diff --git a/README.md b/README.md index 875acad..dc81cd3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,110 @@ -# IT_Infrastructure_Security -IT Infrastructure Security Project aimed at analyzing and protecting against various attacks on servers, applications, and websites, we would need to combine several technologies and implement multiple layers of security. +# IT Infrastructure Security Project + +This project provides a multi-layered defense strategy to protect servers, applications, and websites from various types of cyber attacks. It includes firewall setup, real-time monitoring, vulnerability scanning, DDoS protection, and more. By leveraging tools like Nuclei, Nmap, Fail2Ban, and custom Python/Bash scripts, this project offers a complete solution to securing your IT infrastructure. + + +## Features + +1. **Firewall and Intrusion Detection**: Configure iptables firewall rules. +2. **Real-Time Monitoring and Alerts**: Monitor CPU, memory, and disk usage and send alerts. +3. **Web Application Firewall (WAF)**: Protect against SQL injection and XSS attacks. +4. **Brute Force Protection**: Use Fail2Ban to block IPs showing signs of brute force. +5. **Vulnerability Scanning**: Automated vulnerability scanning using Nmap. +6. **DDoS Protection**: NGINX rate limiting to prevent DDoS attacks. +7. **Incident Response**: Automatically block IPs when suspicious activity is detected. +8. **Encrypted Backups**: Secure and encrypt backups automatically. + +## How to Set Up + +1. Run the `firewall/firewall_setup.sh` to configure the basic firewall. +2. Use `monitoring/real_time_monitor.py` to enable real-time monitoring and alerts. +3. Configure and run the Web Application Firewall (WAF) using `waf/waf.py`. +4. Set up brute force protection with `brute_force_protection/fail2ban_setup.sh`. +5. Automate vulnerability scans with [projectdiscovery](https://github.com/projectdiscovery/nuclei-templates/graphs/contributors) `vulnerability_scanner/vulnerability_scan.py`. +6. Apply DDoS protection using the `ddos_protection/ddos_protection.conf` with your NGINX setup. +7. Enable automated incident response using `incident_response/incident_response.py`. +8. Backup and encrypt important files with `backups/backup_script.sh`. + +## Installation +**Prerequisites** + * Linux (Ubuntu/Debian preferred) + * Python 3.6+ + * Nuclei by ProjectDiscovery + * Nmap + * NGINX (for DDoS protection) + * Fail2Ban + * iptables and gpg for encryption + +### Step-by-Step Installation +1. Clone the Repository +Clone the repository to your local machine: +``` +git clone https://github.com/lamcodeofpwnosec/IT_Infrastructure_Security.git +``` +2. Install Dependencies +Install required packages and tools using the following commands: +``` +sudo apt update +sudo apt install python3-pip fail2ban nmap iptables gpg nginx -y +pip3 install psutil requests +``` +3. Install Nuclei +Install Nuclei by running the following commands: + +``` +curl -s https://api.github.com/repos/projectdiscovery/nuclei/releases/latest | grep "browser_download_url.*nuclei-linux-amd64.zip" | cut -d '"' -f 4 | wget -qi - +unzip nuclei-linux-amd64.zip +sudo mv nuclei /usr/local/bin/ +``` +Ensure that Nuclei is correctly installed by running: +``` +nuclei -version +``` +4. Set Up Firewall Rules +Navigate to the `firewall/`` directory and run the firewall setup script: +``` +cd firewall +sudo bash firewall_setup.sh +``` +5. Set Up Brute Force Protection +Set up Fail2Ban to block brute force attacks: +``` +cd ../brute_force_protection +sudo bash fail2ban_setup.sh +``` +6. Configure DDoS Protection +Copy the NGINX rate limiting configuration to your NGINX configuration file: +``` +sudo cp ../ddos_protection/ddos_protection.conf /etc/nginx/nginx.conf +sudo systemctl restart nginx +``` +### Usage +1. **Real-Time Monitoring** +To monitor your system's CPU, memory, and disk usage in real-time and send alerts, run the Python script: +``` +cd monitoring +python3 real_time_monitor.py +``` +2. Vulnerability Scanning +You can run vulnerability scans using either Nmap or Nuclei by following the steps below: + * Nmap Scan: +``` +cd ../vulnerability_scanner +python3 vulnerability_scan.py +``` +Choose option 1 for Nmap and enter the target IP. + +3. Block Suspicious IP +If you detect suspicious activity, you can block an IP by running the following script: +``` +cd ../firewall +sudo bash block_ip.sh +``` +4. Backup and Encrypt Data +To back up and encrypt sensitive data, use the following backup script: +``` +cd ../backups +sudo bash backup_script.sh +``` +### Author +IT Infrastructure Security Project was created by [@lamcodeofpwnosec](https://github.com/lamcodeofpwnosec/). \ No newline at end of file diff --git a/backups/backup_script.sh b/backups/backup_script.sh new file mode 100644 index 0000000..7028123 --- /dev/null +++ b/backups/backup_script.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Backup Script + +backup_dir="/var/backups" +target_dir="/home/user/data" +backup_file="$backup_dir/data_backup_$(date +%Y%m%d).tar.gz" + +# Create a backup and encrypt it using GPG +tar -czf - $target_dir | gpg --symmetric --cipher-algo aes256 -o $backup_file.gpg + +echo "Backup and encryption completed: $backup_file.gpg" diff --git a/brute_force_protection/fail2ban_setup.sh b/brute_force_protection/fail2ban_setup.sh new file mode 100644 index 0000000..c1f9a0a --- /dev/null +++ b/brute_force_protection/fail2ban_setup.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Fail2Ban Setup Script + +sudo apt update +sudo apt install fail2ban -y + +# Create a new jail configuration for SSH +cat < /etc/fail2ban/jail.local +[sshd] +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log +maxretry = 5 +bantime = 3600 # Ban for 1 hour +EOL + +# Restart Fail2Ban +sudo systemctl restart fail2ban + +echo "Fail2Ban setup completed!" diff --git a/ddos_protection/ddos_protection.conf b/ddos_protection/ddos_protection.conf new file mode 100644 index 0000000..6f4cb56 --- /dev/null +++ b/ddos_protection/ddos_protection.conf @@ -0,0 +1,9 @@ +http { + limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; + + server { + location / { + limit_req zone=one burst=5 nodelay; + } + } +} diff --git a/firewall/block_ip.sh b/firewall/block_ip.sh new file mode 100644 index 0000000..b323f9e --- /dev/null +++ b/firewall/block_ip.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Block IP Script + +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +IP=$1 + +# Block the given IP +iptables -A INPUT -s $IP -j DROP +iptables-save > /etc/iptables/rules.v4 + +echo "Blocked IP: $IP" diff --git a/firewall/firewall_setup.sh b/firewall/firewall_setup.sh new file mode 100644 index 0000000..d0e6407 --- /dev/null +++ b/firewall/firewall_setup.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Firewall Setup Script + +# Flush existing rules +iptables -F + +# Default policy: Drop all traffic +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +# Allow loopback traffic +iptables -A INPUT -i lo -j ACCEPT + +# Allow established connections +iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + +# Allow SSH +iptables -A INPUT -p tcp --dport 22 -j ACCEPT + +# Allow HTTP and HTTPS traffic +iptables -A INPUT -p tcp --dport 80 -j ACCEPT +iptables -A INPUT -p tcp --dport 443 -j ACCEPT + +# Log and drop everything else +iptables -A INPUT -j LOG --log-prefix "Dropped: " +iptables -A INPUT -j DROP + +# Save iptables rules +iptables-save > /etc/iptables/rules.v4 + +echo "Firewall setup completed!" diff --git a/incident_response/incident_response.py b/incident_response/incident_response.py new file mode 100644 index 0000000..1641769 --- /dev/null +++ b/incident_response/incident_response.py @@ -0,0 +1,10 @@ +import subprocess + +def block_ip(ip): + command = f"iptables -A INPUT -s {ip} -j DROP" + subprocess.run(command, shell=True) + print(f"Blocked IP: {ip}") + +if __name__ == "__main__": + suspicious_ip = "192.168.0.100" # Example suspicious IP + block_ip(suspicious_ip) diff --git a/monitoring/log_monitor.sh b/monitoring/log_monitor.sh new file mode 100644 index 0000000..49c6e8e --- /dev/null +++ b/monitoring/log_monitor.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# Log Monitoring Script + +log_file="/var/log/auth.log" +last_checked=$(date) + +# Monitor log file for specific keywords (e.g., "Failed password", "Unauthorized") +tail -Fn0 $log_file | while read line; do + echo "$line" | grep -i "failed password" + if [ $? = 0 ]; then + echo "Suspicious activity detected: $line" + echo "Suspicious activity detected on $(date): $line" | mail -s "Security Alert" admin@example.com + fi +done diff --git a/monitoring/real_time_monitor.py b/monitoring/real_time_monitor.py new file mode 100644 index 0000000..dada123 --- /dev/null +++ b/monitoring/real_time_monitor.py @@ -0,0 +1,27 @@ +import psutil +import time +import requests + +def send_alert(message): + webhook_url = 'https://hooks.slack.com/services/YOUR/WEBHOOK/URL' + payload = {'text': message} + requests.post(webhook_url, json=payload) + +def monitor_system(): + while True: + cpu_usage = psutil.cpu_percent(interval=1) + memory_info = psutil.virtual_memory() + disk_usage = psutil.disk_usage('/') + + # Check thresholds + if cpu_usage > 80: + send_alert(f"High CPU Usage: {cpu_usage}%") + if memory_info.percent > 80: + send_alert(f"High Memory Usage: {memory_info.percent}%") + if disk_usage.percent > 80: + send_alert(f"High Disk Usage: {disk_usage.percent}%") + + time.sleep(60) # Run every minute + +if __name__ == "__main__": + monitor_system() diff --git a/vulnerability_scanner/nuclei_scan.sh b/vulnerability_scanner/nuclei_scan.sh new file mode 100644 index 0000000..d807b7f --- /dev/null +++ b/vulnerability_scanner/nuclei_scan.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Nuclei Scan Script +# Description: This script runs a Nuclei scan against a specified target. +# Dependencies: Nuclei must be installed (https://github.com/projectdiscovery/nuclei) + +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +TARGET=$1 + +# Update Nuclei templates before scanning +echo "Updating Nuclei templates..." +nuclei -update-templates + +# Run Nuclei scan against the target +echo "Running Nuclei scan on target: $TARGET..." +nuclei -u $TARGET -o "$TARGET"_nuclei_report.txt + +echo "Nuclei scan complete. Report saved to $TARGET_nuclei_report.txt" diff --git a/vulnerability_scanner/vulnerability_scan.py b/vulnerability_scanner/vulnerability_scan.py new file mode 100644 index 0000000..ed15729 --- /dev/null +++ b/vulnerability_scanner/vulnerability_scan.py @@ -0,0 +1,30 @@ +import subprocess + +def scan_nmap(target_ip): + """ Run Nmap scan """ + print(f"Running Nmap scan on {target_ip}...") + nmap_scan_command = ["nmap", "-sV", "--script=vulscan/vulscan.nse", target_ip] + result = subprocess.run(nmap_scan_command, stdout=subprocess.PIPE) + print(result.stdout.decode()) + +def scan_nuclei(target_url): + """ Run Nuclei scan """ + print(f"Running Nuclei scan on {target_url}...") + nuclei_scan_command = ["./nuclei_scan.sh", target_url] + result = subprocess.run(nuclei_scan_command, stdout=subprocess.PIPE) + print(result.stdout.decode()) + +if __name__ == "__main__": + print("Select a vulnerability scan:") + print("1) Nmap Vulnerability Scan") + print("2) Nuclei Vulnerability Scan") + scan_choice = input("Enter choice: ") + + if scan_choice == "1": + target = input("Enter the target IP for Nmap scan: ") + scan_nmap(target) + elif scan_choice == "2": + target = input("Enter the target URL for Nuclei scan: ") + scan_nuclei(target) + else: + print("Invalid choice. Exiting.") diff --git a/waf/waf.py b/waf/waf.py new file mode 100644 index 0000000..3da65a0 --- /dev/null +++ b/waf/waf.py @@ -0,0 +1,22 @@ +from flask import Flask, request, abort + +app = Flask(__name__) + +# Define bad patterns (for SQL injection, XSS, etc.) +BAD_PATTERNS = ["