github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mar 2nd 2023 update

Browse Source
This commit is contained in:
Ned Wright
2023-03-02 17:08:49 +00:00
parent fef95b12b3
commit 2a7ddf0666
14 changed files with 170 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nodes/orchestration/package/cpnano_debug/cpnano_debug.cc
View File

@@ -78,6 +78,7 @@ enum class Service {
SDWAN_LOGGER,
IOT_ENFORCE,
IOT_DOCTOR,
IOT_RISK,
IOT_GW_SENSOR,
IOT_SNMP,
IOT_MS_DHCP,
@@ -152,6 +153,7 @@ getServiceString(const Service service)
case (Service::CAPSULE8): return "capsule8";
case (Service::IOT_ENFORCE): return "iot-enforce";
case (Service::IOT_DOCTOR): return "iot-doctor";
case (Service::IOT_RISK): return "iot-risk";
case (Service::IOT_GW_SENSOR): return "iot-gw-sensor";
case (Service::IOT_SNMP): return "iot-snmp";
case (Service::IOT_MS_DHCP): return "iot-ms-dhcp";
@@ -267,6 +269,11 @@ getServiceConfig (const Service service)
filesystem_path + "/conf/cp-nano-iot-doctor-debug-conf.json",
log_files_path + "/nano_agent/cp-nano-iot-doctor.dbg"
);
case (Service::IOT_RISK):
return ServiceConfig(
filesystem_path + "/conf/cp-nano-iot-risk-debug-conf.json",
log_files_path + "/nano_agent/cp-nano-iot-risk.dbg"
);
case (Service::IOT_GW_SENSOR):
return ServiceConfig(
filesystem_path + "/conf/cp-nano-iot-gw-sensor-debug-conf.json",
@@ -1246,6 +1253,8 @@ extractServices(const vector<string> &args)
services.push_back(Service::IOT_ENFORCE);
} else if (getServiceString(Service::IOT_DOCTOR).find(maybe_service) == 0) {
services.push_back(Service::IOT_DOCTOR);
} else if (getServiceString(Service::IOT_RISK).find(maybe_service) == 0) {
services.push_back(Service::IOT_RISK);
} else if (getServiceString(Service::IOT_GW_SENSOR).find(maybe_service) == 0) {
services.push_back(Service::IOT_GW_SENSOR);
} else if (getServiceString(Service::IOT_SNMP).find(maybe_service) == 0) {

31
nodes/orchestration/package/open-appsec-ctl.sh
View File

@@ -1565,26 +1565,39 @@ stop_service() # Initials - stops
exit 255
}
record_command() # Initials - rc
{
touch /var/log/nano_agent/operations.log
echo "$(tail -99 /var/log/nano_agent/operations.log)" > /var/log/nano_agent/operations.log
echo $(date "+%Y.%m.%d-%H.%M.%S") ": " $0 $@ >> /var/log/nano_agent/operations.log
}
run() # Initials - r
{
r_deprecated_msg="Option ${1} is deprecated. Please use"
if [ -z "$1" ]; then
usage
elif [ "--debug" = "$1" ] || [ "-d" = "$1" ]; then
record_command $@
run_cpnano_debug "cpnano" "$@"
elif [ "--display-policy" = "$1" ] || [ "-dp" = "$1" ]; then
record_command $@
run_display_policy
elif [ "--status" = "$1" ] || [ "-s" = "$1" ]; then
record_command $@
run_status
if [ "--extended" = "$2" ]; then
shift
run_health_check "${@}"
fi
elif [ "--start-agent" = "$1" ] || [ "-r" = "$1" ]; then
record_command $@
run_start_agent
elif [ "--stop-agent" = "$1" ] || [ "-q" = "$1" ]; then
record_command $@
run_stop_agent
elif [ "--uninstall" = "$1" ] || [ "-u" = "$1" ]; then
record_command $@
uninstall_agent
elif [ "--display-settings" = "$1" ]; then
echo "${r_deprecated_msg} --display-config"
@@ -1595,42 +1608,56 @@ run() # Initials - r
elif [ "-ls" = "$1" ]; then
echo "${r_deprecated_msg} -lc"
elif [ "--display-config" = "$1" ] || [ "-dc" = "$1" ]; then
record_command $@
shift
run_display_settings "${@}"
elif [ "--load-config" = "$1" ] || [ "-lc" = "$1" ]; then
record_command $@
shift
run_load_settings "${@}"
elif [ "--set-proxy" = "$1" ] || [ "-sp" = "$1" ]; then
record_command $@
shift
set_proxy "${@}"
elif [ "--set-gradual-policy" = "$1" ] || [ "-gp" = "$1" ]; then
record_command $@
shift
run_update_gradual_policy "set" "${@}"
elif [ "--delete-gradual-policy" = "$1" ] || [ "-dg" = "$1" ]; then
record_command $@
shift
run_update_gradual_policy "delete" "${@}"
elif [ "--set-traffic-recording-policy" = "$1" ] || [ "-tr" = "$1" ]; then
record_command $@
shift
run_set_traffic_recording_policy "${@}"
elif [ "--cp-agent-info" = "$1" ] || [ "-ai" = "$1" ]; then
record_command $@
shift
run_ai "${@}"
elif [ "--update-certs" = "$1" ] || [ "-uc" = "$1" ]; then
record_command $@
run_set_ca_directory "$2"
elif [ "--set-public-key" = "$1" ] || [ "-pk" = "$1" ]; then
record_command $@
run_set_publick_key "$2"
elif [ "--print-metrics" = "$1" ] || [ "-pm" = "$1" ]; then
record_command $@
run_print_metrics "$2"
elif [ "--stop-service" = "$1" ] || [ "-qs" = "$1" ]; then
record_command $@
shift
stop_service "${@}"
elif [ "--start-service" = "$1" ] || [ "-rs" = "$1" ]; then
record_command $@
shift
start_service "${@}"
elif [ "--set-mode" = "$1" ] || [ "-sm" = "$1" ]; then
record_command $@
shift
set_mode "${@}"
elif [ "-vp" = "$1" ] || [ "--view-policy" = "$1" ]; then
record_command $@
shift
var_policy_file=$1
if [ -z ${var_policy_file} ]; then
@@ -1638,6 +1665,7 @@ run() # Initials - r
fi
less ${var_policy_file}
elif [ "-ep" = "$1" ] || [ "--edit-policy" = "$1" ]; then
record_command $@
shift
var_policy_file=$1
if [ -z ${var_policy_file} ]; then
@@ -1645,6 +1673,7 @@ run() # Initials - r
fi
vi ${var_policy_file}
elif [ "-ap" = "$1" ] || [ "--apply-policy" = "$1" ]; then
record_command $@
curl_apply_policy=$(${curl_cmd} -S -w "%{http_code}\n" -m 1 --noproxy "*" --header "Content-Type: application/json" \
--request POST --data {} http://127.0.0.1:"$(extract_api_port 'orchestration')"/set-apply-policy 2>&1)
while [ /etc/cp/conf/local_policy.yaml -nt /etc/cp/conf/policy.json ]; do
@@ -1654,8 +1683,10 @@ run() # Initials - r
echo "New policy applied."
exit 1
elif [ "-lp" = "$1" ] || [ "--list-policies" = "$1" ]; then
record_command $@
echo "/etc/cp/conf/local_policy.yaml"
elif [ "-vl" = "$1" ] || [ "--view-logs" = "$1" ]; then
record_command $@
less /var/log/nano_agent/cp-nano-http-transaction-handler.log?
else
usage

8
nodes/orchestration/package/orchestration_package.sh
View File

@@ -50,6 +50,7 @@ var_sleep_interval=30
var_error_sleep_interval=30
var_upgrade_mode=
var_token=
var_email=
var_installation_debug_mode=false
var_startup_service=
var_arch_flag=
@@ -132,6 +133,7 @@ usage()
echo "--uninstall : Remove Nano Agent"
echo "--token <token> : Registration token"
echo "--fog <fog URL> : Fog Address"
echo "--email <email address> : Contact Information"
echo "--certs-dir <Trusted CA directory> : Path to the trusted CA directory"
echo "--public-key <Public key file path> : Path to the SSL certificate's public key file (PEM format)"
echo "--ignore <ignore packages list> : List of ignored packages"
@@ -222,6 +224,9 @@ while true; do
elif [ "$1" = "--token" ]; then
shift
OTP_TOKEN=$1
elif [ "$1" = "--email" ]; then
shift
var_email=$1
elif [ "$1" = "--offline_mode" ]; then
var_offline_mode=true
var_orchestration_mode="offline_mode"
@@ -891,7 +896,8 @@ install_orchestration()
cp_print "Building the default policy json"
echo '{"'$ORCHESTRATION_NAME'": { "fog-address":"'$var_fog_address'", ' > ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"pulling-interval":'$var_sleep_interval', ' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"error-pulling-interval":'$var_error_sleep_interval'}}' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"error-pulling-interval":'$var_error_sleep_interval'},' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"registration-data": { "email-address": "'$var_email'"}}' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
copy_orchestration_executable
copy_k8s_executable