mirror of
https://github.com/openappsec/openappsec.git
synced 2025-11-15 17:02:15 +03:00
Compare commits
5 Commits
1.1.30
...
09-11-25-d
| Author | SHA1 | Date | |
|---|---|---|---|
|
ae894b29bc | ||
|
c90862d74c | ||
|
|
b7923dfd8c | ||
|
|
ed4e20b010 | ||
|
|
14159402e2 |
@@ -15,6 +15,21 @@ var_mode=
|
||||
var_token=
|
||||
var_ignore=
|
||||
init=
|
||||
active_watchdog_pid=
|
||||
|
||||
cleanup() {
|
||||
local signal="$1"
|
||||
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Signal ${signal} was received, exiting gracefully..." >&2
|
||||
if [ -n "${active_watchdog_pid}" ] && ps -p ${active_watchdog_pid} > /dev/null 2>&1; then
|
||||
kill -TERM ${active_watchdog_pid} 2>/dev/null || true
|
||||
wait ${active_watchdog_pid} 2>/dev/null || true
|
||||
fi
|
||||
echo "Cleanup completed. Exiting now." >&2
|
||||
exit 0
|
||||
}
|
||||
|
||||
trap 'cleanup SIGTERM' SIGTERM
|
||||
trap 'cleanup SIGINT' SIGINT
|
||||
|
||||
if [ ! -f /nano-service-installers/$ORCHESTRATION_INSTALLATION_SCRIPT ]; then
|
||||
echo "Error: agent installation package doesn't exist."
|
||||
|
||||
@@ -1522,6 +1522,12 @@ private:
|
||||
|
||||
agent_data_report << make_pair("registeredServer", i_agent_details->getRegisteredServer());
|
||||
|
||||
const char *prometheus_env = getenv("PROMETHEUS");
|
||||
if (prometheus_env != nullptr) {
|
||||
auto enable_prometheus = string(prometheus_env) == "true";
|
||||
agent_data_report << AgentReportFieldWithLabel("enablePrometheus", enable_prometheus ? "true" : "false");
|
||||
}
|
||||
|
||||
#if defined(gaia) || defined(smb)
|
||||
if (i_details_resolver->compareCheckpointVersion(8100, greater_equal<int>())) {
|
||||
agent_data_report << AgentReportFieldWithLabel("isCheckpointVersionGER81", "true");
|
||||
@@ -2272,4 +2278,4 @@ OrchestrationComp::preload()
|
||||
registerExpectedSetting<uint>("successUpgradeInterval");
|
||||
registerExpectedConfigFile("orchestration", Config::ConfigFileType::Policy);
|
||||
registerExpectedConfigFile("registration-data", Config::ConfigFileType::Policy);
|
||||
}
|
||||
}
|
||||
@@ -227,6 +227,11 @@ FogAuthenticator::registerAgent(
|
||||
|
||||
request << make_pair("userEdition", getUserEdition());
|
||||
|
||||
const char *prometheus_env = getenv("PROMETHEUS");
|
||||
if (prometheus_env != nullptr) {
|
||||
request << make_pair("enablePrometheus", string(prometheus_env) == "true" ? "true" : "false");
|
||||
}
|
||||
|
||||
if (getDeplymentType() == "Docker" || getDeplymentType() == "K8S") {
|
||||
const char *image_version_otp = getenv("IMAGE_VERSION");
|
||||
if (image_version_otp) {
|
||||
|
||||
@@ -40,7 +40,7 @@ spec:
|
||||
stdout:
|
||||
format: json
|
||||
cef-service: []
|
||||
--
|
||||
---
|
||||
apiVersion: openappsec.io/v1beta1
|
||||
kind: Practice
|
||||
metadata:
|
||||
@@ -56,7 +56,7 @@ spec:
|
||||
web-attacks:
|
||||
minimum-confidence: high
|
||||
override-mode: detect-learn
|
||||
--
|
||||
---
|
||||
apiVersion: openappsec.io/v1beta1
|
||||
kind: CustomResponse
|
||||
metadata:
|
||||
|
||||
@@ -40,7 +40,7 @@ spec:
|
||||
stdout:
|
||||
format: json
|
||||
cef-service: []
|
||||
--
|
||||
---
|
||||
apiVersion: openappsec.io/v1beta1
|
||||
kind: Practice
|
||||
metadata:
|
||||
@@ -56,7 +56,7 @@ spec:
|
||||
web-attacks:
|
||||
minimum-confidence: high
|
||||
override-mode: prevent-learn
|
||||
--
|
||||
---
|
||||
apiVersion: openappsec.io/v1beta1
|
||||
kind: CustomResponse
|
||||
metadata:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid apisix configuration for APISIX in standalone mode in the following file:
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -103,14 +103,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid envoy.yaml Envoy configuration file present in the path below.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -109,14 +109,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid Kong declarative configuration file kong.yaml in the folder specified for KONG_CONFIG.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -106,14 +106,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid Kong declarative configuration file kong.yaml in the folder specified for KONG_CONFIG.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -106,14 +106,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
# Volume mounts for NGINX Proxy Manager have been moved here as well allowing configuration via .env file
|
||||
NPM_DATA=./data
|
||||
|
||||
@@ -103,14 +103,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -21,6 +21,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
# Volume mounts for NGINX Proxy Manager have been moved here as well allowing configuration via .env file
|
||||
NPM_DATA=./data
|
||||
|
||||
@@ -106,14 +106,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid NGINX configuration file default.conf in the folder specified for NGINX_CONFIG.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -96,14 +96,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Make sure to have a valid NGINX configuration file default.conf in the folder specified for NGINX_CONFIG.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
|
||||
@@ -108,14 +108,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -23,6 +23,7 @@ APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
APPSEC_POSTGRES_VERSION=18
|
||||
|
||||
## Most relevant SWAG parameters have been moved here as well allowing configuration via .env file
|
||||
SWAG_CONFIG=./swag-config
|
||||
|
||||
@@ -117,14 +117,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${APPSEC_POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
|
||||
@@ -15,6 +15,7 @@ USER_EMAIL=user@email.com
|
||||
DB_PASSWORD=pass
|
||||
DB_USER=postgres
|
||||
DB_HOST=appsec-db
|
||||
POSTGRES_VERSION=18
|
||||
POSTGRES_STORAGE=./postgres-data
|
||||
NGINX_CONF_DIR=./nginx-proxy-config
|
||||
|
||||
|
||||
@@ -81,14 +81,14 @@ services:
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
image: postgres:${POSTGRES_VERSION}
|
||||
container_name: appsec-db
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_USER=${DB_USER}
|
||||
volumes:
|
||||
- ${POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
- ${POSTGRES_STORAGE}:/var/lib/postgresql
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
##
|
||||
|
||||
@@ -209,6 +209,9 @@ save_local_policy_config()
|
||||
if [ -n "${CP_ENV_FILESYSTEM}" ] ; then
|
||||
export FILESYSTEM_PATH=$CP_ENV_FILESYSTEM
|
||||
fi
|
||||
if [ -n "${PROMETHEUS}" ] ; then
|
||||
export PROMETHEUS=$PROMETHEUS
|
||||
fi
|
||||
if [ -n "${CP_ENV_LOG_FILE}" ] ; then
|
||||
LOG_FILE_PATH=$CP_ENV_LOG_FILE
|
||||
fi
|
||||
@@ -433,7 +436,7 @@ if command -v which &>/dev/null; then
|
||||
var_which_cmd_exists=1
|
||||
fi
|
||||
|
||||
if [ $var_arch != "gaia" ] && [ $var_arch != "gaia_arm" ] && [ $var_which_cmd_exists -eq 1 ]; then
|
||||
if [ $var_arch != "gaia" ] && [ $var_arch != "gaia_arm" ] && [ $var_which_cmd_exists -eq 1 ]; then
|
||||
if [ -n "$(which systemctl)" ]; then
|
||||
var_startup_service="systemd"
|
||||
else
|
||||
@@ -974,7 +977,7 @@ install_orchestration()
|
||||
fi
|
||||
${INSTALL_COMMAND} lib/*.so* ${USR_LIB_PATH}/
|
||||
${INSTALL_COMMAND} lib/boost/*.so* ${USR_LIB_PATH}/
|
||||
cp_print "Done successfully doing only unpacking lib64 to Path: ${USR_LIB_PATH}" ${FORCE_STDOUT}
|
||||
cp_print "Done successfully doing only unpacking lib64 to Path: ${USR_LIB_PATH}" ${FORCE_STDOUT}
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -1149,6 +1152,9 @@ install_orchestration()
|
||||
if [ -n "${FILESYSTEM_PATH}" ]; then
|
||||
echo "CP_ENV_FILESYSTEM=${FILESYSTEM_PATH}" >> ${FILESYSTEM_PATH}/${ENV_DETAILS_FILE}
|
||||
fi
|
||||
if [ -n "${PROMETHEUS}" ]; then
|
||||
echo "PROMETHEUS=${PROMETHEUS}" >> ${FILESYSTEM_PATH}/${ENV_DETAILS_FILE}
|
||||
fi
|
||||
if [ -n "${VS_ID}" ]; then
|
||||
echo "CP_VS_ID=${VS_ID}" >> ${FILESYSTEM_PATH}/${ENV_DETAILS_FILE}
|
||||
fi
|
||||
|
||||
@@ -115,6 +115,11 @@ load_paths()
|
||||
if [ -n "${CP_ENV_LOG_FILE}" ]; then
|
||||
LOG_FILE_PATH=$CP_ENV_LOG_FILE
|
||||
fi
|
||||
|
||||
if [ -n "${PROMETHEUS}" ]; then
|
||||
export PROMETHEUS=$PROMETHEUS
|
||||
fi
|
||||
|
||||
if [ -n "${CP_VS_ID}" ]; then
|
||||
VS_ID=${CP_VS_ID}
|
||||
VS_EVAL_PREFIX="ip netns exec CTX0000${VS_ID} env"
|
||||
|
||||
Reference in New Issue
Block a user