mirror of
https://github.com/openappsec/openappsec.git
synced 2025-11-16 17:31:52 +03:00
Compare commits
1 Commits
docker-upg
...
namspace-c
| Author | SHA1 | Date | |
|---|---|---|---|
|
147626bc7f |
@@ -1,4 +1,4 @@
|
||||
install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh self_managed_openappsec_manifest.json DESTINATION .)
|
||||
install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh DESTINATION .)
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT ${CMAKE_INSTALL_PREFIX}/agent-docker.img
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
FROM alpine
|
||||
|
||||
ENV OPENAPPSEC_NANO_AGENT=TRUE
|
||||
|
||||
RUN apk add --no-cache -u busybox
|
||||
RUN apk add --no-cache -u zlib
|
||||
RUN apk add --no-cache bash
|
||||
@@ -15,8 +13,6 @@ RUN apk add --no-cache libxml2
|
||||
RUN apk add --no-cache pcre2
|
||||
RUN apk add --update coreutils
|
||||
|
||||
COPY self_managed_openappsec_manifest.json /tmp/self_managed_openappsec_manifest.json
|
||||
|
||||
COPY install*.sh /nano-service-installers/
|
||||
COPY entry.sh /entry.sh
|
||||
|
||||
|
||||
@@ -1216,3 +1216,886 @@ spec:
|
||||
kind: PolicyActivation
|
||||
shortNames:
|
||||
- policyactivation
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : policiesns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
default:
|
||||
type: object
|
||||
required:
|
||||
- mode
|
||||
- threatPreventionPractices
|
||||
- accessControlPractices
|
||||
properties:
|
||||
mode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
default: detect-learn
|
||||
threatPreventionPractices:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
accessControlPractices:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
customResponse:
|
||||
type: string
|
||||
default: "403"
|
||||
triggers:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
sourceIdentifiers:
|
||||
type: string
|
||||
trustedSources:
|
||||
type: string
|
||||
exceptions:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
specificRules:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
host:
|
||||
type: string
|
||||
mode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
default: detect-learn
|
||||
threatPreventionPractices:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
accessControlPractices:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
triggers:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
customResponse:
|
||||
type: string
|
||||
sourceIdentifiers:
|
||||
type: string
|
||||
trustedSources:
|
||||
type: string
|
||||
exceptions:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: policiesns
|
||||
singular: policyns
|
||||
kind: PolicyNS
|
||||
shortNames:
|
||||
- policyns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : accesscontrolpracticesns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- rateLimit
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
practiceMode:
|
||||
type: string
|
||||
enum:
|
||||
- inherited
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
default: inherited
|
||||
rateLimit:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
rules:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
action:
|
||||
type: string
|
||||
enum:
|
||||
- inherited
|
||||
- prevent
|
||||
- detect
|
||||
default: inherited
|
||||
condition:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
- value
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
value:
|
||||
type: string
|
||||
uri:
|
||||
type: string
|
||||
limit:
|
||||
type: integer
|
||||
unit:
|
||||
type: string
|
||||
enum:
|
||||
- minute
|
||||
- second
|
||||
default: minute
|
||||
triggers:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
comment:
|
||||
type: string
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: accesscontrolpracticesns
|
||||
singular: accesscontrolpracticens
|
||||
kind: AccessControlPracticeNS
|
||||
shortNames:
|
||||
- acpns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name : customresponsesns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- mode
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
mode:
|
||||
type: string
|
||||
enum:
|
||||
- block-page
|
||||
- redirect
|
||||
- response-code-only
|
||||
default: response-code-only
|
||||
messageTitle:
|
||||
type: string
|
||||
messageBody:
|
||||
type: string
|
||||
httpResponseCode:
|
||||
type: integer
|
||||
minimum: 100
|
||||
maximum: 599
|
||||
default: 403
|
||||
redirectUrl:
|
||||
type: string
|
||||
redirectAddXEventId:
|
||||
type: boolean
|
||||
default: false
|
||||
required:
|
||||
- mode
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: customresponsesns
|
||||
singular: customresponsens
|
||||
kind: CustomResponseNS
|
||||
shortNames:
|
||||
- customresponsens
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name: exceptionsns.openappsec.io
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- action
|
||||
- condition
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
action:
|
||||
type: string
|
||||
enum:
|
||||
- skip
|
||||
- accept
|
||||
- drop
|
||||
- suppressLog
|
||||
default: accept
|
||||
condition:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
- value
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
value:
|
||||
type: string
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: exceptionsns
|
||||
singular: exceptionns
|
||||
kind: ExceptionNS
|
||||
shortNames:
|
||||
- exceptionns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : logtriggersns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- accessControlLogging
|
||||
- appsecLogging
|
||||
- additionalSuspiciousEventsLogging
|
||||
- extendedLogging
|
||||
- logDestination
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
accessControlLogging:
|
||||
type: object
|
||||
properties:
|
||||
allowEvents:
|
||||
type: boolean
|
||||
default: false
|
||||
dropEvents:
|
||||
type: boolean
|
||||
default: true
|
||||
appsecLogging:
|
||||
type: object
|
||||
properties:
|
||||
detectEvents:
|
||||
type: boolean
|
||||
default: true
|
||||
preventEvents:
|
||||
type: boolean
|
||||
default: true
|
||||
allWebRequests:
|
||||
type: boolean
|
||||
default: false
|
||||
additionalSuspiciousEventsLogging:
|
||||
type: object
|
||||
properties:
|
||||
enabled:
|
||||
type: boolean
|
||||
default: true
|
||||
minSeverity:
|
||||
type: string
|
||||
enum:
|
||||
- high
|
||||
- critical
|
||||
default: high
|
||||
responseBody:
|
||||
type: boolean
|
||||
default: false
|
||||
responseCode:
|
||||
type: boolean
|
||||
default: true
|
||||
extendedLogging:
|
||||
type: object
|
||||
properties:
|
||||
urlPath:
|
||||
type: boolean
|
||||
default: false
|
||||
urlQuery:
|
||||
type: boolean
|
||||
default: false
|
||||
httpHeaders:
|
||||
type: boolean
|
||||
default: false
|
||||
requestBody:
|
||||
type: boolean
|
||||
default: false
|
||||
logDestination:
|
||||
type: object
|
||||
properties:
|
||||
cloud:
|
||||
type: boolean
|
||||
default: false
|
||||
syslogService:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
address:
|
||||
type: string
|
||||
port:
|
||||
type: integer
|
||||
logToAgent:
|
||||
type: boolean
|
||||
default: true
|
||||
stdout:
|
||||
type: object
|
||||
properties:
|
||||
format:
|
||||
type: string
|
||||
enum:
|
||||
- json
|
||||
- json-formatted
|
||||
default: json
|
||||
local-tuning:
|
||||
type: boolean
|
||||
cefService:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
address:
|
||||
type: string
|
||||
port:
|
||||
type: integer
|
||||
proto:
|
||||
type: string
|
||||
enum:
|
||||
- tcp
|
||||
- udp
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: logtriggersns
|
||||
singular: logtriggerns
|
||||
kind: LogTriggerNS
|
||||
shortNames:
|
||||
- logtriggerns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : sourcesidentifiersns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
type: object
|
||||
required:
|
||||
- sourcesIdentifiers
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
sourcesIdentifiers:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- identifier
|
||||
properties:
|
||||
identifier:
|
||||
type: string
|
||||
enum:
|
||||
- headerkey
|
||||
- JWTKey
|
||||
- cookie
|
||||
- sourceip
|
||||
- x-forwarded-for
|
||||
default: sourceip
|
||||
value:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: sourcesidentifiersns
|
||||
singular: sourcesidentifierns
|
||||
kind: SourcesIdentifierNS
|
||||
shortNames:
|
||||
- sourcesidentifierns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : threatpreventionpracticesns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- webAttacks
|
||||
- intrusionPrevention
|
||||
- fileSecurity
|
||||
- snortSignatures
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
practiceMode:
|
||||
type: string
|
||||
enum:
|
||||
- inherited
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
default: inherited
|
||||
webAttacks:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
minimumConfidence:
|
||||
type: string
|
||||
enum:
|
||||
- medium
|
||||
- high
|
||||
- critical
|
||||
default: high
|
||||
maxUrlSizeBytes:
|
||||
type: integer
|
||||
default: 32768
|
||||
maxObjectDepth:
|
||||
type: integer
|
||||
default: 40
|
||||
maxBodySizeKb:
|
||||
type: integer
|
||||
default: 1000000
|
||||
maxHeaderSizeBytes:
|
||||
type: integer
|
||||
default: 102400
|
||||
protections:
|
||||
type: object
|
||||
properties:
|
||||
csrfProtection:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
errorDisclosure:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
openRedirect:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
nonValidHttpMethods:
|
||||
type: boolean
|
||||
default: false
|
||||
antiBot:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
injectedUris:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
uri:
|
||||
type: string
|
||||
validatedUris:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
uri:
|
||||
type: string
|
||||
snortSignatures:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
configmap:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
files:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
schemaValidation:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
enforcementLevel:
|
||||
type: string
|
||||
configmap:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
files:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
intrusionPrevention:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
maxPerformanceImpact:
|
||||
type: string
|
||||
enum:
|
||||
- low
|
||||
- medium
|
||||
- high
|
||||
default: medium
|
||||
minSeverityLevel:
|
||||
type: string
|
||||
enum:
|
||||
- low
|
||||
- medium
|
||||
- high
|
||||
- critical
|
||||
default: medium
|
||||
minCveYear:
|
||||
type: integer
|
||||
default: 2016
|
||||
highConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
mediumConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
lowConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: detect
|
||||
fileSecurity:
|
||||
type: object
|
||||
required:
|
||||
- overrideMode
|
||||
properties:
|
||||
overrideMode:
|
||||
type: string
|
||||
enum:
|
||||
- prevent-learn
|
||||
- detect-learn
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inactive
|
||||
minSeverityLevel:
|
||||
type: string
|
||||
enum:
|
||||
- low
|
||||
- medium
|
||||
- high
|
||||
- critical
|
||||
default: medium
|
||||
highConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
mediumConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
lowConfidenceEventAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: detect
|
||||
archiveInspection:
|
||||
type: object
|
||||
properties:
|
||||
extractArchiveFiles:
|
||||
type: boolean
|
||||
default: false
|
||||
scanMaxFileSize:
|
||||
type: integer
|
||||
default: 10
|
||||
scanMaxFileSizeUnit:
|
||||
type: string
|
||||
enum:
|
||||
- bytes
|
||||
- KB
|
||||
- MB
|
||||
- GB
|
||||
default: MB
|
||||
archivedFilesWithinArchivedFiles:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
archivedFilesWhereContentExtractionFailed:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
largeFileInspection:
|
||||
type: object
|
||||
properties:
|
||||
fileSizeLimit:
|
||||
type: integer
|
||||
default: 10
|
||||
fileSizeLimitUnit:
|
||||
type: string
|
||||
enum:
|
||||
- bytes
|
||||
- KB
|
||||
- MB
|
||||
- GB
|
||||
default: MB
|
||||
filesExceedingSizeLimitAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
unnamedFilesAction:
|
||||
type: string
|
||||
enum:
|
||||
- prevent
|
||||
- detect
|
||||
- inactive
|
||||
- inherited
|
||||
default: inherited
|
||||
threatEmulationEnabled:
|
||||
type: boolean
|
||||
default: false
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: threatpreventionpracticesns
|
||||
singular: threatpreventionpracticens
|
||||
kind: ThreatPreventionPracticeNS
|
||||
shortNames:
|
||||
- tppns
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata :
|
||||
name : trustedsourcesns.openappsec.io
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
group: openappsec.io
|
||||
versions:
|
||||
- name: v1beta2
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- minNumOfSources
|
||||
- sourcesIdentifiers
|
||||
properties:
|
||||
appsecClassName:
|
||||
type: string
|
||||
minNumOfSources:
|
||||
type: integer
|
||||
default: 3
|
||||
sourcesIdentifiers:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: trustedsourcesns
|
||||
singular: trustedsourcens
|
||||
kind: TrustedSourceNS
|
||||
shortNames:
|
||||
- trustedsourcens
|
||||
|
||||
@@ -353,7 +353,7 @@ done
|
||||
# VS ID argument is available only on install, for other actions, extract it from the package location
|
||||
if [ -z "$VS_ID" ]; then
|
||||
parent_pid=$PPID
|
||||
parent_cmdline=$(cat /proc/"$parent_pid"/cmdline | tr '\0' ' ')
|
||||
parent_cmdline=$(ps -o cmd= -p "$parent_pid")
|
||||
parent_dir=$(dirname "$parent_cmdline")
|
||||
packages_folder=$(dirname "$parent_dir")
|
||||
vs_folder=$(dirname "$packages_folder")
|
||||
@@ -494,26 +494,26 @@ cp_copy() # Initials - cc
|
||||
cp_print "Destination md5, after the copy:\n$DEST_AFTER_COPY"
|
||||
}
|
||||
|
||||
update_openappsec_manifest()
|
||||
update_cloudguard_appsec_manifest()
|
||||
{
|
||||
if [ -z ${OPENAPPSEC_NANO_AGENT} ] && { [ -z ${CLOUDGUARD_APPSEC_STANDALONE} ] || [ -z ${DOCKER_RPM_ENABLED} ]; }; then
|
||||
if [ -z ${INFINITY_NEXT_NANO_AGENT} ] && { [ -z ${CLOUDGUARD_APPSEC_STANDALONE} ] || [ -z ${DOCKER_RPM_ENABLED} ]; }; then
|
||||
return
|
||||
fi
|
||||
|
||||
selected_openappsec_manifest_path="${TMP_FOLDER}/openappsec_manifest.json"
|
||||
if [ "${DOCKER_RPM_ENABLED}" = "false" ] || [ "${OPENAPPSEC_NANO_AGENT}" = "TRUE" ]; then
|
||||
selected_openappsec_manifest_path="${TMP_FOLDER}/self_managed_openappsec_manifest.json"
|
||||
selected_cloudguard_appsec_manifest_path="${TMP_FOLDER}/cloudguard_appsec_manifest.json"
|
||||
if [ "${DOCKER_RPM_ENABLED}" = "false" ] || [ "${INFINITY_NEXT_NANO_AGENT}" = "TRUE" ]; then
|
||||
selected_cloudguard_appsec_manifest_path="${TMP_FOLDER}/self_managed_cloudguard_appsec_manifest.json"
|
||||
fi
|
||||
|
||||
if [ ! -f "$selected_openappsec_manifest_path" ]; then
|
||||
if [ ! -f "$selected_cloudguard_appsec_manifest_path" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
openappsec_manifest_path="${selected_openappsec_manifest_path}.used"
|
||||
mv "$selected_openappsec_manifest_path" "$openappsec_manifest_path"
|
||||
cloudguard_appsec_manifest_path="${selected_cloudguard_appsec_manifest_path}.used"
|
||||
mv "$selected_cloudguard_appsec_manifest_path" "$cloudguard_appsec_manifest_path"
|
||||
fog_host=$(echo "$var_fog_address" | sed 's/https\?:\/\///')
|
||||
fog_host=${fog_host%/}
|
||||
sed "s/namespace/${fog_host}/g" ${openappsec_manifest_path} > "${FILESYSTEM_PATH}/${CONF_PATH}/manifest.json"
|
||||
sed "s/namespace/${fog_host}/g" ${cloudguard_appsec_manifest_path} > "${FILESYSTEM_PATH}/${CONF_PATH}/manifest.json"
|
||||
}
|
||||
|
||||
set_cloud_storage()
|
||||
@@ -779,9 +779,8 @@ upgrade_conf_if_needed()
|
||||
|
||||
[ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && . "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg"
|
||||
|
||||
[ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && \
|
||||
previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
|
||||
if ! [ -z "$previous_mode" ]; then
|
||||
previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
|
||||
if ! [ -z "$previous_mode" ]; then
|
||||
var_orchestration_mode=${previous_mode}
|
||||
fi
|
||||
|
||||
@@ -995,9 +994,7 @@ install_orchestration()
|
||||
fi
|
||||
|
||||
[ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && . "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg"
|
||||
|
||||
[ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && \
|
||||
previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
|
||||
previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
|
||||
|
||||
if ! [ -z "$previous_mode" ]; then
|
||||
var_orchestration_mode=${previous_mode}
|
||||
@@ -1021,8 +1018,7 @@ install_orchestration()
|
||||
rm -f "${FILESYSTEM_PATH}/${CONF_PATH}/default_orchestration_flags"
|
||||
fi
|
||||
|
||||
update_openappsec_manifest
|
||||
upgrade_conf_if_needed
|
||||
upgrade_conf_if_needed
|
||||
|
||||
cp_exec "${FILESYSTEM_PATH}/${WATCHDOG_PATH}/cp-nano-watchdog --un-register ${FILESYSTEM_PATH}/${SERVICE_PATH}/cp-nano-orchestration $var_arch_flag"
|
||||
if [ "$IS_K8S_ENV" = "true" ]; then
|
||||
@@ -1077,7 +1073,7 @@ install_orchestration()
|
||||
cp_exec "mkdir -p ${LOG_FILE_PATH}/${LOG_PATH}"
|
||||
cp_exec "mkdir -p ${FILESYSTEM_PATH}/${DATA_PATH}"
|
||||
|
||||
update_openappsec_manifest
|
||||
update_cloudguard_appsec_manifest
|
||||
|
||||
if [ ! -f ${FILESYSTEM_PATH}/${DEFAULT_SETTINGS_PATH} ]; then
|
||||
echo "{\"agentSettings\": []}" > ${FILESYSTEM_PATH}/${DEFAULT_SETTINGS_PATH}
|
||||
|
||||
@@ -53,12 +53,7 @@ var_upgarde=false
|
||||
get_profile_agent_setting_with_default() {
|
||||
key="$1"
|
||||
default_value="$2"
|
||||
|
||||
value=$(grep -o "\"key\":\s*\"$key\".*?\"value\":\s*\"[^\"]*\"" $SETTINGS_FILE | sed -E 's/.*"value":\s*"([^"]*)".*/\1/')
|
||||
if [ -z "$value" ]; then
|
||||
value=$(grep -o "\"$key\":\s*\"[^\"]*\"" $SETTINGS_FILE | sed -E 's/.*"'"$key"'":\s*"([^"]*)".*/\1/')
|
||||
fi
|
||||
|
||||
value=$(grep -oP "\"key\":\s*\"$key\".*?\"value\":\s*\"[^\"]+\"" $SETTINGS_FILE | sed -E 's/.*"value":\s*"([^"]+)".*/\1/')
|
||||
if [ "$value" = "null" ] || [ -z "$value" ]; then
|
||||
echo "$default_value"
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user