Commit 2f703067 authored by root's avatar root
Browse files

-

parents
version: '2'
networks:
# for use with a reverse proxy
backend:
driver: bridge
services:
ubuntu:
build:
context: ./docker/
dockerfile: Dockerfile
image: portscan-itfl-16-04:dirty
hostname: portscan-itfl-rz-uni-bamberg-de
restart: always
expose:
- 22
- 80
- 443
ports:
# syntax to specify IP "141.13.240.24:80:80"
# map ssh port to 220 if already used
- "220:22"
networks:
- backend
volumes:
- ./volumes/var/www:/var/www
- ./volumes/var/uniba.de:/var/uniba.de
- ./volumes/var/lib/mysql:/var/lib/mysql
- ./volumes/opt:/opt
- ./volumes/root/uniba.de/share:/root/uniba.de/share
- ./volumes/.git:/.git
FROM ubuntu:16.04
RUN rm /etc/apt/sources.list
ADD sources.list /etc/apt/sources.list
RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y \
bash-completion \
vim \
git \
sudo \
rsync \
cron \
byobu
#DEBIAN_FRONTEND=noninteractive
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
openssh-server \
nmap \
python3-pip \
ssmtp \
mailutils \
dos2unix
#
#
RUN locale-gen de_DE.utf8 && locale -a
RUN pip3 install python-nmap
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
mysql-server
#
# RUN a2ensite default-ssl && a2enmod ssl
# RUN make-ssl-cert generate-default-snakeoil --force-overwrite
#
# RUN a2dismod mpm_event && a2enmod mpm_prefork && a2enmod headers
#
#
# RUN mkdir -p /root/uniba.de/initial
# RUN mkdir -p /root/uniba.de/initial/var/lib/mysql/
# RUN rsync -a /var/lib/mysql/ /root/uniba.de/initial/var/lib/mysql/
#
ADD start.sh /start
RUN chmod +x /start
#
RUN mkdir -p /root/uniba.de/initial/remove-after-run
ADD setup.sh /root/uniba.de/initial/remove-after-run/setup.sh
#
RUN mkdir -p /root/.ssh/
ADD authorized_keys2 /root/.ssh/authorized_keys2
CMD ["/start", "-D"]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVhpkCOPHFkPL4+9KkMQ/ZvDZNjs4+ljGSGZdwqYwLD8zGzBBTqRbjtIw/1Vse50uLyCVNld5GdpLr22OCwQyozYxbmJ35D0241jQTJTM6xzWkLw0wEjhjiJyrLmllqeN/FieRvXzLXbbxW8lypYmAAR2JWfAuu11Bub7NuHExEv+KOKbZs8m0gy0Rh9+bDXUlo5MWAgrWk2UYTETuAoyjCbXpcl/1u/Vqj8gHl4VNRdXeyXzPoAvhv0jptoy7RlS3oQoniGDK2ho1WiLY7i4EmC2XJ29v3jGpeQrrcue+Cppx0K+dZVr6wdWJ5Yad03MXCfKBUrQn7/Zb6k4iY/S5 martin@martin-UX305FA
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmdutRmEYheMExGZSst0tgkDZmagFs8vCctohFY6a/mxb9h3XklUZvWp6mmfw0Zu3AfxLCO9EalUHUqiZ5EpfSu0C8MXd7ZJI0+1Jp/Ndt/Ckjp6qwFUa8V++lhCmg+hLwMdqv1LBhG/wQtZqxWGM2MlNISKNc3xSvqgZGwgzi0KO3dFyP7QPlrcLXSJDgfNzn4k/YsuPtWdm9/asBAProGOCbtTRsiG2/ia5IQ1pz2Pf40qdolzfhk1xH1cD/g4JuP5EyWASgDP/YtJysIs/zn377IxBaHMr1WsTQDA02094e2VPatmnL+9V0OcBxZLlaN6brV5ZwVWbppBjk4Byt root@cmdb-446
#!/bin/bash
rsync -a -v /root/uniba.de/share/overlay/ /
#cd /
#git reset --hard
#z.B.
#chown -R www-data /opt/otrs/
#a2ensite otrs
#service apache2 restart
\ No newline at end of file
#
# deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ xenial main restricted
#deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ xenial main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial main restricted
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates main restricted
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial universe
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial universe
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates universe
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial multiverse
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial multiverse
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates multiverse
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://ubuntu.mirror.lrz.de/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://ubuntu.mirror.lrz.de/ubuntu/ xenial-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb-src http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse
deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu xenial partner
# deb-src http://archive.canonical.com/ubuntu xenial partner
## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu xenial main
# deb-src http://extras.ubuntu.com/ubuntu xenial main
#!/bin/bash
sh /root/uniba.de/initial/remove-after-run/setup.sh
rm /root/uniba.de/initial/remove-after-run/setup.sh
mkdir /root/.ssh/
touch /root/.ssh/authorized_keys2
chmod 700 /root/.ssh/authorized_keys2
/sbin/init
service ssh restart
service rsyslog restart
cron
tail -f /start
trenner="\n#############################\n"
if [ -z "$log_dir" ]
then
log_dir="/var/uniba.de/log"
fi
if [ -z "$temp_dir" ]
then
temp_dir="/var/uniba.de/temp"
fi
if [ -z "$com_dir" ]
then
com_dir="/root/uniba.de/info"
fi
if [ -z "$already_running_file_reset_after_minutes" ]
then
already_running_file_reset_after_minutes="1500"
fi
if [ -z "$id_name" ]
then
id_name=$0
fi
pfad=`dirname $(readlink -f ${0})`
#echo $pfad
dir_identifier=$id_name""$pfad"$0"-"$*"
dir_identifier=`echo $dir_identifier | tr ' ' '-'`
temp_dir=$temp_dir"/"$dir_identifier
log_dir=$log_dir"/"$dir_identifier
status_dir=$com_dir"/"$dir_identifier
already_running_file="$status_dir"/running
mkdir -p $log_dir
mkdir -p $temp_dir
mkdir -p $com_dir
mkdir -p $status_dir
rm $log_dir/1
rm $log_dir/2
mkdir -p "$com_dir"/block-system-restart/
echo $flagfile >> "$com_dir"/block-system-restart/"$id_name"
### flagfile / Überholstopp
#find $already_running_file
find $already_running_file -mmin +$already_running_file_reset_after_minutes \
-exec rm {} \; \
2>>/dev/null
echo ""
#rm $already_running_file
if find $already_running_file 2>>/dev/null
then
string="already running ? \n flagfile present when starting \n exiting"
echo $flagfile
echo "$string"
date >>$log_dir/2
echo "$string" >>$log_dir/2
#echo "$string" | mail -s "$id_name exiting" $log_mail
exit
else
touch $already_running_file
fi
\ No newline at end of file
rm "$com_dir"/block-system-restart/"$id_name"
rm $already_running_file
\ No newline at end of file
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# pip3 install python-nmap
import subprocess
import optparse
import time
import sys
import re
import subprocess
import os
import pprint
import json
import nmap
def scanNmap(ip, ports, VarArguments):
import nmap
try:
nm = nmap.PortScanner() # instantiate nmap.PortScanner object
except nmap.PortScannerError:
print ('Nmap not found', sys.exc_info()[0])
sys.exit(0)
except:
print ("Unexpected error:", sys.exc_info()[0])
sys.exit(0)
#nm.scan(ip, ports, arguments=VarArguments) #todo mehr ports # scan host 127.0.0.1,
nm.scan(ip, arguments=VarArguments) #todo mehr ports # scan host 127.0.0.1,
#nm.scan(ip, ports, arguments=VarArguments) #todo mehr ports # scan host 127.0.0.1, ports from 22 to 443
#nm.scan(arguments='-T5')
if options.verbose=="1":
print(nm.command_line()) # get command line used for the
return nm
p = optparse.OptionParser()
p.add_option('--group', '', default="all")
p.add_option('--verbose', '', default="0")
p.add_option('--scan_ports', '', default="-10000")
#p.add_option('--scan_ports', '', default="21, 22, 80, 443")
p.add_option('--ip', '', default="141.13.240.24")
p.add_option('--debug', '', default="0")
p.add_option('--nmapoptionstring', '', default="0")
options, arguments = p.parse_args()
#--open (Show only open (or possibly open) ports)
nm = scanNmap(options.ip, options.scan_ports, options.nmapoptionstring) #-PN: auch ohne ping
print(nm.csv())
#!/bin/bash
# s. defaults in run/part-1.sh
pfad="/opt/scan"
cd $pfad
. run/part-1.sh
mail_stop_file=$log_dir/mail_stop
# für Debugging:
rm $mail_stop_file
#date > $log_dir/report
rm $log_dir/report
rm $log_dir/nmap-raw-out.txt
(cat $ips_file ; echo) | while read line
do
python3 scan.py --ip="$line" --scan_ports="$scan_ports" --nmapoptionstring="$options" >> $log_dir/nmap-raw-out.txt
done
sed 's/^M$//' $log_dir/nmap-raw-out.txt > $log_dir/nmap-raw-out.txt.temp
cat $log_dir/nmap-raw-out.txt.temp > $log_dir/nmap-raw-out.txt
cut -d';' -f1,5,6,7,8 $log_dir/nmap-raw-out.txt > $log_dir/ist.txt
header='#diff itfl-service--soll-offene-ports-von-extern'
string='\n#offene Ports, die nicht in soll.txt vorkommen'
string="$string"'\n# hier sollte nichts stehen'
echo -e "$trenner""$header""$string" >> $log_dir/report
cat $soll_file | sort | uniq > $log_dir/soll.txt.temp
#cat 1 | sort | uniq > soll.txt.temp
cat $log_dir/soll.txt.temp > $log_dir/soll.txt
echo "soll_________"
cat $log_dir/soll.txt
cat $log_dir/ist.txt | sort | uniq > $log_dir/ist.txt.temp
cat $log_dir/ist.txt.temp > $log_dir/ist.txt
cat $log_dir/nmap-raw-out.txt | sort | uniq > $log_dir/nmap-raw-out.txt.temp
cat $log_dir/nmap-raw-out.txt.temp > $log_dir/nmap-raw-out.txt
#prefix=$(date "+%Y_%m_%d")";"
#target=$log_dir"/ist.txt"
#sed -e 's/^/'$prefix'/' $log_dir/ist.txt >> $target
#target=$log_dir"/ist-raw.txt"
#sed -e 's/^/'$prefix'/' $log_dir/nmap-raw-out.txt >> $target
echo "ist_________"
cat $log_dir/ist.txt
echo "diff__________________________________-"
diff --ignore-all-space \
$log_dir/soll.txt \
$log_dir/ist.txt \
| egrep "^>" \
> $log_dir/diff-detected
if cat $log_dir/diff-detected | egrep [0-9] 2>>/dev/null
then
echo "nicht-leer: $log_dir/diff-detected"
rm $mail_stop_file
else
echo "leer: $log_dir/diff-detected"
fi
cat $log_dir/diff-detected >> $log_dir/report
cat $log_dir/report
header='\n\n________________________\n#Anhang'
string='\n#Die Datei im Anhang soll-und-ist.txt kann als Vorlage zur Definiton der erlaubeten Ports verwendet werden '
#string="$string"'\n # '
echo -e "$trenner""$header""$string" >> $log_dir/report
header='\n\n________________________\n#ungefilterte ausgabe'
string='\n#diese Ports sind offen'
#string="$string"'\n # '
echo -e "$trenner""$header""$string" >> $log_dir/report
cat $log_dir/nmap-raw-out.txt >> $log_dir/report
cat $log_dir/ist.txt
cat $soll_file > $log_dir/soll-und-ist.txt.temp
cat $log_dir/ist.txt >> $log_dir/soll-und-ist.txt.temp
cat $log_dir/soll-und-ist.txt.temp | dos2unix | sort | uniq > $log_dir/soll-und-ist.txt
if find $mail_stop_file 2>>/dev/null
then
echo vorhanden: $mail_stop_file
else
mpack -s "Portscan report $id_name" $log_dir/soll-und-ist.txt $log_mail -d $log_dir/report
fi
touch $mail_stop_file
. run/part-2.sh
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment