[AppDefender] Application Defender On-Premises 설치 스크립트

관리자 2018.07.16 17:02 조회 수 : 10

#!/bin/bash
###########################################################
#
# Application Defender On-Premises Installation
# (root로 실행)
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
# by 이존석(hasu0707@gmail.com)
#
###########################################################
CURRENT_DIR=/root/package
APPDEFENDER_IP=10.10.10.40
VERTICA_DB1_IP=10.10.10.41
INSTALL_DIR=/opt/appdefender
KEY_PASSPHRASE=<mypassphrase>

VERTICA_DB=db_appdefender
VERTICA_PW=<verticapw>
VERTICA_USER=dbadmin

POSTGRES_DB=db_appdefender
POSTGRES_PW=<postgrespw>
POSTGRES_USER=postgres

# MAIL_TO가 최초 로그인 계정이 되며, Forget password로 이메일을 통해 초기 암호를 발급 받아야 한다.
SMTP_SERVER=10.10.10.1
MAIL_FROM=user@gmail.com
MAIL_TO=user@gmail.com


PROPERTIES_FILE=${CURRENT_DIR}/HPE_Security_AppDefender_17.10/appdefender.properties

ulimit -n 65535
###########################################################
#
# docker 설치
#
###########################################################
do_install_docker_compose() {
  yum install -y yum-utils device-mapper-persistent-data lvm2
  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  yum-config-manager --enable docker-ce-edge
  yum-config-manager --enable docker-ce-test
  yum install -y docker-ce
  yum-config-manager --disable docker-ce-test
  yum-config-manager --disable docker-ce-edge
  curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  chmod 755 /usr/local/bin/docker-compose
  yum list docker-ce --showduplicates | sort -r
  systemctl daemon-reload
  systemctl enable docker
  systemctl start docker
  echo "" >> /etc/rc.d/rc.local
  echo "ulimit -n 65535" >> /etc/rc.d/rc.local
}

###########################################################
#
# 필요한 패키지 설치
#
###########################################################
do_install_yum_pkg() {
  yum -y install sendmail
  yum -y install ntp
  systemctl daemon-reload
  systemctl disable sendmail
  systemctl enable ntpd
  systemctl start ntpd
  systemctl start sendmail
}

###########################################################
#
# Appdefender docker 이미지 풀기
#
###########################################################
do_unzip_docker_images() {
  mkdir -p ${INSTALL_DIR}/docker_images
  unzip appdefender_docker_images.zip -d ${INSTALL_DIR}/docker_images
}

###########################################################
#
# docker 실행 스크립트 재구성
# load.sh → docker_load.sh
#
###########################################################
do_make_docker_load_script() {
  export SED_PATH_STRING=$(echo ${INSTALL_DIR} | sed 's_/_\\/_g')
  echo '#!/bin/bash' > ${INSTALL_DIR}/docker_images/docker_load.sh
  cat ${INSTALL_DIR}/docker_images/load.sh >> ${INSTALL_DIR}/docker_images/docker_load.sh
  sed -i "s/\r//g" ${INSTALL_DIR}/docker_images/docker_load.sh
  chmod 755 ${INSTALL_DIR}/docker_images/docker_load.sh
  sed -i "s/ \./ ${SED_PATH_STRING}\/docker_images/g" ${INSTALL_DIR}/docker_images/docker_load.sh
}

###########################################################
#
# 스크립트 파일 복사
#
###########################################################
do_copy_script() {
  cp -f ./scripts/run_appdefender.sh ${INSTALL_DIR}/
  chmod 755 ${INSTALL_DIR}/*.sh
}

###########################################################
#
# 인증서 생성
#
###########################################################
do_generate_cert() {
  rm -rf ${INSTALL_DIR}/CertGeneration
  tar -C ${INSTALL_DIR} -xzf ./HPE_Security_AppDefender_17.10/CertGeneration.tar.gz
  clear
  cd ${INSTALL_DIR}/CertGeneration && ./server-root-self-signed.sh
  clear
  cd ${INSTALL_DIR}/CertGeneration && ./build-stores.sh
  cd ${CURRENT_DIR}

  # If you want to use certificates from third party CA then copy server certificate, server private key, Intermediate ROOT certificate and Third party ROOT certificate to output directory:
  # Enter 1 for self-signed cert or 2 for third-party CA - Default Self signed  1 <엔터키 입력>
  # Creating output directory if it doesn't exist
  # Enter passphrase that you want to set for Java keystore (atleast 6 characters) and press [ENTER]: <비밀번호 입력>
}

###########################################################
#
# 라이선스 파일 복사
#
###########################################################
do_copy_licenses() {
  cd ${CURRENT_DIR}
  cp -Rf licenses ${INSTALL_DIR}
}

###########################################################
#
# appdefender.properties
#
###########################################################
do_make_properties() {
  if [ ! -e ${PROPERTIES_FILE}.orig ]; then
    cp -f ${PROPERTIES_FILE} ${PROPERTIES_FILE}.orig
  fi
  echo "deploy: single" > ${PROPERTIES_FILE}
  echo "lb_host:${APPDEFENDER_IP}" >> ${PROPERTIES_FILE}
  echo "apps_host:[['1','${APPDEFENDER_IP}','appplications']]" >> ${PROPERTIES_FILE}
  echo "infrastructure_host:[['1','${APPDEFENDER_IP}','infrastructure']]" >> ${PROPERTIES_FILE}
  echo "apps_host_mac_address:F4:03:43:57:E8:30" >> ${PROPERTIES_FILE}
  echo "appdefender_registry:appdefender" >> ${PROPERTIES_FILE}
  echo "defender_logs:${INSTALL_DIR}/logs" >> ${PROPERTIES_FILE}
  echo "defender_data:${INSTALL_DIR}/data" >> ${PROPERTIES_FILE}
  echo "initial_user_email:${MAIL_TO}" >> ${PROPERTIES_FILE}
  echo "initial_user_first_name:HPE Fortify" >> ${PROPERTIES_FILE}
  echo "initial_user_last_name:Application Defender" >> ${PROPERTIES_FILE}
  echo "initial_tenant_domain:esvali.com" >> ${PROPERTIES_FILE}
  echo "initial_tenant_name:eSecuVali_Corp" >> ${PROPERTIES_FILE}
  echo "mail_from:${MAIL_FROM}" >> ${PROPERTIES_FILE}
  echo "mail_host:${SMTP_SERVER}" >> ${PROPERTIES_FILE}
  echo "mail_port:25" >> ${PROPERTIES_FILE}
  echo "mail_username:" >> ${PROPERTIES_FILE}
  echo "mail_password:" >> ${PROPERTIES_FILE}
  echo "postgres_ip:${APPDEFENDER_IP}" >> ${PROPERTIES_FILE}
  echo "postgres_dbname:${POSTGRES_DB}" >> ${PROPERTIES_FILE}
  echo "postgres_user:${POSTGRES_USER}" >> ${PROPERTIES_FILE}
  echo "postgres_password:${POSTGRES_PW}" >> ${PROPERTIES_FILE}
  echo "vertica_ip:${VERTICA_DB1_IP}" >> ${PROPERTIES_FILE}
  echo "vertica_dbname:${VERTICA_DB}" >> ${PROPERTIES_FILE}
  echo "vertica_user:${VERTICA_USER}" >> ${PROPERTIES_FILE}
  echo "vertica_password:${VERTICA_PW}" >> ${PROPERTIES_FILE}
  echo "keystore_path:${INSTALL_DIR}/CertGeneration/keystore.jks" >> ${PROPERTIES_FILE}
  echo "keystore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "truststore_path:${INSTALL_DIR}/CertGeneration/truststore.jks" >> ${PROPERTIES_FILE}
  echo "truststore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "itemstore_path:${INSTALL_DIR}/CertGeneration/itemstore.jks" >> ${PROPERTIES_FILE}
  echo "itemstore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "license_file_dir:${INSTALL_DIR}/licenses" >> ${PROPERTIES_FILE}
  echo "haproxy_config_location:" >> ${PROPERTIES_FILE}
  echo "docker_folder:" >> ${PROPERTIES_FILE}
  echo "version:17.1" >> ${PROPERTIES_FILE}
  echo "syslog:disable" >> ${PROPERTIES_FILE}
}

###########################################################
#
# 초기화
#
###########################################################
reset_data() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  rm -rf ${INSTALL_DIR}/data/*
}

###########################################################
#
# 설정파일 생성
#
###########################################################
do_generate_yaml() {
  mkdir -p ${INSTALL_DIR}/yaml
  cd ${CURRENT_DIR}
  cp -f ./HPE_Security_AppDefender_17.10/generate-compose-yaml.py ${INSTALL_DIR}/yaml
  rm -rf ./HPE_Security_AppDefender_17.10/appdefender
  rm -rf ${INSTALL_DIR}/yaml/appdefender
  cd ${INSTALL_DIR}/yaml
  python generate-compose-yaml.py ${PROPERTIES_FILE}
  mkdir -p ${INSTALL_DIR}
}

###########################################################
#
# AppDefender docker 이미지 로드 (기존 이미지 모두 제거)
#
###########################################################
load_docker_images() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  docker rmi $(docker images -q)

  docker load -i ${INSTALL_DIR}/docker_images/appdefender_backend-jobs_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_cassandra_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_command-channel_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_consul_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_db-migrations_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_edge_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_haproxy_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_kafka_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_postgres_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_registrator_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_rsyslog_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_storm-nimbus_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_storm-supervisor_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_topologies_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_ui-customer_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_zookeeper_17.1.tar
}

###########################################################
#
# AppDefender Docker image up
# (실행 후
#  select * from all_tables where table_type='TABLE';
#  쿼리를 사용하여 Vertica 테이블 생성 확인)
#
###########################################################
docker_compose_up() {
  cd ${INSTALL_DIR}/yaml/appdefender
  /usr/local/bin/docker-compose -f postgres.yml up -d
  /usr/local/bin/docker-compose -f infrastructures.yml up -d db_migrations
  docker logs -f db_migrations
  /usr/local/bin/docker-compose -f applications.yml up -d ui_customer
  /usr/local/bin/docker-compose -f infrastructures.yml up -d
  /usr/local/bin/docker-compose -f applications.yml up -d
  docker logs -f appdefender_ui_customer_1
  docker ps
  docker ps | wc -l
}

###########################################################
#
# docker image 초기화
#
###########################################################
reset_docker_images() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  docker rmi $(docker images -q)
}

###########################################################
#
# 함수 실행
#
###########################################################
do_install_docker_compose
do_install_yum_pkg
do_unzip_docker_images
do_copy_script
do_generate_cert
do_copy_licenses
do_make_properties
do_generate_yaml
reset_data
load_docker_images
docker_compose_up

이 게시물을

번호	제목	날짜	조회 수
60	MicroFocus WebInspect Enterprise 설치 및 셋팅	2018.11.29	2
59	MicroFocus Actication Service URL	2018.11.19	0
58	[Fortify] dotNET 스캔	2018.11.01	2
57	[Fortify] SCA 분석 배치 순차실행 스크립트	2018.10.18	2
56	[Fortify] SSC 사용자 목록 보기 쿼리	2018.10.09	0
55	[Fortify] SSC 패스워드 초기화	2018.10.07	1
54	[Fortify] SSC 설치 시 MS-SQL 셋팅	2018.10.05	0
»	[AppDefender] Application Defender On-Premises 설치 스크립트	2018.07.16	10
52	[Fortify] MicroFocus에 Case 올리는 방법	2018.07.11	12
51	[Fortify] Suppress 대상 찾아내기 검색어	2018.07.04	7
50	오탐(False Alarm)이란 ?	2018.06.27	44
49	도메인 및 SMTP 서버에 DKIM 적용하기	2018.06.04	16
48	PiVPN (Simple OpenVPN installer, designed for raspberry pi)	2018.04.25	27
47	iptables firewall script	2018.04.24	16
46	OpenVPN ovpn 파일 샘플	2018.04.23	18
45	[Ubuntu] OpenVPN 서버 설치 스크립트	2018.04.23	16
44	iptables - 테이블 (table) (Filter table, NAT table, Mangle table)	2018.04.22	10
43	[Fortify]SSC Oracle DB 생성	2018.03.20	11
42	[Fortify]SSC 17.20 초기 설치 방법	2018.03.20	29
41	HPE Documents (임시)	2018.03.05	26

쓰기 태그

첫 페이지 1 2 3 끝 페이지

[AppDefender] Application Defender On-Premises 설치 스크립트

댓글 0