diff --git a/README.md b/README.md index a09f6fc..0734c57 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,16 @@ That's where SecDep comes in 💪. With SecDep, you can manage your virtual mach - [x] Azure - [x] AWS - [x] Choice to perform above actions and instance listing on a single or all providers -- [ ] Hardening during creation -- [ ] Docker deployment during hardening +- [x] Hardening during creation + - [x] SSH hardening + - [x] Firewall installation and configuration (UFW or firewalld) + - [ ] Fail2ban installation and configuration + - [x] Kernel Security Module installation and configuration (AppArmor or SELinux) + - [x] Docker Rootless installation +- [x] Docker deployment during hardening + - [x] Single docker-compose file deployment + - [x] Multiple docker images deployment + - [x] Automatic portainer deployment # Prerequisites 📋 diff --git a/assets/pages/demo/demo.md b/assets/pages/demo/demo.md index 6149727..d78f178 100644 --- a/assets/pages/demo/demo.md +++ b/assets/pages/demo/demo.md @@ -53,3 +53,13 @@ One example of the modern output is shown bellow: ![Deletion 2](../../videos/demo/gce-instance-ssh.gif) You can also specify a port with the `--port` flag. + +## Instance creation and hardening for aws + +`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy` + +## Instance creation and hardening for aws while deploying a docker-compose file and nginx docker image + +`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx` + +(The docker-compose.yml file has to be in the same directory as the script and be names `docker-compose,yml`) diff --git a/harden b/harden index da45be0..bd35787 100755 --- a/harden +++ b/harden @@ -387,10 +387,10 @@ EOF printf "%s" "$FAIL2BAN_LOCAL" | sudo tee /etc/fail2ban/fail2ban.local FAIL2BAN_SSH_JAIL_LOCAL=$(cat <<'EOF' [sshd] +backend = systemd enabled = true filter = sshd banaction = ufw -backend = systemd maxretry = 3 # 3 failed attempts in 600 seconds = 10 minutes findtime = 1d @@ -400,6 +400,7 @@ EOF ) FAIL2BAN_JAIL_LOCAL=$(cat <<'EOF' [DEFAULT] +backend = systemd bantime = 1d EOF )