archive of tuffy and btcdashboardHEADmain

1 files changed, 379 insertions, 0 deletions

diff --git a/tuffy/tuffycommand1.py b/tuffy/tuffycommand1.py
new file mode 100644
index 0000000..5b069ea
--- /dev/null
+++ b/tuffy/tuffycommand1.py
@@ -0,0 +1,379 @@
+#!/usr/bin/env python3
+import argparse
+import os
+import io
+import os
+import shutil
+import fileinput
+import subprocess
+#import paramiko #install pip3, paramiko, zip
+import sys
+import time
+
+"""
+External dependencies:
+https://api.ipify.org
+    to get the pubic facing ip address of this server
+
+    NOTES
+    -before deploying, make sure template files are present and pub keys installed
+    -at each step of the process, describe what you want to do
+
+    next steps
+    -hardcode aws and terraform installation and their credentials for ease of testing on new servers
+    -can test exfil and infil
+    -
+
+"""
+#global variables
+working_user="ubuntu"
+working_directory=f"/home/{working_user}/tuffycommand1"
+
+def deploy(args):
+    #print(f"Hello {args.name}!")
+    #print(f"{args.name}, {args.cloudcomputeprovider}, {args.location}, {args.serverid}, {args.clients}!")
+    
+    #prerequisite for this code block to run is to have the lowpriv pub in the user dir, rest works
+    #this is to initialise the low priv user to put files in.
+    #store the variable 'username' and install ssh keys if they don't exist for remote user login
+    lpusername = "lowpriv"
+    pubkey_file = f"{working_directory}/pubkey/lowpriv.pub"
+    
+    file_names = [f"{pubkey_file}",
+                  f"{working_directory}/server_exec-template/comp208.pub", 
+                  f"{working_directory}/server_exec-template/exfil.sh", 
+                  f"{working_directory}/server_exec-template/init.sh",
+                  f"{working_directory}/server_exec-template/lowpriv", 
+                  f"{working_directory}/server_provisioning-template/template.tf", 
+                  f"{working_directory}/server_provisioning-template/tf-start.sh", 
+                  f"{working_directory}/server_provisioning-template/tf-end.sh"]
+    for file_name in file_names:
+        if os.path.exists(file_name):
+            continue
+        else:
+            print("one of the prerequisite files isn't present.")
+            print("exiting program")
+            sys.exit()
+
+    if os.system("grep -q '^" + lpusername + ":' /etc/passwd") == 0:
+        print("user already exist, pub key is assumed to be installed")
+    else:
+        print("user does not exist, creating...")
+        #create the new user with low-privileges!!
+        subprocess.run(["useradd", "-m", "-s", "/bin/bash", lpusername])
+        subprocess.run(["mkdir", "-p", f"/home/{lpusername}/.ssh"])
+        subprocess.run(["chmod", "700", f"/home/{lpusername}/.ssh"])
+        subprocess.run(["touch", f"/home/{lpusername}/.ssh/authorized_keys"])
+        subprocess.run(["chmod", "600", f"/home/{lpusername}/.ssh/authorized_keys"])
+        subprocess.run(["chown", "-R", f"{lpusername}:{lpusername}", f"/home/{lpusername}/.ssh"])
+        with open(pubkey_file, "r") as f:
+            pubkey_file = f.read()
+            with open(f"/home/{lpusername}/.ssh/authorized_keys", "a") as auth_file:
+                auth_file.write(pubkey_file)
+        print(f"User '{lpusername}' has been created with the provided public key")
+    
+    cmd = "curl ifconfig.me"
+    result = subprocess.run(cmd, stdout=subprocess.PIPE, shell=True)
+    local_public_ip = result.stdout.decode().strip()
+    print(local_public_ip)
+    
+
+    #you need these 3 variables and serverid to configure the template for terraform!
+    location_aws=""
+    ami=""
+    ccp=""
+    if args.location == "London":
+        location_aws = "eu-west-2"
+        ami="ami-038d76c4d28805c09"
+        ccp="aws"
+    elif args.location == "Paris":
+        location_aws = "eu-west-3"
+        ami="ami-0dfb6769e523bf035"
+        ccp="aws"
+    else:
+        print("Error: invalid cloud compute location. Allowed locations are 'London' and 'Paris'")
+        print("exiting program")
+        sys.exit()
+
+    #create unique directory
+    path = os.path.join(working_directory,"instances", args.name, ccp, args.location, args.serverid)
+    print(f"unique server path is {path}")
+    if os.path.exists(os.path.expanduser(path)):
+        print("Error: Directory already exists, nothing will happen, program will continue to run")
+    else:
+        os.makedirs(os.path.expanduser(path))
+        print("hi new directory will be made")
+    
+    # copy file from source to destination directory
+    source_dir = f"{working_directory}/server_provisioning-template/"
+    dest_dir = f"{path}/server_provisioning/"
+    if not os.path.exists(dest_dir):
+        #if directory does not exist, create it
+        os.makedirs(dest_dir)
+    for filename in os.listdir(source_dir):
+        src_file = os.path.join(source_dir, filename)
+        dest_file = os.path.join(dest_dir, filename)
+        #overwrite the file if it already exists
+        shutil.copy(src_file, dest_file)
+
+    
+    # Replace string in template.tf file
+    filename_template = os.path.join(path, "server_provisioning/template.tf")
+    with fileinput.FileInput(os.path.join(path, filename_template), inplace=True, backup="", mode="r") as file:
+        #these strings are already in the template
+        old_string_location = "LOCATION-TEMPLATE"
+        old_string_ami = "AMI-TEMPLATE"
+        old_string_serverid = "SERVERID-TEMPLATE"
+        #do note the below 3 commands do not work on mac due to a bug in sed
+        #verified it works in linux
+        subprocess.run(f"sed -i 's/{old_string_location}/{location_aws}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's/{old_string_ami}/{ami}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's/{old_string_serverid}/{args.serverid}/g' {filename_template}", shell=True)
+    print("template change success")
+
+    #commands to execute in the particular instance's directory
+    print("path changed to the server path")
+    path_server_provisioning=os.path.join(f"{path}","server_provisioning/")
+    os.chdir(path_server_provisioning)
+    commands = [
+        f"chmod +x {path_server_provisioning}tf-start.sh", 
+        f"chmod +x {path_server_provisioning}tf-end.sh", 
+        f"sudo {path_server_provisioning}tf-start.sh"
+    ]
+
+
+        # Iterate over the commands and execute them
+    for command in commands:
+        # Build the full SSH command to execute
+        #full_command = f"{ssh_command} '{command}'"
+        # Start the subprocess and capture the output
+        process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        # Print the output as it is generated
+        while True:
+            # Read a line of output from the process's stdout stream
+            output = process.stdout.readline()
+            # If there is no more output, break out of the loop
+            if not output:
+                break
+            # Decode the output and print it to the console
+            print(output.decode().strip())
+        # Print any error messages that were generated
+        stderr_output = process.stderr.read().decode()
+        if stderr_output:
+            print(f"Error: {stderr_output.strip()}")
+        # Wait for the process to finish
+        process.wait()
+    subprocess.run(f"mv terraform-output.txt ../", shell=True)
+    os.chdir(working_directory)
+    
+    
+    #after tf-start.sh is executed, output.txt is produced
+    #store each variable of "output.txt"
+    filename_output = os.path.join(path, "terraform-output.txt")
+    instance_id=""
+    instance_public_ip=""
+    instance_labelled_serverid=""
+    with open(filename_output) as file:
+        lines = [line.strip() for line in file.readlines()]
+        instance_id=lines[0]
+        instance_public_ip=lines[1]
+        instance_labelled_serverid=lines[2]
+    #check if the created server id, labelled in terraform is the same as the one given as input. it should be the same.
+    if args.serverid == instance_labelled_serverid:
+        pass
+        print("server initialisation success!!")
+    else:
+        print('ERROR! \nThe instance you created does not have the same server id as the one you assigned it.\n(The problem is due to a mistake made by the programmer)')
+    
+
+    print("\nserver initialisation success! now we are going to configure and install the vpn on the server\n")
+    
+    #set source and destination directory
+    source_dir = "server_exec-template/"
+    dest_dir = os.path.join(path, "server_exec")
+    if not os.path.exists(dest_dir):
+        #if directory does not exist, create it
+        os.makedirs(dest_dir)
+    #copy all files from the source destination
+    for filename in os.listdir(source_dir):
+        src_file = os.path.join(source_dir, filename)
+        dest_file = os.path.join(dest_dir, filename)
+        #overwrite the file if it already exists
+        shutil.copy(src_file, dest_file)
+
+
+
+
+    #now make the .sh file to be executed in the user environment
+
+    #create edited input file, line seperated
+    with io.open(os.path.expanduser(f"{path}/server-info-all.txt"), "w", encoding="utf-8") as f:
+        f.write(f"{args.name}\n")
+        f.write(f"{ccp}\n")
+        f.write(f"{args.location}\n")
+        f.write(f"{args.clients}\n")
+        f.write(f"{args.serverid}\n")
+        f.write(f"{location_aws}\n")
+        f.write(f"{ami}\n")
+        f.write(f"\n")
+        f.write(f"{local_public_ip}\n")
+        f.write(f"{instance_public_ip}\n")
+        f.write(f"{lpusername}\n")
+        f.write(f"{pubkey_file}\n")
+    
+
+
+    #generate a list of client names
+    clients = [f'client{i}' for i in range(1, args.clients+1)]
+    #concatenate the client names into a comma-separated string
+    client_string = ','.join(clients)   
+    print(f"client string is {client_string}") 
+    
+    
+    filename_template = os.path.join(f"{path}","server_exec", "exfil.sh")
+    #subprocess.run(f"cat {filename_template}", shell=True)
+    with fileinput.FileInput(os.path.join(path, filename_template), inplace=True, backup="", mode="r") as file:
+        #these strings are already in the template
+        old_string_iip = "instance_ip_TEMPLATE"
+        old_string_clientstring = "allclients_TEMPLATE"
+        old_string_lpusername = "lowpriv_TEMPLATE"
+        old_string_serverip = "exfil_ip_TEMPLATE"
+        lowpriv_serverdir=f"/home/lowpriv{path}"
+        old_string_serverdir = "exfil_dir_TEMPLATE"
+        #do note the below 3 commands do not work on mac due to a bug in sed
+        #verified it works in linux
+        subprocess.run(f"sed -i 's/{old_string_iip}/{instance_public_ip}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's/{old_string_clientstring}/{client_string}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's/{old_string_lpusername}/{lpusername}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's/{old_string_serverip}/{local_public_ip}/g' {filename_template}", shell=True)
+        subprocess.run(f"sed -i 's+{old_string_serverdir}+{lowpriv_serverdir}+g' {filename_template}", shell=True) 
+     
+
+    #instance_public_ip="10.211.55.18"
+    print("sleeping 10")
+    time.sleep(10)
+    #if not, ssh will fail, aws needs a bit of time for their ssh to work
+    username='ubuntu'
+    key_filename='/home/ubuntu/awscomp208.pem'
+    print(instance_public_ip)
+
+    # make the zipped file from the folder that already contains the preconfigured files first
+    local_folder_name = os.path.join(path, "server_exec")
+    local_zipped_file = f'{local_folder_name}.zip'
+    path_to_zipped_file = os.path.join(path,local_zipped_file)
+    #print("hiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii")
+    #print(path_to_zipped_file)
+    print("zipping local configured initialisation files for transfer")
+    subprocess.run(f"cp {path}/server-info-all.txt {local_folder_name}/", shell=True)
+    subprocess.run(f"zip -r {local_folder_name}.zip {local_folder_name}/", shell=True)
+    print("")
+
+    time.sleep(1)
+    print("transferring zipped file over to the other(vpn) server")
+    #EDIT SSH AUTH FILE AND USERNAME HERE
+    print(local_zipped_file)
+    print(instance_public_ip)
+    subprocess.run(f"scp -i /home/ubuntu/awscomp208.pem -o StrictHostKeyChecking=no {local_zipped_file} ubuntu@{instance_public_ip}:/home/ubuntu/", shell=True)
+    subprocess.run(f"scp -i /home/ubuntu/awscomp208.pem -o StrictHostKeyChecking=no {path}/server_exec/init.sh ubuntu@{instance_public_ip}:/home/ubuntu/", shell=True)
+    # unzip file on remote server
+
+    remote_folder_name = local_folder_name[1:]
+
+    # Define the SSH command to use
+    ssh_command = f"ssh -i {key_filename} {username}@{instance_public_ip}"
+
+    # Define the commands to execute
+    commands = [
+        #f"sudo apt-get update",
+        #f"echo 'update completed, sleeping for 20 seconds'",
+        #f"sleep 20",
+        #f"sudo apt-get install zip unzip tree tmux vim htop mlocate mosh net-tools -y",
+        f"sudo rm -rf /var/lib/apt/lists/*",
+        f"sudo chmod +x init.sh",
+        f"sudo ./init.sh",
+        #f"sudo apt-get update && sudo apt-get install zip unzip tree -y",
+        f"unzip -o /home/ubuntu/server_exec.zip -d /home/ubuntu/",
+        f"cp {remote_folder_name}/* .",
+        f"rm -rf home/ ",
+        f"chmod +x *",
+        f"sudo ./exfil.sh"
+    ]
+
+    # Iterate over the commands and execute them
+    for command in commands:
+        # Build the full SSH command to execute
+        full_command = f"{ssh_command} '{command}'"
+        # Start the subprocess and capture the output
+        process = subprocess.Popen(full_command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        # Print the output as it is generated
+        while True:
+            # Read a line of output from the process's stdout stream
+            output = process.stdout.readline()
+            # If there is no more output, break out of the loop
+            if not output:
+                break
+            # Decode the output and print it to the console
+            print(output.decode().strip())
+        # Print any error messages that were generated
+        stderr_output = process.stderr.read().decode()
+        if stderr_output:
+            print(f"Error: {stderr_output.strip()}")
+        # Wait for the process to finish
+        process.wait()
+    
+    subprocess.run(f"tree /home/lowpriv/", shell=True)
+    #subprocess.run(f"sudo mkdir {path}/files/", shell=True)
+    subprocess.run(f"sudo unzip /home/{lpusername}{path}/t33-exfil.zip -d {path}", shell=True)
+
+
+    path2 = os.path.join("/opt/lampp/htdocs/",args.name, ccp, args.location, args.serverid)
+    if not os.path.exists(path2):
+        os.makedirs(path2, mode=0o777, exist_ok=True)
+    print(path2)
+    subprocess.run(f"sudo mv {path}/t33-exfil/* {path2}", shell=True)
+    subprocess.run("pwd",shell=True)
+    subprocess.run(f"sudo zip -j {path2}/file.zip {path2}/*", shell=True)
+    subprocess.run(f"sudo chmod 777 {path2}/file.zip ", shell=True)
+#    subprocess.run(f"sudo rm -rf /home/ubuntu/tuffycommand1/instances/", shell=True)
+    #subprocess.run(f"tree /home/ubuntu/tuffycommand1", shell=True)
+    
+
+
+#    ssh.close()
+    
+    
+
+
+
+    
+    
+
+
+def destroy(args):
+    print(f"currently in development!")
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    subparsers = parser.add_subparsers()
+
+    deploy_p = subparsers.add_parser('deploy')
+    deploy_p.add_argument('name')
+    deploy_p.add_argument('cloudcomputeprovider')
+    deploy_p.add_argument('location')
+    deploy_p.add_argument('serverid')
+    deploy_p.add_argument('clients',type=int)
+    deploy_p.set_defaults(func=deploy)
+
+    destroy_p = subparsers.add_parser('destroy')
+    destroy_p.add_argument('name')
+    destroy_p.set_defaults(func=destroy)
+
+    try:
+        args = parser.parse_args()
+        args.func(args)
+    except AttributeError:
+        print("Error: no sub-command specified.")
+        parser.print_help()
+
+