reversemap
diff --git a/Diff for: ‎.gitignore
+1-5 b/Diff for: ‎.gitignore
+1-5
diff --git a/Diff for: ‎README.md
+1-1 b/Diff for: ‎README.md
+1-1
diff --git a/Diff for: ‎appliance/aws/01_pasw.sh
+20 b/Diff for: ‎appliance/aws/01_pasw.sh
+20
diff --git a/Diff for: ‎appliance/aws/02_clean.sh
+30 b/Diff for: ‎appliance/aws/02_clean.sh
+30
diff --git a/Diff for: ‎appliance/aws/chpass_aws.service
+11 b/Diff for: ‎appliance/aws/chpass_aws.service
+11
diff --git a/Diff for: ‎appliance/aws/chpass_aws.sh
+41 b/Diff for: ‎appliance/aws/chpass_aws.sh
+41
diff --git a/Diff for: ‎appliance/aws/wslicd.service
+11 b/Diff for: ‎appliance/aws/wslicd.service
+11
diff --git a/Diff for: ‎appliance/azure/wslicd.service
+11 b/Diff for: ‎appliance/azure/wslicd.service
+11
diff --git a/Diff for: ‎scripts.va/01_login.sh renamed to ‎appliance/va/01_login.sh
+6-8 b/Diff for: ‎scripts.va/01_login.sh renamed to ‎appliance/va/01_login.sh
+6-8
diff --git a/Diff for: ‎scripts.va/02_harden.sh renamed to ‎appliance/va/02_harden.sh b/Diff for: ‎scripts.va/02_harden.sh renamed to ‎appliance/va/02_harden.sh
diff --git a/Diff for: ‎appliance/va/monitor.sh
+24 b/Diff for: ‎appliance/va/monitor.sh
+24
diff --git a/Diff for: ‎scripts.va/va_issue.sh renamed to ‎appliance/va/va_issue.sh b/Diff for: ‎scripts.va/va_issue.sh renamed to ‎appliance/va/va_issue.sh
diff --git a/Diff for: ‎scripts.va/wsissue.service renamed to ‎appliance/va/wsissue.service b/Diff for: ‎scripts.va/wsissue.service renamed to ‎appliance/va/wsissue.service
diff --git a/Diff for: ‎aws-byol.sh
+25 b/Diff for: ‎aws-byol.sh
+25
diff --git a/Diff for: ‎aws-payg.sh
+37 b/Diff for: ‎aws-payg.sh
+37
diff --git a/Diff for: ‎azure-byol.sh
+27 b/Diff for: ‎azure-byol.sh
+27
diff --git a/Diff for: ‎azure-payg.sh
+34 b/Diff for: ‎azure-payg.sh
+34
diff --git a/Diff for: ‎ubuntu-va-01.sh renamed to ‎build-01.sh
+1-1 b/Diff for: ‎ubuntu-va-01.sh renamed to ‎build-01.sh
+1-1
diff --git a/Diff for: ‎build-02.sh
+27 b/Diff for: ‎build-02.sh
+27
diff --git a/Diff for: ‎scripts.centos7/01_update.sh renamed to ‎core.centos8/01_update.sh
+2-2 b/Diff for: ‎scripts.centos7/01_update.sh renamed to ‎core.centos8/01_update.sh
+2-2
diff --git a/Diff for: ‎core.centos8/02_squid.sh
+14 b/Diff for: ‎core.centos8/02_squid.sh
+14
@@ -1,6 +1,2 @@
 license.pem
-scripts.ubuntu16/license.pem
-scripts.ubuntu18/license.pem
-scripts.va/license.pem
-scripts.azure/
-scripts.aws/
+license-cloud.pem
@@ -14,6 +14,6 @@ Main features of the application are:
 - removes annoying web ads 
 - protects online privacy by disallowing access to web trackers
 
-Web Safety runs on modern versions of CentOS, Debian and Ubuntu Linux, providing comprehensive web filtering solution easily manageble from Web UI. Older version of the application run on FreeBSD (pfSense) and Raspberry PI.
+Web Safety runs on modern versions of CentOS, Debian/Raspberry PI and Ubuntu Linux, providing comprehensive web filtering solution easily manageble from Web UI.
 
 More information at https://www.diladele.com
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# all packages are installed as root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+# copy the change password script to bin folder
+cp chpass_aws.sh /opt/websafety/bin/
+
+# make it executable
+chmod +x /opt/websafety/bin/chpass_aws.sh
+
+#  create systemd service that runs exactly once
+cp chpass_aws.service /etc/systemd/system/chpass_aws.service
+
+# enable it
+systemctl enable chpass_aws.service
+systemctl daemon-reload
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# all packages are installed as root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+# remove all keys
+shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
+
+# authorized keys
+find / -name "authorized_keys" -exec rm –f {} \;
+
+# remove source control
+find /root/ /home/*/ -name .cvspass -exec rm –f {} \;
+find /root/.subversion/auth/svn.simple/ /home/*/.subversion/auth/svn.simple/ -exec rm –rf {} \;
+
+# remove all scripts
+cd /home/ubuntu
+rm -Rf core.ubuntu18
+rm -Rf ui.deb
+rm -Rf appliance
+
+rm build-01.sh
+rm build-02.sh
+rm aws-byol.sh
+
+# remove history
+find /root/.*history /home/*/.*history -exec rm -f {} \;
@@ -0,0 +1,11 @@
+[Unit]
+Description=Update root password for Web Safety virtual appliance once
+
+[Service]
+Type=oneshot
+ExecStart=/opt/websafety/bin/chpass_aws.sh
+StandardOutput=file:/opt/websafety/var/log/chpass_aws.log
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# update root password in the Web Safety to a random value
+# required for vm publication in the AWS Cloud Marketplace
+#
+
+FLAG_FILE="/opt/websafety/etc/password_reset.flag"
+
+if [ -f $FLAG_FILE ]; then
+
+    echo "Flag file $FLAG_FILE exists, thus root password changed from the built-in"
+    echo "Password value at least once, no need to do anything, skipping..."
+    
+else
+
+    # we are using instance id as new password
+    NEWPASW=`curl http://169.254.169.254/latest/meta-data/instance-id`
+
+    # update the password in the database 
+    sudo -u websafety python3 /opt/websafety-ui/var/console/reset_password.py --password=$NEWPASW
+
+    # change the template too so that user known what shall be used as password
+    sudo -u websafety sed -i "s/Passw0rd/InstanceID/g" /opt/websafety-ui/var/console/frame/templates/login.html
+
+    # raise the updated password flag so that we do not regenerate it next reboot
+    echo "Do NOT remove this file!" >  "$FLAG_FILE"
+    echo "Do NOT remove this file!" >> "$FLAG_FILE"
+    echo "Do NOT remove this file!" >> "$FLAG_FILE"
+    echo "" >> "$FLAG_FILE"
+    echo "" >> "$FLAG_FILE"
+
+    echo "If you remove this flag file, the /etc/systemd/service/chpass_aws.service service "  >> "$FLAG_FILE"
+    echo "will automatically call /opt/websafety/bin/chpass_aws.sh file that will reset"       >> "$FLAG_FILE"
+    echo "the password of the root user in Web Safety UI to ID of this instance."              >> "$FLAG_FILE"
+    echo "This is required for VMs generated from AMI template in Amazon AWS."                 >> "$FLAG_FILE"
+    echo "" >> "$FLAG_FILE"
+    echo "" >> "$FLAG_FILE"
+
+    echo "It is recommended to run \"systemctl disable chpass_aws.service\" to disable this functionality." >> "$FLAG_FILE"
+    
+fi
@@ -0,0 +1,11 @@
+[Unit]
+Description=Automatic license activation service for Amazon AWS (runs once after boot)
+
+[Service]
+Type=oneshot
+ExecStart=/etc/cron.hourly/websafety_license
+StandardOutput=file:/opt/websafety/var/log/wslicd.service.log
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,11 @@
+[Unit]
+Description=Automatic license activation service for Windows Azure (runs once after boot)
+
+[Service]
+Type=oneshot
+ExecStart=/etc/cron.hourly/websafety_license
+StandardOutput=file:/opt/websafety/var/log/wslicd.service.log
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target
@@ -17,6 +17,12 @@ if [ $? -eq 0 ]; then
     apt install -y open-vm-tools
 fi
 
+# copy the handy monitor.sh script to installation folder
+cp monitor.sh /opt/websafety/bin/
+
+# and make it executable
+chmod +x /opt/websafety/bin/monitor.sh
+
 # copy the /etc/issue creation script to installation folder
 cp va_issue.sh /opt/websafety/bin/
 
@@ -29,12 +35,4 @@ cp wsissue.service /etc/systemd/system/wsissue.service
 # enable it
 systemctl enable wsissue.service
 
-# let Web UI of Web Safety to manage the network
-sudo -u websafety python3 /opt/websafety/var/console/utils.py --network=ubuntu18
-
-# set new license if present
-if [ -f license.pem ]; then
-    sudo -u websafety cp license.pem /opt/websafety/etc
-fi
-
 echo "Success, run next step please."
@@ -0,0 +1,24 @@
+#!/bin/bash
+SESSION=$USER
+
+tmux -2 new-session -d -s $SESSION
+
+# setup a window for tailing log files
+tmux new-window -t $SESSION:1 -n 'Logs'
+tmux split-window -v
+
+# lower pane is for squid log
+tmux select-pane -t 1
+tmux send-keys "tail -f /var/log/squid/access.log" C-m
+
+# upper pane is for mc and htop
+tmux select-pane -t 0
+tmux split-window -h
+tmux select-pane -t 0
+tmux send-keys "htop" C-m
+tmux select-pane -t 1
+tmux send-keys "mc" C-m
+
+# set default window and attach to session
+tmux select-window -t $SESSION:1
+tmux -2 attach-session -t $SESSION
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# check we are root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+# install aws
+pushd appliance/aws
+bash 01_pasw.sh && bash 02_clean.sh 
+popd
+
+# set new license
+if [ -f license.pem ]; then
+    sudo -u proxy cp license.pem /opt/websafety/etc/license.pem
+fi
+
+# tell 
+echo "SUCCESS"
+echo "SUCCESS"
+echo "SUCCESS --- AWS AMI is ready ---"
+cat /opt/websafety/etc/license.pem | grep "Not After"
+echo "SUCCESS"
+echo "SUCCESS"
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# check we are root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+#
+# be sure to first run
+#
+# 	bash build_01.sh
+# 	bash build_02.sh
+#
+
+# switch the activation type to AWS instead of default Azure
+sed -i "s/activate=azure/activate=aws/g" /etc/cron.hourly/websafety_license
+
+#  create aws license update service that runs exactly once
+cp appliance/aws/wslicd.service /etc/systemd/system/wslicd.service
+
+# enable it
+systemctl enable wslicd.service
+systemctl daemon-reload
+
+# set new cloud license
+if [ -f license-cloud.pem ]; then
+    sudo -u proxy cp license-cloud.pem /opt/websafety/etc/license.pem
+fi
+
+# tell 
+echo "SUCCESS"
+echo "SUCCESS"
+echo "SUCCESS --- AWS PAYG instance is ready ---"
+cat /opt/websafety/etc/license.pem | grep "Not After"
+echo "SUCCESS"
+echo "SUCCESS"
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# check we are root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+#
+# be sure to first run
+#
+# 	bash build_01.sh
+# 	bash build_02.sh
+#
+
+# set new license
+if [ -f license.pem ]; then
+    sudo -u proxy cp license.pem /opt/websafety/etc/license.pem
+fi
+
+# tell 
+echo "SUCCESS"
+echo "SUCCESS"
+echo "SUCCESS --- Azure BYOL instance is ready ---"
+cat /opt/websafety/etc/license.pem | grep "Not After"
+echo "SUCCESS"
+echo "SUCCESS"
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# check we are root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+#
+# be sure to first run
+#
+# 	bash build_01.sh
+# 	bash build_02.sh
+#
+
+#  create azure license update service that runs exactly once
+cp appliance/azure/wslicd.service /etc/systemd/system/wslicd.service
+
+# enable it
+systemctl enable wslicd.service
+systemctl daemon-reload
+
+# set new cloud license
+if [ -f license-cloud.pem ]; then
+    sudo -u proxy cp license-cloud.pem /opt/websafety/etc/license.pem
+fi
+
+# tell 
+echo "SUCCESS"
+echo "SUCCESS"
+echo "SUCCESS --- Azure PAYG instance is ready ---"
+cat /opt/websafety/etc/license.pem | grep "Not After"
+echo "SUCCESS"
+echo "SUCCESS"
@@ -6,4 +6,4 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi
 
-pushd scripts.ubuntu18 && bash 01_update.sh && popd
+pushd core.ubuntu18 && bash 01_update.sh && popd
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# check we are root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+# install core modules of web safety
+pushd core.ubuntu18
+bash 02_squid.sh && \
+bash 03_clamav.sh && \
+bash 04_websafety.sh && \
+bash 05_integrate.sh
+popd
+
+# install web safety ui
+pushd ui.deb
+bash 01_apache.sh && bash 02_webui.sh
+popd
+
+# tell 
+echo "SUCCESS"
+echo "SUCCESS"
+echo "SUCCESS Now run va.sh script for the appliance or azure-*.sh or aws-*.sh for cloud instances!"
+echo "SUCCESS"
+echo "SUCCESS"
@@ -6,8 +6,8 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi
 
-# enable epel repository and update
-yum -y install epel-release && yum -y update
+# update the system
+dnf -y update
 
 # disable selinux
 sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
 
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# install RPMs as root
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+# install stock squid with ecap libs
+dnf -y install squid libecap libecap-devel
+
+# make squid autostart after reboot
+systemctl enable squid
+systemctl restart squid