diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION index 2edfbaf..99bcf26 100644 --- a/projects/bash_networking_security/SOLUTION +++ b/projects/bash_networking_security/SOLUTION @@ -1,16 +1,32 @@ Local DNS Server IP ------------------- - +127.0.0.53 + Default gateway IP ------------------- - +192.168.29.2 DHCP IP allocation sys-logs ------------------- - - +$ grep "DHCP" /var/log/syslog +Jun 15 00:19:05 raj-virtual-machine NetworkManager[950]: [1686768545.5255] dhcp-init: Using DHCP client 'internal' +Jun 15 00:33:01 raj-virtual-machine NetworkManager[787]: [1686769381.7210] dhcp-init: Using DHCP client 'internal' +Jun 15 09:31:18 raj-virtual-machine NetworkManager[787]: [1686801678.3694] dhcp4 (ens33): canceled DHCP transaction +Jun 15 12:34:23 raj-virtual-machine NetworkManager[787]: [1686812663.6266] dhcp4 (ens33): canceled DHCP transaction +Jun 15 23:26:53 raj-virtual-machine NetworkManager[955]: [1686851813.3395] dhcp-init: Using DHCP client 'internal' +Jun 15 23:27:09 raj-virtual-machine NetworkManager[955]: [1686851829.5212] dhcp4 (ens33): canceled DHCP transaction +Jun 15 23:30:28 raj-virtual-machine NetworkManager[955]: [1686852028.2316] dhcp4 (ens33): canceled DHCP transaction +Jun 16 00:09:00 raj-virtual-machine NetworkManager[947]: [1686854340.8814] dhcp-init: Using DHCP client 'internal' +Jun 16 21:00:19 raj-virtual-machine NetworkManager[961]: [1686929419.0867] dhcp-init: Using DHCP client 'internal' +Jun 16 21:12:20 raj-virtual-machine NetworkManager[961]: [1686930140.5507] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:12:28 raj-virtual-machine NetworkManager[961]: [1686930148.5983] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:16:00 raj-virtual-machine NetworkManager[961]: [1686930360.2464] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:16:06 raj-virtual-machine NetworkManager[961]: [1686930366.3305] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:16:40 raj-virtual-machine NetworkManager[961]: [1686930400.5622] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:16:54 raj-virtual-machine NetworkManager[961]: [1686930414.7062] dhcp4 (ens33): canceled DHCP transaction +Jun 16 21:19:11 raj-virtual-machine NetworkManager[961]: [1686930551.7505] dhcp4 (ens33): canceled DHCP transaction diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh index a9bf588..393e195 100644 --- a/projects/bash_networking_security/tlsHandshake.sh +++ b/projects/bash_networking_security/tlsHandshake.sh @@ -1 +1,61 @@ -#!/bin/bash +#!/bin/bash -x + +# Step 1 - Client Hello (Client -> Server) +RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{ + "version": "1.3", + "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"], + "message": "Client Hello" +}' http://3.141.38.247:8080/clienthello) + + +# Step 2 - Server Hello (Server -> Client) +SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID') + +echo "$RESPONSE" | jq -r '.serverCert' > cert.pem + + +# Step 3 - Server Certificate Verification +wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem + +VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem) + +if [ "$VERIFICATION" != "cert.pem: OK" ]; +then + echo "Server Certificate is invalid." + exit 5 + else + echo "cert.pem: OK" +fi + + +# Step 4 - Client-Server master-key exchange +#echo "Hi server, please encrypt me and send to client!" > masterKey.txt +openssl rand -out masterKey.txt -base64 32 + + + +MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n') + + + +# Step 5 - Server verification message +RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{ + "sessionID": "'"$SESSION_ID"'", + "masterKey": "'"$MASTER_KEY"'", + "sampleMessage": "Hi server, please encrypt me and send to client!" +}' http://3.141.38.247:8080/keyexchange) + + +# Step 6 - Client verification message + +echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt +cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt + +decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt) + +if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then + echo "Server symmetric encryption using the exchanged master-key has failed." + exit 6 +else + echo "Client-Server TLS handshake has been completed successfully" +fiss diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh index 951abba..6b1fad3 100644 --- a/projects/bash_networking_security/vpc.sh +++ b/projects/bash_networking_security/vpc.sh @@ -1,4 +1,4 @@ -REGION="" -VPC_ID="" -PUBLIC_INSTANCE_ID="" -PRIVATE_INSTANCE_ID="" \ No newline at end of file +REGION="eu-north-1" +VPC_ID="vpc-0b0a99ab119eb0cf7" +PUBLIC_INSTANCE_ID="i-0a3348dc225308c83" +PRIVATE_INSTANCE_ID="i-0b0cf0d94e141be6b"