I'll mention this again, if you're git-blaming this, don't come slap me personally. This code straight ported from another project and we WILL refactor this in the future. This is a temporary solution. OK I guess you can slap me for porting this as is, but still.
This commit is contained in:
12
README.md
12
README.md
@@ -31,8 +31,16 @@ That's where SecDep comes in 💪. With SecDep, you can manage your virtual mach
|
|||||||
- [x] Azure
|
- [x] Azure
|
||||||
- [x] AWS
|
- [x] AWS
|
||||||
- [x] Choice to perform above actions and instance listing on a single or all providers
|
- [x] Choice to perform above actions and instance listing on a single or all providers
|
||||||
- [ ] Hardening during creation
|
- [x] Hardening during creation
|
||||||
- [ ] Docker deployment during hardening
|
- [x] SSH hardening
|
||||||
|
- [x] Firewall installation and configuration (UFW or firewalld)
|
||||||
|
- [ ] Fail2ban installation and configuration
|
||||||
|
- [x] Kernel Security Module installation and configuration (AppArmor or SELinux)
|
||||||
|
- [x] Docker Rootless installation
|
||||||
|
- [x] Docker deployment during hardening
|
||||||
|
- [x] Single docker-compose file deployment
|
||||||
|
- [x] Multiple docker images deployment
|
||||||
|
- [x] Automatic portainer deployment
|
||||||
|
|
||||||
# Prerequisites 📋
|
# Prerequisites 📋
|
||||||
|
|
||||||
|
|||||||
@@ -53,3 +53,13 @@ One example of the modern output is shown bellow:
|
|||||||
|
|
||||||
|
|
||||||
You can also specify a port with the `--port` flag.
|
You can also specify a port with the `--port` flag.
|
||||||
|
|
||||||
|
## Instance creation and hardening for aws
|
||||||
|
|
||||||
|
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy`
|
||||||
|
|
||||||
|
## Instance creation and hardening for aws while deploying a docker-compose file and nginx docker image
|
||||||
|
|
||||||
|
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx`
|
||||||
|
|
||||||
|
(The docker-compose.yml file has to be in the same directory as the script and be names `docker-compose,yml`)
|
||||||
|
|||||||
3
harden
3
harden
@@ -387,10 +387,10 @@ EOF
|
|||||||
printf "%s" "$FAIL2BAN_LOCAL" | sudo tee /etc/fail2ban/fail2ban.local
|
printf "%s" "$FAIL2BAN_LOCAL" | sudo tee /etc/fail2ban/fail2ban.local
|
||||||
FAIL2BAN_SSH_JAIL_LOCAL=$(cat <<'EOF'
|
FAIL2BAN_SSH_JAIL_LOCAL=$(cat <<'EOF'
|
||||||
[sshd]
|
[sshd]
|
||||||
|
backend = systemd
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = sshd
|
filter = sshd
|
||||||
banaction = ufw
|
banaction = ufw
|
||||||
backend = systemd
|
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
# 3 failed attempts in 600 seconds = 10 minutes
|
# 3 failed attempts in 600 seconds = 10 minutes
|
||||||
findtime = 1d
|
findtime = 1d
|
||||||
@@ -400,6 +400,7 @@ EOF
|
|||||||
)
|
)
|
||||||
FAIL2BAN_JAIL_LOCAL=$(cat <<'EOF'
|
FAIL2BAN_JAIL_LOCAL=$(cat <<'EOF'
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
backend = systemd
|
||||||
bantime = 1d
|
bantime = 1d
|
||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user