konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I'll mention this again, if you're git-blaming this, don't come slap me personally. This code straight ported from another project and we WILL refactor this in the future. This is a temporary solution. OK I guess you can slap me for porting this as is, but still.

Browse Source
This commit is contained in:
konsthol
2023-09-03 17:27:00 +03:00
parent afce9e90a6
commit 6fc7bbd830
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -31,8 +31,16 @@ That's where SecDep comes in 💪. With SecDep, you can manage your virtual mach
- [x] Azure
- [x] AWS
- [x] Choice to perform above actions and instance listing on a single or all providers
- [ ] Hardening during creation
- [ ] Docker deployment during hardening
- [x] Hardening during creation
- [x] SSH hardening
- [x] Firewall installation and configuration (UFW or firewalld)
- [ ] Fail2ban installation and configuration
- [x] Kernel Security Module installation and configuration (AppArmor or SELinux)
- [x] Docker Rootless installation
- [x] Docker deployment during hardening
- [x] Single docker-compose file deployment
- [x] Multiple docker images deployment
- [x] Automatic portainer deployment
# Prerequisites 📋

10
assets/pages/demo/demo.md
View File

@@ -53,3 +53,13 @@ One example of the modern output is shown bellow:
![Deletion 2](../../videos/demo/gce-instance-ssh.gif)
You can also specify a port with the `--port` flag.
## Instance creation and hardening for aws
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy`
## Instance creation and hardening for aws while deploying a docker-compose file and nginx docker image
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx`
(The docker-compose.yml file has to be in the same directory as the script and be names `docker-compose,yml`)

3
harden
View File

@@ -387,10 +387,10 @@ EOF
printf "%s" "$FAIL2BAN_LOCAL" | sudo tee /etc/fail2ban/fail2ban.local
FAIL2BAN_SSH_JAIL_LOCAL=$(cat <<'EOF'
[sshd]
backend = systemd
enabled = true
filter = sshd
banaction = ufw
backend = systemd
maxretry = 3
# 3 failed attempts in 600 seconds = 10 minutes
findtime = 1d
@@ -400,6 +400,7 @@ EOF
)
FAIL2BAN_JAIL_LOCAL=$(cat <<'EOF'
[DEFAULT]
backend = systemd
bantime = 1d
EOF
)