Networking ex/pratham

projects/bash_networking_security/New key1.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAjDl9yWMpX5LCKBipxAs/Yxy7xv13tuySXmmUe183Cz/PSGrj
+h3HGEKrZGTMswc0YquC/SJ0cNdJgWjX2KKWCGJRN7E92Ucj2qtulUBAzmuPG0/vo
+KL9751ZaycwpaR8SgNoC9s/NKP7YyO6LuyjwmKcD7Yj3bg1SjDGQpUzLkQg2wiJT
+cmutBBuiOfdVr1XU/W9UP4d/J9SHqKBID1BnkroMx5L7GjmWB9BngSAfxngPcNmf
+v54wVZ52OilbZZ2EpPETp0wlTbfVEk9kxY4Z1g+zTKKdXmP1Vk2eoKxdQhO5144+
+jCFhXiekYFfgzZewzV5zTEGPhl0Q+GWCZds70QIDAQABAoIBAQCI06yO7yi27pBv
+6aj19/exMZ91S20eXHdyktllDQK8Ala0FkDQsE8RgnR2532b2hJg4w8jvtKBHjgQ
+rqj0/pMUgtoKZXtR0KQJEmyb1ENWtz4TKbJe2IIBuTy7vnEF92DpxFGyHhDWGN7W
+KhbE2Oz0N7xYcxblFzDeRZscAPR+Hi05OcoGo/TdHf2lNvIn9A1X2yVrPeF+cBpa
+eFm9ixa1nsSl8DDgSQ9hghAp/is0kxCyh0utrz/opuv/96hMTy6uxJaEdM6z1ycR
+UuYqiTBJSaK5h+qz57efUdU4aGYsiuet68g6C6a9nzzk6wlx7tUne26D036n/K5U
+zwyG1aExAoGBANpmty/K0Vk8f7XTu62eb71jTj8BMa5rh5ZjEDFRC58FTU7vuiex
+c4xpNYvrgB+1J1nvba/YR5hqUZjLQ+EdbqP0+nU+sqa1OYQWOfzOXRRuzgSlVfl1
+kOehTTC0QsCur2tgtSkTkQ+Y01YMOVwawpLiPEBUKkiIjUxR9HptDo4NAoGBAKRd
+aHXLYBtavi8GC8fnXm5PwINPRYHnSM/f9H76jawnrHy/mrN4TFeJDdCOMp/S770X
+3ZQvyMYoCIgrcKS8ZdZnQqVvG4Nz9PaYQpy3x4/Q1DoaneBGN5h2Ij3/D5j6JDHM
+UHJHEJYj5Iv+PCwrCw0vE8/H8cwp5LQdcmQQ03fVAoGBAJwX/aVy191nl/9krSaR
+rls1tp7hQ5jd0bJyawhUXHHzYCWiwPHNqkAYkeTHFHOVDeMBdOvRMJqGonsKDCHA
+32rflIJnpVfw/oKhQCCnfW81Ipm/cYsxs7dZWcoNjAga0dV08QXCrlLvb1x4sCZc
+GeTRPS7c+LuOnS6HBKzbdSOhAoGBAJEfCAQ5NPnx/Ml4BR7TYcT0FX3al/xCQT+I
+9U7H2h6OSPU8F1Mue/ktwUzKwFfs3k+Oqs0UA6kx35abBDHvRdswAOAgYaKG11qC
+xQ2qFkEcmMVUiuBiHuQ2KbWjZhojgaGWS9EafcKSnlAcgPRebLuPPWbPmuYwdwWw
+mjdPw+ahAoGAYIik2DL0bMXYx/mKOUCIxT5gZu7vwpDlU2EMNnV7eyrYQTn2wbAv
+U8xw4OoDjrF6TkAs5xzD5uXPsHI4heqd7iJ0rMA3OqiKowmihfbjFarOJTEjiFIU
+/YVvUZMXXz+cfhE++TxdS6azNl4sHPCn2ta2N1mVCnaHQ8qOw2V4IiY=
+-----END RSA PRIVATE KEY-----

projects/bash_networking_security/SOLUTION

@@ -1,16 +1,20 @@
 Local DNS Server IP
 -------------------
-<ip-here>
+127.0.0.53
 
 
 
 Default gateway IP
 -------------------
-<ip-here>
-
+10.0.0.1
+0.0.0.0
+0.0.0.0
+0.0.0.0
 
 
 DHCP IP allocation sys-logs
 -------------------
-<logs-here>
-
+255.255.255.255
+10.0.0.183
+10.0.0.183
+10.0.0.183

projects/bash_networking_security/bastion_connect.sh

@@ -1 +1,26 @@
 #!/bin/bash
+# Check if KEY_PATH environment variable exists
+if [[ -z "$KEY_PATH" ]]; then
+    echo "KEY_PATH env var is expected"
+    exit 5
+fi
+
+# Check if the public instance IP address is provided
+if [[ $# -lt 1 ]]; then
+    echo "Please provide bastion IP address"
+    exit 1
+fi
+
+# Connect to the private instance using the public instance as a bastion host
+if [[ $# -eq 2 ]]; then
+    public_instance_ip=$1
+    private_instance_ip=$2
+
+    # Connect to the private instance via the bastion host
+    ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" ssh -t -t -i "/home/ubuntu/flask/key.pem" ubuntu@"$private_instance_ip"
+else
+    public_instance_ip=$1
+
+    # Connect to the public instance
+    ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" 
+fi

projects/bash_networking_security/tlsHandshake.sh

@@ -1 +1,53 @@
-#!/bin/bash
+#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://54.225.54.226:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(jq -r '.sessionID' <<< "$RESPONSE")
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem -O cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ]; then
+  echo "Server Certificate is invalid"
+  exit 5
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+openssl rand -out masterKey.txt -base64 32
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 -w 0)
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://54.225.54.226/keyexchange)
+
+
+# Step 6 - Client verification message
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi

projects/bash_networking_security/vpc.sh

@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
+REGION="us-east-1"
+VPC_ID="vpc-04f1bfa3b26f70757"
+PUBLIC_INSTANCE_ID="i-09172549d32f9a390"
+PRIVATE_INSTANCE_ID="i-03086e4bdb2131454"