Skip to content
This repository was archived by the owner on Oct 15, 2025. It is now read-only.

Commit 3a6a0a8

Browse files
424D57424D57
committed
Merge v3.4
2 parents bf13b25 + 092f3ad commit 3a6a0a8

16 files changed

Lines changed: 1106 additions & 123 deletions

DeepSecurity/Common/DB/DSDBAbstract.template

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -115,14 +115,26 @@
115115
"Description" : "Choose private subnets in the same VPC for this RDS instance",
116116
"Type" : "AWS::EC2::Subnet::Id",
117117
"ConstraintDescription" : "RDS Subnet Groups must be comprised of 2 subnets in seperate availability zones with the specified VPC for deploying this template"
118-
}
118+
},
119+
"CfnUrlPrefix" : {
120+
"Type" : "String",
121+
"Default" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/"
122+
}
119123
},
120124
"Resources" : {
121125
"DSOracleRDS" : {
122126
"Type" : "AWS::CloudFormation::Stack",
123127
"Condition" : "DBTypeIsOracle",
124128
"Properties" : {
125-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.3/Common/DB/DSDBOracleRDS.template",
129+
"TemplateURL" : {
130+
"Fn::Join" : [
131+
"",
132+
[
133+
{ "Ref" : "CfnUrlPrefix" },
134+
"Common/DB/DSDBOracleRDS.template"
135+
]
136+
]
137+
},
126138
"TimeoutInMinutes" : "10",
127139
"Parameters" : {
128140
"DBIRDSInstanceSize" : {
@@ -156,7 +168,15 @@
156168
"Type" : "AWS::CloudFormation::Stack",
157169
"Condition" : "DBTypeIsSQL",
158170
"Properties" : {
159-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.3/Common/DB/DSDBSQLRDS.template",
171+
"TemplateURL" : {
172+
"Fn::Join" : [
173+
"",
174+
[
175+
{ "Ref" : "CfnUrlPrefix" },
176+
"Common/DB/DSDBSQLRDS.template"
177+
]
178+
]
179+
},
160180
"TimeoutInMinutes" : "10",
161181
"Parameters" : {
162182
"DBIRDSInstanceSize" : {

DeepSecurity/Common/DSM96ELB.template

Lines changed: 15 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -25,29 +25,32 @@
2525
"Default" : "4119",
2626
"ConstraintDescription" : "Must be a valid TCP port."
2727
},
28-
"DSELBPosture" : {
29-
"Description" : "Internal or External ELB",
30-
"Type" : "String",
31-
"AllowedValues" : [
32-
"External",
33-
"Internal"
34-
],
35-
"Default" : "External"
36-
},
3728
"DSISubnetID" : {
3829
"Description" : "Existing Subnet for Deep Seucurity Manager. Must be a public subnet contained the in VPC chosen above.",
3930
"Type" : "String",
4031
"MinLength" : "1",
4132
"MaxLength" : "255",
4233
"AllowedPattern" : "[-_a-zA-Z0-9]*",
4334
"ConstraintDescription" : "Subnet ID must exist in the chosen VPC"
44-
}
35+
},
36+
"CfnUrlPrefix" : {
37+
"Type" : "String",
38+
"Default" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/"
39+
}
4540
},
4641
"Resources" : {
4742
"ELBSG" : {
4843
"Type" : "AWS::CloudFormation::Stack",
4944
"Properties" : {
50-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.3/Common/SecurityGroups/DSELBSG.template",
45+
"TemplateURL" : {
46+
"Fn::Join" : [
47+
"",
48+
[
49+
{ "Ref" : "CfnUrlPrefix" },
50+
"Common/SecurityGroups/DSELBSG.template"
51+
]
52+
]
53+
},
5154
"Parameters" : {
5255
"AWSIVPC" : {
5356
"Ref" : "AWSIVPC"
@@ -78,13 +81,7 @@
7881
]
7982
}
8083
],
81-
"Scheme" : {
82-
"Fn::If" : [
83-
"InternetFacingELB",
84-
"internet-facing",
85-
"internal"
86-
]
87-
},
84+
"Scheme" : "internet-facing",
8885
"Listeners" : [
8986
{
9087
"LoadBalancerPort" : {
@@ -176,16 +173,6 @@
176173
}
177174
}
178175
},
179-
"Conditions" : {
180-
"InternetFacingELB" : {
181-
"Fn::Equals" : [
182-
{
183-
"Ref" : "DSELBPosture"
184-
},
185-
"External"
186-
]
187-
}
188-
},
189176
"Outputs" : {
190177
"ELBFQDN" : {
191178
"Value" : {

DeepSecurity/Common/Scripts/cfn-rh-sql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,6 @@ yum -y install gcc-c++
77
yum -y install python-devel
88
yum -y install freetds-devel
99
pip install pymssql
10-
curl -O https://s3.amazonaws.com/trend-micro-quick-start/v3.3/Common/Scripts/create-DSM-SqlDB.py
10+
curl -O https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/create-DSM-SqlDB.py
1111
chmod 755 create-DSM-SqlDB.py
1212

DeepSecurity/Common/Scripts/create-DSM-SqlDB.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#!/usr/bin/python
1+
#!/usr/bin/python
22
import pymssql
33
import argparse
44

DeepSecurity/Common/Scripts/create-console-listener

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
if [ $5 -eq 1 ]; then
55
openssl req -nodes -new -sha256 -newkey rsa:2048 -subj '/CN='DeepSecurityManager'/O=Trend Micro/OU=Deep Security Manager' -keyout /etc/cfn/privatekey -out /etc/cfn/csr;
66
openssl x509 -req -days 3650 -in /etc/cfn/csr -signkey /etc/cfn/privatekey -out /etc/cfn/certificatebody;
7-
aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey
7+
aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey --region $6
88
fi
99

1010
loop=1
@@ -15,7 +15,7 @@ do
1515
if [ $loop -eq 1 ]; then echo 'checking for cert availability in iam'; else echo 'cert not yet available in iam'; fi
1616
loop=$((loop+1))
1717
sleep 10
18-
certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --output text)
18+
certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --output text --region $6)
1919
done
2020

2121
loadbalancer=" "

DeepSecurity/Common/Scripts/createCloudAccountGc

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
#!/bin/bash
2+
# createcloudaccount dsmuser dsmpass connectorName guiPort accesskey secretkey
3+
username=$1
4+
password=$2
5+
accesskey=$5
6+
secretkey=$6
7+
8+
# replace this with your DSM IP or FQDN
9+
DSMURL="localhost:$4"
10+
11+
# Remove regions you don't want from this list
12+
#REGIONS=(useast1 uswest1 uswest2 euwest1 apsoutheast1 apsoutheast2 apnortheast1 saeast1 eucentral1 apnortheast2)
13+
14+
# map aws regions to dsm region keys
15+
#useast1=amazon.cloud.region.key.1
16+
#uswest2=amazon.cloud.region.key.2
17+
#uswest1=amazon.cloud.region.key.3
18+
#euwest1=amazon.cloud.region.key.4
19+
#apsoutheast1=amazon.cloud.region.key.5
20+
#apnortheast1=amazon.cloud.region.key.6
21+
#saeast1=amazon.cloud.region.key.7
22+
#apsoutheast2=amazon.cloud.region.key.8
23+
#eucentral1=amazon.cloud.region.key.9
24+
#apnortheast2=amazon.cloud.region.key.12
25+
26+
# map aws regions to ec2 endpoints
27+
#useast1ep=ec2.us-east-1.amazonaws.com
28+
#uswest2ep=ec2.us-west-2.amazonaws.com
29+
#uswest1ep=ec2.us-west-1.amazonaws.com
30+
#euwest1ep=ec2.eu-west-1.amazonaws.com
31+
#apsoutheast1ep=ec2.ap-southeast-1.amazonaws.com
32+
#apnortheast1ep=ec2.ap-northeast-1.amazonaws.com
33+
#saeast1ep=ec2.sa-east-1.amazonaws.com
34+
#apsoutheast2ep=ec2.ap-southeast-2.amazonaws.com
35+
#eucentral1ep=ec2.eu-central-1.amazonaws.com
36+
#apnortheast2ep=ec2.ap-northeast-2.amazonaws.com
37+
38+
39+
echo "#####Login to DSM"
40+
tempDSSID=$(curl -k -H "Content-Type: application/json" -X POST "https://$DSMURL/rest/authentication/login/primary" -d "{"dsCredentials":{"userName":"$username","password":"$password"}}")
41+
42+
echo "#####Looping through regions to create connectors"
43+
#for region in "${REGIONS[@]}"
44+
#do
45+
# endpoint="${region}ep"
46+
# echo "##### creating connector for $region region with endpoint ${!endpoint}"
47+
# curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'${!region}'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'${!endpoint}'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
48+
#done
49+
50+
curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'amazon.cloud.region.key.10'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'ec2.us-gov-west-1.amazonaws.com'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
51+
52+
curl -k -X DELETE https://$DSMURL/rest/authentication/logout?sID=$tempDSSID
53+
54+
unset accesskey
55+
unset secretkey
56+
unset tempDSSID
57+
unset username
58+
unset password
59+

DeepSecurity/DeepSecurity.cfproj

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@
6363
<Compile Include="Quickstart\TMQuickStartPPU.template">
6464
<SubType>Code</SubType>
6565
</Compile>
66+
<Compile Include="Quickstart\TMQuickStartRHEL.template">
67+
<SubType>Code</SubType>
68+
</Compile>
6669
<Compile Include="RHEL\DSM96RH.template">
6770
<SubType>Code</SubType>
6871
</Compile>
@@ -89,6 +92,9 @@
8992
<Content Include="Common\Scripts\createCloudAccount">
9093
<SubType>Content</SubType>
9194
</Content>
95+
<Content Include="Common\Scripts\createCloudAccountGc">
96+
<SubType>Content</SubType>
97+
</Content>
9298
<Content Include="Common\Scripts\dsm_s.service">
9399
<SubType>Content</SubType>
94100
</Content>

0 commit comments

Comments
 (0)