Merge branch 'main' into May_11_2023-Dev

.gitattributes

@@ -0,0 +1,2 @@
+build_system/docker/install-cp-agent-intelligence-service.sh binary
+build_system/docker/install-cp-crowdsec-aux.sh binary

build_system/docker/CMakeLists.txt

@@ -1,4 +1,4 @@
-install(FILES Dockerfile entry.sh DESTINATION .)
+install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh DESTINATION .)
 
 add_custom_command(
     OUTPUT ${CMAKE_INSTALL_PREFIX}/agent-docker.img

build_system/docker/entry.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+INTELLIGENCE_INSTALLATION_SCRIPT="install-cp-agent-intelligence-service.sh"
+CROWDSEC_INSTALLATION_SCRIPT="install-cp-crowdsec-aux.sh"
 HTTP_TRANSACTION_HANDLER_SERVICE="install-cp-nano-service-http-transaction-handler.sh"
 ATTACHMENT_REGISTRATION_SERVICE="install-cp-nano-attachment-registration-manager.sh"
 ORCHESTRATION_INSTALLATION_SCRIPT="install-cp-nano-agent.sh"
@@ -29,6 +31,9 @@ while true; do
     elif [ "$1" == "--token" ]; then
         shift
         var_token="$1"
+    elif [ "$1" == "--standalone" ]; then
+        var_mode="--hybrid_mode"
+        var_token="cp-3fb5c718-5e39-47e6-8d5e-99b4bc5660b74b4b7fc8-5312-451d-a763-aaf7872703c0"
     fi
     shift
 done
@@ -56,6 +61,11 @@ fi
 /nano-service-installers/$ATTACHMENT_REGISTRATION_SERVICE --install
 /nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install
 
+if [ ! -z $CROWDSEC_ENABLED ]; then
+    /nano-service-installers/$INTELLIGENCE_INSTALLATION_SCRIPT --install
+    /nano-service-installers/$CROWDSEC_INSTALLATION_SCRIPT --install
+fi
+
 # use advanced model if exist as data for agent
 FILE=/advanced-model/open-appsec-advanced-model.tgz
 if [ -f "$FILE" ]; then

nodes/http_transaction_handler/CMakeLists.txt

@@ -34,6 +34,7 @@ target_link_libraries(cp-nano-http-transaction-handler
 	reputation
         ips
         keywords
+	l7_access_control
 	-Wl,--end-group
 )
 

nodes/http_transaction_handler/main.cc

@@ -16,6 +16,7 @@
 #include "nginx_attachment.h"
 #include "gradual_deployment.h"
 #include "http_manager.h"
+#include "layer_7_access_control.h"
 #include "waap.h"
 #include "ips_comp.h"
 #include "keyword_comp.h"
@@ -28,6 +29,7 @@ main(int argc, char **argv)
         NginxAttachment,
         GradualDeployment,
         HttpManager,
+        Layer7AccessControl,
         WaapComponent,
         IPSComp,
         KeywordComp

nodes/orchestration/package/cp-nano-package-list

@@ -27,4 +27,5 @@ sdwan="sdwan 1204 SD-WAN"
 sdwan_logger="sdwanLogger 2204 SD-WAN_Logger"
 cpview_metric_provider="cpviewMetricProvider 8282"
 hello_world="hello_world"
+crowdsec_aux="crowdsecAux 8081"
 # ** Please do not remove this comment - newline at end of file required.

nodes/orchestration/package/watchdog/watchdog

@@ -667,7 +667,7 @@ load_services()
             fi
 
             log "load_services" "Respawn ${service}"
-            if [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ]; then
+            if [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ] || [ "${service}" = "/etc/cp/crowdsecAux/cp-nano-crowdsec-aux" ]; then
                 eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} &"
             else
                 eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} &"