#!/bin/bash ##reactivate-manager

dnsHostNamesOn= ## get a token SID=`curl -k -H "Content-Type: application/json" -X POST "https://localhost:$3/rest/authentication/login/primary" -d '{"dsCredentials":{"userName":"'$1'","password":"'$2'"}}'` ## get public hostname from metadata TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60"` public_hostname=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/public-hostname) echo -e "public hostname returned from meta-data endpoint was \"$public_hostname\"\n" > mgract.log if [ -z $public_hostname ] then dnsHostnamesOn=false echo -e "dnsHostnamesOn=false\n" >> mgract.log else dnsHostnamesOn=true echo -e "dnsHostnamesOn=true\n" >> mgract.log fi ## delete host object matching local-hostname metadata #curl -k -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostdelete"' "https://localhost:$3/webservice/Manager" -d ''$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostRetrieveByName"' "https://localhost:$3/webservice/Manager" -d ''$(curl http://169.254.169.254/latest/meta-data/local-hostname)''$SID'' | xml_grep ID --text_only)''$SID''>>mgract.log #echo -e "\n" >> mgract.log ## delete host object matching local hostname from hostname command just to be thorough #curl -k -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostdelete"' "https://localhost:$3/webservice/Manager" -d ''$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostRetrieveByName"' "https://localhost:$3/webservice/Manager" -d ''${hostname}''$SID'' | xml_grep ID --text_only)''$SID''>>mgract.log #echo -e "\n" >> mgract.log ## delete host object matching local hostname from hostname command just to be thorough #curl -k -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostdelete"' "https://localhost:$3/webservice/Manager" -d ''$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostRetrieveByName"' "https://localhost:$3/webservice/Manager" -d ''$(curl http://169.254.169.254/latest/meta-data/local-ipv4)''$SID'' | xml_grep ID --text_only)''$SID''>>mgract.log #echo -e "\n" >> mgract.log ## get Deep Security Manager policyId policyid=$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileRetrieveByName"' "https://localhost:$3/webservice/Manager" -d 'Deep Security Manager'$SID'' | xml_grep ID --text_only) echo -e "policyid for Deep Security Manager Policy is $policyid\n" >> mgract.log ## If the Manager node is launched into a VPC with dns names turned off, we'll need to use AIA to get the Manager nodes activated case $dnsHostnamesOn in false) echo -e "public hostname returned from meta-data endpoint was zero length; using AIA\n" >> mgract.log ## Set Communication Direction to Agent Initated on Deep Security Manager Policy curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileSettingGet"' "https://localhost:$3/webservice/Manager" -d \ ''\ ''\ ''\ ''\ ''${policyid}''\ ''\ 'CONFIGURATION_AGENTCOMMUNICATIONS'\ 'NONE'\ '1'\ ''\ ''${SID}''\ ''\ ''\ '' ## AIA for manager node # /opt/ds_agent/dsa_control -r # /opt/ds_agent/dsa_control -a dsm://localhost:4120/ "policyid:${policyid}" ## get hostid for this manager # publicip_hostId=$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostRetrieveByName"' "https://localhost:$3/webservice/Manager" -d ''$(curl http://169.254.169.254/latest/meta-data/public-ipv4)''$SID'' | xml_grep ID --text_only) ## enable relay for this agent #curl -k -v -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostSettingSet"' "https://localhost:$3/webservice/Manager" -d \ #''\ #''\ #''\ #''\ #''$publicip_hostId''\ #''\ #'CONFIGURATION_RELAYSTATE'\ #'NONE'\ #'true'\ #''\ #''${SID}''\ #''\ #''\ #'' ;; true) echo -e "public hostname returned from meta-data endpoint was non-zero length; using MIA\n" >> mgract.log ## get hostId of object matcihng public-hostname metadata public_hostId=$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostRetrieveByName"' "https://localhost:$3/webservice/Manager" -d ''$public_hostname''$SID'' | xml_grep ID --text_only) echo -e "public host Id returned from manager was $public_hostId\n" >> mgract.log ## Starting in stack v3.1 comm is set aic for everything - set managers back to bi-directional in VPCs with dnshostnames turned on curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileSettingGet"' "https://localhost:$3/webservice/Manager" -d \ ''\ ''\ ''\ ''\ ''${policyid}''\ ''\ 'CONFIGURATION_AGENTCOMMUNICATIONS'\ 'NONE'\ '3'\ ''\ ''${SID}''\ ''\ ''\ '' ## assign Deep Security Manager Policy to that hostId # curl -k -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileAssignToHost"' "https://localhost:$3/webservice/Manager" -d ''$policyid''$public_hostId''$SID''>>mgract.log ## reset agent because current securityProfile is AIC # /opt/ds_agent/dsa_control -r ## activate that hostId # curl -k -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostAgentActivate"' "https://localhost:$3/webservice/Manager" -d ''$public_hostId''$SID''>>mgract.log # echo -e "\n" >> mgract.log # echo -e "enable relay" >> mgract.log # echo -e "\n" >> mgract.log ## enable relay for this agent # curl -k -v -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "hostSettingSet"' "https://localhost:$3/webservice/Manager" -d \ #''\ #''\ #''\ #''\ #''$public_hostId''\ #''\ #'CONFIGURATION_RELAYSTATE'\ #'NONE'\ #'true'\ #''\ #''${SID}''\ #''\ #''\ #'' >>mgract.log esac ## log out curl -k -X DELETE https://localhost:$3/rest/authentication/logout?sID="$SID" exit 0