github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

update checkpoint to openappsec

Browse Source
This commit is contained in:
davidga 2022-11-15 14:00:53 +02:00
parent c20a5bfeb7
commit 3d8351007d
5 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
components/security_apps/orchestration/local_policy_mgmt_gen/include/appsec_practice_section.h
View File

@ -182,8 +182,12 @@ public:
{ {
dbgTrace(D_K8S_POLICY) << "Loading AppSec practice spec"; dbgTrace(D_K8S_POLICY) << "Loading AppSec practice spec";
parseAppsecJSONKey<AppSecWebAttackProtections>("protections", protections, archive_in); parseAppsecJSONKey<AppSecWebAttackProtections>("protections", protections, archive_in);
parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
parseAppsecJSONKey<std::string>("override-mode", mode, archive_in, "Unset"); parseAppsecJSONKey<std::string>("override-mode", mode, archive_in, "Unset");
if (getMode() == "Prevent") {
parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
} else {
minimum_confidence = "Transparent";
}
parseAppsecJSONKey<int>("max-body-size-kb", max_body_size_kb, archive_in, 1000000); parseAppsecJSONKey<int>("max-body-size-kb", max_body_size_kb, archive_in, 1000000);
parseAppsecJSONKey<int>("max-header-size-bytes", max_header_size_bytes, archive_in, 102400); parseAppsecJSONKey<int>("max-header-size-bytes", max_header_size_bytes, archive_in, 102400);
parseAppsecJSONKey<int>("max-object-depth", max_object_depth, archive_in, 40); parseAppsecJSONKey<int>("max-object-depth", max_object_depth, archive_in, 40);

18
external/makeself/makeself-header.sh vendored
View File

@ -127,9 +127,9 @@ MS_Help()
{ {
local install_usage= local install_usage=
if test x"\$additional_args_help" != x; then if test x"\$additional_args_help" != x; then
install_usage="--install [additional arguments] Install Check Point Nano service" install_usage="--install [additional arguments] Install open-appsec Nano service"
else else
install_usage="--install Install Check Point Nano service" install_usage="--install Install open-appsec Nano service"
fi fi
additional_args_help=\$(if test x"\$additional_args_help" != x; then echo "Aditional arguments for the --install property are:\$additional_args_help"; fi) additional_args_help=\$(if test x"\$additional_args_help" != x; then echo "Aditional arguments for the --install property are:\$additional_args_help"; fi)
@ -138,8 +138,8 @@ MS_Help()
Usage: \$0 [options] Usage: \$0 [options]
With following options With following options
\$install_usage \$install_usage
--uninstall Uninstall Check Point Nano service --uninstall Uninstall open-appsec Nano service
--version Check Point package version --version open-appsec package version
\$additional_args_help \$additional_args_help
EOH EOH
} }
@ -158,11 +158,11 @@ MS_Advanced_Help()
2) Running \$0 : 2) Running \$0 :
\$0 [options] [--] [additional arguments to embedded script] \$0 [options] [--] [additional arguments to embedded script]
with following options (in that order) with following options (in that order)
--install Install Check Point service --install Install open-appsec service
--uninstall Uninstall Check Point service --uninstall Uninstall open-appsec service
--pre_install_test Preform pre installation test for Check Point service --pre_install_test Preform pre installation test for open-appsec service
--post_install_test Preform post installation test for Check Point service --post_install_test Preform post installation test for open-appsec service
--version Check Point package version --version open-appsec package version
--confirm Ask before running embedded script --confirm Ask before running embedded script
--quiet Do not print anything except error messages --quiet Do not print anything except error messages
--noexec Do not run embedded script --noexec Do not run embedded script

26
nodes/orchestration/package/cp-nano-cli.sh
View File

@ -278,7 +278,7 @@ usage()
printf "%s %s : Load configuration\n" "$load_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#load_config_option})))")" printf "%s %s : Load configuration\n" "$load_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#load_config_option})))")"
printf "%s %s : Set proxy\n" "$proxy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#proxy_option})))")" printf "%s %s : Set proxy\n" "$proxy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#proxy_option})))")"
printf "%s %s : Display configuration\n" "$display_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_config_option})))")" printf "%s %s : Display configuration\n" "$display_config_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_config_option})))")"
printf "%s %s : Create Openappsec agent info\n" "$cp_agent_info_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#cp_agent_info_option})))")" printf "%s %s : Create open-appsec agent info\n" "$cp_agent_info_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#cp_agent_info_option})))")"
printf "%s %s : Display current policy\n" "$display_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_policy_option})))")" printf "%s %s : Display current policy\n" "$display_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#display_policy_option})))")"
printf "%s %s : Load gradual policy\n" "$set_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#set_gradual_policy_option})))")" printf "%s %s : Load gradual policy\n" "$set_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#set_gradual_policy_option})))")"
printf "%s %s : Remove gradual policy\n" "$delete_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#delete_gradual_policy_option})))")" printf "%s %s : Remove gradual policy\n" "$delete_gradual_policy_option" "$(printf "%s" "$line_padding" | cut -c 1-"$(max_num 1 $((${#line_padding} - ${#delete_gradual_policy_option})))")"
@ -463,15 +463,15 @@ read_agent_run_status() # Initials - rars
rars_output=$(tail -n 1 /tmp/agent-status.txt) rars_output=$(tail -n 1 /tmp/agent-status.txt)
if [ "$1" = "start" ]; then if [ "$1" = "start" ]; then
if [ "$rars_output" = "running" ]; then if [ "$rars_output" = "running" ]; then
echo "Openappsec Nano Agent watchdog started successfully" echo "open-appsec Nano Agent watchdog started successfully"
else else
echo "Openappsec Nano Agent is already running" echo "open-appsec Nano Agent is already running"
fi fi
else # "$1" = "stop" else # "$1" = "stop"
if [ "$rars_output" = "down" ]; then if [ "$rars_output" = "down" ]; then
echo "Openappsec Nano Agent stopped successfully" echo "open-appsec Nano Agent stopped successfully"
else else
echo "Openappsec Nano Agent is not running" echo "open-appsec Nano Agent is not running"
fi fi
fi fi
} }
@ -527,7 +527,7 @@ run_stop_agent()
uninstall_agent() # Initials - ua uninstall_agent() # Initials - ua
{ {
printf "Are you sure you want to uninstall Openappsec Nano Agent? (Y/N): " && read -r ua_confirm printf "Are you sure you want to uninstall open-appsec Nano Agent? (Y/N): " && read -r ua_confirm
case $ua_confirm in case $ua_confirm in
[Yy] | [Yy][Ee][Ss]) ;; [Yy] | [Yy][Ee][Ss]) ;;
*) exit 1 ;; *) exit 1 ;;
@ -540,9 +540,9 @@ uninstall_agent() # Initials - ua
fi fi
${ua_uninstall_script} ${ua_uninstall_script}
if test "$?" = "0"; then if test "$?" = "0"; then
echo "Openappsec Nano Agent successfully uninstalled" echo "open-appsec Nano Agent successfully uninstalled"
else else
echo "Failed to uninstall Openappsec Nano Agent" echo "Failed to uninstall open-appsec Nano Agent"
exit 1 exit 1
fi fi
} }
@ -824,7 +824,7 @@ print_single_service_status() # Initials - psss
return return
fi fi
echo "---- Openappsec $(format_nano_service_name "$psss_service_name") Nano Service ----" echo "---- open-appsec $(format_nano_service_name "$psss_service_name") Nano Service ----"
psss_is_userspace_process_running=$(is_userspace_running "$psss_service_name") psss_is_userspace_process_running=$(is_userspace_running "$psss_service_name")
@ -900,7 +900,7 @@ run_status() # Initials - rs
rs_agent_version="Version $rs_agent_version" rs_agent_version="Version $rs_agent_version"
fi fi
echo "---- Openappsec Nano Agent ----" echo "---- open-appsec Nano Agent ----"
echo "$rs_agent_version" echo "$rs_agent_version"
if [ "$(is_userspace_running "watchdog")" = true ] || [ "$(is_userspace_running "agent")" = true ]; then if [ "$(is_userspace_running "watchdog")" = true ] || [ "$(is_userspace_running "agent")" = true ]; then
format_colored_status_line "Status: Running" format_colored_status_line "Status: Running"
@ -1434,16 +1434,16 @@ set_mode()
if [ "$mode" = "online_mode" ]; then if [ "$mode" = "online_mode" ]; then
time_sleep=2 time_sleep=2
time_out=60 time_out=60
echo "Registering Openappsec Nano Agent to Fog.." echo "Registering open-appsec Nano Agent to Fog.."
until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do
time_out=$(( time_out - time_sleep )) time_out=$(( time_out - time_sleep ))
if [ $time_out -le 0 ]; then if [ $time_out -le 0 ]; then
echo "Openappsec Nano Agent registration failed. Failed to register to Fog: $fog_address" echo "open-appsec Nano Agent registration failed. Failed to register to Fog: $fog_address"
exit 1 exit 1
fi fi
sleep ${time_sleep} sleep ${time_sleep}
done done
echo "Openappsec Nano Agent is registered to $fog_address" echo "open-appsec Nano Agent is registered to $fog_address"
echo "Orchestration mode changed successfully" echo "Orchestration mode changed successfully"
else else
echo "Orchestration mode was changed successfully" echo "Orchestration mode was changed successfully"

2
nodes/orchestration/package/local-default-policy.yaml
View File

@ -34,7 +34,7 @@ practices:
max-header-size-bytes: 102400 max-header-size-bytes: 102400
max-object-depth: 40 max-object-depth: 40
max-url-size-bytes: 32768 max-url-size-bytes: 32768
minimum-confidence: Transparent minimum-confidence: critical
override-mode: detect-learn override-mode: detect-learn
protections: protections:
csrf-protection: detect-learn csrf-protection: detect-learn

16
nodes/orchestration/package/orchestration_package.sh
View File

@ -833,7 +833,7 @@ install_orchestration()
exit 0 exit 0
fi fi
cp_print "\nStarting installation of Check Point Nano Agent [$INSTALLATION_TIME]" ${FORCE_STDOUT} cp_print "\nStarting installation of open-appsec Nano Agent [$INSTALLATION_TIME]" ${FORCE_STDOUT}
cp_exec "rm -rf ${FILESYSTEM_PATH}/${SERVICE_PATH}" cp_exec "rm -rf ${FILESYSTEM_PATH}/${SERVICE_PATH}"
cp_exec "rm -rf ${FILESYSTEM_PATH}/${WATCHDOG_PATH}" cp_exec "rm -rf ${FILESYSTEM_PATH}/${WATCHDOG_PATH}"
@ -975,21 +975,21 @@ install_orchestration()
install_watchdog install_watchdog
cp_print "Note: in order for the agent to remain active and effective it must connect to the Fog/Cloud at least every 45 days" ${FORCE_STDOUT} cp_print "Note: in order for the agent to remain active and effective it must connect to the Fog/Cloud at least every 45 days" ${FORCE_STDOUT}
cp_print "Check Point Nano Agent installation completed successfully" ${FORCE_STDOUT} cp_print "open-appsec Nano Agent installation completed successfully" ${FORCE_STDOUT}
if [ $var_hybrid_mode = false ] && [ $var_offline_mode = false ] && [ $var_no_otp = false ] && [ $var_skip_registration = false ]; then if [ $var_hybrid_mode = false ] && [ $var_offline_mode = false ] && [ $var_no_otp = false ] && [ $var_skip_registration = false ]; then
time_sleep=2 time_sleep=2
time_out=60 time_out=60
cp_print "Registering Check Point Nano Agent to Fog.." ${FORCE_STDOUT} cp_print "Registering open-appsec Nano Agent to Fog.." ${FORCE_STDOUT}
until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do until $USR_SBIN_PATH/${CP_NANO_CTL} -s 2> /dev/null | grep -q "Registration status: Succeeded"; do
time_out=$(( time_out - time_sleep )) time_out=$(( time_out - time_sleep ))
if [ $time_out -le 0 ]; then if [ $time_out -le 0 ]; then
cp_print "Check Point Nano Agent registration failed. Failed to register to Fog: $var_fog_address" ${FORCE_STDOUT} cp_print "open-appsec Nano Agent registration failed. Failed to register to Fog: $var_fog_address" ${FORCE_STDOUT}
exit 1 exit 1
fi fi
sleep ${time_sleep} sleep ${time_sleep}
done done
cp_print "Check Point Nano Agent is registered to $var_fog_address" ${FORCE_STDOUT} cp_print "open-appsec Nano Agent is registered to $var_fog_address" ${FORCE_STDOUT}
fi fi
} }
@ -1032,7 +1032,7 @@ uninstall_orchestration()
if [ ! -f "$uninstall_script" ]; then if [ ! -f "$uninstall_script" ]; then
cp_dir="${FILESYSTEM_PATH}" cp_dir="${FILESYSTEM_PATH}"
if [ ! -d "$cp_dir" ]; then if [ ! -d "$cp_dir" ]; then
echo "Check Point Nano Agent is not installed" echo "open-appsec Nano Agent is not installed"
exit 1 exit 1
fi fi
echo "Failed to uninstall Orchestration Nano Service, uninstall script was not found in: $uninstall_script " echo "Failed to uninstall Orchestration Nano Service, uninstall script was not found in: $uninstall_script "
@ -1040,9 +1040,9 @@ uninstall_orchestration()
fi fi
cp_exec "${uninstall_script}" cp_exec "${uninstall_script}"
if test "$?" = "0"; then if test "$?" = "0"; then
cp_print "Check Point Nano Agent successfully uninstalled" ${FORCE_STDOUT} cp_print "open-appsec Nano Agent successfully uninstalled" ${FORCE_STDOUT}
else else
cp_print "Check Point Nano Agent failed to uninstall" ${FORCE_STDOUT} cp_print "open-appsec Nano Agent failed to uninstall" ${FORCE_STDOUT}
exit 1 exit 1
fi fi
} }