konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ea53efdb4051fc98ae463bec29e06cf74c09e7e
SecDep/assets/pages/demo/demo.md

74 lines
2.7 KiB
Markdown
Raw Blame History

# Examples and output
### Actual outputs are more polished than the ones shown here (e.g. colors, better formatting, etc.)
One example of the modern output is shown bellow:
![Modern Output](../../images/demo/aws-instance-terminated.png)
## Instance listing 🪧
`python3 secdep.py -l`
(sped up animation)
![Listing](../../videos/demo/instance-list.gif)
## Instance listing when there is a gce node
`python3 secdep.py -l -P gce`
![Listing gce](../../videos/demo/gce-instance-list.gif)
## Instance listing with 5 aws nodes
![Listing 2](../../images/demo/instance-list-output.png)
## Instance listing with aws and gce nodes
![Listing 3](../../images/demo/instance-list-aws-gce.png)
## Instance deletion 👋
`python3 secdep.py -a delete`
![Deletion](../../images/demo/instance-deletion.png)
## Instance deletion of all gce nodes 💣
`python3 secdep.py -P gce -a deleteall`
![Deletion 2](../../videos/demo/gce-instance-delete.gif)
## Instance creation for gce 🎉
`python3 secdep.py -P gce -c -n test-node -g us-central1-a -s f1-micro -i debian-10-buster-v20230306 -y`
![Creation](../../videos/demo/gce-instance-creation.gif)
## Instance ssh connection 🔗
`python3 secdep.py -P gce --ssh`
![Deletion 2](../../videos/demo/gce-instance-ssh.gif)
You can also specify a port with the `--port` flag.
## Instance creation and hardening for aws
(sped up animation)
![Hardened aws](../../videos/demo/aws-hardened-instance-creation.gif)
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy`
## Instance creation and hardening for aws while deploying a docker-compose file and pulling nginx docker image
`python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx`
Note: The docker-compose.yml file has to be in the same directory as the script and be named as `docker-compose.yml`. Also if it contains a volumes section, make sure that the left side path before the ":" corresponting to the host path is not owned by root but by your user and if using portainer make sure to enter the full path in the web editor
Additional Note: By deploying a docker-compose.yml file using the --docker_compose flag, the needed ports will be allowed by the firewall for usage. But by deploying a docker image or docker-compose.yml file through portainer one should then `sudo ufw allow needed_port` and `sudo ufw reload` for them to be usable or `firewall-cmd --permanent --add-port=needed_port` and `sudo firewall-cmd --reload` depending on the distribution.
For convenience, the scirpt will also create another script that checks which ports are to be opened or closed and assign it to a cronjob that will execute it every 20 minutes so one can just wait.
Reference in New Issue View Git Blame Copy Permalink