deep-security
diff --git a/‎scripts/end-mp-web-installer.sh
+6 b/‎scripts/end-mp-web-installer.sh
+6
diff --git a/‎templates/common/db/ds-db-abstract.template
+10-8 b/‎templates/common/db/ds-db-abstract.template
+10-8
diff --git a/‎templates/common/db/ds-db-mssql-rds.template
+5-1 b/‎templates/common/db/ds-db-mssql-rds.template
+5-1
diff --git a/‎templates/common/db/ds-db-oracle-rds.template
+5-1 b/‎templates/common/db/ds-db-oracle-rds.template
+5-1
diff --git a/‎templates/common/db/ds-db-postgresql-docker.template
+5-3 b/‎templates/common/db/ds-db-postgresql-docker.template
+5-3
diff --git a/‎templates/common/db/ds-db-postgresql-rds-aurora.template
+7-1 b/‎templates/common/db/ds-db-postgresql-rds-aurora.template
+7-1
diff --git a/‎templates/common/db/ds-db-postgresql-rds.template
+6-2 b/‎templates/common/db/ds-db-postgresql-rds.template
+6-2
diff --git a/‎templates/common/dsm-elb.template
+5-3 b/‎templates/common/dsm-elb.template
+5-3
diff --git a/‎templates/common/security-groups/ds-elb-sg.template
+3-5 b/‎templates/common/security-groups/ds-elb-sg.template
+3-5
diff --git a/‎templates/common/security-groups/dsm-security-group.template
+5-3 b/‎templates/common/security-groups/dsm-security-group.template
+5-3
diff --git a/‎templates/common/security-groups/dsm-sg-ingress-rules.template
+19-19 b/‎templates/common/security-groups/dsm-sg-ingress-rules.template
+19-19
diff --git a/‎templates/common/security-groups/rds-security-group.template
+11-9 b/‎templates/common/security-groups/rds-security-group.template
+11-9
@@ -0,0 +1,6 @@
+#!/bin/bash
+sed -i "s|/opt/trend/dsm_app/start.sh &||g" /etc/rc.local
+sed -i "s|/opt/trend/dsm_app/start.sh &||g" /etc/rc.d/rc.local
+for pid in $(ps -ef | grep "/opt/trend/dsm_app/start.sh" | awk '{print $2}'); do kill -9 $pid; done
+kill -9 $(netstat -plnt | grep :8080 | grep python | grep -oP '(\d*)\/python' | grep -oP '(\d*)')
+exit 0
@@ -1,14 +1,16 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template is an abstraction layer for choosing PostgreSQL,
+Description: 'v5.44: This template is an abstraction layer for choosing PostgreSQL,
   Oracle or MSSQL when deploying Deep Security Manager. (qs-1ngr590i4)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W2001,W8001]
 Parameters:
   AWSIKeyPairName:
     Description: Existing key pair to use for connecting to database if using Postgres on Docker
       Instance
     Type: AWS::EC2::KeyPair::KeyName
-    MinLength: '1'
-    MaxLength: '255'
     ConstraintDescription: Select an existing EC2 Key Pair.
   DBIRDSInstanceSize:
     Default: db.m5.large
@@ -154,7 +156,7 @@ Resources:
           - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-oracle-rds.template'
           - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
-      TimeoutInMinutes: '45'
+      TimeoutInMinutes: 65
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
         DBIStorageAllocation: !Ref DBIStorageAllocation
@@ -174,7 +176,7 @@ Resources:
           - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-mssql-rds.template'
           - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
-      TimeoutInMinutes: '65'
+      TimeoutInMinutes: 65
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
         DBIStorageAllocation: !Ref DBIStorageAllocation
@@ -194,7 +196,7 @@ Resources:
           - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-postgresql-rds.template'
           - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
-      TimeoutInMinutes: '45'
+      TimeoutInMinutes: 65
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
         DBIStorageAllocation: !Ref DBIStorageAllocation
@@ -214,7 +216,7 @@ Resources:
           - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-postgresql-rds-aurora.template'
           - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
-      TimeoutInMinutes: '45'
+      TimeoutInMinutes: 65
       Parameters:
         DBIRDSInstanceSize: !Ref DBIRDSInstanceSize
         DBPBackupDays: !Ref DBPBackupDays
@@ -239,7 +241,7 @@ Resources:
           - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/common/db/ds-db-postgresql-docker.template'
           - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
-      TimeoutInMinutes: '15'
+      TimeoutInMinutes: 15
       Parameters:
         AWSIKeyPairName: !Ref AWSIKeyPairName
         DBICAdminName: !Ref DBICAdminName
 
@@ -1,7 +1,11 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template deploys an MSSQL RDS Instance for Deep Security
+Description: 'v5.44: This template deploys an MSSQL RDS Instance for Deep Security
   Manager. (qs-1ngr590ij)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W2001,W8001,W2030]
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m5.large
 
@@ -1,7 +1,11 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template deploys an Oracle RDS instance for Deep Security
+Description: 'v5.44: This template deploys an Oracle RDS instance for Deep Security
   Manager. (qs-1ngr590i9)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W8001]
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m5.large
 
@@ -1,14 +1,16 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: ONLY FOR DEMO, NOT A SUPPORTED DEPLOYMENT OPTION.
+Description: 'v5.44: ONLY FOR DEMO, NOT A SUPPORTED DEPLOYMENT OPTION.
   This template deploys PostgreSQL on Docker for Deep Security Manager.'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W2001,W8001,W1011]
 Parameters:
   AWSIKeyPairName:
     Description: Existing key pair to use for connecting to database instance
       Instance
     Type: AWS::EC2::KeyPair::KeyName
-    MinLength: '1'
-    MaxLength: '255'
     ConstraintDescription: Select an existing EC2 Key Pair.
   DBIRDSInstanceSize:
     Default: db.m5.large
 
@@ -1,6 +1,6 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template deploys an Aurora PostgreSQL RDS instance for Deep Security
+Description: 'v5.44: This template deploys an Aurora PostgreSQL RDS instance for Deep Security
   Manager. (qs-1ngr590ie)'
 Parameters:
   DBIRDSInstanceSize:
@@ -60,6 +60,12 @@ Parameters:
 Resources:
   DSAuroraCluster:
     Type: AWS::RDS::DBCluster
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks: [ERDSStorageEncryptionEnabled]
+          ignore_reasons:
+            ERDSStorageEncryptionEnabled: 'This setting of StorageEncrypted is true in the template.'
     Properties:
       BackupRetentionPeriod: !Ref DBPBackupDays
       DatabaseName: !Ref DBPName
 
@@ -1,7 +1,11 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template deploys a PostgreSQL RDS instance for Deep Security
+Description: 'v5.44: This template deploys a PostgreSQL RDS instance for Deep Security
   Manager. (qs-1ngr590ie)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W8001,W2030]
 Parameters:
   DBIRDSInstanceSize:
     Default: db.m5.large
@@ -104,7 +108,7 @@ Resources:
       AllocatedStorage: !Ref DBIStorageAllocation
       DBInstanceClass: !Ref DBIRDSInstanceSize
       Engine: postgres
-      EngineVersion: 11.9
+      EngineVersion: '11.9'
       MasterUsername: !Ref DBICAdminName
       MasterUserPassword: !Ref DBICAdminPassword
       VPCSecurityGroups:
 
@@ -1,13 +1,15 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: Deploys Elastic Load Balancers and Security Groups for Deep Security
+Description: 'v5.44: Deploys Elastic Load Balancers and Security Groups for Deep Security
   (qs-1ngr590je). Manager.'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W3005,W8001]
 Parameters:
   AWSIVPC:
     Description: Existing VPC to deploy Deep Security Manager
     Type: AWS::EC2::VPC::Id
-    MinLength: '1'
-    MaxLength: '255'
     AllowedPattern: '[-_a-zA-Z0-9]*'
   DSIPHeartbeatPort:
     Description: The heartbeat port used by Deep Security Agents and appliances to
 
@@ -1,13 +1,11 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template creates security groups for the ELB for Deep Security
+Description: 'v5.44: This template creates security groups for the ELB for Deep Security
   Manager. (qs-1ngr590io)'
 Parameters:
   AWSIVPC:
     Description: Existing VPC to deploy Deep Security Manager
     Type: AWS::EC2::VPC::Id
-    MinLength: '1'
-    MaxLength: '255'
     AllowedPattern: '[-_a-zA-Z0-9]*'
   DSIPGUIPort:
     Description: The Deep Security Manager application and GUI port.
@@ -40,8 +38,8 @@ Resources:
         ToPort: !Ref DSIPGUIPort
         CidrIp: 0.0.0.0/0
       - IpProtocol: tcp
-        FromPort: '4122'
-        ToPort: '4122'
+        FromPort: 4122
+        ToPort: 4122
         CidrIp: 0.0.0.0/0
       SecurityGroupEgress:
       - IpProtocol: '-1'
 
@@ -1,13 +1,15 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template creates the security group to allow inbound communication
+Description: 'v5.44: This template creates the security group to allow inbound communication
   to Deep Security Manager. (qs-1ngr590iu)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W2001]
 Parameters:
   AWSIVPC:
     Description: Existing VPC to deploy Deep Security Manager
     Type: AWS::EC2::VPC::Id
-    MinLength: '1'
-    MaxLength: '255'
     AllowedPattern: '[-_a-zA-Z0-9]*'
   DSIPGUIPort:
     Description: The Deep Security Manager application and GUI port.
 
@@ -1,6 +1,6 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template creates the ingress rules for Deep Security Managers.
+Description: 'v5.44: This template creates the ingress rules for Deep Security Managers.
   (qs-1ngr590j4)'
 Parameters:
   DSMSG:
@@ -46,16 +46,16 @@ Resources:
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4122'
-      ToPort: '4122'
+      FromPort: 4122
+      ToPort: 4122
       SourceSecurityGroupId: !Ref ELBSourceSG
   DSMAgentIngress:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4118'
-      ToPort: '4118'
+      FromPort: 4118
+      ToPort: 4118
       SourceSecurityGroupId: !Ref DSMSG
   DSMConsoleIngressSelf:
     Type: AWS::EC2::SecurityGroupIngress
@@ -78,8 +78,8 @@ Resources:
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4122'
-      ToPort: '4122'
+      FromPort: 4122
+      ToPort: 4122
       SourceSecurityGroupId: !Ref DSMSG
   DSMConsoleIngress1921918:
     Type: AWS::EC2::SecurityGroupIngress
@@ -102,8 +102,8 @@ Resources:
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4122'
-      ToPort: '4122'
+      FromPort: 4122
+      ToPort: 4122
       CidrIp: 192.168.0.0/16
   DSMConsoleIngress101918:
     Type: AWS::EC2::SecurityGroupIngress
@@ -126,8 +126,8 @@ Resources:
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4122'
-      ToPort: '4122'
+      FromPort: 4122
+      ToPort: 4122
       CidrIp: 10.0.0.0/8
   DSMConsoleIngress1721918:
     Type: AWS::EC2::SecurityGroupIngress
@@ -150,31 +150,31 @@ Resources:
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: tcp
-      FromPort: '4122'
-      ToPort: '4122'
+      FromPort: 4122
+      ToPort: 4122
       CidrIp: 172.16.0.0/12
   DSMDNS1721918:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: udp
-      FromPort: '53'
-      ToPort: '53'
+      FromPort: 53
+      ToPort: 53
       CidrIp: 172.16.0.0/12
   DSMDNS101918:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: udp
-      FromPort: '53'
-      ToPort: '53'
+      FromPort: 53
+      ToPort: 53
       CidrIp: 10.0.0.0/8
   DSMDNS1921918:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
       GroupId: !Ref DSMSG
       IpProtocol: udp
-      FromPort: '53'
-      ToPort: '53'
+      FromPort: 53
+      ToPort: 53
       CidrIp: 192.168.0.0/16
 ...
@@ -1,13 +1,15 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: 'v5.42: This template creates the security group to allow communication
+Description: 'v5.44: This template creates the security group to allow communication
   from Deep Security Managers to their RDS Instance. (qs-1ngr590j9)'
+Metadata:
+  cfn-lint:
+    config:
+      ignore_checks: [W8001]
 Parameters:
   AWSIVPC:
     Description: Existing VPC to deploy Deep Security Manager
     Type: AWS::EC2::VPC::Id
-    MinLength: '1'
-    MaxLength: '255'
     AllowedPattern: '[-_a-zA-Z0-9]*'
   DBPEngine:
     Description: Choose PostgreSQL, MSSQL, Oracle or AuroraPostgreSQL for DSM database Engine
@@ -32,19 +34,19 @@ Resources:
         FromPort:
           !If
           - DBTypeIsOracle
-          - '1521'
+          - 1521
           - !If
             - DBTypeIsPostgreSQL
-            - '5432'
-            - '1433'
+            - 5432
+            - 1433
         ToPort:
           !If
           - DBTypeIsOracle
-          - '1521'
+          - 1521
           - !If
             - DBTypeIsPostgreSQL
-            - '5432'
-            - '1433'
+            - 5432
+            - 1433
         SourceSecurityGroupId: !Ref DSMSG
       SecurityGroupEgress:
       - IpProtocol: '-1'