diff --git a/app.py b/app.py new file mode 100644 index 0000000..76578d1 --- /dev/null +++ b/app.py @@ -0,0 +1,32 @@ +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF \ No newline at end of file diff --git a/configs/LinuxA.sh b/configs/LinuxA.sh new file mode 100644 index 0000000..e1e524d --- /dev/null +++ b/configs/LinuxA.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Linux A +echo -e "Starting the MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.4.10/24 +ip link set macvlan1 up + +echo -e "Ending the MACVLAN installation\n\n" + +echo -e "Routing configuration FROM Linux A to Linux C \n\n" +ip route add 192.168.3.0/24 via 192.168.4.1 + +echo -e "Starting to installing FLASK \n" +pip install flask +echo -e "End of installing FLASK \n\n" + +echo -e "Creating web-server\n" +touch app.py +cat << EOF >app.py + +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +# @app.route("/", methods =['POST']) +# def post_(number): +# return f"POST-request : {number}\n\n" + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF + +echo -e "Run the server\n" +python app.py + + \ No newline at end of file diff --git a/configs/LinuxB.sh b/configs/LinuxB.sh new file mode 100644 index 0000000..1611a10 --- /dev/null +++ b/configs/LinuxB.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Linux B + +echo -e "Starting the first MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.4.1/24 +ip link set macvlan1 up +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Starting the second MACVLAN installation\n" +ip link add macvlan2 link eth0 type macvlan mode bridge +ip addres add dev macvlan2 192.168.3.1/24 +ip link set macvlan2 up +echo -e "Ending the second MACVLAN installation\n\n" + +echo -e "Installation tcpdump\n" +apk add tcpdump + +echo -e "Configurate tcpdump (only http throw 5000 port)" + +tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000' diff --git a/configs/LinuxC.sh b/configs/LinuxC.sh new file mode 100644 index 0000000..95e0822 --- /dev/null +++ b/configs/LinuxC.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Linux C + +echo -e "Starting the first MACVLAN installation\n" + +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.3.100/24 +ip link set macvlan1 up +ip route add 192.168.4.0/24 via 192.168.3.1 + +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Sending GET-request\n" +curl "http://192.168.4.10:5000/" + + +echo -e "Sending POST-request\n" +curl -X POST -H "Content-Type: application/json" -d' {"username":"crll","password":"mn"}' http://192.168.4.10:5000 + +echo -e "\nChanging passwords \n" + +curl -X PUT http://192.168.4.10:5000?password=incorrect + +echo -e "Sending request to incorrect port\n" +curl http://192.168.4.10:5001 diff --git a/imgs/1.PNG b/imgs/1.PNG new file mode 100644 index 0000000..b5bac05 Binary files /dev/null and b/imgs/1.PNG differ diff --git a/imgs/10.PNG b/imgs/10.PNG new file mode 100644 index 0000000..2d352be Binary files /dev/null and b/imgs/10.PNG differ diff --git a/imgs/11.PNG b/imgs/11.PNG new file mode 100644 index 0000000..5a38c7b Binary files /dev/null and b/imgs/11.PNG differ diff --git a/imgs/12.PNG b/imgs/12.PNG new file mode 100644 index 0000000..2ceb32d Binary files /dev/null and b/imgs/12.PNG differ diff --git a/imgs/13.PNG b/imgs/13.PNG new file mode 100644 index 0000000..845252d Binary files /dev/null and b/imgs/13.PNG differ diff --git a/imgs/2.PNG b/imgs/2.PNG new file mode 100644 index 0000000..e1406a7 Binary files /dev/null and b/imgs/2.PNG differ diff --git a/imgs/3.PNG b/imgs/3.PNG new file mode 100644 index 0000000..4d65dd2 Binary files /dev/null and b/imgs/3.PNG differ diff --git a/imgs/4.PNG b/imgs/4.PNG new file mode 100644 index 0000000..ec3b6c0 Binary files /dev/null and b/imgs/4.PNG differ diff --git a/imgs/5.PNG b/imgs/5.PNG new file mode 100644 index 0000000..ca37867 Binary files /dev/null and b/imgs/5.PNG differ diff --git a/imgs/6.PNG b/imgs/6.PNG new file mode 100644 index 0000000..58d1803 Binary files /dev/null and b/imgs/6.PNG differ diff --git a/imgs/7.PNG b/imgs/7.PNG new file mode 100644 index 0000000..48ec696 Binary files /dev/null and b/imgs/7.PNG differ diff --git a/imgs/8.PNG b/imgs/8.PNG new file mode 100644 index 0000000..355fa5e Binary files /dev/null and b/imgs/8.PNG differ diff --git a/imgs/9.PNG b/imgs/9.PNG new file mode 100644 index 0000000..a9251c1 Binary files /dev/null and b/imgs/9.PNG differ diff --git a/imgs/flask_5001.png b/imgs/flask_5001.png new file mode 100644 index 0000000..a722ac7 Binary files /dev/null and b/imgs/flask_5001.png differ diff --git a/report.md b/report.md new file mode 100644 index 0000000..0e18c42 --- /dev/null +++ b/report.md @@ -0,0 +1,343 @@ + +## 1: создание виртуальных машин + +На `https://labs.play-with-docker.com/` создаем три виртуальные машины. + +

+ +

+ +

+ Три машины в PWD +

+ +## 2: генерация ключа +Для подключения к виртуальным машинам по SSH с рабочей машины необходимо сгенерировать ключ. + +

+ +

+ +

+ Генерация ключа SSH с помощью протокола ed25519 +

+ +Подключение к виртуальным машинам с рабочей происходит путём ввода в терминал команды, указанной для каждой виртуалки: + +1. `ssh ip172-18-0-94-cp82fi0l2o9000cckerg@direct.labs.play-with-docker.com` - Linux A +2. `ssh ip172-18-0-85-cp82fi0l2o9000cckerg@direct.labs.play-with-docker.com` - Linux B +3. `ssh ip172-18-0-96-cp82fi0l2o9000cckerg@direct.labs.play-with-docker.com` - Linux C + +## 3: Настройка маршрутов +Согласно схеме, приведенной на рисунке, необходимо настроить сеть: +* у Linux A и Linux C - по одному адаптеру +* Linux B - по два адаптера + +

+ +

+ +

+ Рисунок задания +

+ +По заданию каждому адаптеру необходимо назначить следующие ip-адреса: +Linux A : `192.168.4.10 / 24` (см. рис. 4) + +Linux B_1 : `192.168.4.1 / 24` (см. рис. 6) + +Linux B_2 : `192.168.3.1 / 24` (см. рис. 7) + +Linux С : `192.168.3.100 / 24` (см. рис. 5) + + + + +

+ +

+ +

+ Создание адаптера и установка IP для Linux A +

+ + + +

+ +

+ +

+ Создание адаптеров и установка IP для Linux B +

+ + + +

+ +

+ +

+ Создание адаптера и установка IP для Linux C +

+ + + + После настройки сети на ВМ необходимо прописать маршруты у клиентов А и С к их подсетям через машину В при помощи команды: `ip route add / via ` + + +

+ +

+ +

+ Настройка маршрута передачи от А к С через B +

+ + + + +

+ +

+ +

+ Настройка маршрута передачи от C к A через B +

+ + +## 4: Настройка фаерволла + +На Linux B необходимо настроить файрвол таким образом, чтобы Linux B пропускал только http и только через порт 5000. + +Это можно сделать при помощи tcpdump. + +`apk add tcpdump` + +`tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000'` + +

+ +

+ +После этого, послав запрос с Linux A на Linux C через любой другой порт, например, 5001, получим следующее: + + +

+ +

+ +

+ Запуск сервера на порте, отличном от 5000 +

+ + + +

+ +

+ +

+ Запрос через порт, отличный от 5000 +

+ + +## 5: Организация клиент-серверного взаимодействия между А и С + +После настройки маршрутов необходимо развернуть сервер на А. Для этого нужно использовать библиотеку Flask + + +

+ +

+ +

+ Установка Flask +

+ + +Далее создаем файл app.py со следующим содержимым: + +```py +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF +``` +Запущенный сервер выглядит так: + +

+ +

+ +

+ Сервер на машине А +

+ + + +

+ +

+ +

+ Ответ на отправленные запросы с машины С на А +

+ + + + +

+ +

+ +

+ Запросы, пришедшие на сервер А +

+ + +Для более упрощения работы с виртуальными машинами напишем три скрипта. + +*Скрипт конфигурации виртуальной машины А* +```sh +#!/bin/bash +# Linux A +echo -e "Starting the MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.4.10/24 +ip link set macvlan1 up + +echo -e "Ending the MACVLAN installation\n\n" + +echo -e "Routing configuration FROM Linux A to Linux C \n\n" +ip route add 192.168.9.0/24 via 192.168.4.1 + +echo -e "Start to installing FLASK \n" +pip install flask +echo -e "End to installing FLASK \n\n" + +echo -e "Creating web-server\n" +touch app.py +cat << EOF >app.py + +from flask import Flask, request + +app = Flask(__name__) + +data = {"username":"", "password":""} + +@app.route("/") +def get_(): + return data + +# @app.route("/", methods =['POST']) +# def post_(number): +# return f"POST-request : {number}\n\n" + +@app.route("/",methods = ['POST']) +def post(): + data_json=request.get_json() + if data_json is None: + return 'Invalid JSON data', 400 + + data['username']=data_json['username'] + data['password']=data_json['password'] + print(f"Data received {data_json}") + + return [data['username'], data['password']] + +@app.route("/", methods =['PUT']) +def put(): + str = request.args.get('password') + print(f"New password received {str}") + data['password'] = str + return [data['username'], data['password']] + +app.run(host='0.0.0.0', port=5000) + +EOF + +echo -e "Run the server\n" +python app.py +``` +*Скрипт конфигурации виртуальной машины В* +```sh +#!/bin/bash +# Linux B + +echo -e "Starting the first MACVLAN installation\n" +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.4.1/24 +ip link set macvlan1 up +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Starting the second MACVLAN installation\n" +ip link add macvlan2 link eth0 type macvlan mode bridge +ip addres add dev macvlan2 192.168.3.1/24 +ip link set macvlan2 up +echo -e "Ending the second MACVLAN installation\n\n" + +echo -e "Installation tcpdump\n" +apk add tcpdump + +echo -e "Configurate tcpdump (only http throw 5000 port)" + +tcpdump -i any -s 0 'tcp port http' -w /tmp/http.cap and 'port 5000' +``` +*Скрипт конфигурации виртуальной машины С* +```sh +#!/bin/bash +# Linux C + +echo -e "Starting the first MACVLAN installation\n" + +ip link add macvlan1 link eth0 type macvlan mode bridge +ip address add dev macvlan1 192.168.3.100/24 +ip link set macvlan1 up +ip route add 192.168.4.0/24 via 192.168.3.1 + +echo -e "Ending the first MACVLAN installation\n\n" + +echo -e "Sending GET-request\n" +curl "http://192.168.4.10:5000/" + + +echo -e "Sending POST-request\n" +curl -X POST -H "Content-Type: application/json" -d' {"username":"crll","password":"mn"}' http://192.168.4.10:5000 + +echo -e "\nChanging passwords \n" + +curl -X PUT http://192.168.4.10:5000?password=incorrect + +echo -e "Sending request to incorrect port\n" +curl http://192.168.4.10:5001 +``` +