#!/bin/bash
###########################################################
#
# Application Defender On-Premises Installation
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
###########################################################
CURRENT_DIR=$(pwd)
RELEASE=20.1.0
APPDEFENDER_IP=10.10.10.55
VERTICA_DB1_IP=10.10.10.56
INSTALL_DIR=/opt/appdefender_${RELEASE}
KEY_PASSPHRASE='<비밀번호>'
ZIP_FILE=appdefender_${RELEASE}_docker_images.zip
PATH=${PATH}:/usr/local/bin
###########################################################
#
# su (일반 계정으로 실행시 su를 명시해 준다)
#
###########################################################
#SUDO_CMD=
SUDO_CMD=sudo
###########################################################
#
# appdefender.properties
#
###########################################################
HOSTNAME=$(hostname)
DB_KEY='<비밀번호>'
DOCKER_CMD=docker
DOCKER_COMPOSE=docker-compose
ZIP_CMD=/usr/bin/zip
UNZIP_CMD=/usr/bin/unzip
DOCKER_FOLDER=/var/lib/docker
TMPSTR=$(docker -v)
DOCKER_VERSION=${TMPSTR:15}
###########################################################
#
# 고객사 정보
#
###########################################################
CUSTOMER_NAME="MyCompany"
CUSTOMER_DOMAIN="test.com"
###########################################################
#
# Vertica Database 정보
#
###########################################################
VERTICA_DB=db_appdefender
VERTICA_USER=dbadmin
VERTICA_PW='<비밀번호>'
###########################################################
#
# Docker/PostgreSQL Database 정보
#
###########################################################
POSTGRES_DB=db_appdefender
POSTGRES_USER=postgres
POSTGRES_PW='<비밀번호>'
###########################################################
#
# SMTP 서버 정보
#
# MAIL_TO가 최초 로그인 계정이 되며, Forget password로
# 이메일을 통해 초기 암호를 발급 받아야 한다.
#
###########################################################
SMTP_SERVER=10.10.10.1
MAIL_FROM=sales@gmail.com
MAIL_TO=test@naver.com
###########################################################
#
# MicroFocus 사이트에서 다운로드 받은 패키지 파일 정보
#
###########################################################
PACKAGE_DIR=${INSTALL_DIR}/server
PROPERTIES_FILE=${PACKAGE_DIR}/appdefender.properties
#!/bin/bash
###########################################################
#
# docker 패키지 설치
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
###########################################################
#
# disable SELinux
#
###########################################################
setenforce 0
getenforce
###########################################################
#
# docker 제거
#
###########################################################
do_uninstall_docker() {
echo "###################################################"
echo "#"
echo "# do_uninstall_docker"
echo "#"
echo "###################################################"
${SUDO_CMD} yum -y remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
${SUDO_CMD} yum -y remove docker-ce docker-ce-cli
${SUDO_CMD} rm -f /usr/local/bin/docker-compose
${SUDO_CMD} rm -f /usr/bin/docker-compose
${SUDO_CMD} rm -rf /var/lib/docker
}
###########################################################
#
# RPM 다운로드
#
###########################################################
do_download_rpm() {
echo "###################################################"
echo "#"
echo "# do_download_rpm"
echo "#"
echo "###################################################"
RPM_DIR=$(pwd)/rpm
mkdir ${RPM_DIR}
${SUDO_CMD} yum clean all
${SUDO_CMD} yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
${SUDO_CMD} yum-config-manager --disable docker-ce-edge
${SUDO_CMD} yum-config-manager --disable docker-ce-test
${SUDO_CMD} yum install -y --downloadonly --downloaddir=${RPM_DIR} docker-ce
${SUDO_CMD} curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` -o ${RPM_DIR}/docker-compose
chmod 755 ${RPM_DIR}/docker-compose
}
###########################################################
#
# docker 설치
#
###########################################################
do_install_docker() {
echo "###################################################"
echo "#"
echo "# do_install_docker"
echo "#"
echo "###################################################"
${SUDO_CMD} yum install -y yum-utils device-mapper-persistent-data lvm2
${SUDO_CMD} yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
${SUDO_CMD} yum-config-manager --disable docker-ce-edge
${SUDO_CMD} yum-config-manager --disable docker-ce-test
${SUDO_CMD} yum install -y docker-ce
${SUDO_CMD} curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
${SUDO_CMD} chmod 755 /usr/bin/docker-compose
${SUDO_CMD} yum list docker-ce --showduplicates | sort -r
${SUDO_CMD} systemctl daemon-reload
${SUDO_CMD} systemctl enable docker
${SUDO_CMD} systemctl start docker
${SUDO_CMD} echo "" >> /etc/rc.d/rc.local
${SUDO_CMD} echo "ulimit -n 65536" >> /etc/rc.d/rc.local
}
###########################################################
#
# docker 설치 (SKP용)
#
###########################################################
do_install_docker_skp() {
echo "###################################################"
echo "#"
echo "# do_install_docker (for SKP)"
echo "#"
echo "###################################################"
${SUDO_CMD} yum install -y yum-utils device-mapper-persistent-data lvm2
${SUDO_CMD} yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
${SUDO_CMD} yum-config-manager --enable docker-ce-edge
${SUDO_CMD} yum-config-manager --enable docker-ce-test
${SUDO_CMD} yum install -y docker-ce
${SUDO_CMD} yum-config-manager --disable docker-ce-test
${SUDO_CMD} yum-config-manager --disable docker-ce-edge
${SUDO_CMD} curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
${SUDO_CMD} chmod 755 /usr/local/bin/docker-compose
${SUDO_CMD} yum list docker-ce --showduplicates | sort -r
${SUDO_CMD} systemctl daemon-reload
${SUDO_CMD} systemctl enable docker
${SUDO_CMD} systemctl start docker
${SUDO_CMD} echo "" >> /etc/rc.d/rc.local
${SUDO_CMD} echo "ulimit -n 65536" >> /etc/rc.d/rc.local
}
###########################################################
#
# 필요한 패키지 설치
#
###########################################################
do_install_yum_pkg() {
echo "###################################################"
echo "#"
echo "# do_install_yum_pkg"
echo "#"
echo "###################################################"
${SUDO_CMD} yum -y install net-tools
${SUDO_CMD} yum -y install sendmail
${SUDO_CMD} yum -y install ntp
${SUDO_CMD} yum -y install unzip
${SUDO_CMD} yum -y install lrzsz
${SUDO_CMD} yum -y install java-1.8.0-openjdk.x86_64 java-1.8.0-openjdk-devel.x86_64
${SUDO_CMD} systemctl daemon-reload
${SUDO_CMD} systemctl disable sendmail
${SUDO_CMD} systemctl enable ntpd
${SUDO_CMD} systemctl start ntpd
${SUDO_CMD} systemctl start sendmail
}
###########################################################
#
# main
#
###########################################################
#do_download_rpm
do_uninstall_docker
do_install_docker
#do_install_docker_skp
do_install_yum_pkg
#!/bin/bash
###########################################################
#
# Application Defender On-Premises Installation
# (root로 실행)
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
if [ $(whoami) = "root" ]; then ulimit -n 65536; fi
###########################################################
#
# 설치 디렉토리 생성
#
###########################################################
do_make_dir() {
echo "###################################################"
echo "#"
echo "# do_make_dir"
echo "#"
echo "###################################################"
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/certs
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/data
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/docker_images
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/licenses
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/logs
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/server
${SUDO_CMD} mkdir -p -m 755 ${INSTALL_DIR}/yaml/appdefender
cd /opt
${SUDO_CMD} ln -sf ${INSTALL_DIR} appdefender
cd ${CURRENT_DIR}
}
###########################################################
#
# 설치 패키지 파일 복사
#
###########################################################
do_copy_package() {
echo "###################################################"
echo "#"
echo "# do_copy_package"
echo "#"
echo "###################################################"
${SUDO_CMD} mkdir -p ${PACKAGE_DIR}
${SUDO_CMD} cp -Rf ${CURRENT_DIR}/fortify_appdefender_server_${RELEASE}/* ${PACKAGE_DIR}/
}
###########################################################
#
# docker 실행 스크립트 재구성
# load.sh → docker_load.sh
#
###########################################################
do_make_docker_load_script() {
echo "###################################################"
echo "#"
echo "# do_make_docker_load_script"
echo "#"
echo "###################################################"
export SED_PATH_STRING=$(echo ${INSTALL_DIR} | sed 's_/_\\/_g')
echo '#!/bin/bash' > ${INSTALL_DIR}/docker_images/docker_load.sh
${SUDO_CMD} cat ${INSTALL_DIR}/docker_images/load.sh >> ${INSTALL_DIR}/docker_images/docker_load.sh
${SUDO_CMD} sed -i "s/\r//g" ${INSTALL_DIR}/docker_images/docker_load.sh
${SUDO_CMD} chmod 755 ${INSTALL_DIR}/docker_images/docker_load.sh
${SUDO_CMD} sed -i "s/ \./ ${SED_PATH_STRING}\/docker_images/g" ${INSTALL_DIR}/docker_images/docker_load.sh
}
###########################################################
#
# 스크립트 파일 복사
#
###########################################################
do_copy_script() {
echo "###################################################"
echo "#"
echo "# do_copy_script"
echo "#"
echo "###################################################"
${SUDO_CMD} cp -f ./scripts/run_appdefender.sh ${INSTALL_DIR}/
${SUDO_CMD} chmod 755 ${INSTALL_DIR}/*.sh
}
###########################################################
#
# 인증서 생성
#
###########################################################
do_generate_cert() {
echo "###################################################"
echo "#"
echo "# do_generate_cert"
echo "#"
echo "###################################################"
${SUDO_CMD} rm -rf ${INSTALL_DIR}/certs
${SUDO_CMD} tar -C ${INSTALL_DIR} -xzf ${PACKAGE_DIR}/CertGeneration.tar.gz
${SUDO_CMD} mv ${INSTALL_DIR}/CertGeneration ${INSTALL_DIR}/certs
echo "###################################################"
echo "#"
echo "# KEY_PASSPHRASE: ${KEY_PASSPHRASE}"
echo "#"
echo "###################################################"
${SUDO_CMD} chmod 755 ${INSTALL_DIR}/certs/server-root-self-signed.sh
cd ${INSTALL_DIR}/certs && ${SUDO_CMD} ./server-root-self-signed.sh
echo "###################################################"
echo "#"
echo "# KEY_PASSPHRASE: ${KEY_PASSPHRASE}"
echo "#"
echo "###################################################"
${SUDO_CMD} chmod 755 ${INSTALL_DIR}/certs/build-stores.sh
cd ${INSTALL_DIR}/certs && ${SUDO_CMD} ./build-stores.sh
cd ${CURRENT_DIR}
# If you want to use certificates from third party CA then copy server certificate, server private key, Intermediate ROOT certificate and Third party ROOT certificate to output directory:
# Enter 1 for self-signed cert or 2 for third-party CA - Default Self signed 1 <엔터키 입력>
# Creating output directory if it doesn't exist
# Enter passphrase that you want to set for Java keystore (atleast 6 characters) and press [ENTER]: <비밀번호 입력>
}
###########################################################
#
# 라이선스 파일 복사
#
###########################################################
do_copy_licenses() {
echo "###################################################"
echo "#"
echo "# do_copy_licenses"
echo "#"
echo "###################################################"
cd ${CURRENT_DIR}
${SUDO_CMD} cp -Rf licenses ${INSTALL_DIR}
}
###########################################################
#
# appdefender.properties
#
###########################################################
do_make_properties() {
echo "###################################################"
echo "#"
echo "# do_make_properties"
echo "#"
echo "###################################################"
if [ ! -e ${PROPERTIES_FILE}.orig ]; then
${SUDO_CMD} cp -f ${PROPERTIES_FILE} ${PROPERTIES_FILE}.orig
fi
${SUDO_CMD} rm -f ${PROPERTIES_FILE}
${SUDO_CMD} sh -c "echo \"deploy: single\" > ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"lb_host:${APPDEFENDER_IP}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"apps_host:[['1','${APPDEFENDER_IP}','${HOSTNAME}']]\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"infrastructure_host:[['1','${APPDEFENDER_IP}','${HOSTNAME}']]\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"apps_host_mac_address:F4:03:43:57:E8:30\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"appdefender_registry:appdefender\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"defender_logs:${INSTALL_DIR}/logs\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"defender_data:${INSTALL_DIR}/data\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"initial_user_email:${MAIL_TO}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"initial_user_first_name:Fortify\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"initial_user_last_name:Application Defender\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"initial_tenant_domain:${CUSTOMER_DOMAIN}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"initial_tenant_name:${CUSTOMER_NAME}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"mail_from:${MAIL_FROM}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"mail_host:${SMTP_SERVER}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"mail_port:25\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"mail_username:\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"mail_password:\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"postgres_ip:${APPDEFENDER_IP}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"postgres_dbname:${POSTGRES_DB}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"postgres_user:${POSTGRES_USER}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"postgres_password:${POSTGRES_PW}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"vertica_ip:${VERTICA_DB1_IP}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"vertica_dbname:${VERTICA_DB}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"vertica_user:${VERTICA_USER}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"vertica_password:${VERTICA_PW}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"keystore_path:${INSTALL_DIR}/certs/keystore.jks\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"keystore_password:${KEY_PASSPHRASE}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"truststore_path:${INSTALL_DIR}/certs/truststore.jks\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"truststore_password:${KEY_PASSPHRASE}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"itemstore_path:${INSTALL_DIR}/certs/itemstore.jks\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"itemstore_password:${KEY_PASSPHRASE}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"license_file_dir:${INSTALL_DIR}/licenses\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"version:${RELEASE}\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"syslog:disable\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"haproxy_config_location: ${INSTALL_DIR}/yaml/appdefender/haproxy.tmpl\" >> ${PROPERTIES_FILE}"
${SUDO_CMD} sh -c "echo \"db_key:${DB_KEY}\" >> ${PROPERTIES_FILE}"
}
###########################################################
#
# 설정파일 생성
#
###########################################################
do_generate_yaml() {
echo "###################################################"
echo "#"
echo "# do_generate_yaml"
echo "#"
echo "###################################################"
cd ${CURRENT_DIR}
${SUDO_CMD} cp -f ${PACKAGE_DIR}/generate-compose-yaml.py ${INSTALL_DIR}/yaml
${SUDO_CMD} rm -rf ${PACKAGE_DIR}/appdefender
${SUDO_CMD} rm -rf ${INSTALL_DIR}/yaml/appdefender
cd ${INSTALL_DIR}/yaml
${SUDO_CMD} python generate-compose-yaml.py ${PROPERTIES_FILE}
${SUDO_CMD} cp -f ${PACKAGE_DIR}/privacy-scripts.env ${INSTALL_DIR}/yaml/appdefender/
${SUDO_CMD} cp -f ${PACKAGE_DIR}/privacy-scripts.yml ${INSTALL_DIR}/yaml/appdefender/
}
###########################################################
#
# 함수 실행
#
###########################################################
do_make_dir
do_copy_package
do_copy_script
do_generate_cert
do_copy_licenses
do_make_properties
do_generate_yaml
#!/bin/bash
###########################################################
#
# unzip & 파일 복사
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
# docker hub를 통해 받은 appdefender 이미지 또는 기존에
# 받아서 압축되어 있는 docker image의 압축을 푼다.
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
###########################################################
#
# docker image 초기화
#
###########################################################
do_docker_cleaning_up() {
echo "###################################################"
echo "#"
echo "# do_docker_cleaning_up"
echo "#"
echo "###################################################"
${SUDO_CMD} ${DOCKER_CMD} stop $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} ${DOCKER_CMD} rm $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} ${DOCKER_CMD} rmi $(${SUDO_CMD} ${DOCKER_CMD} images -q)
${SUDO_CMD} ${DOCKER_CMD} volume rm $(${SUDO_CMD} ${DOCKER_CMD} volume ls -q)
${SUDO_CMD} ${DOCKER_CMD} system prune -a -f
}
###########################################################
#
# Appdefender docker 이미지 풀기
#
###########################################################
do_unzip_docker_images() {
echo "###################################################"
echo "#"
echo "# do_unzip_docker_images"
echo "#"
echo "###################################################"
if [ -x ${UNZIP_CMD} ]
then
${SUDO_CMD} mkdir -p ${INSTALL_DIR}/docker_images
${SUDO_CMD} ${UNZIP_CMD} ${ZIP_FILE} -d ${INSTALL_DIR}/docker_images
fi
}
###########################################################
#
# 함수 실행
#
###########################################################
if [ -f ${ZIP_FILE} ]
then
do_docker_cleaning_up
do_unzip_docker_images
fi
#!/bin/bash
###########################################################
#
# Application Defender On-Premises Installation
# (root로 실행)
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
if [ $(whoami) = "root" ]; then ulimit -n 65536; fi
###########################################################
#
# AppDefender ${DOCKER_CMD} 이미지 로드 (기존 이미지 모두 제거)
#
###########################################################
load_docker_images() {
echo "###################################################"
echo "#"
echo "# load_docker_images"
echo "#"
echo "###################################################"
for TAR_FILE in ${INSTALL_DIR}/docker_images/*.tar
do
echo Loading... ${TAR_FILE}
${SUDO_CMD} ${DOCKER_CMD} load -i ${TAR_FILE}
done
}
###########################################################
#
# AppDefender Build Containers
# (실행 후
# SELECT * FROM ALL_TABLES WHERE TABLE_TYPE='TABLE';
# 쿼리를 사용하여 Vertica 테이블 생성 확인)
#
###########################################################
build_containers() {
echo "###################################################"
echo "#"
echo "# build_containers"
echo "#"
echo "###################################################"
echo "###################################################"
echo "# postgres.yml"
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/postgres.yml up -d
echo "###################################################"
echo "# infrastructures.yml up -d db_migrations"
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/infrastructures.yml up -d db_migrations
${SUDO_CMD} ${DOCKER_CMD} logs -f db_migrations
echo "###################################################"
echo "# applications.yml up -d rsyslog_defender
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/applications.yml up -d rsyslog_defender
echo "###################################################"
echo "# applications.yml up -d ui_customer
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/applications.yml up -d ui_customer
echo "###################################################"
echo "# infrastructures.yml"
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/infrastructures.yml up -d
#echo "###################################################"
#echo "# optional.yml"
#echo "###################################################"
#${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/optional.yml up -d
echo "###################################################"
echo "# applications.yml"
echo "###################################################"
${SUDO_CMD} ${DOCKER_COMPOSE} -f ${INSTALL_DIR}/yaml/appdefender/applications.yml up -d
${SUDO_CMD} ${DOCKER_CMD} logs -f appdefender_ui_customer_1
${SUDO_CMD} ${DOCKER_CMD} ps
${SUDO_CMD} ${DOCKER_CMD} ps | wc -l
}
###########################################################
#
# 함수 실행
#
###########################################################
${SUDO_CMD} systemctl restart docker
load_docker_images
build_containers
#!/bin/bash
##############################################################################
#
# 이 패치는 Application Defender 20.1.0의 rtal(RunTime Application Logging)
# 룰이 docker 이미지에서 누락되어 있는 버그를 패치한다.
# 패치를 진행하기 전에 Agent를 한번 다운로드 받고 진행한다.
#
# 패치를 진행한 후에는 반드시 Agent를 재 설치해야 한다.
#
##############################################################################
CURRENT_DIR=$(pwd)
SECURITY_CONTENT=${CURRENT_DIR}/fortify_appdefender_server_20.1.0/SecurityContent2019.4.1.1.zip
UNZIP_CMD=$(which unzip)
if [ -z ${UNZIP_CMD} ]
then
exit 1
fi
DOCKER_CMD=$(which docker)
if [ -z ${DOCKER_CMD} ]
then
exit 2
fi
mkdir ${CURRENT_DIR}/tmp_securitycontent
${UNZIP_CMD} ${SECURITY_CONTENT} -d ${CURRENT_DIR}/tmp_securitycontent
${DOCKER_CMD} exec -it appdefender_ui_customer_1 /bin/ls -l /service/initialConfig
${DOCKER_CMD} cp ${CURRENT_DIR}/tmp_securitycontent/rules/rtal_information_dotnet.rpr appdefender_ui_customer_1:/service/initialConfig/
${DOCKER_CMD} cp ${CURRENT_DIR}/tmp_securitycontent/rules/rtal_information_java.rpr appdefender_ui_customer_1:/service/initialConfig/
${DOCKER_CMD} cp ${CURRENT_DIR}/tmp_securitycontent/rules/rtal_logging_dotnet.rpr appdefender_ui_customer_1:/service/initialConfig/
${DOCKER_CMD} cp ${CURRENT_DIR}/tmp_securitycontent/rules/rtal_logging_java.rpr appdefender_ui_customer_1:/service/initialConfig/
#for RULE_FILE in ${CURRENT_DIR}/tmp_securitycontent/rules/*
#do
# echo ${DOCKER_CMD} cp ${RULE_FILE} appdefender_ui_customer_1:/service/initialConfig/
# ${DOCKER_CMD} cp ${RULE_FILE} appdefender_ui_customer_1:/service/initialConfig/
#done
${DOCKER_CMD} exec -it appdefender_ui_customer_1 /bin/chown -R root:root /service/initialConfig
${DOCKER_CMD} exec -it appdefender_ui_customer_1 /bin/ls -l /service/initialConfig
rm -rf ${CURRENT_DIR}/tmp_securitycontent
#!/bin/bash
###########################################################
#
# unzip & 파일 복사
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
# docker hub를 통해 appdefender 이미지를 받고 압축한다.
# 만일 docker hub를 이용하지 않으면 이 과정은 필요 없다.
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
###########################################################
#
# docker image 초기화
#
###########################################################
do_docker_cleaning_up() {
echo "###################################################"
echo "#"
echo "# do_docker_cleaning_up"
echo "#"
echo "###################################################"
${SUDO_CMD} ${DOCKER_CMD} stop $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} ${DOCKER_CMD} rm $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} ${DOCKER_CMD} rmi $(${SUDO_CMD} ${DOCKER_CMD} images -q)
${SUDO_CMD} ${DOCKER_CMD} volume rm $(${SUDO_CMD} ${DOCKER_CMD} volume ls -q)
${SUDO_CMD} ${DOCKER_CMD} system prune -a -f
}
###########################################################
#
# dockerhub에서 AppDefender docker image 받아오기
#
###########################################################
do_docker_login() {
echo "###################################################"
echo "#"
echo "# do_docker_login"
echo "#"
echo "###################################################"
echo "###################################################"
echo "# DockerHUB Account: esvali / Zxcv!234Z"
echo "###################################################"
${SUDO_CMD} ${DOCKER_CMD} login
}
###########################################################
#
# dockerhub에서 AppDefender docker image 받아오기
#
###########################################################
do_docker_pull() {
echo "###################################################"
echo "#"
echo "# do_docker_pull"
echo "#"
echo "###################################################"
${SUDO_CMD} ${DOCKER_CMD} stop $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/defender-base:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/storm-base:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/backend-jobs:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/cassandra:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/command-channel:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/consul:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/db-migrations:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/edge:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/haproxy:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/kafka:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/postgres:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/registrator:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/rsyslog:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/storm-nimbus:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/storm-supervisor:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/storm-ui:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/topologies:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/ui-customer:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} pull appdefender/zookeeper:${RELEASE}
}
###########################################################
#
# dockerhub에서 받은 AppDefender docker image 저장하기
#
###########################################################
do_docker_save() {
echo "###################################################"
echo "#"
echo "# do_docker_save"
echo "#"
echo "###################################################"
${SUDO_CMD} ${DOCKER_CMD} stop $(${SUDO_CMD} ${DOCKER_CMD} ps -qa)
${SUDO_CMD} mkdir ./docker_images.tmp
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_defender-base_${RELEASE}.tar appdefender/defender-base:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_storm-base_${RELEASE}.tar appdefender/storm-base:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_backend-jobs_${RELEASE}.tar appdefender/backend-jobs:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_cassandra_${RELEASE}.tar appdefender/cassandra:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_command-channel_${RELEASE}.tar appdefender/command-channel:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_consul_${RELEASE}.tar appdefender/consul:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_db-migrations_${RELEASE}.tar appdefender/db-migrations:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_edge_${RELEASE}.tar appdefender/edge:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_haproxy_${RELEASE}.tar appdefender/haproxy:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_kafka_${RELEASE}.tar appdefender/kafka:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_postgres_${RELEASE}.tar appdefender/postgres:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_registrator_${RELEASE}.tar appdefender/registrator:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_rsyslog_${RELEASE}.tar appdefender/rsyslog:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_storm-nimbus_${RELEASE}.tar appdefender/storm-nimbus:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_storm-supervisor_${RELEASE}.tar appdefender/storm-supervisor:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_storm-ui_${RELEASE}.tar appdefender/storm-ui:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_topologies_${RELEASE}.tar appdefender/topologies:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_ui-customer_${RELEASE}.tar appdefender/ui-customer:${RELEASE}
${SUDO_CMD} ${DOCKER_CMD} save -o ./docker_images.tmp/appdefender_zookeeper_${RELEASE}.tar appdefender/zookeeper:${RELEASE}
}
###########################################################
#
# dockerhub에서 받은 AppDefender docker image 압축하기
#
###########################################################
do_zip_docker_images() {
echo "###################################################"
echo "#"
echo "# do_zip_docker_images"
echo "#"
echo "###################################################"
${SUDO_CMD} rm -f appdefender_${RELEASE}_docker_images.zip
if [ -x ${ZIP_CMD} ]
then
cd ./docker_images.tmp; ${SUDO_CMD} ${ZIP_CMD} -9 ../appdefender_${RELEASE}_docker_images.zip *.tar
cd ${CURRENT_DIR}
${SUDO_CMD} rm -rf ./docker_images.tmp
fi
}
###########################################################
#
# 함수 실행
#
###########################################################
do_docker_cleaning_up
do_docker_login
do_docker_pull
do_docker_save
do_zip_docker_images
#!/bin/bash
###########################################################
#
# Application Defender On-Premises uninstallation
# (root로 실행)
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
# by 이존석(hasu0707@gmail.com)
#
###########################################################
###########################################################
# config.sh를 읽어들인다.
###########################################################
INCLUDE_DIR=`pwd`
if [[ ! -d "${INCLUDE_DIR}" ]]; then INCLUDE_DIR="${PWD}"; fi
. "${INCLUDE_DIR}/0_config.sh"
if [ $(whoami) = "root" ]; then ulimit -n 65536; fi
export PATH=${PATH}:/usr/local/bin
function do_uninstall_docker_images {
# AppDefender 중지
cd ${INSTALL_DIR}/yaml/appdefender
${SUDO_CMD} ${DOCKER_COMPOSE} -f applications.yml stop
${SUDO_CMD} ${DOCKER_COMPOSE} -f infrastructures.yml stop
${SUDO_CMD} ${DOCKER_COMPOSE} -f postgres.yml stop
# ${DOCKER_CMD} container 모두 중지
${SUDO_CMD} ${DOCKER_CMD} stop $(${SUDO_CMD} ${DOCKER_CMD} ps -a -q)
# ${DOCKER_CMD} container 모두 삭제
${SUDO_CMD} ${DOCKER_CMD} rm $(${SUDO_CMD} ${DOCKER_CMD} ps -a -q)
# ${DOCKER_CMD} image 모두 삭제
${SUDO_CMD} ${DOCKER_CMD} rmi $(${SUDO_CMD} ${DOCKER_CMD} images -q)
# ${DOCKER_CMD} volume 모두 삭제
${SUDO_CMD} ${DOCKER_CMD} volume rm $(${SUDO_CMD} ${DOCKER_CMD} volume ls -q)
# Purging All Unused or Dangling Images, Containers, Volumes, and Networks
${SUDO_CMD} ${DOCKER_CMD} system prune -a -f
${SUDO_CMD} systemctl stop docker
}
function do_uninstall_appdefender {
${SUDO_CMD} rm -rf /opt/appdefender
${SUDO_CMD} rm -rf /opt/appdefender_${RELEASE}
${SUDO_CMD} rm -rf /opt/*
}
do_uninstall_docker_images
do_uninstall_appdefender
${SUDO_CMD} systemctl restart docker
