Last active
August 21, 2025 22:26
-
-
Save ConorShore/2f389d02c7fad03f4c59942299498e50 to your computer and use it in GitHub Desktop.
Update open appsec script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Leave empty if using basic model, else specify path to open-appsec-advanced-model.tgz | |
| ADVANCED_MODEL_TGZ_PATH=/path/to/open-appsec-advanced-model.tgz | |
| #Reuse the existing policy, or replace it with the default, 1 to keep, 0 to replace | |
| KEEP_OLD_POLICY=0 | |
| #Set to 1 to set a prevent policy by default, 0 to set a detect policy. This will be overwritten if KEEP_OLD_POLICY=1 | |
| PREVENT=1 | |
| #Cleanup old dir | |
| rm -rf open-appsec-install | |
| if [[ $KEEP_OLD_POLICY -eq 1 ]]; then | |
| echo "Keeping old Policy" | |
| cp /etc/cp/conf/local_policy.yaml ./local_policy.yaml.bk | |
| else | |
| rm -rf /etc/cp/conf/local_policy.yaml | |
| fi | |
| #get new install and set permissions | |
| wget https://downloads.openappsec.io/open-appsec-install | |
| chmod +x open-appsec-install | |
| #run the install | |
| if [[ $PREVENT -eq 1 ]]; then | |
| ./open-appsec-install --auto --prevent --no-email | |
| else | |
| ./open-appsec-install --auto --no-email | |
| fi | |
| #install advanced agent if needed | |
| if [[ ! -z "${ADVANCED_MODEL_TGZ_PATH}" ]]; then | |
| echo Installing "advanced model" | |
| open-appsec-ctl --stop-agent | |
| tar -xzf $ADVANCED_MODEL_TGZ_PATH -C /etc/cp/conf/waap | |
| open-appsec-ctl --start-agent | |
| fi | |
| if [[ $KEEP_OLD_POLICY -eq 1 ]]; then | |
| cp ./local_policy.yaml.bk /etc/cp/conf/local_policy.yaml | |
| open-appsec-ctl -ap | |
| rm ./local_policy_yaml.bk | |
| fi | |
| systemctl restart nginx | |
| open-appsec-ctl -s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment