From 5abeaecff2d2c2dc355f62b2d09b44789eab8c0c Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 16:57:29 +0530 Subject: [PATCH 1/8] PROJECT1OVER --- projects/bash_networking_security/SOLUTION | 10 ++-- .../bastion_connect.sh | 21 ++++++++ .../bash_networking_security/tlsHandshake.sh | 50 +++++++++++++++++++ projects/bash_networking_security/vpc.sh | 8 +-- 4 files changed, 81 insertions(+), 8 deletions(-) diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION index 2edfbaf..dec0164 100644 --- a/projects/bash_networking_security/SOLUTION +++ b/projects/bash_networking_security/SOLUTION @@ -1,16 +1,18 @@ Local DNS Server IP ------------------- - +127.0.0.53 Default gateway IP ------------------- - +10.0.0.1 DHCP IP allocation sys-logs ------------------- - - +Jun 16 06:09:35 ip-10-0-0-239 dhclient[361]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xb1f1506a) +Jun 16 06:09:35 ip-10-0-0-239 dhclient[361]: DHCPOFFER of 10.0.0.239 from 10.0.0.1 +Jun 16 06:09:35 ip-10-0-0-239 dhclient[361]: DHCPREQUEST for 10.0.0.239 on eth0 to 255.255.255.255 port 67 (xid=0x6a50f1b1) +Jun 16 06:09:35 ip-10-0-0-239 dhclient[361]: DHCPACK of 10.0.0.239 from 10.0.0.1 (xid=0xb1f1506a) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index a9bf588..745b869 100644 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -1 +1,22 @@ #!/bin/bash + +if [[ -z "$KEY_PATH" ]]; then + echo "KEY_PATH environment variable is not set!" + exit 5 +fi + +if [[ $# -lt 1 ]]; then + echo "KEY_PATH env var is expected" + echo "Please provide Public Instance (Bastion) IP address" + exit 5 +fi + +public_ip=$1 +private_ip=$2 +command="${@:3}" + +if [[ -n "$private_ip" ]]; then + ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command" +else + ssh -i "$KEY_PATH" ubuntu@"$public_ip" "$command" +fi \ No newline at end of file diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh index a9bf588..5977234 100644 --- a/projects/bash_networking_security/tlsHandshake.sh +++ b/projects/bash_networking_security/tlsHandshake.sh @@ -1 +1,51 @@ #!/bin/bash + +IPADDRESS=34.229.77.229 || $PUBLIC_EC2_IP || $1 +# Step 1: Client Hello +client_hello=$(curl -s -X POST -H "Content-Type: application/json" -d '{ + "version": "1.3", + "ciphersSuites": [ + "TLS_AES_128_GCM_SHA256", + "TLS_CHACHA20_POLY1305_SHA256" + ], + "message": "Client Hello" +}' http://$IPADDRESS:8080/clienthello) + +# Step 2: Server Hello +version=$(echo "$client_hello" | jq -r '.version') +cipher_suite=$(echo "$client_hello" | jq -r '.cipherSuite') +session_id=$(echo "$client_hello" | jq -r '.sessionID') +server_cert=$(echo "$client_hello" | jq -r '.serverCert') + +# Step 3: Server Certificate Verification +wget -q https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem +openssl verify -CAfile cert-ca-aws.pem <<< "$server_cert" +verification_result=$? + +if [ $verification_result -ne 0 ]; then + echo "Server Certificate is invalid." + exit 5 +fi + +# Step 4: Client-Server master-key exchange +master_key=$(openssl rand -base64 32) +encrypted_master_key=$(echo "$master_key" | openssl smime -encrypt -aes-256-cbc -binary -outform DER cert.pem | base64 -w 0) + +# Step 5: Server verification message +server_verification_msg=$(curl -s -X POST -H "Content-Type: application/json" -d '{ + "sessionID": "'"$session_id"'", + "masterKey": "'"$encrypted_master_key"'", + "sampleMessage": "Hi server, please encrypt me and send to client!" +}' http://$IPADDRESS:8080/keyexchange) + +encrypted_sample_msg=$(echo "$server_verification_msg" | jq -r '.encryptedSampleMessage') + +# Step 6: Client verification message +decrypted_sample_msg=$(echo "$encrypted_sample_msg" | base64 -d | openssl enc -d -aes-256-cbc -pbkdf2 -pass pass:"$master_key" -md sha256) + +if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then + echo "Server symmetric encryption using the exchanged master-key has failed." + exit 6 +fi + +echo "Client-Server TLS handshake has been completed successfully" diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 951abba..360e015 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ -REGION="" -VPC_ID="" -PUBLIC_INSTANCE_ID="" -PRIVATE_INSTANCE_ID="" \ No newline at end of file +REGION="us-east-1" +VPC_ID="vpc-0fa173275baf10b87" +PUBLIC_INSTANCE_ID="i-07a59423027bcd60d" +PRIVATE_INSTANCE_ID="i-08df05fcc7f790417" \ No newline at end of file From 1e55d6a6b3c8a6e6c86c370e58db9f268e71187e Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 17:03:16 +0530 Subject: [PATCH 2/8] updates --- projects/bash_networking_security/bastion_connect.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index 745b869..7e58e0e 100644 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -1,5 +1,4 @@ #!/bin/bash - if [[ -z "$KEY_PATH" ]]; then echo "KEY_PATH environment variable is not set!" exit 5 From bf425e0613660f158ed1ace547c0ceb8ad97922b Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 18:54:46 +0530 Subject: [PATCH 3/8] fixes --- projects/bash_networking_security/bastion_connect.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 projects/bash_networking_security/bastion_connect.sh diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh old mode 100644 new mode 100755 From e72fd43fbca905ff5a2e1b7fcd7e427009572acc Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 18:56:47 +0530 Subject: [PATCH 4/8] fixes --- projects/bash_networking_security/bastion_connect.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index 7e58e0e..33aa7f9 100755 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -15,7 +15,7 @@ private_ip=$2 command="${@:3}" if [[ -n "$private_ip" ]]; then - ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command" + ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "newkey" ubuntu@"$private_ip" "$command" else ssh -i "$KEY_PATH" ubuntu@"$public_ip" "$command" fi \ No newline at end of file From bd4b91703db4b8aea4f24f9395f96d5355859ebf Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 18:56:55 +0530 Subject: [PATCH 5/8] fixes --- projects/bash_networking_security/bastion_connect.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index 33aa7f9..7e58e0e 100755 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -15,7 +15,7 @@ private_ip=$2 command="${@:3}" if [[ -n "$private_ip" ]]; then - ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "newkey" ubuntu@"$private_ip" "$command" + ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command" else ssh -i "$KEY_PATH" ubuntu@"$public_ip" "$command" fi \ No newline at end of file From 5b4b907bf7ea00fbc3441a82267ebecd3326fef2 Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 19:11:08 +0530 Subject: [PATCH 6/8] updates --- projects/bash_networking_security/vpc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 360e015..9034ec1 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ REGION="us-east-1" VPC_ID="vpc-0fa173275baf10b87" PUBLIC_INSTANCE_ID="i-07a59423027bcd60d" -PRIVATE_INSTANCE_ID="i-08df05fcc7f790417" \ No newline at end of file +PRIVATE_INSTANCE_ID="i-0cd7a4ceacb15cb37" \ No newline at end of file From f72f7f3e9a30276015ce1005f197fb092d3e37d7 Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 19:28:55 +0530 Subject: [PATCH 7/8] fixes --- projects/bash_networking_security/vpc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 9034ec1..a32dc5d 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ REGION="us-east-1" VPC_ID="vpc-0fa173275baf10b87" PUBLIC_INSTANCE_ID="i-07a59423027bcd60d" -PRIVATE_INSTANCE_ID="i-0cd7a4ceacb15cb37" \ No newline at end of file +PRIVATE_INSTANCE_ID="i-078d4bf03ade30871" \ No newline at end of file From a77db8c9af6ff7896b2e7eea4c75bfa2286b036d Mon Sep 17 00:00:00 2001 From: Ayroid Date: Fri, 16 Jun 2023 19:34:55 +0530 Subject: [PATCH 8/8] fixes --- projects/bash_networking_security/vpc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index a32dc5d..eba10e6 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ REGION="us-east-1" VPC_ID="vpc-0fa173275baf10b87" PUBLIC_INSTANCE_ID="i-07a59423027bcd60d" -PRIVATE_INSTANCE_ID="i-078d4bf03ade30871" \ No newline at end of file +PRIVATE_INSTANCE_ID="i-00ac045e505098220" \ No newline at end of file