diff --git a/app.py b/app.py new file mode 100644 index 0000000..b5af200 --- /dev/null +++ b/app.py @@ -0,0 +1,32 @@ +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF \ No newline at end of file diff --git a/configs/LinuxA.sh b/configs/LinuxA.sh new file mode 100644 index 0000000..614d7a0 --- /dev/null +++ b/configs/LinuxA.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Linux A +echo -e "Starting the MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.25.10/24 +ip link set macvlan1 up + +echo -e "Ending the MACVLAN installation\n\n" + +echo -e "Routing configuration FROM Linux A to Linux C \n\n" +ip route add 192.168.9.0/24 via 192.168.25.1 + +echo -e "Starting to installing FLASK \n" +pip install flask +echo -e "End of installing FLASK \n\n" + +echo -e "Creating web-server\n" +touch app.py +cat << EOF >app.py + +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +# @app.route("/", methods =['POST']) +# def post_(number): +# return f"POST-request : {number}\n\n" + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF + +echo -e "Run the server\n" +python app.py + + \ No newline at end of file diff --git a/configs/LinuxB.sh b/configs/LinuxB.sh new file mode 100644 index 0000000..dcf16e6 --- /dev/null +++ b/configs/LinuxB.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Linux B + +echo -e "Starting the first MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.25.1/24 +ip link set macvlan1 up +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Starting the second MACVLAN installation\n" +ip link add macvlan2 link eth0 type macvlan mode bridge +ip addres add dev macvlan2 192.168.9.1/24 +ip link set macvlan2 up +echo -e "Ending the second MACVLAN installation\n\n" + +echo -e "Installation tcpdump\n" +apk add tcpdump + +echo -e "Configurate tcpdump (only http throw 5000 port)" + +tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000' diff --git a/configs/LinuxC.sh b/configs/LinuxC.sh new file mode 100644 index 0000000..21b9550 --- /dev/null +++ b/configs/LinuxC.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Linux C + +echo -e "Starting the first MACVLAN installation\n" + +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.9.100/24 +ip link set macvlan1 up +ip route add 192.168.25.0/24 via 192.168.9.1 + +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Sending GET-request\n" +curl "http://192.168.25.10:5000/" + + +echo -e "Sending POST-request\n" +curl -X POST -H "Content-Type: application/json" -d' {"username":"it_aint","password":"me"}' http://192.168.25.10:5000 + +echo -e "\nChanging passwords \n" + +curl -X PUT http://192.168.25.10:5000?password=senators_son + +echo -e "Sending request to incorrect port\n" +curl http://192.168.25.10:8080 diff --git a/pics/1.PNG b/pics/1.PNG new file mode 100644 index 0000000..b86b1e8 Binary files /dev/null and b/pics/1.PNG differ diff --git a/pics/10.PNG b/pics/10.PNG new file mode 100644 index 0000000..363f4a6 Binary files /dev/null and b/pics/10.PNG differ diff --git a/pics/2.PNG b/pics/2.PNG new file mode 100644 index 0000000..300904b Binary files /dev/null and b/pics/2.PNG differ diff --git a/pics/3.PNG b/pics/3.PNG new file mode 100644 index 0000000..22c42e4 Binary files /dev/null and b/pics/3.PNG differ diff --git a/pics/4.PNG b/pics/4.PNG new file mode 100644 index 0000000..0a6973a Binary files /dev/null and b/pics/4.PNG differ diff --git a/pics/5.PNG b/pics/5.PNG new file mode 100644 index 0000000..74a45b1 Binary files /dev/null and b/pics/5.PNG differ diff --git a/pics/6.PNG b/pics/6.PNG new file mode 100644 index 0000000..0230988 Binary files /dev/null and b/pics/6.PNG differ diff --git a/pics/7.PNG b/pics/7.PNG new file mode 100644 index 0000000..2419dc0 Binary files /dev/null and b/pics/7.PNG differ diff --git a/pics/8.PNG b/pics/8.PNG new file mode 100644 index 0000000..10af546 Binary files /dev/null and b/pics/8.PNG differ diff --git a/pics/9.PNG b/pics/9.PNG new file mode 100644 index 0000000..9480e36 Binary files /dev/null and b/pics/9.PNG differ diff --git a/pics/LinA.PNG b/pics/LinA.PNG new file mode 100644 index 0000000..8785499 Binary files /dev/null and b/pics/LinA.PNG differ diff --git a/pics/LinB1.PNG b/pics/LinB1.PNG new file mode 100644 index 0000000..794b651 Binary files /dev/null and b/pics/LinB1.PNG differ diff --git a/pics/LinB2.PNG b/pics/LinB2.PNG new file mode 100644 index 0000000..2a4f384 Binary files /dev/null and b/pics/LinB2.PNG differ diff --git a/pics/LinC.PNG b/pics/LinC.PNG new file mode 100644 index 0000000..aca32b9 Binary files /dev/null and b/pics/LinC.PNG differ diff --git a/Linux Practice.png b/pics/Linux Practice.png similarity index 100% rename from Linux Practice.png rename to pics/Linux Practice.png diff --git a/report.md b/report.md new file mode 100644 index 0000000..1d4cca8 --- /dev/null +++ b/report.md @@ -0,0 +1,344 @@ + +## Шаг 1: создание виртуальных машин + +С помощью возможностей `https://labs.play-with-docker.com/` создаем три виртуальные машины при помощи нажатия `ADD NEW INSTANCE`. + +

+ +

+ +

+ Три виртуальные машины в PWD +

+ +## Шаг 2: генерация SSH-ключа +Для подключения к виртуальным машинам по SSH необходимо сгененрировать ключ (см. рис. 2). + +

+ +

+ +

+ Генерация ключа SSH с помощью протокола ed25519 +

+ +Подключение к виртуальным машинам происходит по командам, указанным для каждой виртуалке в PWD: + +1. `ssh ip172-18-0-94-cp7jhrq91nsg00f23ptg@direct.labs.play-with-docker.com` - LinuxA +2. `ssh ip172-18-0-118-cp7jhrq91nsg00f23ptg@direct.labs.play-with-docker.com` - LinuxB +3. `ssh ip172-18-0-124-cp7jhrq91nsg00f23ptg@direct.labs.play-with-docker.com` - LinuxC + +## Шаг 3: Настройка маршрутов +Согласно схеме, приведенной на рисунке 3, необходимо настроить сеть: +* у Linux A и Linux C - по одному адаптеру +* Linux B - по два адаптера + +

+ +

+ +

+ Развертка трех ВМ по заданной схеме +

+ +По заданию каждому адаптеру необходимо назначить следующие ip-адреса: +Linux A : `192.168.25.10 / 24` (см. рис. 4) + +Linux B_1 : `192.168.25.1 / 24` (см. рис. 6) + +Linux B_2 : `192.168.9.1 / 24` (см. рис. 7) + +Linux С : `192.168.9.100 / 24` (см. рис. 5) + + + + +

+ +

+ +

+ Создание адаптера и установка IP для Linux A +

+ + + +

+ +

+ +

+ Создание адаптера и установка первого IP для Linux B +

+ + + +

+ +

+ +

+ Создание адаптера и установка второго IP для Linux B +

+ + + +

+ +

+ +

+ Создание 2-го адаптера и установка IP для Linux C +

+ + + + После настройки сети на ВМ необходимо прописать маршруты у клиентов А и С к их подсетям через машину В при помощи команды: `ip route add / via ` + + +

+ +

+ +

+ Настройка маршрута передачи от А к С через B +

+ + + + +

+ +

+ +

+ Настройка маршрута передачи от C к A через B +

+ + +## Шаг 3: Настройка фаерволла + +На Linux B необходимо настроить файрвол таким образом, чтобы Linux B пропускал только http и только через порт 5000. + +Это можно сделать при помощи tcpdump. + +`apk add tcpdump` + +`tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000'` + +

+ +

+ +После этого, послав запрос с Linux A на Linux C, через порт, например, 8080, получим следующее: + + +

+ +

+ +

+ Запрос через порт, отличный от 5000 +

+ + + +## Шаг 4: Организация клиент-серверного взаимодействия между А и С + +После настройки маршрутов необходимо развернуть сервер на А. Для этого нужно использовать библиотеку Flask + + +

+ +

+ +

+ Установка Flask +

+ + +Далее создаем файл app.py со следующим содержимым: + +```py +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF +``` +Запущенный сервер выглядит так: + +

+ +

+ +

+ Сервер на машине А +

+ + + +

+ +

+ +

+ Ответ на отправленные запросы с машины С на А +

+ + + + +

+ +

+ +

+ Запросы, пришедшие на сервер А +

+ + +Для более упрощения работы с виртуальными машинами напишем три скрипта. + +*Скрипт конфигурации виртуальной машины А* +```sh +#!/bin/bash +# Linux A +echo -e "Starting the MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.25.10/24 +ip link set macvlan1 up + +echo -e "Ending the MACVLAN installation\n\n" + +echo -e "Routing configuration FROM Linux A to Linux C \n\n" +ip route add 192.168.9.0/24 via 192.168.25.1 + +echo -e "Start to installing FLASK \n" +pip install flask +echo -e "End to installing FLASK \n\n" + +echo -e "Creating web-server\n" +touch app.py +cat << EOF >app.py + +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +# @app.route("/", methods =['POST']) +# def post_(number): +# return f"POST-request : {number}\n\n" + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF + +echo -e "Run the server\n" +python app.py +``` +*Скрипт конфигурации виртуальной машины В* +```sh +#!/bin/bash +# Linux B + +echo -e "Starting the first MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.25.1/24 +ip link set macvlan1 up +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Starting the second MACVLAN installation\n" +ip link add macvlan2 link eth0 type macvlan mode bridge +ip addres add dev macvlan2 192.168.9.1/24 +ip link set macvlan2 up +echo -e "Ending the second MACVLAN installation\n\n" + +echo -e "Installation tcpdump\n" +apk add tcpdump + +echo -e "Configurate tcpdump (only http throw 5000 port)" + +tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000' +``` +*Скрипт конфигурации виртуальной машины С* +```sh +#!/bin/bash +# Linux C + +echo -e "Starting the first MACVLAN installation\n" + +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.9.100/24 +ip link set macvlan1 up +ip route add 192.168.25.0/24 via 192.168.9.1 + +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Sending GET-request\n" +curl "http://192.168.25.10:5000/" + + +echo -e "Sending POST-request\n" +curl -X POST -H "Content-Type: application/json" -d' {"username":"it_aint","password":"me"}' http://192.168.25.10:5000 + +echo -e "\nChanging passwords \n" + +curl -X PUT http://192.168.25.10:5000?password=senators_son + +echo -e "Sending request to incorrect port\n" +curl http://192.168.25.10:8080 +``` +