99_install_deep_security.config

files:
  "/tmp/install-ds.sh":
    mode: "00555"
    owner: root
    group: root
    encoding: plain
    content: |
      #!/bin/bash

      logMsg()
      {
        INITPID=$$
        PROG="DS-install"
        logger -t ${PROG}[$INITPID] $1
        echo $1
      }

      if [ ! -z "${DS_ENABLE}" ] && [ "${DS_ENABLE}" == "yes" ]; then
        if [ ! -e /opt/ds_agent ]; then
          logMsg "Downloading Deep Security Agent"
          wget https://app.deepsecurity.trendmicro.com:443/software/agent/amzn1/x86_64/ -O /tmp/agent.rpm --quiet
          RET=$?

          if [ $RET -ne 0 ]; then
            logMsg "Failed to download the Deep Security Agent"
          else
            logMsg "Successfully downloaded the Deep Security Agent to /tmp/agent.rpm"
            if [ ! -z "${DS_POLICY}" ] && [ ! -z "${DS_TENANTID}" ] && [ ! -z "${DS_TENANTPW}" ]; then
              BEANSTALKENV=`{ "Ref" : "AWSEBEnvironmentName" }`
              INSTANCEID=`wget -q -O - http://169.254.169.254/latest/meta-data/instance-id`

              if [ "${BEANSTALKENV}" = "" ]; then
                BEANSTALKENV=UNKNOWN_EB_ENV
              fi
              DESC=${BEANSTALKENV}_${INSTANCEID}

              logMsg "Installing DS agent from /tmp/agent.rpm"
              rpm --replacepkgs -ihv /tmp/agent.rpm
              sleep 15
              /opt/ds_agent/dsa_control -r
              logMsg "Activating DS agent"
              /opt/ds_agent/dsa_control -a dsm://agents.deepsecurity.trendmicro.com:443 \
                "tenantID:${DS_TENANTID}"                     \
                "tenantPassword:${DS_TENANTPW}"               \
                "policy:${DS_POLICY}" "description:${DESC}"
              logMsg "DS agent activated"
            else
              logMsg "Deep Security policy/tenantid/tenantpw not provided - unable to activate agent"
            fi
          fi
        else
          logMsg "Deep Security agent already installed - triggering recommendation scan"
          /opt/ds_agent/dsa_control -m "RecommendationScan:true"
        fi
      else
        logMsg "Deep Security not selected to be enabled"
      fi
      logMsg "DS install script completes ${RET}"
      exit $RET

container_commands:
  00_install:
    command: '/tmp/install-ds.sh'