konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bit Bucket is down. What should I do now?

Browse Source
This commit is contained in:
konsthol
2023-03-20 00:15:39 +02:00
parent 943bdf015f
commit f392de33e6
1 changed files with 32 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
secdep.py
View File

@@ -28,7 +28,7 @@ from dotenv import load_dotenv
from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver
from libcloud.compute.base import NodeAuthSSHKey
from libcloud.compute.deployment import ScriptDeployment, SSHKeyDeployment, MultiStepDeployment
from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment
from azure.identity import ClientSecretCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.network import NetworkManagementClient
@@ -779,7 +779,7 @@ def getAWSRegionFromAmi(ami):
return list(image.keys())[list(image.values()).index(ami)]
# This is the most important function of all and uses all the previous ones to validate the input and get the actual objects
def create_node(provider, name=None, location=None, size=None, image=None, confirm=None):
def create_node(provider, name=None, location=None, size=None, image=None, confirm=None, deploy=None):
# Get public ssh key value
with open(SECDEP_SSH_PUBLIC_KEY, 'r') as f:
pubkey = f.read()
@@ -985,9 +985,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
keys = driver.list_key_pairs()
for key in keys:
driver.delete_key_pair(key)
driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
driver.ex_authorize_security_group_permissive('default')
keyname="secdep@"+socket.gethostname()
driver.import_key_pair_from_string(keyname, pubkey)
driver.ex_authorize_security_group_permissive('default')
# since each ami decides on a different admin user name we can't use the create node
# to end up with a secdep user but we have to use the deploy_node function
SCRIPT = '''#!/usr/bin/env bash
@@ -1004,13 +1004,16 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
sudo chown secdep:secdep /home/secdep -R
sudo chmod 700 /home/secdep /home/secdep/.ssh
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
step_1 = SSHKeyDeployment(pubkey)
step_2 = ScriptDeployment(SCRIPT)
msd = MultiStepDeployment([step_1, step_2])
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
print('stdout: %s' % (step_2.stdout))
print('stderr: %s' % (step_2.stderr))
print('exit_code: %s' % (step_2.exit_status))
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
if args.deploy:
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
msd = MultiStepDeployment([deploy, actualDeployScript])
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
else:
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
print('stdout: %s' % (deploy.stdout))
print('stderr: %s' % (deploy.stderr))
print('exit_code: %s' % (deploy.exit_status))
else:
# When the -y or --yes parameter is passed we go straight to the node creation
if provider == "gce":
@@ -1075,9 +1078,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
keys = driver.list_key_pairs()
for key in keys:
driver.delete_key_pair(key)
driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
driver.ex_authorize_security_group_permissive('default')
keyname="secdep@"+socket.gethostname()
driver.import_key_pair_from_string(keyname, pubkey)
driver.ex_authorize_security_group_permissive('default')
# since each ami decides on a different admin user name we can't use the create node
# to end up with a secdep user but we have to use the deploy_node function
SCRIPT = '''#!/usr/bin/env bash
@@ -1094,17 +1097,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
sudo chown secdep:secdep /home/secdep -R
sudo chmod 700 /home/secdep /home/secdep/.ssh
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
step_1 = SSHKeyDeployment(pubkey)
step_2 = ScriptDeployment(SCRIPT)
msd = MultiStepDeployment([step_1, step_2])
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
print('stdout: %s' % (step_2.stdout))
print('stderr: %s' % (step_2.stderr))
print('exit_code: %s' % (step_2.exit_status))
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
if args.deploy:
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
msd = MultiStepDeployment([deploy, actualDeployScript])
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
else:
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
print('stdout: %s' % (deploy.stdout))
print('stderr: %s' % (deploy.stderr))
print('exit_code: %s' % (deploy.exit_status))
print(node.name + " created successfully")
print("Node is initializing")
if provider == "aws":
time.sleep(30) #Aws takes a while to assign a public ip
print("ip to connect to")
print("\nIP: %s\n" % (node.public_ips))
return node
@@ -1239,7 +1243,8 @@ def node_action(action, provider):
result = poller.result()
def node_action_all(action, provider):
nodes = list_all_nodes(provider, action)
string = action[:-3]
nodes = list_all_nodes(provider, string)
node_name = ""
for node in nodes:
providerName = node.name.split("-")[0]
@@ -1269,7 +1274,6 @@ def node_action_all(action, provider):
case _:
print("Invalid action command")
exit(0)
string = action[:-3]
if(succeded):
print("%s node %s -> successful" % (node.name, string))
else:
@@ -1280,7 +1284,7 @@ def node_action_all(action, provider):
result = poller.result()
def ssh(provider):
node = choose_from_list(list_all_nodes(provider), "node")
node = choose_from_list(list_all_nodes(provider,"stop"), "node")
ip = node.public_ips[0]
port = 22
username = "secdep"
@@ -1338,7 +1342,7 @@ if args.listlocations and args.provider:
if args.create:
assert args.provider is not None, "Provider must be specified for node creation"
# If -c or --create is passed, call the create_node function
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes)
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy)
exit(0)
if args.list:
if args.print:
@@ -1356,10 +1360,8 @@ if args.action:
if args.ssh:
ssh(args.provider)
exit(0)
if args.image or args.size or args.name or args.region or args.yes and not args.create:
print("Image, size, name, region and yes parameters only go along with the create flag")
if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
print("Image, size, name, region, yes and deploy parameters only go along with the create flag")
exit(0)
if args.print and not args.list or args.listimages or args.listsizes or args.listlocations:
print("The print flag only goes together with the list, list images, list sizes or list locations")
if args.deploy:
print(args.deploy)