2.9 KiB
Examples and output 📊
Actual outputs are more polished than the ones shown here (e.g. colors, better formatting, etc.)
One example of the modern output is shown bellow:
Instance listing 🪧
python3 secdep.py -l
(sped up animation)
Instance listing when there is a gce node
python3 secdep.py -l -P gce
Instance listing with 5 aws nodes
Instance listing with aws and gce nodes
Instance deletion 👋
python3 secdep.py -a delete
Instance deletion of all gce nodes 💣
python3 secdep.py -P gce -a deleteall
Instance creation for gce 🎉
python3 secdep.py -P gce -c -n test-node -g us-central1-a -s f1-micro -i debian-10-buster-v20230306 -y
Instance ssh connection 🔗
python3 secdep.py -P gce --ssh
You can also specify a port with the --port flag.
Instance creation and hardening for aws
(sped up animation)
python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --deploy
Instance creation and hardening for aws while deploying a docker-compose file and pulling nginx docker image
python3 secdep.py -P aws -c -n test-node -s t3.micro -i ami-08869bacfa1188ec9 --yes --docker_compose --deploy nginx
Note: The docker-compose.yml file has to be in the same directory as the script and be named as docker-compose.yml. Also if it contains a volumes section, make sure that the left side path before the ":" corresponting to the host path is not owned by root but by your user and if using portainer make sure to enter the full path in the web editor
Additional Note: By deploying a docker-compose.yml file using the --docker_compose flag, the needed ports will be allowed by the firewall for usage. But by deploying a docker image or docker-compose.yml file through portainer one should then sudo ufw allow needed_port and sudo ufw reload for them to be usable or firewall-cmd --permanent --add-port=needed_port and sudo firewall-cmd --reload depending on the distribution.
For convenience, the scirpt will also create another script that checks which ports are to be opened or closed and assign it to a cronjob that will execute it every 20 minutes so one can just wait.
If you ever decide to get a domain name and use it for any docker container, make sure to allow ports 80 and 443 both manually and in the dynamic ports script for it to be usable.