From 6a1c5fc1a35cce24594ba86a74477811bd1da558 Mon Sep 17 00:00:00 2001 From: cclohmar Date: Wed, 18 Mar 2026 19:43:45 +0000 Subject: [PATCH] chore: auto-commit 2026-03-18 19:43 --- ct-deployment.sh | 135 -------------------- pre-deployment-test.sh | 117 ----------------- vm-deployment/auto-config.sh | 45 ------- vm-deployment/install.sh | 136 -------------------- wallarm-deploy-ct copy.sh | 236 ----------------------------------- wallarm-deploy-ct.sh | 2 +- 6 files changed, 1 insertion(+), 670 deletions(-) delete mode 100644 ct-deployment.sh delete mode 100644 pre-deployment-test.sh delete mode 100644 vm-deployment/auto-config.sh delete mode 100644 vm-deployment/install.sh delete mode 100644 wallarm-deploy-ct copy.sh diff --git a/ct-deployment.sh b/ct-deployment.sh deleted file mode 100644 index 8a42e55..0000000 --- a/ct-deployment.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/bash -# ============================================================================== -# Wallarm PoC: Interactive "KISS" Deployer (Keystone Bank Edition) -# ============================================================================== - -YELLOW='\033[1;33m' -GREEN='\033[0;32m' -RED='\033[0;31m' -NC='\033[0m' - -clear -echo -e "${YELLOW}====================================================${NC}" -echo -e "${YELLOW} Wallarm Guided Instance Deployer (US Cloud) ${NC}" -echo -e "${YELLOW}====================================================${NC}\n" - -# --- 1. THE ID (The "Magic Number") --- -echo -e "Existing Instances in /opt/wallarm/:" -ls /opt/wallarm/ 2>/dev/null || echo "None" -echo "" - -read -p "Enter Instance ID number (e.g., 1, 2, 3): " INSTANCE_ID - -# Auto-generate naming and ports -NODE_NAME=$(printf "wallarm-%02d" $INSTANCE_ID) -TRAFFIC_PORT=$((8000 + INSTANCE_ID)) -MONITOR_PORT=$((9000 + INSTANCE_ID)) - -# --- 2. CONFIGURATION --- -read -p "Enter Upstream IP (App Server): " UPSTREAM_IP -read -p "Enter Upstream Port [default 80]: " UPSTREAM_PORT -UPSTREAM_PORT=${UPSTREAM_PORT:-80} - -# Hardcoded to US based on your tip -REGION="US" -API_HOST="us1.api.wallarm.com" - -read -p "Paste Wallarm Token (US Cloud): " TOKEN - -# --- 3. PRE-FLIGHT VALIDATION --- -echo -e "\n${YELLOW}🔍 Starting Pre-Flight Connectivity Checks...${NC}" - -# A. Internal Check (Upstream) -echo -n "Checking App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " -if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then - echo -e "${RED}FAILED${NC}" - echo -e "${RED}❌ ERROR: VM cannot reach internal app server.${NC}"; exit 1 -else - echo -e "${GREEN}OK${NC}" -fi - -# B. External Check (Wallarm Cloud) -echo -n "Checking Wallarm US Cloud ($API_HOST)... " -if ! curl -s --connect-timeout 5 "https://$API_HOST" > /dev/null; then - echo -e "${RED}FAILED${NC}" - echo -e "${RED}❌ ERROR: VM cannot talk to Wallarm US Cloud.${NC}" - echo -e "${YELLOW}Action: Check Bank Proxy or Firewall egress for port 443.${NC}"; exit 1 -else - echo -e "${GREEN}OK${NC}" -fi - -# --- 4. ENGINE SETUP --- -echo -e "\n${YELLOW}🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}" -if [ -f /etc/redhat-release ]; then - ENGINE="podman" - dnf install -y epel-release podman podman-docker podman-compose wget curl &>/dev/null - systemctl enable --now podman.socket &>/dev/null - firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null - firewall-cmd --reload &>/dev/null -else - ENGINE="docker" - apt update && apt install -y docker.io docker-compose wget curl &>/dev/null - systemctl enable --now docker &>/dev/null -fi -COMPOSE_CMD=$([[ "$ENGINE" == "podman" ]] && echo "podman-compose" || echo "docker-compose") - -# --- 5. WORKSPACE & CONFIG --- -INSTANCE_DIR="/opt/wallarm/$NODE_NAME" -mkdir -p "$INSTANCE_DIR" - -cat < "$INSTANCE_DIR/nginx.conf" -server { - listen 80; - wallarm_mode monitoring; # Set to monitoring for PoC safety - location / { - proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - } -} -server { - listen 90; - location /wallarm-status { - wallarm_status on; - allow all; - } -} -EOF - -cat < "$INSTANCE_DIR/conf.yml" -version: '3.8' -services: - $NODE_NAME: - image: docker.io/wallarm/node:4.10-latest - container_name: $NODE_NAME - restart: always - ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"] - environment: - - WALLARM_API_TOKEN=$TOKEN - - WALLARM_API_HOST=$API_HOST - volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"] -EOF - -# --- 6. LAUNCH --- -echo -e "${YELLOW}🚀 Launching $NODE_NAME...${NC}" -cd "$INSTANCE_DIR" -$COMPOSE_CMD -f conf.yml up -d - -# --- 7. POST-DEPLOY VERIFICATION --- -echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}" -sleep 5 -echo -en "Checking instance status page... " -if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then - echo -e "${GREEN}SUCCESS${NC}" -else - echo -e "${RED}WARNING: Status page not responding yet.${NC}" -fi - -echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" -echo -e "--------------------------------------------------" -echo -e "Instance Name: $NODE_NAME" -echo -e "Traffic Port: $TRAFFIC_PORT" -echo -e "Monitor Port: $MONITOR_PORT" -echo -e "Logs Command: $ENGINE logs -f $NODE_NAME" -echo -e "--------------------------------------------------" \ No newline at end of file diff --git a/pre-deployment-test.sh b/pre-deployment-test.sh deleted file mode 100644 index 9f28412..0000000 --- a/pre-deployment-test.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash - -# --- Styling --- -YELLOW='\033[1;33m' -GREEN='\033[0;32m' -RED='\033[0;31m' -NC='\033[0m' - -# --- Configuration & Globals --- -EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com") -US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com") - -# --- Functions --- - -print_header() { - echo -e "${YELLOW}=== Sechpoint Wallarm Pre-Flight Diagnostic ===${NC}" - echo "Use this tool to verify environment readiness before deployment." - echo "-------------------------------------------------------" -} - -check_proxy() { - echo -e "${YELLOW}[1/5] Checking Environment Proxies...${NC}" - if [ -n "$https_proxy" ] || [ -n "$HTTPS_PROXY" ]; then - echo -e "${GREEN}[INFO]${NC} Proxy detected: ${https_proxy:-$HTTPS_PROXY}" - else - echo -e "[INFO] No system proxy detected." - fi -} - -get_user_input() { - read -p "Enter Application Server IP (to be protected) [127.0.0.1]: " APP_HOST /dev/null; then - echo -e "${GREEN}[PASS]${NC} $tool is installed." - else - echo -e "${RED}[FAIL]${NC} $tool is MISSING." - fi - done -} - -# The core connectivity logic -test_endpoint() { - local target=$1 - # -skI = silent, insecure (ignore certs), head-only - if curl -skI --connect-timeout 5 "https://$target" > /dev/null 2>&1 || [ $? -eq 45 ] || [ $? -eq 52 ]; then - echo -e "${GREEN}[PASS]${NC} Reached $target" - else - echo -e "${RED}[FAIL]${NC} BLOCKED: $target" - fi -} - -check_wallarm_cloud() { - echo -e "\n${YELLOW}[4/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" - echo "--- EU Cloud ---" - for node in "${EU_DATA_NODES[@]}"; do test_endpoint "$node"; done - - echo -e "\n--- US Cloud ---" - for node in "${US_DATA_NODES[@]}"; do test_endpoint "$node"; done -} - -check_internal_app() { - echo -e "\n${YELLOW}[5/5] Testing Internal App Connectivity...${NC}" - # We test TCP handshake only. - # Curl exit 7 (Refused) and 28 (Timeout) are the main failure triggers. - curl -vsk --connect-timeout 5 "http://$APP_HOST:$APP_PORT" > /dev/null 2>&1 - local exit_code=$? - - # Exit codes 0, 52 (empty reply), 22 (4xx/5xx), 56 (reset) all imply the port is OPEN. - if [[ "$exit_code" =~ ^(0|52|22|56|35)$ ]]; then - echo -e "${GREEN}[PASS]${NC} TCP Connection established to $APP_HOST:$APP_PORT" - else - echo -e "${RED}[FAIL]${NC} CANNOT REACH App at $APP_HOST:$APP_PORT (Error: $exit_code)" - echo " Check firewalls or verify if the service is running on the app server." - fi -} - -# --- Execution --- - -print_header -check_proxy -get_user_input -check_sudo -check_tools -check_wallarm_cloud -check_internal_app - -if [[ "$SUDO_RESULT" == "PASS" ]] && [[ "$CLOUD_RESULT" == "PASS" ]]; then - echo "$(date +%Y-%m-%d %H:%M:%S)" > /tmp/.wallarm_preflight_pass - echo -e "${GREEN}Environment verified. Readiness flag created.${NC}" -fi - -echo -e "\n${YELLOW}-------------------------------------------------------" -echo -e "PRE-FLIGHT COMPLETE. PLEASE SCREENSHOT THIS OUTPUT." -echo -e "-------------------------------------------------------${NC}" diff --git a/vm-deployment/auto-config.sh b/vm-deployment/auto-config.sh deleted file mode 100644 index f34c42d..0000000 --- a/vm-deployment/auto-config.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# 1. Define Backend -APP_SERVER="10.0.14.24:80" - -echo "🛠️ Configuring Wallarm Inline Proxy..." - -# 2. Write the configuration -sudo bash -c "cat << 'EOF' > /etc/nginx/sites-available/default -server { - listen 80 default_server; - server_name _; - - wallarm_mode monitoring; - - location / { - proxy_pass http://$APP_SERVER; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \$scheme; - } - - location /wallarm-status { - wallarm_status on; - wallarm_mode off; - allow 127.0.0.1; - deny all; - } -} -EOF" - -# 3. Ensure the site is enabled (Ubuntu requirement) -sudo ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default - -# 4. Test and Reload -echo "🔍 Testing Nginx..." -if sudo nginx -t; then - sudo systemctl restart nginx - echo "✅ SUCCESS: Proxying to $APP_SERVER" - curl -X GET "http://localhost" -H "accept: application/json" - curl -I "http://localhost/etc/passwd" -else - echo "❌ ERROR: Nginx config invalid." - exit 1 -fi \ No newline at end of file diff --git a/vm-deployment/install.sh b/vm-deployment/install.sh deleted file mode 100644 index e1e4ce5..0000000 --- a/vm-deployment/install.sh +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/bash -# ============================================================================== -# Wallarm Native Deployer: NGINX Dynamic Module (Official Repo) -# Supports: RHEL/Alma/Rocky (9.x) & Ubuntu/Debian -# ============================================================================== - -# --- User Configuration --- -USE_CASE="in-line" # Options: "in-line" or "out-of-band" -TOKEN="vPHB+Ygn1ia/wg+NV49tOq3Ndf10K0sO6MgU+FzQdx7M8bW93UpAV7zfq0cZF/+3" -REGION="EU" # US or EU -UPSTREAM="10.0.0.14" - -# --- Colors --- -YELLOW='\033[1;33m' -GREEN='\033[0;32m' -RED='\033[0;31m' -NC='\033[0m' - -# --- ROOT CHECK --- -if [[ $EUID -ne 0 ]]; then - echo -e "${RED}❌ ERROR: Run as root.${NC}"; exit 1 -fi - -# --- PHASE 0: Official NGINX Repo Setup --- -echo -e "${YELLOW}🛠️ Step 0: Setting up Official NGINX Repository...${NC}" - -if [ -f /etc/redhat-release ]; then - yum install -y yum-utils - cat < /etc/yum.repos.d/nginx.repo -[nginx-stable] -name=nginx stable repo -baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/ -gpgcheck=1 -enabled=1 -gpgkey=https://nginx.org/keys/nginx_signing.key -module_hotfixes=true -EOF - yum install -y nginx -elif [ -f /etc/debian_version ]; then - apt update && apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring - curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null - CODENAME=$(lsb_release -cs) - DISTRO=$(lsb_release -is | tr '[:upper:]' '[:lower:]') - echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/$DISTRO/ $CODENAME nginx" | tee /etc/apt/sources.list.d/nginx.list - apt update && apt install -y nginx -else - echo -e "${RED}❌ Unsupported OS${NC}"; exit 1 -fi - -systemctl enable --now nginx - -# --- PHASE 1: Wallarm All-In-One Installer --- -echo -e "${YELLOW}📦 Step 1: Running Wallarm All-in-One Installer...${NC}" -API_HOST=$( [[ "$REGION" == "US" ]] && echo "us1.api.wallarm.com" || echo "api.wallarm.com" ) - -# Download the latest installer (4.10 branch) -curl -O https://meganode.wallarm.com/native/all-in-one/wallarm-4.10.10.x86_64-linux.sh -chmod +x wallarm-4.10.10.x86_64-linux.sh - -./wallarm-4.10.10.x86_64-linux.sh \ - --no-interactive \ - --token "$TOKEN" \ - --host "$API_HOST" \ - --nginx-bundle - -# --- PHASE 2: Logic-Based Configuration --- -echo -e "${YELLOW}⚙️ Step 2: Building NGINX Config for $USE_CASE Mode...${NC}" - -# Ensure module is loaded -if ! grep -q "load_module" /etc/nginx/nginx.conf; then - sed -i '1i load_module modules/ngx_http_wallarm_module.so;' /etc/nginx/nginx.conf -fi - -if [[ "$USE_CASE" == "in-line" ]]; then - # Standard Reverse Proxy with Blocking capability - cat < /etc/nginx/conf.d/wallarm-proxy.conf -server { - listen 80; - server_name _; - wallarm_mode monitoring; # Change to 'block' after testing - - location / { - proxy_pass http://$UPSTREAM; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - } -} -EOF -elif [[ "$USE_CASE" == "out-of-band" ]]; then - # OOB (Passive) Mode using Nginx Mirror - cat < /etc/nginx/conf.d/wallarm-proxy.conf -server { - listen 80; - server_name _; - - location / { - # Mirror traffic to a background internal location for Wallarm - mirror /mirror; - proxy_pass http://$UPSTREAM; - } - - location = /mirror { - internal; - # Wallarm processes mirrored traffic here - wallarm_mode monitoring; - wallarm_upstream_connect_timeout 2s; - proxy_pass http://127.0.0.1:1; # Dummy upstream - } -} -EOF -fi - -# Add Wallarm Monitoring status location (standard for both) -cat < /etc/nginx/conf.d/wallarm-status.conf -server { - listen 90; - server_name localhost; - location /wallarm-status { - wallarm_status on; - wallarm_mode off; - allow 127.0.0.1; - deny all; - } -} -EOF - -# --- PHASE 3: Validation --- -echo -e "${YELLOW}🚀 Step 3: Validating and Restarting...${NC}" -nginx -t && systemctl restart nginx - -echo -e "\n${GREEN}✅ DEPLOYMENT SUCCESSFUL ($USE_CASE)${NC}" -echo -e "--------------------------------------------------" -echo -e "NGINX Version: $(nginx -v 2>&1)" -echo -e "Wallarm Status: curl http://localhost:90/wallarm-status" -echo -e "--------------------------------------------------" \ No newline at end of file diff --git a/wallarm-deploy-ct copy.sh b/wallarm-deploy-ct copy.sh deleted file mode 100644 index 9d230b8..0000000 --- a/wallarm-deploy-ct copy.sh +++ /dev/null @@ -1,236 +0,0 @@ -#!/bin/bash -# ============================================================================== -# Sechpoint Wallarm Smart Deployer - Container Edition (PoC Optimized) -# ============================================================================== - -# --- Styling --- -YELLOW='\033[1;33m' -GREEN='\033[0;32m' -RED='\033[0;31m' -NC='\033[0m' - -LOG_FILE="/var/log/wallarm-deploy.log" -EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com") -US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com") - -# --- Initialization --- -sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE" -exec > >(tee -a "$LOG_FILE") 2>&1 # Log everything to file while showing on screen - -clear -echo -e "${YELLOW}====================================================${NC}" -echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}" -echo -e "${YELLOW}====================================================${NC}" - -# --- 1. PRE-FLIGHT FUNCTIONS --- - -check_sudo() { - echo -e "\n${YELLOW}[1/4] Checking Sudo...${NC}" - if sudo -v; then - echo -e "${GREEN}[PASS]${NC} Sudo access confirmed." - return 0 - else - echo -e "${RED}[FAIL]${NC} Sudo access denied."; return 1 - fi -} - -check_wallarm_cloud() { - echo -e "\n${YELLOW}[2/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" - local fail=0 - - # We ask for cloud preference early to avoid testing everything unnecessarily - read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL - CLOUD_SEL=${CLOUD_SEL^^} - CLOUD_SEL=${CLOUD_SEL:-US} - - local nodes_to_test=("${US_DATA_NODES[@]}") - if [[ "$CLOUD_SEL" == "EU" ]]; then - nodes_to_test=("${EU_DATA_NODES[@]}") - fi - - echo "Testing $CLOUD_SEL Cloud Endpoints..." - for node in "${nodes_to_test[@]}"; do - if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then - echo -e "${RED}[FAIL]${NC} Cannot reach $node"; fail=1 - else - echo -e "${GREEN}[PASS]${NC} Reached $node" - fi - done - - API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") - return $fail -} - -# --- 2. INPUT & CONFIGURATION --- - -get_user_input() { - echo -e "\n${YELLOW}[3/4] Configuration & Workspace Setup...${NC}" - - # Instance ID Logic - Simplified to numeric directory structure - echo -e "Existing Deployments in /opt/wallarm/:" - if [ -d /opt/wallarm ]; then - ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "None" - else - echo "None" - fi - echo "" - - read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM - if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then - echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1 - fi - - NODE_NAME="wallarm-node-$INSTANCE_NUM" - INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM" - TRAFFIC_PORT=$((8000 + INSTANCE_NUM)) - MONITOR_PORT=$((9000 + INSTANCE_NUM)) - - # App Server Logic - read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP - UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} - read -p "Enter Upstream Port [80]: " UPSTREAM_PORT - UPSTREAM_PORT=${UPSTREAM_PORT:-80} - - read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN - - echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " - if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then - echo -e "${RED}FAILED${NC}" - echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1 - else - echo -e "${GREEN}OK${NC}" - fi -} - -# --- 3. ENGINE SETUP --- - -setup_engine() { - echo -e "\n${YELLOW}[4/4] 🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}" - if [ -f /etc/redhat-release ]; then - ENGINE="podman" - echo "Detected RHEL/CentOS. Setting up Podman..." - sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null - sudo systemctl enable --now podman.socket &>/dev/null - sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null - sudo firewall-cmd --reload &>/dev/null - else - ENGINE="docker" - echo "Detected Ubuntu/Debian. Setting up Docker..." - sudo apt update && sudo apt install -y docker.io wget curl &>/dev/null - sudo systemctl enable --now docker &>/dev/null - fi - - if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then - echo "Installing Compose utility..." - if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi - if [ "$ENGINE" == "podman" ]; then sudo dnf install -y podman-compose &>/dev/null; fi - fi -} - -# --- 4. DEPLOYMENT --- - -execute_deployment() { - echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}" - sudo mkdir -p "$INSTANCE_DIR" - cd "$INSTANCE_DIR" - - # Fully qualified name ensures Podman/Docker doesn't prompt for registry choice - IMAGE_NAME="docker.io/wallarm/node:latest" - - echo "Generating Nginx Configuration..." - sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null < /dev/null </dev/null - - # Pulling explicitly with docker.io prefix to avoid short-name resolution errors - echo "Pulling latest image from Docker Hub (docker.io)..." - sudo $ENGINE pull $IMAGE_NAME - - if command -v podman-compose &> /dev/null; then - sudo podman-compose -f compose.yml up -d - else - sudo docker-compose -f compose.yml up -d - fi -} - -# --- 5. VERIFICATION & ATTACK TEST --- - -verify_health() { - echo -e "\n${YELLOW}⏳ Waiting 20s for handshake and sync...${NC}" - sleep 20 - - echo -en "Checking instance status page (port $MONITOR_PORT)... " - if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then - echo -e "${GREEN}SUCCESS${NC}" - else - echo -e "${RED}WARNING: Status page not responding yet.${NC}" - echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME" - fi - - echo -e "\n${YELLOW}⚔️ Running Attack Test (SQLi & XSS)...${NC}" - - # Test 1: SQL Injection - echo -n "Sending SQLi payload to port $TRAFFIC_PORT... " - local sqli_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?id='OR+1=1+UNION+SELECT+1,2,3--") - echo -e "HTTP Status: $sqli_res (Logged)" - - # Test 2: XSS - echo -n "Sending XSS payload to port $TRAFFIC_PORT... " - local xss_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?search=") - echo -e "HTTP Status: $xss_res (Logged)" - - echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" - echo -e "--------------------------------------------------" - echo -e "Instance ID: $INSTANCE_NUM" - echo -e "Traffic Port: $TRAFFIC_PORT" - echo -e "Monitor Port: $MONITOR_PORT" - echo -e "\nCheck your Wallarm Console ($CLOUD_SEL Cloud) now." - echo -e "The attacks should appear in the 'Events' section within 1-2 minutes." - echo -e "--------------------------------------------------" -} - -# --- MAIN FLOW --- -check_sudo || exit 1 -check_wallarm_cloud || { echo -e "${RED}Cloud connectivity failed. Cannot continue.${NC}"; exit 1; } -get_user_input -setup_engine -execute_deployment -verify_health \ No newline at end of file diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh index edb3068..9290327 100644 --- a/wallarm-deploy-ct.sh +++ b/wallarm-deploy-ct.sh @@ -113,7 +113,7 @@ get_user_input() { MON_PORT=$((IN_PORT + 10)) echo -e " ${YELLOW}i${NC} Monitoring Port: ${BOLD}$MON_PORT${NC}" - INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT" + INSTANCE_DIR="/opt/wallarm/node_$IN_PORT" NODE_NAME="wallarm-node-$IN_PORT" read -p " Upstream App IP [127.0.0.1]: " UPSTREAM_IP; UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}