konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ea53efdb4051fc98ae463bec29e06cf74c09e7e
SecDep/assets/pages/demo/demo.md

2.7 KiB
Raw Blame History

Examples and output

Actual outputs are more polished than the ones shown here (e.g. colors, better formatting, etc.)

One example of the modern output is shown bellow:

Modern Output

Instance listing 🪧

python3 secdep.py -l

(sped up animation)

Listing

Instance listing when there is a gce node

python3 secdep.py -l -P gce

Listing gce

Instance listing with 5 aws nodes

Listing 2

Instance listing with aws and gce nodes

Listing 3

Instance deletion 👋

python3 secdep.py -a delete

Deletion

Instance deletion of all gce nodes 💣

python3 secdep.py -P gce -a deleteall

Deletion 2

Instance creation for gce 🎉

python3 secdep.py -P gce -c -n test-node -g us-central1-a -s f1-micro -i debian-10-buster-v20230306 -y

Creation

Instance ssh connection 🔗

python3 secdep.py -P gce --ssh

Deletion 2

You can also specify a port with the --port flag.

Instance creation and hardening for aws

(sped up animation)

Hardened aws

python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy

Instance creation and hardening for aws while deploying a docker-compose file and pulling nginx docker image

python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx

Note: The docker-compose.yml file has to be in the same directory as the script and be named as docker-compose.yml. Also if it contains a volumes section, make sure that the left side path before the ":" corresponting to the host path is not owned by root but by your user and if using portainer make sure to enter the full path in the web editor

Additional Note: By deploying a docker-compose.yml file using the --docker_compose flag, the needed ports will be allowed by the firewall for usage. But by deploying a docker image or docker-compose.yml file through portainer one should then sudo ufw allow needed_port and sudo ufw reload for them to be usable or firewall-cmd --permanent --add-port=needed_port and sudo firewall-cmd --reload depending on the distribution.

For convenience, the scirpt will also create another script that checks which ports are to be opened or closed and assign it to a cronjob that will execute it every 20 minutes so one can just wait.

Reference in New Issue View Git Blame Copy Permalink