chore: auto-commit 2026-03-18 14:14

2026-03-18 14:14:10 +00:00 · 2026-03-18 14:14:10 +00:00 · 6af44a977e
commit 6af44a977e
parent 33ebc1b8b6
1 changed files with 56 additions and 62 deletions
--- a/wallarm-deploy-ct.sh
+++ b/wallarm-deploy-ct.sh
@ -1,10 +1,12 @@
 #!/bin/bash
 # ==============================================================================
-# SECHPOINT WALLARM SMART DEPLOYER - V6 (FULL BINARY INSTALL + PORT SELECTION)
+# SECHPOINT WALLARM SMART DEPLOYER - V7 (TRIPLE-VERIFIED CONNECTIVITY)
 # ==============================================================================

 YELLOW='\033[1;33m'; GREEN='\033[0;32m'; RED='\033[0;31m'; BLUE='\033[0;34m'; NC='\033[0m'; BOLD='\033[1m'
 LOG_FILE="/var/log/wallarm-deploy.log"
+
+# Cloud Endpoints
 EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com")
 US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com")

@ -14,69 +16,78 @@ exec > >(tee -a "$LOG_FILE") 2>&1

 clear
 echo -e "${BLUE}${BOLD}==========================================================${NC}"
-echo -e "${BLUE}${BOLD}      Wallarm Full Binary & Container Deployer V6       ${NC}"
+echo -e "${BLUE}${BOLD}      Wallarm Full Binary & Container Deployer V7       ${NC}"
 echo -e "${BLUE}${BOLD}==========================================================${NC}"

-# --- 1. PRE-FLIGHT & CONNECTIVITY ---
+# --- 1. PRE-FLIGHT & TRIPLE CONNECTIVITY CHECK ---

 check_connectivity() {
-    echo -e "\n${YELLOW}[1/5] Testing Cloud & Registry Connectivity...${NC}"
+    echo -e "\n${YELLOW}[1/5] Testing Connectivity Matrix...${NC}"
    
+    # A. Cloud Selection & Test
    read -p "  Wallarm Cloud (US/EU) [US]: " CLOUD_SEL
    CLOUD_SEL=${CLOUD_SEL^^}; CLOUD_SEL=${CLOUD_SEL:-US}
-    
    local nodes_to_test=("${US_DATA_NODES[@]}")
    [[ "$CLOUD_SEL" == "EU" ]] && nodes_to_test=("${EU_DATA_NODES[@]}")

-    echo "  Testing $CLOUD_SEL Cloud Endpoints..."
    for node in "${nodes_to_test[@]}"; do
        if curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then
-            echo -e "    ${GREEN}[PASS]${NC} Reached $node"
+            echo -e "    ${GREEN}[PASS]${NC} Wallarm Cloud: $node"
        else
-            echo -e "    ${RED}[FAIL]${NC} Cannot reach $node"
+            echo -e "    ${RED}[FAIL]${NC} Wallarm Cloud: $node (Check Firewall/Proxy)"
        fi
    done
-    
    API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")

-    echo -n "  Testing Docker Hub Registry Path... "
+    # B. Test Docker Registry (For Images)
    REGISTRY_STATUS=$(curl -skI --connect-timeout 5 -o /dev/null -w "%{http_code}" "https://registry-1.docker.io/v2/")
-
    if [[ "$REGISTRY_STATUS" == "200" || "$REGISTRY_STATUS" == "401" ]]; then
        REGISTRY_REACHABLE=true
-        echo -e "${GREEN}REACHABLE${NC} ($REGISTRY_STATUS)"
+        echo -e "    ${GREEN}[PASS]${NC} Docker Registry (Status: $REGISTRY_STATUS)"
    else
        REGISTRY_REACHABLE=false
-        echo -e "${RED}OFFLINE${NC} ($REGISTRY_STATUS)"
-        if ! ls *.tar >/dev/null 2>&1; then
-            echo -e "  ${RED}✗ FATAL: No registry and no local .tar found.${NC}"; exit 1
-        fi
+        echo -e "    ${RED}[FAIL]${NC} Docker Registry (Status: $REGISTRY_STATUS)"
+    fi
+
+    # C. Test Docker Download Server (For Engine Binaries)
+    DOWNLOAD_REACHABLE=true
+    if ! curl -skI --connect-timeout 5 "https://download.docker.com" > /dev/null 2>&1; then
+        DOWNLOAD_REACHABLE=false
+        echo -e "    ${RED}[WARN]${NC} Docker Download Server (Blocked)"
+    else
+        echo -e "    ${GREEN}[PASS]${NC} Docker Download Server"
+    fi
+
+    # Final Gatekeeper
+    if [ "$REGISTRY_REACHABLE" = false ] && ! ls *.tar >/dev/null 2>&1; then
+        echo -e "${RED}✗ FATAL: No registry access and no local .tar image found.${NC}"; exit 1
    fi
 }

-# --- 2. ENGINE SETUP (Manual Binary Download & Install) ---
+# --- 2. ENGINE SETUP (Smart Binary Install) ---

 setup_manual_engine() {
-    echo -e "\n${YELLOW}[2/5] Setting up Docker Engine (Manual Binaries)...${NC}"
+    echo -e "\n${YELLOW}[2/5] Setting up Docker Engine...${NC}"
    
    if command -v docker > /dev/null 2>&1 && sudo docker info > /dev/null 2>&1; then
-        echo -e "  ${GREEN}✓${NC} Docker is already installed and running."
+        echo -e "  ${GREEN}✓${NC} Docker is already active."
    else
-        echo "  Docker not found. Proceeding with static binary installation..."
-        
-        # Determine Architecture
        ARCH=$(uname -m)
-        BINARY_URL="https://download.docker.com/linux/static/stable/$ARCH/docker-24.0.7.tgz"
+        BINARY_FILE="docker-static.tgz"
        
-        echo "  Downloading Docker Binaries ($ARCH)..."
-        curl -L "$BINARY_URL" -o docker-static.tgz || { echo -e "${RED}Download failed.${NC}"; exit 1; }
+        if [ "$DOWNLOAD_REACHABLE" = true ]; then
+            echo "  Downloading Docker Binaries ($ARCH)..."
+            curl -L "https://download.docker.com/linux/static/stable/$ARCH/docker-24.0.7.tgz" -o $BINARY_FILE
+        elif ls docker-static.tgz >/dev/null 2>&1; then
+            echo "  Download blocked. Using local $BINARY_FILE..."
+        else
+            echo -e "  ${RED}✗ FATAL: Download server blocked and no local $BINARY_FILE found.${NC}"; exit 1
+        fi
        
-        echo "  Extracting and moving binaries to /usr/bin/..."
-        tar xzvf docker-static.tgz > /dev/null
+        tar xzvf $BINARY_FILE > /dev/null
        sudo cp docker/* /usr/bin/
-        rm -rf docker docker-static.tgz
+        rm -rf docker $BINARY_FILE
        
-        echo "  Creating systemd service..."
        sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
 [Unit]
 Description=Docker Engine
@ -85,52 +96,41 @@ After=network-online.target
 Type=notify
 ExecStart=/usr/bin/dockerd
 Restart=on-failure
-LimitNOFILE=infinity
 [Install]
 WantedBy=multi-user.target
 EOF
-        sudo systemctl daemon-reload
-        sudo systemctl enable --now docker
-        
-        # Wait for daemon to wake up
+        sudo systemctl daemon-reload && sudo systemctl enable --now docker
        sleep 5
-        sudo docker info > /dev/null 2>&1 || { echo -e "${RED}Engine failed to start.${NC}"; exit 1; }
-        echo -e "  ${GREEN}✓${NC} Docker Engine manually installed and started."
+        echo -e "  ${GREEN}✓${NC} Engine initialized."
    fi
 }

 # --- 3. INPUT & WORKSPACE ---

 get_user_input() {
-    echo -e "\n${YELLOW}[3/5] Configuration Setup...${NC}"
-    
-    read -p "  Enter Inbound Traffic Port [80]: " IN_PORT
-    IN_PORT=${IN_PORT:-80}
+    echo -e "\n${YELLOW}[3/5] Instance Configuration...${NC}"
+    read -p "  Enter Inbound Port [80]: " IN_PORT; IN_PORT=${IN_PORT:-80}
    MON_PORT=$((IN_PORT + 10))
-    echo -e "  ${YELLOW}i${NC} Monitoring port set to: ${BOLD}$MON_PORT${NC}"
+    echo -e "  ${YELLOW}i${NC} Monitoring Port: ${BOLD}$MON_PORT${NC}"

    INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT"
    NODE_NAME="wallarm-node-$IN_PORT"

-    read -p "  Upstream App IP [127.0.0.1]: " UPSTREAM_IP
-    UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}
-    read -p "  Upstream App Port [8080]: " UPSTREAM_PORT
-    UPSTREAM_PORT=${UPSTREAM_PORT:-8080}
+    read -p "  Upstream App IP [127.0.0.1]: " UPSTREAM_IP; UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}
+    read -p "  Upstream App Port [8080]: " UPSTREAM_PORT; UPSTREAM_PORT=${UPSTREAM_PORT:-8080}
    read -p "  Paste Wallarm Token: " TOKEN

-    # Port Collision Check
    if sudo netstat -tulpn | grep -E ":$IN_PORT |:$MON_PORT " > /dev/null 2>&1; then
-        echo -e "  ${RED}✗ FATAL: Port $IN_PORT or $MON_PORT is already in use.${NC}"; exit 1
+        echo -e "  ${RED}✗ FATAL: Port conflict detected.${NC}"; exit 1
    fi
 }

 # --- 4. DEPLOYMENT & PERSISTENCE ---

 execute_deployment() {
-    echo -e "\n${YELLOW}[4/5] Launching Wallarm Instance...${NC}"
+    echo -e "\n${YELLOW}[4/5] Launching Container...${NC}"
    sudo mkdir -p "$INSTANCE_DIR"

-    # Nginx Config
    sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
 server {
    listen 80;
@ -145,16 +145,13 @@ server {
 server { listen 90; location /wallarm-status { wallarm_status on; allow all; } }
 EOF

-    # Image Logic
    if [ "$REGISTRY_REACHABLE" = true ]; then
-        echo "  Pulling wallarm/node:latest..."
        sudo docker pull wallarm/node:latest
    else
-        echo "  Registry offline. Loading local .tar..."
+        echo "  Loading local .tar image..."
        sudo docker load < *.tar
    fi

-    # The Persistence Script
    sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF
 #!/bin/bash
 sudo docker rm -f $NODE_NAME 2>/dev/null
@ -170,20 +167,17 @@ EOF

 # --- 5. VERIFY ---

-verify_and_test() {
+verify() {
    echo -e "\n${YELLOW}[5/5] Final Verification...${NC}"
    sleep 15
    if curl -s "http://localhost:$MON_PORT/wallarm-status" | grep -q "requests"; then
-        echo -e "\n${GREEN}${BOLD}✅ SUCCESS: Wallarm Node is active on Port $IN_PORT${NC}"
-        echo -e "Monitoring available at: http://localhost:$MON_PORT/wallarm-status\n"
-        
-        echo -e "${YELLOW}⚔️ Simulating SQLi Attack...${NC}"
-        curl -s -o /dev/null -w "Result: HTTP %{http_code}\n" "http://localhost:$IN_PORT/?id='OR+1=1--"
+        echo -e "\n${GREEN}${BOLD}✅ SUCCESS: Wallarm Active on Port $IN_PORT${NC}"
+        echo -e "  Monitor: http://localhost:$MON_PORT/wallarm-status"
+        curl -s -o /dev/null -w "  Attack Test: HTTP %{http_code}\n" "http://localhost:$IN_PORT/?id='OR+1=1--"
    else
-        echo -e "\n${RED}❌ FAILED: Container started but status page is unreachable.${NC}"
+        echo -e "\n${RED}❌ FAILED: Node not responding.${NC}"
        sudo docker logs $NODE_NAME | tail -n 5
    fi
 }

-# --- RUN ---
-check_connectivity; setup_manual_engine; get_user_input; execute_deployment; verify_and_test
+check_connectivity; setup_manual_engine; get_user_input; execute_deployment; verify