Untitled

avatar
unknown
plain_text
a month ago
2.2 kB
8
Indexable
(venv) isen@debian-tp:~/taff$ sudo ./def.sh 
[INFO] Verification de l'environnement...
[ OK ] Environnement detecte: /home/isen/taff
[INFO] Detection de l'IP de la VM...
[INFO] IP detectee : 192.168.240.167
[INFO] Test internet initial...
[ OK ] Internet fonctionnel (avant durcissement)

===== PHASE 1 : RESET =====

[INFO] Arret vuln-app...
[ OK ] vuln-app arrete
[INFO] Arret nginx...
[ OK ] nginx arrete
[INFO] Verification port 80...
[ OK ] Port 80 libre
[INFO] Nettoyage AppArmor...
[ OK ] AppArmor nettoye
[INFO] Nettoyage nginx (sites)...
[ OK ] Sites nginx tous desactives
[ OK ] UFW reset
[ OK ] Fail2ban nettoye
[ OK ] SSH restaure + faillock reset
[ OK ] User appflask supprime
[ OK ] Reset complet

===== PHASE 2 : INSTALL =====

[INFO] Test internet apres reset...
[ OK ] Internet OK
[INFO] [Couche 1] setcap...
[ OK ] Capability appliquee
[INFO] [Couche 2] User + systemd + cgroups...
[ OK ] User appflask cree
[ OK ] Permissions appliquees
[ OK ] /my-app cree (partage appflask/isen)
[INFO] Test execution python...
[ OK ] appflask peut executer python + flask
[ OK ] Service systemd cree
[INFO] [Couche 3] Nginx + WAF...
[ OK ] Config nginx valide
[INFO] [Couche 4] UFW...
[ OK ] UFW : sortant TOUT autorise, entrant=22/80/8080
[WARN] Internet KO apres UFW - tentative fix DNS
[INFO] [Couche 5] Fail2ban...
[ OK ] Fail2ban configure
[WARN] [Couche 7] AppArmor desactive
[INFO] [Couche 9] SSH + PAM...
[ OK ] SSH config valide
[ OK ] PAM faillock active
[INFO] Demarrage des services...
[INFO] Demarrage vuln-app (port 80)...
Created symlink '/etc/systemd/system/multi-user.target.wants/vuln-app.service' → '/etc/systemd/system/vuln-app.service'.
[ OK ] Service vuln-app actif
[INFO] Demarrage nginx (port 8080)...
[ OK ] Nginx actif
[ OK ] Services redemarres
[INFO] Attente que Flask soit pret...

===== PHASE 3 : VALIDATION =====


--- COUCHE 1 : Drop privileges ---
  Service tourne en non-root                        OK (uid=997)
  Cmd injection uid non root                        ?

--- COUCHE 2 : systemd hardening ---
  /etc/shadow inaccessible                          OK
  Ecriture /etc bloquee                             (venv) isen@debian-tp:~/taff$
Editor is loading...
Leave a Comment