From e69cb63daf8675f847c08fa243cd759edff42fd3 Mon Sep 17 00:00:00 2001 From: Anushka <110718006+NUSH321@users.noreply.github.com> Date: Fri, 16 Jun 2023 17:20:05 +0530 Subject: [PATCH 1/5] Update vpc.sh --- projects/bash_networking_security/vpc.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 951abba..657dd0d 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ -REGION="" -VPC_ID="" -PUBLIC_INSTANCE_ID="" -PRIVATE_INSTANCE_ID="" \ No newline at end of file +REGION="eu-north-1" +VPC_ID="vpc-069d36f9e88bc175f" +PUBLIC_INSTANCE_ID="i-0aabe86e3a051c378" +PRIVATE_INSTANCE_ID="i-09e5c55d6aef843cf" From 6af2d60250244eeb5317d6bbf3c1f6581cc80a1a Mon Sep 17 00:00:00 2001 From: Anushka <110718006+NUSH321@users.noreply.github.com> Date: Fri, 16 Jun 2023 17:29:05 +0530 Subject: [PATCH 2/5] Update tlsHandshake.sh --- .../bash_networking_security/tlsHandshake.sh | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh index a9bf588..3a06564 100644 --- a/projects/bash_networking_security/tlsHandshake.sh +++ b/projects/bash_networking_security/tlsHandshake.sh @@ -1 +1,43 @@ #!/bin/bash + +# Step 1: Client Hello +client_hello='{"version": "1.3", "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"], "message": "Client Hello"}' +response=$(curl -s -X POST -d "$client_hello" http://:8080/clienthello) +session_id=$(echo "$response" | jq -r '.sessionID') +server_cert=$(echo "$response" | jq -r '.serverCert') + +# Step 2: Server Hello +echo "Server Hello response: $response" +echo "Session ID: $session_id" +echo "$server_cert" > cert.pem + +# Step 3: Server Certificate Verification +wget -q https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem +openssl verify -CAfile cert-ca-aws.pem cert.pem +verification_result=$? +rm cert-ca-aws.pem + +if [ $verification_result -ne 0 ]; then + echo "Server Certificate is invalid." + exit 5 +fi + +# Step 4: Client-Server master-key exchange +master_key=$(openssl rand -base64 32) +encrypted_master_key=$(echo "$master_key" | openssl smime -encrypt -aes-256-cbc -outform DER cert.pem | base64 -w 0) + +# Step 5: Server verification message +key_exchange='{"sessionID": "'$session_id'", "masterKey": "'$encrypted_master_key'", "sampleMessage": "Hi server, please encrypt me and send to client!"}' +response=$(curl -s -X POST -d "$key_exchange" http://:8080/keyexchange) +encrypted_sample_message=$(echo "$response" | jq -r '.encryptedSampleMessage') + +# Step 6: Client verification message +echo "$encrypted_sample_message" | base64 -d > encSampleMsgReady.txt +decrypted_sample_message=$(openssl enc -d -aes-256-cbc -in encSampleMsgReady.txt -base64 -K "$master_key" -iv 0 -nosalt 2>/dev/null) + +if [ "$decrypted_sample_message" != "Hi server, please encrypt me and send to client!" ]; then + echo "Server symmetric encryption using the exchanged master-key has failed." + exit 6 +fi + +echo "Client-Server TLS handshake has been completed successfully"ash From 9ba1ee6b06bf3a8c4ed51a853f8bc763f828e862 Mon Sep 17 00:00:00 2001 From: Anushka <110718006+NUSH321@users.noreply.github.com> Date: Fri, 16 Jun 2023 22:37:07 +0530 Subject: [PATCH 3/5] Update bastion_connect.sh --- .../bastion_connect.sh | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh index a9bf588..4a70785 100644 --- a/projects/bash_networking_security/bastion_connect.sh +++ b/projects/bash_networking_security/bastion_connect.sh @@ -1 +1,38 @@ #!/bin/bash +PUBLIC_IP=$1 + +PRIVATE_IP=$2 + +COMMAND=$3 + + +# if the keyexists - a. if public but not private exist connect to public b. if both exist then public->private. else exit ffor bad input + +if [[ -n "$KEY_PATH" ]]; then + + if [[ -n "$PUBLIC_IP" ]] && [[ ! "$PRIVATE_IP" ]]; then + + ssh -i "$KEY_PATH" "ubuntu@$PUBLIC_IP" + + fi + + + + if [[ -n "$PUBLIC_IP" ]] && [[ -n "$PRIVATE_IP" ]]; then + + ssh -ti "$KEY_PATH" "ubuntu@$PUBLIC_IP" "ssh -i "$KEY_PATH" 'ubuntu@$PRIVATE_IP'" "$COMMAND" + + fi + +else + + echo "KEY_PATH env var is expected and must point to an existing file. try: export KEY_PATH='~/pampampam.pem' " + + exit 5 + +fi + + if [ $# -lt 1 ]; then + echo "Please provide bastion IP address" + exit 5 +fi From ea00bb219ce864b075fb2a1d1db35d75eaf22731 Mon Sep 17 00:00:00 2001 From: Anushka <110718006+NUSH321@users.noreply.github.com> Date: Fri, 16 Jun 2023 22:38:31 +0530 Subject: [PATCH 4/5] Update tlsHandshake.sh --- projects/bash_networking_security/tlsHandshake.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh index 3a06564..d5d8f13 100644 --- a/projects/bash_networking_security/tlsHandshake.sh +++ b/projects/bash_networking_security/tlsHandshake.sh @@ -40,4 +40,4 @@ if [ "$decrypted_sample_message" != "Hi server, please encrypt me and send to cl exit 6 fi -echo "Client-Server TLS handshake has been completed successfully"ash +echo "Client-Server TLS handshake has been completed successfully" From db63f78580882544235f0e9851ef43c188564307 Mon Sep 17 00:00:00 2001 From: Anushka <110718006+NUSH321@users.noreply.github.com> Date: Fri, 16 Jun 2023 22:50:34 +0530 Subject: [PATCH 5/5] Update SOLUTION --- projects/bash_networking_security/SOLUTION | 33 +++++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION index 2edfbaf..9a1c4a2 100644 --- a/projects/bash_networking_security/SOLUTION +++ b/projects/bash_networking_security/SOLUTION @@ -1,16 +1,41 @@ Local DNS Server IP ------------------- - +DNS Servers: 127.0.0.53 + Default gateway IP ------------------- - +Default Gateway IP: 10.0.0.1 + DHCP IP allocation sys-logs -------------------- - +Jun 14 14:22:53 ip-10-0-0-231 dhclient[355]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0xc3bea82d) +Jun 14 16:54:57 ip-10-0-0-231 dhclient[362]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x22184278) +Jun 15 04:53:16 ip-10-0-0-231 dhclient[370]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x9ee9214e) +Jun 15 17:29:07 ip-10-0-0-231 dhclient[372]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x70c0936c) +Jun 16 07:03:23 ip-10-0-0-231 dhclient[372]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x28607d5a) +Jun 16 13:02:02 ip-10-0-0-231 dhclient[372]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x97cbe568) +Jun 14 14:22:53 ip-10-0-0-231 dhclient[355]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 14 16:54:57 ip-10-0-0-231 dhclient[362]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 15 04:53:16 ip-10-0-0-231 dhclient[370]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 15 17:29:07 ip-10-0-0-231 dhclient[372]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 16 07:03:23 ip-10-0-0-231 dhclient[372]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 16 13:02:02 ip-10-0-0-231 dhclient[372]: DHCPOFFER of 10.0.0.231 from 10.0.0.1 +Jun 14 14:22:53 ip-10-0-0-231 dhclient[355]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x2da8bec3) +Jun 14 16:54:57 ip-10-0-0-231 dhclient[362]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x78421822) +Jun 15 04:53:16 ip-10-0-0-231 dhclient[370]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x4e21e99e) +Jun 15 17:29:07 ip-10-0-0-231 dhclient[372]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x6c93c070) +Jun 16 07:03:23 ip-10-0-0-231 dhclient[372]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x5a7d6028) +Jun 16 13:02:02 ip-10-0-0-231 dhclient[372]: DHCPREQUEST for 10.0.0.231 on ens5 to 255.255.255.255 port 67 (xid=0x68e5cb97) +Jun 14 14:22:53 ip-10-0-0-231 dhclient[355]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0xc3bea82d) +Jun 14 16:54:57 ip-10-0-0-231 dhclient[362]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0x22184278) +Jun 15 04:53:16 ip-10-0-0-231 dhclient[370]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0x9ee9214e) +Jun 15 17:29:07 ip-10-0-0-231 dhclient[372]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0x70c0936c) +Jun 16 07:03:23 ip-10-0-0-231 dhclient[372]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0x28607d5a) +Jun 16 13:02:02 ip-10-0-0-231 dhclient[372]: DHCPACK of 10.0.0.231 from 10.0.0.1 (xid=0x97cbe568) +