Merge pull request #1 from lamcodeofpwnosec/InfrastructureSecure

lamcodeofpwnosec · web-flow · commit 4d43d283c131 · 2024-10-21T22:41:55.000+07:00
build@devsecops
diff --git a/README.md b/README.md
@@ -1,2 +1,110 @@
-# IT_Infrastructure_Security
-IT Infrastructure Security Project aimed at analyzing and protecting against various attacks on servers, applications, and websites, we would need to combine several technologies and implement multiple layers of security. 
+# IT Infrastructure Security Project
+
+This project provides a multi-layered defense strategy to protect servers, applications, and websites from various types of cyber attacks. It includes firewall setup, real-time monitoring, vulnerability scanning, DDoS protection, and more. By leveraging tools like Nuclei, Nmap, Fail2Ban, and custom Python/Bash scripts, this project offers a complete solution to securing your IT infrastructure.
+
+
+## Features
+
+1. **Firewall and Intrusion Detection**: Configure iptables firewall rules.
+2. **Real-Time Monitoring and Alerts**: Monitor CPU, memory, and disk usage and send alerts.
+3. **Web Application Firewall (WAF)**: Protect against SQL injection and XSS attacks.
+4. **Brute Force Protection**: Use Fail2Ban to block IPs showing signs of brute force.
+5. **Vulnerability Scanning**: Automated vulnerability scanning using Nmap.
+6. **DDoS Protection**: NGINX rate limiting to prevent DDoS attacks.
+7. **Incident Response**: Automatically block IPs when suspicious activity is detected.
+8. **Encrypted Backups**: Secure and encrypt backups automatically.
+
+## How to Set Up
+
+1. Run the `firewall/firewall_setup.sh` to configure the basic firewall.
+2. Use `monitoring/real_time_monitor.py` to enable real-time monitoring and alerts.
+3. Configure and run the Web Application Firewall (WAF) using `waf/waf.py`.
+4. Set up brute force protection with `brute_force_protection/fail2ban_setup.sh`.
+5. Automate vulnerability scans with [projectdiscovery](https://github.com/projectdiscovery/nuclei-templates/graphs/contributors) `vulnerability_scanner/vulnerability_scan.py`.
+6. Apply DDoS protection using the `ddos_protection/ddos_protection.conf` with your NGINX setup.
+7. Enable automated incident response using `incident_response/incident_response.py`.
+8. Backup and encrypt important files with `backups/backup_script.sh`.
+
+## Installation
+**Prerequisites**
+ * Linux (Ubuntu/Debian preferred)
+ * Python 3.6+
+ * Nuclei by ProjectDiscovery
+ * Nmap
+ * NGINX (for DDoS protection)
+ * Fail2Ban
+ * iptables and gpg for encryption
+
+### Step-by-Step Installation
+1. Clone the Repository
+Clone the repository to your local machine:
+```
+git clone https://github.com/lamcodeofpwnosec/IT_Infrastructure_Security.git
+```
+2. Install Dependencies
+Install required packages and tools using the following commands:
+```
+sudo apt update
+sudo apt install python3-pip fail2ban nmap iptables gpg nginx -y
+pip3 install psutil requests
+```
+3. Install Nuclei
+Install Nuclei by running the following commands:
+
+```
+curl -s https://api.github.com/repos/projectdiscovery/nuclei/releases/latest | grep "browser_download_url.*nuclei-linux-amd64.zip" | cut -d '"' -f 4 | wget -qi -
+unzip nuclei-linux-amd64.zip
+sudo mv nuclei /usr/local/bin/
+```
+Ensure that Nuclei is correctly installed by running:
+```
+nuclei -version
+```
+4. Set Up Firewall Rules
+Navigate to the `firewall/`` directory and run the firewall setup script:
+```
+cd firewall
+sudo bash firewall_setup.sh
+```
+5. Set Up Brute Force Protection
+Set up Fail2Ban to block brute force attacks:
+```
+cd ../brute_force_protection
+sudo bash fail2ban_setup.sh
+```
+6. Configure DDoS Protection
+Copy the NGINX rate limiting configuration to your NGINX configuration file:
+```
+sudo cp ../ddos_protection/ddos_protection.conf /etc/nginx/nginx.conf
+sudo systemctl restart nginx
+```
+### Usage
+1. **Real-Time Monitoring**
+To monitor your system's CPU, memory, and disk usage in real-time and send alerts, run the Python script:
+```
+cd monitoring
+python3 real_time_monitor.py
+```
+2. Vulnerability Scanning
+You can run vulnerability scans using either Nmap or Nuclei by following the steps below:
+ * Nmap Scan:
+```
+cd ../vulnerability_scanner
+python3 vulnerability_scan.py
+```
+Choose option 1 for Nmap and enter the target IP.
+
+3. Block Suspicious IP
+If you detect suspicious activity, you can block an IP by running the following script:
+```
+cd ../firewall
+sudo bash block_ip.sh <IP_ADDRESS>
+```
+4. Backup and Encrypt Data
+To back up and encrypt sensitive data, use the following backup script:
+```
+cd ../backups
+sudo bash backup_script.sh
+```
+### Author
+IT Infrastructure Security Project was created by [@lamcodeofpwnosec](https://github.com/lamcodeofpwnosec/).
diff --git a/backups/backup_script.sh b/backups/backup_script.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# Backup Script
+
+backup_dir="/var/backups"
+target_dir="/home/user/data"
+backup_file="$backup_dir/data_backup_$(date +%Y%m%d).tar.gz"
+
+# Create a backup and encrypt it using GPG
+tar -czf - $target_dir | gpg --symmetric --cipher-algo aes256 -o $backup_file.gpg
+
+echo "Backup and encryption completed: $backup_file.gpg"
diff --git a/brute_force_protection/fail2ban_setup.sh b/brute_force_protection/fail2ban_setup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Fail2Ban Setup Script
+
+sudo apt update
+sudo apt install fail2ban -y
+
+# Create a new jail configuration for SSH
+cat <<EOL > /etc/fail2ban/jail.local
+[sshd]
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 5
+bantime = 3600  # Ban for 1 hour
+EOL
+
+# Restart Fail2Ban
+sudo systemctl restart fail2ban
+
+echo "Fail2Ban setup completed!"
diff --git a/ddos_protection/ddos_protection.conf b/ddos_protection/ddos_protection.conf
@@ -0,0 +1,9 @@
+http {
+    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
+    
+    server {
+        location / {
+            limit_req zone=one burst=5 nodelay;
+        }
+    }
+}
diff --git a/firewall/block_ip.sh b/firewall/block_ip.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# Block IP Script
+
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <IP_ADDRESS>"
+    exit 1
+fi
+
+IP=$1
+
+# Block the given IP
+iptables -A INPUT -s $IP -j DROP
+iptables-save > /etc/iptables/rules.v4
+
+echo "Blocked IP: $IP"
diff --git a/firewall/firewall_setup.sh b/firewall/firewall_setup.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Firewall Setup Script
+
+# Flush existing rules
+iptables -F
+
+# Default policy: Drop all traffic
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT ACCEPT
+
+# Allow loopback traffic
+iptables -A INPUT -i lo -j ACCEPT
+
+# Allow established connections
+iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# Allow SSH
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+
+# Allow HTTP and HTTPS traffic
+iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+
+# Log and drop everything else
+iptables -A INPUT -j LOG --log-prefix "Dropped: "
+iptables -A INPUT -j DROP
+
+# Save iptables rules
+iptables-save > /etc/iptables/rules.v4
+
+echo "Firewall setup completed!"
diff --git a/incident_response/incident_response.py b/incident_response/incident_response.py
@@ -0,0 +1,10 @@
+import subprocess
+
+def block_ip(ip):
+    command = f"iptables -A INPUT -s {ip} -j DROP"
+    subprocess.run(command, shell=True)
+    print(f"Blocked IP: {ip}")
+
+if __name__ == "__main__":
+    suspicious_ip = "192.168.0.100"  # Example suspicious IP
+    block_ip(suspicious_ip)
diff --git a/monitoring/log_monitor.sh b/monitoring/log_monitor.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# Log Monitoring Script
+
+log_file="/var/log/auth.log"
+last_checked=$(date)
+
+# Monitor log file for specific keywords (e.g., "Failed password", "Unauthorized")
+tail -Fn0 $log_file | while read line; do
+    echo "$line" | grep -i "failed password"
+    if [ $? = 0 ]; then
+        echo "Suspicious activity detected: $line"
+        echo "Suspicious activity detected on $(date): $line" | mail -s "Security Alert" admin@example.com
+    fi
+done
diff --git a/monitoring/real_time_monitor.py b/monitoring/real_time_monitor.py
@@ -0,0 +1,27 @@
+import psutil
+import time
+import requests
+
+def send_alert(message):
+    webhook_url = 'https://hooks.slack.com/services/YOUR/WEBHOOK/URL'
+    payload = {'text': message}
+    requests.post(webhook_url, json=payload)
+
+def monitor_system():
+    while True:
+        cpu_usage = psutil.cpu_percent(interval=1)
+        memory_info = psutil.virtual_memory()
+        disk_usage = psutil.disk_usage('/')
+
+        # Check thresholds
+        if cpu_usage > 80:
+            send_alert(f"High CPU Usage: {cpu_usage}%")
+        if memory_info.percent > 80:
+            send_alert(f"High Memory Usage: {memory_info.percent}%")
+        if disk_usage.percent > 80:
+            send_alert(f"High Disk Usage: {disk_usage.percent}%")
+
+        time.sleep(60)  # Run every minute
+
+if __name__ == "__main__":
+    monitor_system()
diff --git a/vulnerability_scanner/nuclei_scan.sh b/vulnerability_scanner/nuclei_scan.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Nuclei Scan Script
+# Description: This script runs a Nuclei scan against a specified target.
+# Dependencies: Nuclei must be installed (https://github.com/projectdiscovery/nuclei)
+
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <target>"
+    exit 1
+fi
+
+TARGET=$1
+
+# Update Nuclei templates before scanning
+echo "Updating Nuclei templates..."
+nuclei -update-templates
+
+# Run Nuclei scan against the target
+echo "Running Nuclei scan on target: $TARGET..."
+nuclei -u $TARGET -o "$TARGET"_nuclei_report.txt
+
+echo "Nuclei scan complete. Report saved to $TARGET_nuclei_report.txt"
diff --git a/vulnerability_scanner/vulnerability_scan.py b/vulnerability_scanner/vulnerability_scan.py
@@ -0,0 +1,30 @@
+import subprocess
+
+def scan_nmap(target_ip):
+    """ Run Nmap scan """
+    print(f"Running Nmap scan on {target_ip}...")
+    nmap_scan_command = ["nmap", "-sV", "--script=vulscan/vulscan.nse", target_ip]
+    result = subprocess.run(nmap_scan_command, stdout=subprocess.PIPE)
+    print(result.stdout.decode())
+
+def scan_nuclei(target_url):
+    """ Run Nuclei scan """
+    print(f"Running Nuclei scan on {target_url}...")
+    nuclei_scan_command = ["./nuclei_scan.sh", target_url]
+    result = subprocess.run(nuclei_scan_command, stdout=subprocess.PIPE)
+    print(result.stdout.decode())
+
+if __name__ == "__main__":
+    print("Select a vulnerability scan:")
+    print("1) Nmap Vulnerability Scan")
+    print("2) Nuclei Vulnerability Scan")
+    scan_choice = input("Enter choice: ")
+
+    if scan_choice == "1":
+        target = input("Enter the target IP for Nmap scan: ")
+        scan_nmap(target)
+    elif scan_choice == "2":
+        target = input("Enter the target URL for Nuclei scan: ")
+        scan_nuclei(target)
+    else:
+        print("Invalid choice. Exiting.")
diff --git a/waf/waf.py b/waf/waf.py
@@ -0,0 +1,22 @@
+from flask import Flask, request, abort
+
+app = Flask(__name__)
+
+# Define bad patterns (for SQL injection, XSS, etc.)
+BAD_PATTERNS = ["<script>", "SELECT *", "' OR 1=1", "DROP TABLE", "UNION SELECT"]
+
+def is_malicious(payload):
+    for pattern in BAD_PATTERNS:
+        if pattern.lower() in payload.lower():
+            return True
+    return False
+
+@app.route('/submit', methods=['POST'])
+def submit():
+    data = request.form['data']
+    if is_malicious(data):
+        abort(403)  # Forbidden
+    return "Data received safely!"
+
+if __name__ == '__main__':
+    app.run(port=8080)
