Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

commited #59

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions projects/bash_networking_security/SOLUTION
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
Local DNS Server IP
-------------------
<ip-here>
<127.0.0.53>



Default gateway IP
-------------------
<ip-here>
<10.0.0.1>



DHCP IP allocation sys-logs
-------------------
<logs-here>

Jun 13 18:25:55 ip-10-0-0-200 dhclient[347]: Internet Systems Consortium DHCP Client 4.4.1
Jun 13 18:25:55 ip-10-0-0-200 dhclient[347]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x59d92d2b)
Jun 13 18:25:55 ip-10-0-0-200 dhclient[347]: DHCPOFFER of 10.0.0.200 from 10.0.0.1
Jun 13 18:25:55 ip-10-0-0-200 dhclient[347]: DHCPREQUEST for 10.0.0.200 on eth0 to 255.255.255.255 port 67 (xid=0x2b2dd959)
Jun 13 18:25:55 ip-10-0-0-200 dhclient[347]: DHCPACK of 10.0.0.200 from 10.0.0.1 (xid=0x59d92d2b)
Jun 13 18:25:55 ip-10-0-0-200 systemd-networkd[382]: eth0: DHCPv4 address 10.0.0.200/24 via 10.0.0.1
23 changes: 23 additions & 0 deletions projects/bash_networking_security/bastion_connect.sh
Original file line number Diff line number Diff line change
@@ -1 +1,24 @@
#!/bin/bash

#hello
if [ -z "$KEY_PATH" ]; then
echo "KEY_PATH env var is expected"
exit 5
fi

public_instance_ip="$1"
private_instance_ip="$2"
command="$3"

if [ -z "$public_instance_ip" ]; then
echo "Please provide bastion IP address"
exit 5
fi

if [ -z "$private_instance_ip" ]; then
ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip"
elif [ -z "$command" ]; then
ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" ssh -t -t -i "~/new_key" ubuntu@"$private_instance_ip"
else
ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" ssh -t -t -i "~/new_key" ubuntu@"$private_instance_ip" "$command"
fi
52 changes: 52 additions & 0 deletions projects/bash_networking_security/tlsHandshake.sh
Original file line number Diff line number Diff line change
@@ -1 +1,53 @@
#!/bin/bash

# Step 1 - Client Hello (Client -> Server)
RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
"version": "1.3",
"ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
"message": "Client Hello"
}' http://16.170.234.56:8080/clienthello)


# Step 2 - Server Hello (Server -> Client)
SESSION_ID=$(jq -r '.sessionID' <<< "$RESPONSE")

echo "$RESPONSE" | jq -r '.serverCert' > cert.pem


# Step 3 - Server Certificate Verification
wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem -O cert-ca-aws.pem

VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)

if [ "$VERIFICATION" != "cert.pem: OK" ]; then
echo "Server Certificate is invalid"
exit 5
fi


# Step 4 - Client-Server master-key exchange
openssl rand -out masterKey.txt -base64 32

MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 -w 0)


# Step 5 - Server verification message
RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
"sessionID": "'"$SESSION_ID"'",
"masterKey": "'"$MASTER_KEY"'",
"sampleMessage": "Hi server, please encrypt me and send to client!"
}' http://16.170.234.56:8080/keyexchange)


# Step 6 - Client verification message
echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt

decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)

if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
echo "Server symmetric encryption using the exchanged master-key has failed."
exit 6
else
echo "Client-Server TLS handshake has been completed successfully"
fi
8 changes: 4 additions & 4 deletions projects/bash_networking_security/vpc.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REGION=""
VPC_ID=""
PUBLIC_INSTANCE_ID=""
PRIVATE_INSTANCE_ID=""
REGION="us-east-1"
VPC_ID="vpc-092bd5f1923632b3e"
PUBLIC_INSTANCE_ID="i-00b52ff0e8d5652f9"
PRIVATE_INSTANCE_ID="i-0bf302033dcfefa1c"