customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: auto-commit 2026-03-18 19:43

Browse source
This commit is contained in:
cclohmar 2026-03-18 19:43:45 +00:00
parent 6af44a977e
commit 6a1c5fc1a3
6 changed files with 1 additions and 670 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

135
ct-deployment.sh
View file

@ -1,135 +0,0 @@
#!/bin/bash
# ==============================================================================
# Wallarm PoC: Interactive "KISS" Deployer (Keystone Bank Edition)
# ==============================================================================
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
clear
echo -e "${YELLOW}====================================================${NC}"
echo -e "${YELLOW} Wallarm Guided Instance Deployer (US Cloud) ${NC}"
echo -e "${YELLOW}====================================================${NC}\n"
# --- 1. THE ID (The "Magic Number") ---
echo -e "Existing Instances in /opt/wallarm/:"
ls /opt/wallarm/ 2>/dev/null || echo "None"
echo ""
read -p "Enter Instance ID number (e.g., 1, 2, 3): " INSTANCE_ID
# Auto-generate naming and ports
NODE_NAME=$(printf "wallarm-%02d" $INSTANCE_ID)
TRAFFIC_PORT=$((8000 + INSTANCE_ID))
MONITOR_PORT=$((9000 + INSTANCE_ID))
# --- 2. CONFIGURATION ---
read -p "Enter Upstream IP (App Server): " UPSTREAM_IP
read -p "Enter Upstream Port [default 80]: " UPSTREAM_PORT
UPSTREAM_PORT=${UPSTREAM_PORT:-80}
# Hardcoded to US based on your tip
REGION="US"
API_HOST="us1.api.wallarm.com"
read -p "Paste Wallarm Token (US Cloud): " TOKEN
# --- 3. PRE-FLIGHT VALIDATION ---
echo -e "\n${YELLOW}🔍 Starting Pre-Flight Connectivity Checks...${NC}"
# A. Internal Check (Upstream)
echo -n "Checking App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: VM cannot reach internal app server.${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# B. External Check (Wallarm Cloud)
echo -n "Checking Wallarm US Cloud ($API_HOST)... "
if ! curl -s --connect-timeout 5 "https://$API_HOST" > /dev/null; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: VM cannot talk to Wallarm US Cloud.${NC}"
echo -e "${YELLOW}Action: Check Bank Proxy or Firewall egress for port 443.${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# --- 4. ENGINE SETUP ---
echo -e "\n${YELLOW}🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}"
if [ -f /etc/redhat-release ]; then
ENGINE="podman"
dnf install -y epel-release podman podman-docker podman-compose wget curl &>/dev/null
systemctl enable --now podman.socket &>/dev/null
firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null
firewall-cmd --reload &>/dev/null
else
ENGINE="docker"
apt update && apt install -y docker.io docker-compose wget curl &>/dev/null
systemctl enable --now docker &>/dev/null
fi
COMPOSE_CMD=$([[ "$ENGINE" == "podman" ]] && echo "podman-compose" || echo "docker-compose")
# --- 5. WORKSPACE & CONFIG ---
INSTANCE_DIR="/opt/wallarm/$NODE_NAME"
mkdir -p "$INSTANCE_DIR"
cat <<EOF > "$INSTANCE_DIR/nginx.conf"
server {
listen 80;
wallarm_mode monitoring; # Set to monitoring for PoC safety
location / {
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
server {
listen 90;
location /wallarm-status {
wallarm_status on;
allow all;
}
}
EOF
cat <<EOF > "$INSTANCE_DIR/conf.yml"
version: '3.8'
services:
$NODE_NAME:
image: docker.io/wallarm/node:4.10-latest
container_name: $NODE_NAME
restart: always
ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"]
environment:
- WALLARM_API_TOKEN=$TOKEN
- WALLARM_API_HOST=$API_HOST
volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"]
EOF
# --- 6. LAUNCH ---
echo -e "${YELLOW}🚀 Launching $NODE_NAME...${NC}"
cd "$INSTANCE_DIR"
$COMPOSE_CMD -f conf.yml up -d
# --- 7. POST-DEPLOY VERIFICATION ---
echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}"
sleep 5
echo -en "Checking instance status page... "
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
echo -e "${GREEN}SUCCESS${NC}"
else
echo -e "${RED}WARNING: Status page not responding yet.${NC}"
fi
echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}"
echo -e "--------------------------------------------------"
echo -e "Instance Name: $NODE_NAME"
echo -e "Traffic Port: $TRAFFIC_PORT"
echo -e "Monitor Port: $MONITOR_PORT"
echo -e "Logs Command: $ENGINE logs -f $NODE_NAME"
echo -e "--------------------------------------------------"

117
pre-deployment-test.sh
View file

@ -1,117 +0,0 @@
#!/bin/bash
# --- Styling ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
# --- Configuration & Globals ---
EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com")
# --- Functions ---
print_header() {
echo -e "${YELLOW}=== Sechpoint Wallarm Pre-Flight Diagnostic ===${NC}"
echo "Use this tool to verify environment readiness before deployment."
echo "-------------------------------------------------------"
}
check_proxy() {
echo -e "${YELLOW}[1/5] Checking Environment Proxies...${NC}"
if [ -n "$https_proxy" ] || [ -n "$HTTPS_PROXY" ]; then
echo -e "${GREEN}[INFO]${NC} Proxy detected: ${https_proxy:-$HTTPS_PROXY}"
else
echo -e "[INFO] No system proxy detected."
fi
}
get_user_input() {
read -p "Enter Application Server IP (to be protected) [127.0.0.1]: " APP_HOST </dev/tty
APP_HOST=${APP_HOST:-127.0.0.1}
read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
APP_PORT=${APP_PORT:-8080}
}
check_sudo() {
echo -e "\n${YELLOW}[2/5] Checking Sudo & OS Status...${NC}"
echo "Verifying sudo permissions (you may be prompted for your password)..."
if sudo -v; then
echo -e "${GREEN}[PASS]${NC} Sudo access confirmed."
else
echo -e "${RED}[FAIL]${NC} Sudo access DENIED. You must be a sudoer to install Wallarm."
fi
if [ -f /etc/os-release ]; then
( . /etc/os-release; echo "OS: $PRETTY_NAME" )
fi
}
check_tools() {
echo -e "\n${YELLOW}[3/5] Verifying Required Tools...${NC}"
local tools=("curl" "wget" "gpg" "grep")
for tool in "${tools[@]}"; do
if command -v "$tool" &> /dev/null; then
echo -e "${GREEN}[PASS]${NC} $tool is installed."
else
echo -e "${RED}[FAIL]${NC} $tool is MISSING."
fi
done
}
# The core connectivity logic
test_endpoint() {
local target=$1
# -skI = silent, insecure (ignore certs), head-only
if curl -skI --connect-timeout 5 "https://$target" > /dev/null 2>&1 || [ $? -eq 45 ] || [ $? -eq 52 ]; then
echo -e "${GREEN}[PASS]${NC} Reached $target"
else
echo -e "${RED}[FAIL]${NC} BLOCKED: $target"
fi
}
check_wallarm_cloud() {
echo -e "\n${YELLOW}[4/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}"
echo "--- EU Cloud ---"
for node in "${EU_DATA_NODES[@]}"; do test_endpoint "$node"; done
echo -e "\n--- US Cloud ---"
for node in "${US_DATA_NODES[@]}"; do test_endpoint "$node"; done
}
check_internal_app() {
echo -e "\n${YELLOW}[5/5] Testing Internal App Connectivity...${NC}"
# We test TCP handshake only.
# Curl exit 7 (Refused) and 28 (Timeout) are the main failure triggers.
curl -vsk --connect-timeout 5 "http://$APP_HOST:$APP_PORT" > /dev/null 2>&1
local exit_code=$?
# Exit codes 0, 52 (empty reply), 22 (4xx/5xx), 56 (reset) all imply the port is OPEN.
if [[ "$exit_code" =~ ^(0|52|22|56|35)$ ]]; then
echo -e "${GREEN}[PASS]${NC} TCP Connection established to $APP_HOST:$APP_PORT"
else
echo -e "${RED}[FAIL]${NC} CANNOT REACH App at $APP_HOST:$APP_PORT (Error: $exit_code)"
echo " Check firewalls or verify if the service is running on the app server."
fi
}
# --- Execution ---
print_header
check_proxy
get_user_input
check_sudo
check_tools
check_wallarm_cloud
check_internal_app
if [[ "$SUDO_RESULT" == "PASS" ]] && [[ "$CLOUD_RESULT" == "PASS" ]]; then
echo "$(date +%Y-%m-%d %H:%M:%S)" > /tmp/.wallarm_preflight_pass
echo -e "${GREEN}Environment verified. Readiness flag created.${NC}"
fi
echo -e "\n${YELLOW}-------------------------------------------------------"
echo -e "PRE-FLIGHT COMPLETE. PLEASE SCREENSHOT THIS OUTPUT."
echo -e "-------------------------------------------------------${NC}"

45
vm-deployment/auto-config.sh
View file

@ -1,45 +0,0 @@
#!/bin/bash
# 1. Define Backend
APP_SERVER="10.0.14.24:80"
echo "🛠️ Configuring Wallarm Inline Proxy..."
# 2. Write the configuration
sudo bash -c "cat << 'EOF' > /etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name _;
wallarm_mode monitoring;
location / {
proxy_pass http://$APP_SERVER;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location /wallarm-status {
wallarm_status on;
wallarm_mode off;
allow 127.0.0.1;
deny all;
}
}
EOF"
# 3. Ensure the site is enabled (Ubuntu requirement)
sudo ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
# 4. Test and Reload
echo "🔍 Testing Nginx..."
if sudo nginx -t; then
sudo systemctl restart nginx
echo "✅ SUCCESS: Proxying to $APP_SERVER"
curl -X GET "http://localhost" -H "accept: application/json"
curl -I "http://localhost/etc/passwd"
else
echo "❌ ERROR: Nginx config invalid."
exit 1
fi

136
vm-deployment/install.sh
View file

@ -1,136 +0,0 @@
#!/bin/bash
# ==============================================================================
# Wallarm Native Deployer: NGINX Dynamic Module (Official Repo)
# Supports: RHEL/Alma/Rocky (9.x) & Ubuntu/Debian
# ==============================================================================
# --- User Configuration ---
USE_CASE="in-line" # Options: "in-line" or "out-of-band"
TOKEN="vPHB+Ygn1ia/wg+NV49tOq3Ndf10K0sO6MgU+FzQdx7M8bW93UpAV7zfq0cZF/+3"
REGION="EU" # US or EU
UPSTREAM="10.0.0.14"
# --- Colors ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
# --- ROOT CHECK ---
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}❌ ERROR: Run as root.${NC}"; exit 1
fi
# --- PHASE 0: Official NGINX Repo Setup ---
echo -e "${YELLOW}🛠️ Step 0: Setting up Official NGINX Repository...${NC}"
if [ -f /etc/redhat-release ]; then
yum install -y yum-utils
cat <<EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
yum install -y nginx
elif [ -f /etc/debian_version ]; then
apt update && apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
CODENAME=$(lsb_release -cs)
DISTRO=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/$DISTRO/ $CODENAME nginx" | tee /etc/apt/sources.list.d/nginx.list
apt update && apt install -y nginx
else
echo -e "${RED}❌ Unsupported OS${NC}"; exit 1
fi
systemctl enable --now nginx
# --- PHASE 1: Wallarm All-In-One Installer ---
echo -e "${YELLOW}📦 Step 1: Running Wallarm All-in-One Installer...${NC}"
API_HOST=$( [[ "$REGION" == "US" ]] && echo "us1.api.wallarm.com" || echo "api.wallarm.com" )
# Download the latest installer (4.10 branch)
curl -O https://meganode.wallarm.com/native/all-in-one/wallarm-4.10.10.x86_64-linux.sh
chmod +x wallarm-4.10.10.x86_64-linux.sh
./wallarm-4.10.10.x86_64-linux.sh \
--no-interactive \
--token "$TOKEN" \
--host "$API_HOST" \
--nginx-bundle
# --- PHASE 2: Logic-Based Configuration ---
echo -e "${YELLOW}⚙️ Step 2: Building NGINX Config for $USE_CASE Mode...${NC}"
# Ensure module is loaded
if ! grep -q "load_module" /etc/nginx/nginx.conf; then
sed -i '1i load_module modules/ngx_http_wallarm_module.so;' /etc/nginx/nginx.conf
fi
if [[ "$USE_CASE" == "in-line" ]]; then
# Standard Reverse Proxy with Blocking capability
cat <<EOF > /etc/nginx/conf.d/wallarm-proxy.conf
server {
listen 80;
server_name _;
wallarm_mode monitoring; # Change to 'block' after testing
location / {
proxy_pass http://$UPSTREAM;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
elif [[ "$USE_CASE" == "out-of-band" ]]; then
# OOB (Passive) Mode using Nginx Mirror
cat <<EOF > /etc/nginx/conf.d/wallarm-proxy.conf
server {
listen 80;
server_name _;
location / {
# Mirror traffic to a background internal location for Wallarm
mirror /mirror;
proxy_pass http://$UPSTREAM;
}
location = /mirror {
internal;
# Wallarm processes mirrored traffic here
wallarm_mode monitoring;
wallarm_upstream_connect_timeout 2s;
proxy_pass http://127.0.0.1:1; # Dummy upstream
}
}
EOF
fi
# Add Wallarm Monitoring status location (standard for both)
cat <<EOF > /etc/nginx/conf.d/wallarm-status.conf
server {
listen 90;
server_name localhost;
location /wallarm-status {
wallarm_status on;
wallarm_mode off;
allow 127.0.0.1;
deny all;
}
}
EOF
# --- PHASE 3: Validation ---
echo -e "${YELLOW}🚀 Step 3: Validating and Restarting...${NC}"
nginx -t && systemctl restart nginx
echo -e "\n${GREEN}✅ DEPLOYMENT SUCCESSFUL ($USE_CASE)${NC}"
echo -e "--------------------------------------------------"
echo -e "NGINX Version: $(nginx -v 2>&1)"
echo -e "Wallarm Status: curl http://localhost:90/wallarm-status"
echo -e "--------------------------------------------------"

236
wallarm-deploy-ct copy.sh
View file

@ -1,236 +0,0 @@
#!/bin/bash
# ==============================================================================
# Sechpoint Wallarm Smart Deployer - Container Edition (PoC Optimized)
# ==============================================================================
# --- Styling ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
LOG_FILE="/var/log/wallarm-deploy.log"
EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com")
# --- Initialization ---
sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE"
exec > >(tee -a "$LOG_FILE") 2>&1 # Log everything to file while showing on screen
clear
echo -e "${YELLOW}====================================================${NC}"
echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}"
echo -e "${YELLOW}====================================================${NC}"
# --- 1. PRE-FLIGHT FUNCTIONS ---
check_sudo() {
echo -e "\n${YELLOW}[1/4] Checking Sudo...${NC}"
if sudo -v; then
echo -e "${GREEN}[PASS]${NC} Sudo access confirmed."
return 0
else
echo -e "${RED}[FAIL]${NC} Sudo access denied."; return 1
fi
}
check_wallarm_cloud() {
echo -e "\n${YELLOW}[2/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}"
local fail=0
# We ask for cloud preference early to avoid testing everything unnecessarily
read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL
CLOUD_SEL=${CLOUD_SEL^^}
CLOUD_SEL=${CLOUD_SEL:-US}
local nodes_to_test=("${US_DATA_NODES[@]}")
if [[ "$CLOUD_SEL" == "EU" ]]; then
nodes_to_test=("${EU_DATA_NODES[@]}")
fi
echo "Testing $CLOUD_SEL Cloud Endpoints..."
for node in "${nodes_to_test[@]}"; do
if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then
echo -e "${RED}[FAIL]${NC} Cannot reach $node"; fail=1
else
echo -e "${GREEN}[PASS]${NC} Reached $node"
fi
done
API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")
return $fail
}
# --- 2. INPUT & CONFIGURATION ---
get_user_input() {
echo -e "\n${YELLOW}[3/4] Configuration & Workspace Setup...${NC}"
# Instance ID Logic - Simplified to numeric directory structure
echo -e "Existing Deployments in /opt/wallarm/:"
if [ -d /opt/wallarm ]; then
ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "None"
else
echo "None"
fi
echo ""
read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM
if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then
echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1
fi
NODE_NAME="wallarm-node-$INSTANCE_NUM"
INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM"
TRAFFIC_PORT=$((8000 + INSTANCE_NUM))
MONITOR_PORT=$((9000 + INSTANCE_NUM))
# App Server Logic
read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP
UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}
read -p "Enter Upstream Port [80]: " UPSTREAM_PORT
UPSTREAM_PORT=${UPSTREAM_PORT:-80}
read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN
echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
}
# --- 3. ENGINE SETUP ---
setup_engine() {
echo -e "\n${YELLOW}[4/4] 🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}"
if [ -f /etc/redhat-release ]; then
ENGINE="podman"
echo "Detected RHEL/CentOS. Setting up Podman..."
sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null
sudo systemctl enable --now podman.socket &>/dev/null
sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null
sudo firewall-cmd --reload &>/dev/null
else
ENGINE="docker"
echo "Detected Ubuntu/Debian. Setting up Docker..."
sudo apt update && sudo apt install -y docker.io wget curl &>/dev/null
sudo systemctl enable --now docker &>/dev/null
fi
if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then
echo "Installing Compose utility..."
if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi
if [ "$ENGINE" == "podman" ]; then sudo dnf install -y podman-compose &>/dev/null; fi
fi
}
# --- 4. DEPLOYMENT ---
execute_deployment() {
echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}"
sudo mkdir -p "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
# Fully qualified name ensures Podman/Docker doesn't prompt for registry choice
IMAGE_NAME="docker.io/wallarm/node:latest"
echo "Generating Nginx Configuration..."
sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
server {
listen 80;
wallarm_mode monitoring; # PoC Safety Mode
location / {
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
server {
listen 90;
location /wallarm-status {
wallarm_status on;
allow all;
}
}
EOF
echo "Generating Deployment Manifest (compose.yml)..."
sudo tee "$INSTANCE_DIR/compose.yml" > /dev/null <<EOF
version: '3.8'
services:
node:
image: $IMAGE_NAME
container_name: $NODE_NAME
restart: always
ports:
- "$TRAFFIC_PORT:80"
- "$MONITOR_PORT:90"
environment:
- WALLARM_API_TOKEN=$TOKEN
- WALLARM_API_HOST=$API_HOST
volumes:
- ./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z
EOF
echo -e "${YELLOW}🚀 Launching Instance $INSTANCE_NUM ($NODE_NAME)...${NC}"
sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null
# Pulling explicitly with docker.io prefix to avoid short-name resolution errors
echo "Pulling latest image from Docker Hub (docker.io)..."
sudo $ENGINE pull $IMAGE_NAME
if command -v podman-compose &> /dev/null; then
sudo podman-compose -f compose.yml up -d
else
sudo docker-compose -f compose.yml up -d
fi
}
# --- 5. VERIFICATION & ATTACK TEST ---
verify_health() {
echo -e "\n${YELLOW}⏳ Waiting 20s for handshake and sync...${NC}"
sleep 20
echo -en "Checking instance status page (port $MONITOR_PORT)... "
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
echo -e "${GREEN}SUCCESS${NC}"
else
echo -e "${RED}WARNING: Status page not responding yet.${NC}"
echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME"
fi
echo -e "\n${YELLOW}⚔️ Running Attack Test (SQLi & XSS)...${NC}"
# Test 1: SQL Injection
echo -n "Sending SQLi payload to port $TRAFFIC_PORT... "
local sqli_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?id='OR+1=1+UNION+SELECT+1,2,3--")
echo -e "HTTP Status: $sqli_res (Logged)"
# Test 2: XSS
echo -n "Sending XSS payload to port $TRAFFIC_PORT... "
local xss_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?search=<script>alert('Wallarm_Test')</script>")
echo -e "HTTP Status: $xss_res (Logged)"
echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}"
echo -e "--------------------------------------------------"
echo -e "Instance ID: $INSTANCE_NUM"
echo -e "Traffic Port: $TRAFFIC_PORT"
echo -e "Monitor Port: $MONITOR_PORT"
echo -e "\nCheck your Wallarm Console ($CLOUD_SEL Cloud) now."
echo -e "The attacks should appear in the 'Events' section within 1-2 minutes."
echo -e "--------------------------------------------------"
}
# --- MAIN FLOW ---
check_sudo || exit 1
check_wallarm_cloud || { echo -e "${RED}Cloud connectivity failed. Cannot continue.${NC}"; exit 1; }
get_user_input
setup_engine
execute_deployment
verify_health

2
wallarm-deploy-ct.sh
View file

@ -113,7 +113,7 @@ get_user_input() {
MON_PORT=$((IN_PORT + 10)) MON_PORT=$((IN_PORT + 10))
echo -e " ${YELLOW}i${NC} Monitoring Port: ${BOLD}$MON_PORT${NC}" echo -e " ${YELLOW}i${NC} Monitoring Port: ${BOLD}$MON_PORT${NC}"
INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT" INSTANCE_DIR="/opt/wallarm/node_$IN_PORT"
NODE_NAME="wallarm-node-$IN_PORT" NODE_NAME="wallarm-node-$IN_PORT"
read -p " Upstream App IP [127.0.0.1]: " UPSTREAM_IP; UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} read -p " Upstream App IP [127.0.0.1]: " UPSTREAM_IP; UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}