Skip to content

Latest commit

 

History

History
105 lines (79 loc) · 4.08 KB

README.md

File metadata and controls

105 lines (79 loc) · 4.08 KB

Chef

A cookbook of Chef recipes for the Trend Micro Deep Security Agent. The recipes allow you to easily deploy the Deep Security Agent and perform a few common agent tasks.

Support

This is a community project that is supported by the Deep Security team.

Tutorials, feature-specific help, and other information about Deep Security is available from the Deep Security Help Center.

For Deep Security specific issues, please use the regular Trend Micro support channels. For issues with the code in this repository, please open an issue here on GitHub.

OpsWorks

This repository is also setup for use from AWS OpsWorks. You can enable this as a custom cookbook within your stack. This makes is very easy to ensure that the Deep Security Agent is running on all of the EC2 instances within your stack.

To enable a custom cookbook:

  1. From within your stack, click the "Stack Settings" button.
  2. On the stack setting page, click the blue "Edit" button.
  3. Slide the "Use custom Chef cookbooks" toggle to "Yes".
  4. Set the input fields as follow:
  5. Click the blue "Save" button.
  6. On the "Deployments" page for your stack, click the gray "Run Command" button.

If you have existing instances running, do the following:

  1. Select "Update Custom Cookbooks" from the "Command" drop-down.
  2. Click the blue, "Update Custom Cookbooks" button to run the command.

In the Layers section of the OpsWorks Management Console, for your layer;

  1. Click Recipes.
  2. Under "Custom Recipes", in the "Configuration" life cycle enter deep-security-agent::default.
  3. Click the General Settings section.
  4. In the "Custom JSON" section, enter the necessary recipe settings.

The recipe settings will be along the lines of:

For Deep security as a service deployment:

Recipe : deep-security-agent::default

{
  "deep_security_agent" : {
    "dsm_agent_download_hostname": "app.deepsecurity.trendmicro.com",
    "dsm_agent_download_port" : "443",
    "dsm_agent_activation_hostname" : "agents.deepsecurity.trendmicro.com",
    "dsm_agent_activation_port" : "443",
    "tenant_id" : "<Deep Security DSAAS Tenant ID>",
    "token" : "<Deep Security DSAAS Tenant Token>"
  }
}

For DSM deployments:

Recipe : deep-security-agent::dsa-install

{
  "deep_security_agent" : {
    "dsm_agent_download_hostname": "<DSM server domain>",
    "dsm_agent_download_port" : "443",
	"ignore_ssl_validation" : "true"
  }
}

Recipe : deep-security-agent::dsa-activate

{
  "deep_security_agent" : {
    "dsm_agent_activation_hostname" : "<DSM server domain>",
    "dsm_agent_activation_port" : "4120",
	"policy_id" : "1",
	"force_reactivation" : "true",
	"tenant_id" : "<Deep Security DSAAS Tenant ID>",
        "token" : "<Deep Security DSAAS Tenant Token>"
  }
}

The recipes within this repo are now available to you from within your AWS OpsWorks stack.

Multiple custom cookbooks

--This technique is still being tested--

Since AWS OpsWorks only allows one custom cookbook per stack. You have to do a little extra work if you want to incorporate multiple custom cookbooks. Thankfully, git makes this easy.

  1. Create a new repo that you will use as your custom cookbook.
  2. Add each cookbook you want to use as a git submodule.
  3. Create a symbolic link to the recipe at the top level of the new repo (ln -s clone/recipe recipe).

This will keep each of the customer cookbook in its own git repo but allow you to point OpsWorks to one place.

How to contribute

We're always open to PRs from the community. To submit one:

  1. Fork the repo.
  2. Create a new feature branch.
  3. Make your changes.
  4. Submit a PR with an explanation of your changes or additions.

We'll review and work with you to make sure that the fix gets pushed out quickly. For further help, please contact the Trend Micro open source support team at deepsecurityopensource@trendmicro.com.