Networking ex/aanchaltailwal

projects/bash_networking_security/SOLUTION

@@ -1,16 +1,25 @@
 Local DNS Server IP
 -------------------
-<ip-here>
-
-
+127.0.0.53
 
 Default gateway IP
 -------------------
-<ip-here>
-
+10.0.0.1
 
 
 DHCP IP allocation sys-logs
 -------------------
-<logs-here>
+Jun 15 05:37:09 ip-10-0-0-141 dhclient[359]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0xec60204a)
+Jun 15 14:55:28 ip-10-0-0-141 dhclient[364]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0xed569a5d)
+Jun 16 06:48:30 ip-10-0-0-141 dhclient[368]: DHCPDISCOVER on ens5 to 255.255.255.255 port 67 interval 3 (xid=0x19be7604)
+Jun 15 05:37:09 ip-10-0-0-141 dhclient[359]: DHCPOFFER of 10.0.0.141 from 10.0.0.1
+Jun 15 14:55:28 ip-10-0-0-141 dhclient[364]: DHCPOFFER of 10.0.0.141 from 10.0.0.1
+Jun 16 06:48:30 ip-10-0-0-141 dhclient[368]: DHCPOFFER of 10.0.0.141 from 10.0.0.1
+Jun 15 05:37:09 ip-10-0-0-141 dhclient[359]: DHCPREQUEST for 10.0.0.141 on ens5 to 255.255.255.255 port 67 (xid=0x4a2060ec)
+Jun 15 14:55:28 ip-10-0-0-141 dhclient[364]: DHCPREQUEST for 10.0.0.141 on ens5 to 255.255.255.255 port 67 (xid=0x5d9a56ed)
+Jun 16 06:48:30 ip-10-0-0-141 dhclient[368]: DHCPREQUEST for 10.0.0.141 on ens5 to 255.255.255.255 port 67 (xid=0x476be19)
+Jun 15 05:37:09 ip-10-0-0-141 dhclient[359]: DHCPACK of 10.0.0.141 from 10.0.0.1 (xid=0xec60204a)
+Jun 15 14:55:28 ip-10-0-0-141 dhclient[364]: DHCPACK of 10.0.0.141 from 10.0.0.1 (xid=0xed569a5d)
+Jun 16 06:48:30 ip-10-0-0-141 dhclient[368]: DHCPACK of 10.0.0.141 from 10.0.0.1 (xid=0x19be7604)
+
 

projects/bash_networking_security/bastion_connect.sh

@@ -1 +1,25 @@
-#!/bin/bash
+#!/bin/bash 
+
+COMMAND=$3
+# Check if the KEY_PATH environment variable is set
+if [ -z "$KEY_PATH" ]; then
+  echo "KEY_PATH env var is expected"
+  exit 5
+fi
+
+# Check if the public instance IP is provided
+if [ -z "$1" ]; then
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+# If both public and private instance IPs are provided, connect to the private instance via the public instance
+if [ -n "$2" ]; then
+  ssh -ti "$KEY_PATH" ubuntu@"$1" ssh -i "new_ssh_key" ubuntu@"$2" "$COMMAND"
+
+# Otherwise, connect to the public instance
+else
+  ssh -i "$KEY_PATH" ubuntu@"$1" 
+fi  
+
+

projects/bash_networking_security/tlsHandshake.sh

@@ -1 +1,54 @@
-#!/bin/bash
+#!/bin/bash -x
+
+
+IPADDRESS=13.53.122.7 || $PUBLIC_EC2_IP || $1
+# Step 1: Client Hello
+client_hello=$(curl -s -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": [
+      "TLS_AES_128_GCM_SHA256",
+      "TLS_CHACHA20_POLY1305_SHA256"
+   ],
+   "message": "Client Hello"
+}' http://$IPADDRESS:8080/clienthello)
+
+# Step 2: Server Hello
+version=$(echo "$client_hello" | jq -r '.version')
+cipher_suite=$(echo "$client_hello" | jq -r '.cipherSuite')
+session_id=$(echo "$client_hello" | jq -r '.sessionID')
+server_cert=$(echo "$client_hello" | jq -r '.serverCert')
+
+# Step 3: Server Certificate Verification
+wget -q https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+openssl verify -CAfile cert-ca-aws.pem <<< "$server_cert"
+verification_result=$?
+
+if [ $verification_result -ne 0 ]; then
+  echo "Server Certificate is invalid."
+  exit 5
+fi
+
+# Step 4: Client-Server master-key exchange
+master_key=$(openssl rand -base64 32)
+encrypted_master_key=$(echo "$master_key" | openssl smime -encrypt -aes-256-cbc -binary -outform DER cert.pem | base64 -w 0)
+
+# Step 5: Server verification message
+server_verification_msg=$(curl -s -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$session_id"'",
+  "masterKey": "'"$encrypted_master_key"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://$IPADDRESS:8080/keyexchange)
+
+encrypted_sample_msg=$(echo "$server_verification_msg" | jq -r '.encryptedSampleMessage')
+
+# Step 6: Client verification message
+decrypted_sample_msg=$(echo "$encrypted_sample_msg" | base64 -d | openssl enc -d -aes-256-cbc -pbkdf2 -pass pass:"$master_key" -md sha256)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+fi
+
+echo "Client-Server TLS handshake has been completed successfully"
+
+

projects/bash_networking_security/vpc.sh

@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
+REGION="eu-north-1"
+VPC_ID="vpc-0efa8b8281af85cbf"
+PUBLIC_INSTANCE_ID="i-00f629cb350bfb435"
+PRIVATE_INSTANCE_ID="i-095d9adca2021336a"