diff --git a/wallarm-deploy-ct copy.sh b/wallarm-deploy-ct copy.sh new file mode 100644 index 0000000..9d230b8 --- /dev/null +++ b/wallarm-deploy-ct copy.sh @@ -0,0 +1,236 @@ +#!/bin/bash +# ============================================================================== +# Sechpoint Wallarm Smart Deployer - Container Edition (PoC Optimized) +# ============================================================================== + +# --- Styling --- +YELLOW='\033[1;33m' +GREEN='\033[0;32m' +RED='\033[0;31m' +NC='\033[0m' + +LOG_FILE="/var/log/wallarm-deploy.log" +EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com") +US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com") + +# --- Initialization --- +sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE" +exec > >(tee -a "$LOG_FILE") 2>&1 # Log everything to file while showing on screen + +clear +echo -e "${YELLOW}====================================================${NC}" +echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}" +echo -e "${YELLOW}====================================================${NC}" + +# --- 1. PRE-FLIGHT FUNCTIONS --- + +check_sudo() { + echo -e "\n${YELLOW}[1/4] Checking Sudo...${NC}" + if sudo -v; then + echo -e "${GREEN}[PASS]${NC} Sudo access confirmed." + return 0 + else + echo -e "${RED}[FAIL]${NC} Sudo access denied."; return 1 + fi +} + +check_wallarm_cloud() { + echo -e "\n${YELLOW}[2/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" + local fail=0 + + # We ask for cloud preference early to avoid testing everything unnecessarily + read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL + CLOUD_SEL=${CLOUD_SEL^^} + CLOUD_SEL=${CLOUD_SEL:-US} + + local nodes_to_test=("${US_DATA_NODES[@]}") + if [[ "$CLOUD_SEL" == "EU" ]]; then + nodes_to_test=("${EU_DATA_NODES[@]}") + fi + + echo "Testing $CLOUD_SEL Cloud Endpoints..." + for node in "${nodes_to_test[@]}"; do + if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then + echo -e "${RED}[FAIL]${NC} Cannot reach $node"; fail=1 + else + echo -e "${GREEN}[PASS]${NC} Reached $node" + fi + done + + API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") + return $fail +} + +# --- 2. INPUT & CONFIGURATION --- + +get_user_input() { + echo -e "\n${YELLOW}[3/4] Configuration & Workspace Setup...${NC}" + + # Instance ID Logic - Simplified to numeric directory structure + echo -e "Existing Deployments in /opt/wallarm/:" + if [ -d /opt/wallarm ]; then + ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "None" + else + echo "None" + fi + echo "" + + read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM + if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then + echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1 + fi + + NODE_NAME="wallarm-node-$INSTANCE_NUM" + INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM" + TRAFFIC_PORT=$((8000 + INSTANCE_NUM)) + MONITOR_PORT=$((9000 + INSTANCE_NUM)) + + # App Server Logic + read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP + UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} + read -p "Enter Upstream Port [80]: " UPSTREAM_PORT + UPSTREAM_PORT=${UPSTREAM_PORT:-80} + + read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN + + echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " + if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then + echo -e "${RED}FAILED${NC}" + echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1 + else + echo -e "${GREEN}OK${NC}" + fi +} + +# --- 3. ENGINE SETUP --- + +setup_engine() { + echo -e "\n${YELLOW}[4/4] 🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}" + if [ -f /etc/redhat-release ]; then + ENGINE="podman" + echo "Detected RHEL/CentOS. Setting up Podman..." + sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null + sudo systemctl enable --now podman.socket &>/dev/null + sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null + sudo firewall-cmd --reload &>/dev/null + else + ENGINE="docker" + echo "Detected Ubuntu/Debian. Setting up Docker..." + sudo apt update && sudo apt install -y docker.io wget curl &>/dev/null + sudo systemctl enable --now docker &>/dev/null + fi + + if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then + echo "Installing Compose utility..." + if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi + if [ "$ENGINE" == "podman" ]; then sudo dnf install -y podman-compose &>/dev/null; fi + fi +} + +# --- 4. DEPLOYMENT --- + +execute_deployment() { + echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}" + sudo mkdir -p "$INSTANCE_DIR" + cd "$INSTANCE_DIR" + + # Fully qualified name ensures Podman/Docker doesn't prompt for registry choice + IMAGE_NAME="docker.io/wallarm/node:latest" + + echo "Generating Nginx Configuration..." + sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null < /dev/null </dev/null + + # Pulling explicitly with docker.io prefix to avoid short-name resolution errors + echo "Pulling latest image from Docker Hub (docker.io)..." + sudo $ENGINE pull $IMAGE_NAME + + if command -v podman-compose &> /dev/null; then + sudo podman-compose -f compose.yml up -d + else + sudo docker-compose -f compose.yml up -d + fi +} + +# --- 5. VERIFICATION & ATTACK TEST --- + +verify_health() { + echo -e "\n${YELLOW}⏳ Waiting 20s for handshake and sync...${NC}" + sleep 20 + + echo -en "Checking instance status page (port $MONITOR_PORT)... " + if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then + echo -e "${GREEN}SUCCESS${NC}" + else + echo -e "${RED}WARNING: Status page not responding yet.${NC}" + echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME" + fi + + echo -e "\n${YELLOW}⚔️ Running Attack Test (SQLi & XSS)...${NC}" + + # Test 1: SQL Injection + echo -n "Sending SQLi payload to port $TRAFFIC_PORT... " + local sqli_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?id='OR+1=1+UNION+SELECT+1,2,3--") + echo -e "HTTP Status: $sqli_res (Logged)" + + # Test 2: XSS + echo -n "Sending XSS payload to port $TRAFFIC_PORT... " + local xss_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?search=") + echo -e "HTTP Status: $xss_res (Logged)" + + echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" + echo -e "--------------------------------------------------" + echo -e "Instance ID: $INSTANCE_NUM" + echo -e "Traffic Port: $TRAFFIC_PORT" + echo -e "Monitor Port: $MONITOR_PORT" + echo -e "\nCheck your Wallarm Console ($CLOUD_SEL Cloud) now." + echo -e "The attacks should appear in the 'Events' section within 1-2 minutes." + echo -e "--------------------------------------------------" +} + +# --- MAIN FLOW --- +check_sudo || exit 1 +check_wallarm_cloud || { echo -e "${RED}Cloud connectivity failed. Cannot continue.${NC}"; exit 1; } +get_user_input +setup_engine +execute_deployment +verify_health \ No newline at end of file diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh index 9d230b8..c0008a5 100644 --- a/wallarm-deploy-ct.sh +++ b/wallarm-deploy-ct.sh @@ -1,6 +1,6 @@ #!/bin/bash # ============================================================================== -# Sechpoint Wallarm Smart Deployer - Container Edition (PoC Optimized) +# Sechpoint Wallarm Smart Deployer - Multi-Distro PoC Optimized # ============================================================================== # --- Styling --- @@ -15,30 +15,44 @@ US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us # --- Initialization --- sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE" -exec > >(tee -a "$LOG_FILE") 2>&1 # Log everything to file while showing on screen +exec > >(tee -a "$LOG_FILE") 2>&1 clear echo -e "${YELLOW}====================================================${NC}" echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}" echo -e "${YELLOW}====================================================${NC}" -# --- 1. PRE-FLIGHT FUNCTIONS --- +# --- 1. DETECTION & PRE-FLIGHT --- + +detect_environment() { + echo -e "\n${YELLOW}[1/5] Detecting System Environment...${NC}" + if command -v dnf &> /dev/null; then + PKG_MANAGER="dnf" + ENGINE="podman" + echo -e "${GREEN}[PASS]${NC} Detected modern RHEL/CentOS (using dnf/podman)" + elif command -v yum &> /dev/null; then + PKG_MANAGER="yum" + ENGINE="podman" + echo -e "${GREEN}[PASS]${NC} Detected older RHEL/CentOS (using yum/podman)" + elif command -v apt-get &> /dev/null; then + PKG_MANAGER="apt" + ENGINE="docker" + echo -e "${GREEN}[PASS]${NC} Detected Debian/Ubuntu (using apt/docker)" + else + echo -e "${RED}[FAIL]${NC} No supported package manager found (dnf/yum/apt)."; exit 1 + fi +} check_sudo() { - echo -e "\n${YELLOW}[1/4] Checking Sudo...${NC}" if sudo -v; then echo -e "${GREEN}[PASS]${NC} Sudo access confirmed." - return 0 else - echo -e "${RED}[FAIL]${NC} Sudo access denied."; return 1 + echo -e "${RED}[FAIL]${NC} Sudo access denied."; exit 1 fi } check_wallarm_cloud() { - echo -e "\n${YELLOW}[2/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" - local fail=0 - - # We ask for cloud preference early to avoid testing everything unnecessarily + echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL CLOUD_SEL=${CLOUD_SEL^^} CLOUD_SEL=${CLOUD_SEL:-US} @@ -48,101 +62,80 @@ check_wallarm_cloud() { nodes_to_test=("${EU_DATA_NODES[@]}") fi - echo "Testing $CLOUD_SEL Cloud Endpoints..." for node in "${nodes_to_test[@]}"; do if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then - echo -e "${RED}[FAIL]${NC} Cannot reach $node"; fail=1 - else - echo -e "${GREEN}[PASS]${NC} Reached $node" + echo -e "${RED}[FAIL]${NC} Cannot reach $node" + return 1 fi + echo -e "${GREEN}[PASS]${NC} Reached $node" done API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") - return $fail } # --- 2. INPUT & CONFIGURATION --- get_user_input() { - echo -e "\n${YELLOW}[3/4] Configuration & Workspace Setup...${NC}" - - # Instance ID Logic - Simplified to numeric directory structure - echo -e "Existing Deployments in /opt/wallarm/:" - if [ -d /opt/wallarm ]; then - ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "None" - else - echo "None" - fi - echo "" + echo -e "\n${YELLOW}[3/5] Configuration & Workspace Setup...${NC}" + [ -d /opt/wallarm ] && ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "No existing instances." + read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM - if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then - echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1 - fi + if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then echo -e "${RED}ERROR: Invalid number.${NC}"; exit 1; fi NODE_NAME="wallarm-node-$INSTANCE_NUM" INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM" TRAFFIC_PORT=$((8000 + INSTANCE_NUM)) MONITOR_PORT=$((9000 + INSTANCE_NUM)) - # App Server Logic read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} read -p "Enter Upstream Port [80]: " UPSTREAM_PORT UPSTREAM_PORT=${UPSTREAM_PORT:-80} - - read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN + read -p "Paste Wallarm Token: " TOKEN - echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " + echo -n "Verifying App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then - echo -e "${RED}FAILED${NC}" - echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1 - else - echo -e "${GREEN}OK${NC}" + echo -e "${RED}FAILED${NC}"; exit 1 fi + echo -e "${GREEN}OK${NC}" } # --- 3. ENGINE SETUP --- setup_engine() { - echo -e "\n${YELLOW}[4/4] 🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}" - if [ -f /etc/redhat-release ]; then - ENGINE="podman" - echo "Detected RHEL/CentOS. Setting up Podman..." - sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null - sudo systemctl enable --now podman.socket &>/dev/null - sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null - sudo firewall-cmd --reload &>/dev/null - else - ENGINE="docker" - echo "Detected Ubuntu/Debian. Setting up Docker..." - sudo apt update && sudo apt install -y docker.io wget curl &>/dev/null - sudo systemctl enable --now docker &>/dev/null - fi - - if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then - echo "Installing Compose utility..." - if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi - if [ "$ENGINE" == "podman" ]; then sudo dnf install -y podman-compose &>/dev/null; fi - fi + echo -e "\n${YELLOW}[4/5] 🛠️ Ensuring Engine ($ENGINE) is ready...${NC}" + case "$PKG_MANAGER" in + dnf|yum) + sudo $PKG_MANAGER install -y epel-release wget curl &>/dev/null + sudo $PKG_MANAGER install -y podman podman-docker podman-compose &>/dev/null + sudo systemctl enable --now podman.socket &>/dev/null + if systemctl is-active --quiet firewalld; then + sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null + sudo firewall-cmd --reload &>/dev/null + fi + ;; + apt) + sudo apt-get update &>/dev/null + sudo apt-get install -y docker.io docker-compose wget curl &>/dev/null + sudo systemctl enable --now docker &>/dev/null + ;; + esac } # --- 4. DEPLOYMENT --- execute_deployment() { - echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}" + echo -e "\n${YELLOW}[5/5] 🚀 Preparing Workspace: $INSTANCE_DIR${NC}" sudo mkdir -p "$INSTANCE_DIR" cd "$INSTANCE_DIR" - # Fully qualified name ensures Podman/Docker doesn't prompt for registry choice IMAGE_NAME="docker.io/wallarm/node:latest" - echo "Generating Nginx Configuration..." sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null < /dev/null </dev/null - - # Pulling explicitly with docker.io prefix to avoid short-name resolution errors - echo "Pulling latest image from Docker Hub (docker.io)..." sudo $ENGINE pull $IMAGE_NAME if command -v podman-compose &> /dev/null; then - sudo podman-compose -f compose.yml up -d + sudo podman-compose up -d else - sudo docker-compose -f compose.yml up -d + sudo docker-compose up -d fi } -# --- 5. VERIFICATION & ATTACK TEST --- +# --- 5. VERIFICATION --- verify_health() { - echo -e "\n${YELLOW}⏳ Waiting 20s for handshake and sync...${NC}" + echo -e "\n${YELLOW}⏳ Handshake...${NC}" sleep 20 - - echo -en "Checking instance status page (port $MONITOR_PORT)... " + echo -en "Checking Monitor Port $MONITOR_PORT... " if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then echo -e "${GREEN}SUCCESS${NC}" + echo -e "\n${GREEN}✅ DEPLOYMENT COMPLETE${NC}" + echo -e "Traffic: http://localhost:$TRAFFIC_PORT" else echo -e "${RED}WARNING: Status page not responding yet.${NC}" - echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME" fi - - echo -e "\n${YELLOW}⚔️ Running Attack Test (SQLi & XSS)...${NC}" - - # Test 1: SQL Injection - echo -n "Sending SQLi payload to port $TRAFFIC_PORT... " - local sqli_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?id='OR+1=1+UNION+SELECT+1,2,3--") - echo -e "HTTP Status: $sqli_res (Logged)" - - # Test 2: XSS - echo -n "Sending XSS payload to port $TRAFFIC_PORT... " - local xss_res=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$TRAFFIC_PORT/?search=") - echo -e "HTTP Status: $xss_res (Logged)" - - echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" - echo -e "--------------------------------------------------" - echo -e "Instance ID: $INSTANCE_NUM" - echo -e "Traffic Port: $TRAFFIC_PORT" - echo -e "Monitor Port: $MONITOR_PORT" - echo -e "\nCheck your Wallarm Console ($CLOUD_SEL Cloud) now." - echo -e "The attacks should appear in the 'Events' section within 1-2 minutes." - echo -e "--------------------------------------------------" } -# --- MAIN FLOW --- -check_sudo || exit 1 -check_wallarm_cloud || { echo -e "${RED}Cloud connectivity failed. Cannot continue.${NC}"; exit 1; } +# --- EXECUTION --- +detect_environment +check_sudo +check_wallarm_cloud || exit 1 get_user_input setup_engine execute_deployment