Validate MS Defender is not installed (#12529)

2025-12-11 03:27:05 +00:00 · 2025-07-04 14:45:17 +02:00
parent 53532a932a
commit 35fdc371fb
3 changed files with 31 additions and 0 deletions
--- a/images/ubuntu/scripts/build/post-build-validation.sh
+++ b/images/ubuntu/scripts/build/post-build-validation.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -e
+################################################################################
+##  File:  post-build-validation.sh
+##  Desc:  Validate different aspects of the image after build
+################################################################################
+
+echo "Test microsoft defender not installed using '-d /opt/microsoft/mdatp'"
+# Validate Defender not installed test 1
+if [ -d /opt/microsoft/mdatp ]; then
+    echo "Microsoft Defender for Endpoint is installed."
+    exit 1
+fi
+
+echo "Test microsoft defender not installed using 'systemctl list-units --type=service --all | grep mdatp'"
+# Validate Defender not installed test 2
+if systemctl list-units --type=service --all | grep -w mdatp &>/dev/null; then
+    echo "Microsoft Defender for Endpoint is installed."
+    exit 1
+fi
--- a/images/ubuntu/templates/build.ubuntu-22_04.pkr.hcl
+++ b/images/ubuntu/templates/build.ubuntu-22_04.pkr.hcl
@@ -238,6 +238,12 @@ build {
    inline          = ["mkdir -p /etc/vsts", "cp /tmp/ubuntu2204.conf /etc/vsts/machine_instance.conf"]
  }

+  provisioner "shell" {
+    environment_vars = ["HELPER_SCRIPTS=${var.helper_script_folder}"]
+    execute_command  = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
+    scripts          = ["${path.root}/../scripts/build/post-build-validation.sh"]
+  }
+
  provisioner "shell" {
    execute_command = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
    inline          = ["sleep 30", "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"]
--- a/images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl
+++ b/images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl
@@ -217,6 +217,12 @@ provisioner "shell" {
    scripts          = ["${path.root}/../scripts/build/configure-system.sh"]
  }

+  provisioner "shell" {
+    environment_vars = ["HELPER_SCRIPTS=${var.helper_script_folder}"]
+    execute_command  = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
+    scripts          = ["${path.root}/../scripts/build/post-build-validation.sh"]
+  }
+
  provisioner "shell" {
    execute_command = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
    inline          = ["sleep 30", "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"]