library to connect to 
, 
and 
.
# Description π and motivation π§
Have you ever wanted to instantly deploy a simple virtual machine (or multiple) using one or more of the IaaS that the top π 3 cloud providers offer? π€ If yes ππ‘, you might have noticed some things that keep you off like the fact that their web portals are bloated π« for your use case or confusing π. Or that more often than not the same goes for their official cli tools π€¦. In the case you want to manage more than one provider's virtual machines, it becomes a hassle having to head over to their web portal, or tool and do the same thing in a different manner.
That's where SecDep comes in πͺ. With SecDep, you can manage your virtual machines across all three cloud providers with ease π without having to think of where to go and how to get there to do what you want π₯³.
# Features and roadmap πΊοΈ
- [x] Virtual machine creation
- [x] GCE
- [x] Azure
- [x] AWS
- [x] Virtual machine actions (delete, start, stop, reboot)
- [x] GCE
- [x] Azure
- [x] AWS
- [x] Virtual machine simple ssh connection
- [x] Interactive `.env` file editing
- [x] Provider image, location, size and instance listing
- [x] GCE
- [x] Azure
- [x] AWS
- [x] Choice to perform above actions and instance listing on a single or all providers
- [x] Hardening during creation
- [x] SSH hardening
- [x] Firewall installation and configuration (UFW or firewalld)
- [x] Fail2ban installation and configuration
- [x] Kernel Security Module installation (AppArmor or SELinux)
- [x] Docker Rootless installation
- [x] gVisor installation and integration with Docker Rootless
- [x] CronJob to update the system periodically
- [x] CronJob to allow or disallow docker ports
- [x] Docker deployment during hardening
- [x] Single docker-compose file deployment
- [x] Pulling of multiple docker images
- [x] Automatic portainer deployment
- [x] Automatic watchtower deployment
# Prerequisites π
Even though we want to avoid using the tools or the web portals we actually have to do it just once to have everything set up to go π.
## GCE
First and foremost, you need to have a Google account. If you don't have one, you can create one [here](https://accounts.google.com/SignUp?hl=en).
Then follow the instructions π [here](assets/pages/gce/GCE_setup.md) to set up your GCE account.
Instructions based on [libcloud's](https://libcloud.readthedocs.io/en/stable/compute/drivers/gce.html#service-account) documentation.
## Azure
For Azure you need to be a part of an organization that has an Azure subscription π’.
Then follow the instructions [here](assets/pages/azure/Azure_setup.md) to set up your Azure account.
Instructions based on [libcloud's](https://libcloud.readthedocs.io/en/stable/compute/drivers/azure_arm.html#connecting-to-azure) documentation.
## AWS
For AWS you firstly need an [account](https://aws.amazon.com/account/) and then to follow the instructions [here](assets/pages/aws/AWS_setup.md) π.
# Dependencies π¦
We would have 3 core external dependecies but due to missing functionality in libcloud when it comes to Azure management we need 6 of them. The rest are just quality of life dependecies ποΈ
1. [libcloud](https://github.com/apache/libcloud) which is the main dependency to connect to the cloud providers
2. [python-dotenv](https://github.com/theskumar/python-dotenv) which is used to read the `.env` file
3. [paramiko](https://github.com/paramiko/paramiko) which is actually needed for the deployment of libcloud
4. [azure-sdk-for-python](https://github.com/Azure/azure-sdk-for-python) from which we need
1. [azure-identity](https://pypi.org/project/azure-identity/) to authenticate with Azure
2. [azure-mgmt-resource](https://pypi.org/project/azure-mgmt-resource/) to manage Azure resources
3. [azure-mgmt-network](https://pypi.org/project/azure-mgmt-network/) to manage Azure networks
5. [shtab](https://github.com/iterative/shtab) which is used to generate bash and zsh completion scripts
6. [rich](https://github.com/Textualize/rich) which is used to make the output more colorful and easier to read
# Installation π οΈ
## Cloning the repository π
You can clone the repository by running `git clone https://git.konsthol.eu/konsthol/SecDep.git` in the directory you want the files to reside.
It goes without saying that you need to have git installed and that you need python to run it since it is a python script afterall.
## Installing the dependencies π₯
The simplest way to install them is to run `pip install -r requirements.txt` in the root directory of the project.
If you don't have pip installed you can install it by running `sudo apt install python3-pip` on Debian based systems or `sudo dnf install python3-pip` on Fedora based systems.
For other systems you can check [here](https://pip.pypa.io/en/stable/installation/) π for more information.
# Walkthrough πΆ
Assuming you have set up your accounts and have the dependencies installed, you can now start using SecDep.
Check this [page](assets/pages/usage/usage.md) to get more familiar with the program.
# Some program outputs π
Images and videos of common tasks will reside [here](assets/pages/demo/demo.md)
# Connecting to the virtual machines π°οΈ π₯οΈ
If you want to connect using your ssh client you will be able to run `ssh -i ~/Path/To/SecDep/secdep secdep@
