 @@
+---
+- name: check auditd status
+  command: service auditd status
+  register: auditd_status
+  ignore_errors: true
+  changed_when: false
+
+- name: Stop service auditd
+  command: service auditd stop
+  when: auditd_status.rc == 0
+
+- name: Disable service auditd
+  command: systemctl disable auditd
+  when: auditd_status.rc == 0
diff --git a/tasks/main.yml b/tasks/main.yml
index 3e7c605..8aabcbd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,6 +6,10 @@
   include: pkg_url.yml
   when: threatstack_pkg_url is undefined
 
+- name: Disable auditd service
+  include: disable_auditd.yml
+  when: ansible_distribution == 'Amazon'
+
 - name: Run Apt configure and install Threat Stack
   include: apt_install.yml
   when: ansible_os_family == 'Debian'
diff --git a/tasks/tsagent_setup.yml b/tasks/tsagent_setup.yml
index 2a6f52f..4931fe7 100644
--- a/tasks/tsagent_setup.yml
+++ b/tasks/tsagent_setup.yml
@@ -27,9 +27,6 @@
   set_fact:
     config_checksum: "{{ config_string | checksum }}"
 
-- debug:
-    msg: "{{ threatstack_agent_config_args }}"
-
 - name: Create file to track checksum of config string
   copy:
     content: "{{ config_checksum }}"
diff --git a/templates/threatstack.j2 b/templates/threatstack.j2
index 63eca4b..c400a5f 100644
--- a/templates/threatstack.j2
+++ b/templates/threatstack.j2
@@ -3,7 +3,7 @@ name=Threat Stack Package Repository
 {% if ansible_distribution == 'Amazon' %}
 {% if threatstack_v1 %}
 baseurl={{threatstack_pkg_url}}/Amazon
-{% elif ansible_distribution_version == '2' %}
+{% elif ansible_distribution_version == '2' or ansible_kernel is search("\.amzn2\.") %}
 baseurl={{threatstack_pkg_url}}/Amazon/2
 {% else %}
 baseurl={{threatstack_pkg_url}}/Amazon/1