Now it's all microservices, I hope the fad persists.

harden

@@ -102,8 +102,9 @@ function install_packages {
 # The check_dependencies function will check if the dependencies defined in a local array are not installed
 # and store the ones that are indeed absent in another local array.
 # Then it will install the packages that are missing by invoking the install_packages function.
-function check_dependencies {
+function check_dependencies { # systemd-container is for machinectl
-	local dependencies=(fuse-overlayfs dbus-user-session uidmap slirp4netns docker-compose systemd-container htop curl git sudo vim ssh wget fail2ban) # Declare dependencies as a local array
+	local dependencies=(fuse-overlayfs dbus-user-session uidmap slirp4netns systemd-container htop curl git sudo vim ssh wget fail2ban) # Declare dependencies as a local array
+	# local dependencies=(fuse-overlayfs dbus-user-session uidmap slirp4netns docker-compose systemd-container htop curl git sudo vim ssh wget fail2ban) # Declare dependencies as a local array
 	# local dependencies=(fuse-overlayfs dbus-user-session uidmap slirp4netns docker-compose dnsutils htop curl git sudo vim ssh wget fail2ban) # Declare dependencies as a local array
 	#> see what to do with name differences between distros if any <#
 	local missing_dependencies=()              # Declare missing_dependencies as a local array
@@ -234,7 +235,8 @@ function firewallInit {
             sudo ufw allow 22100/tcp        # Allow ssh connections on port 22100
         ;;
         firewalld)
-            sudo systemctl enable --now firewalld # Enable the firewall on boot and start it
+            sudo systemctl enable firewalld # Enable the firewall on boot and start it
+            # sudo systemctl enable --now firewalld # Enable the firewall on boot and start it
             sudo firewall-cmd --permanent --add-port=22100/tcp # Allow ssh connections on port 22100
         ;;
         *)
@@ -303,8 +305,40 @@ EOF
 #     ##sudo docker network create --driver bridge -o "com.docker.network.bridge.enable_icc"="false" dockerNetworkNoICC
     # Get all arguments passed to the function and store them in the dockerImages array
     local dockerImages=("$@")
+    # Using -f instead of -e to check if the file exists AND that it is a regular file
+    [[ -f /root/docker-compose.yml ]] && sudo mv /root/docker-compose.yml /home/secdep/docker-compose.yml
+    [[ -f /home/admin/docker-compose.yml ]] && sudo mv /home/admin/docker-compose.yml /home/secdep/docker-compose.yml
+    [[ -f /home/ec2-user/docker-compose.yml ]] && sudo mv /home/ec2-user/docker-compose.yml /home/secdep/docker-compose.yml
+    [[ -f /home/centos/docker-compose.yml ]] && sudo mv /home/centos/docker-compose.yml /home/secdep/docker-compose.yml
+    [[ -f /home/fedora/docker-compose.yml ]] && sudo mv /home/fedora/docker-compose.yml /home/secdep/docker-compose.yml
+    [[ -f /home/ubuntu/docker-compose.yml ]] && sudo mv /home/ubuntu/docker-compose.yml /home/secdep/docker-compose.yml
+    # Not running chown in time? only when there is an if before
+    sudo chown secdep:secdep /home/secdep/docker-compose.yml
+    # [[ -f /home/secdep/docker-compose.yml ]] && sudo chown secdep:secdep /home/secdep/docker-compose.yml
+    # Since FileDeployment does not work and we used ScriptFileDeployment which automatically makes the file executable
+    # we need to make sure the file is not executable
+    # Not running chmod in time? only when there is an if before
+    sudo chmod -x /home/secdep/docker-compose.yml
+    # [[ -f /home/secdep/docker-compose.yml ]] && sudo chmod -x /home/secdep/docker-compose.yml
+    # Make sure docker is disabled after
+    # having installed docker-compose, to make sure
+    # only rootless docker is used
+    sudo systemctl disable --now docker.service docker.socket
+    sudo machinectl shell secdep@ /bin/bash -c 'curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /home/secdep/bin/docker-compose'
+    sudo machinectl shell secdep@ /bin/bash -c 'chmod +x /home/secdep/bin/docker-compose'
     # Check if there is a docker-compose.yml file in the user's home directory and run it if there is
-    sudo -u secdep bash -c '[[ -f "$HOME/docker-compose.yml" ]] && docker-compose -f "$HOME/docker-compose.yml" up -d'
+    sudo machinectl shell secdep@ "$(which bash)" -c 'DOCKER_HOST=unix:///run/user/$UID/docker.sock /home/secdep/bin/docker-compose -f /home/secdep/docker-compose.yml up -d'
+    # sudo machinectl shell secdep@ /bin/bash -c 'DOCKER_HOST=unix:///run/user/$UID/docker.sock docker-compose -f /home/secdep/docker-compose.yml up -d'
+    # sudo machinectl shell secdep@ /bin/bash -c '[[ -f "$HOME/docker-compose.yml" ]] && docker-compose -f "$HOME/docker-compose.yml" up -d'
+    # sudo -u secdep bash -c '[[ -f "$HOME/docker-compose.yml" ]] && docker-compose -f "$HOME/docker-compose.yml" up -d'
+    # Portainer is a docker image that provides a web interface for docker
+    # which will be installed and run on port 9000 by default to make it easier to manage docker
+    # CMD1="docker volume create portainer_data # Create a docker volume for portainer"
+    # CMD2="docker run -d -p 9000:9000 --name=portainer --restart=unless-stopped -v /home/secdep/.docker/run/docker.sock:/home/secdep/.docker/run/docker.sock -v portainer_data:/data portainer/portainer-ce"
+    # CMD2="docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock -v ~/.local/share/docker/volumes:/var/lib/docker/volumes -v portainer_data:/data portainer/portainer-ce"
+    # sudo -u secdep bash -c "$CMD1" # Create a docker volume for portainer
+    # sudo -u secdep bash -c "$CMD2" # Run portainer
+    # sudo machinectl shell secdep@ /bin/bash -c "docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock -v ~/.local/share/docker/volumes:/var/lib/docker/volumes -v portainer_data:/data portainer/portainer-ce"
     # Check if the dockerImages array is empty and return 0 if it is
     [[ "${#dockerImages[@]}" -eq 0 ]] && return 0
     # Loop through the dockerImages array
@@ -408,25 +442,42 @@ CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_R
 EOF
 )
 printf "%s" "$HARDEN_FAIL2BAN_SERVICE" | sudo tee /etc/systemd/system/fail2ban.service.d/override.conf
-sudo systemctl enable --now fail2ban
+sudo systemctl enable fail2ban
+# sudo systemctl enable --now fail2ban
 printf "%s" "LogLevel VERBOSE" | sudo tee -a /etc/ssh/sshd_config
 #sudo systemctl restart sshd
 }
 
-function restartServices {
+function enableServices {
-    # for service in "${services[@]}"; do
+    for service in "${services[@]}"; do
-    #     sudo systemctl restart "$service"
+        sudo systemctl restart "$service"
-    # done
+    done
     # command -v ufw >/dev/null 2>&1 && currentFirewall="ufw" || currentFirewall="firewalld"
     whereis ufw | grep -q /ufw && currentFirewall="ufw" || currentFirewall="firewalld"
+
+    if [[ "$currentFirewall" == "ufw" ]]; then
+        echo "You should enable ufw"
+        # sudo ufw enable
+        # sudo systemctl enable --now ufw
+    elif [[ "$currentFirewall" == "firewalld" ]]; then
+        sudo firewall-cmd --reload
+    else
+        printf "%s" "Unsupported firewall"
+        exit 1
+    fi
+    # With the if block it doesn't error out at firewalld check
     # For ufw
     # Enable the firewall
     # Enable and start the firewall on boot
-    [[ "$currentFirewall" == "ufw" ]] && sudo ufw enable && sudo systemctl enable --now ufw
+    # [[ "$currentFirewall" == "ufw" ]] && sudo ufw enable && sudo systemctl enable --now ufw
+    # [[ "$currentFirewall" == "ufw" ]] && sudo ufw enable && sudo systemctl enable ufw
+    # Getting stuck at sudo ufw enable?
+    # [[ "$currentFirewall" == "ufw" ]] && sudo systemctl enable ufw
+    # [[ "$currentFirewall" == "ufw" ]] && echo "You should enable ufw"
     # For firewalld
     # Reload the firewall
-    [[ "$currentFirewall" == "firewalld" ]] && sudo firewall-cmd --reload
+    # [[ "$currentFirewall" == "firewalld" ]] && sudo firewall-cmd --reload
-    sudo systemctl disable --now docker.service docker.socket
+    # sudo systemctl disable --now docker.service docker.socket
     # sudo systemctl disable --now docker
     # Make sure docker is disabled after
     # installing docker-compose, to make sure
@@ -450,10 +501,11 @@ function main {
     # Else exit with error code 1
 ##    [[ $# -gt 0 ]] && dockerInit "$@" || exit 1
     dockerInit "$@" || exit 1
-    restartServices || exit 1
+    enableServices || exit 1
 	printf "%s" "Script finished" # Output message to the user
-	printf "%s" "Now rebooting" # Output message to the user
+	printf "%s" "You should reboot" # Output message to the user
-    sudo reboot
+	# printf "%s" "Now rebooting" # Output message to the user
+    # sudo reboot
 }
 
 # # The am_i_root function will check if the user is root and exit if they are not.
@@ -467,4 +519,5 @@ function main {
 # Call the main function
 main "$@"
 
+# exit 1 # The right and proper way to exit a script
 exit 0 # The right and proper way to exit a script

secdep.py

@@ -36,6 +36,8 @@ from libcloud.compute.types import Provider
 from libcloud.compute.providers import get_driver
 from libcloud.compute.base import NodeAuthSSHKey
 from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment
+# FileDeployment not working for some reason
+# from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment, FileDeployment
 from azure.identity import ClientSecretCredential
 from azure.mgmt.resource import ResourceManagementClient
 from azure.mgmt.network import NetworkManagementClient
@@ -73,8 +75,10 @@ parser.add_argument('-v', '--version', help='Show secdep\'s version', action='st
 parser.add_argument('-P', '--provider', help='Cloud provider', choices=['gce', 'azure', 'aws'])
 parser.add_argument('-a', '--action', help='Action to perform on a single provider with -P PROVIDER or all instances. Valid options are delete[all] start[all] stop[all] reboot[all]', choices=action_choices, metavar='ACTION')
 parser.add_argument('-c', '--create', help='Create an instance', action='store_true')
-parser.add_argument('-dc', '--docker-compose', help='Run the docker-compose.yml file', action='store_true')
+# --docker_compose is not named --docker-compose because of the way argparse works
-parser.add_argument('-dep', '--deploy', help='Docker images to deploy', type=str, nargs='*', default=None, required=False)
+parser.add_argument('-dc', '--docker_compose', help='Run the docker-compose.yml file', action='store_true')
+# action='append' is used to allow the user to check if --deploy was used even without any arguments
+parser.add_argument('-dep', '--deploy', help='Docker images to deploy', type=str, nargs='*', default=None, required=False, action='append')
 parser.add_argument('-I', '--listimages', help='List images', action='store_true')
 parser.add_argument('-S', '--listsizes', help='List sizes', action='store_true')
 parser.add_argument('-G', '--listlocations', help='List locations', action='store_true')
@@ -1025,13 +1029,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             if existIn == False:
                 driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
                     node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
                 else:
                     node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1087,13 +1096,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             network_client.security_rules.begin_create_or_update(res_group.name, sec_group.name,"allowAllOutbound", SecurityRule(protocol='*', source_address_prefix='*', destination_address_prefix='*', access='Allow', direction='Outbound', description='Allow all', source_port_range='*', destination_port_range='*', priority=4096, name="allowAll"))
             # Create the node
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
                     node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
                 else:
                     node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1127,14 +1141,13 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             sudo chown secdep:secdep /home/secdep -R
             sudo chmod 700 /home/secdep /home/secdep/.ssh
             sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
-            ## Last two lines don't work
-            ## sudo printf "%s\n" "secdep ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/secdepRules"
-            ## sudo chmod 0440 "/etc/sudoers.d/secdepRules"'''
             deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([deploy, sendDockerCompose, actualDeployScript])
                 else:
                     msd = MultiStepDeployment([deploy, actualDeployScript])
@@ -1142,6 +1155,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
                 console.print('[bold white]deploy stdout: %s[/bold white]' % (deploy.stdout))
                 console.print('[bold red]deploy stderr: %s[/bold red]' % (deploy.stderr))
                 console.print('[bold white]deploy exit_code: %s[/bold white]' % (deploy.exit_status))
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1169,13 +1185,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             if existIn == False:
                 driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
                     node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
                 else:
                     node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1231,13 +1252,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             network_client.security_rules.begin_create_or_update(res_group.name, sec_group.name,"allowAllOutbound", SecurityRule(protocol='*', source_address_prefix='*', destination_address_prefix='*', access='Allow', direction='Outbound', description='Allow all', source_port_range='*', destination_port_range='*', priority=4096, name="allowAll"))
             # Create the node
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
                     node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
                 else:
                     node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1261,24 +1287,23 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
             sudo useradd -G sudo -s /bin/bash -m secdep
             sudo echo "secdep:secdeppass" | sudo chpasswd
             sudo mkdir -p /home/secdep/.ssh
-            [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
-            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -f /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
             sudo chmod 755 /home
             sudo chown secdep:secdep /home/secdep -R
             sudo chmod 700 /home/secdep /home/secdep/.ssh
             sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
-            ## Last two lines don't work
-            ## sudo printf "%s\n" "secdep ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/secdepRules"
-            ## sudo chmod 0440 "/etc/sudoers.d/secdepRules"'''
             deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
             if args.deploy:
-                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
+                # After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
-                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
+                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
-                    sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
+                    # sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
+                    sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
                     msd = MultiStepDeployment([deploy, sendDockerCompose, actualDeployScript])
                 else:
                     msd = MultiStepDeployment([deploy, actualDeployScript])
@@ -1286,6 +1311,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
                 console.print('[bold white]deploy stdout: %s[/bold white]' % (deploy.stdout))
                 console.print('[bold red]deploy stderr: %s[/bold red]' % (deploy.stderr))
                 console.print('[bold white]deploy exit_code: %s[/bold white]' % (deploy.exit_status))
+                # console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
+                # console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
+                # console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
                 console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
                 console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
                 console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
@@ -1582,7 +1610,7 @@ if args.listlocations and args.provider:
 if args.create:
     assert args.provider is not None, "Provider must be specified for node creation"
     # If -c or --create is passed, call the create_node function
-    create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy)
+    create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy[0])
     exit(0)
 if args.list:
     if args.print:
@@ -1603,7 +1631,7 @@ if args.ssh:
 if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
     console.print("Image, size, name, region, yes and deploy parameters [u]only[/u] go along with the create flag", style="bold red")
     exit(0)
-if args.docker-compose and not args.deploy:
+if args.docker_compose and not args.deploy:
     console.print("Docker compose [u]only[/u] goes along with the deploy flag", style="bold red")
     exit(0)
 if args.print and not args.list or args.listimages or args.listsizes or args.listlocations: