inicial
This commit is contained in:
commit
a9f8d69d1d
13 changed files with 163 additions and 0 deletions
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
domain.crt
|
||||
domain.csr
|
||||
domain.key
|
||||
domain.pem
|
11
Dockerfile
Normal file
11
Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
|||
FROM ubuntu:20.04
|
||||
RUN export DEBIAN_FRONTEND=noninteractive \
|
||||
&& apt-get update -y -qq \
|
||||
&& apt-get install -y \
|
||||
curl jq toilet colorized-logs rsync \
|
||||
dnsutils iputils-ping traceroute iproute2 iptables tcpdump \
|
||||
openvpn \
|
||||
transmission-daemon \
|
||||
&& apt-get autoremove -y \
|
||||
&& apt-get clean -y \
|
||||
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
|
13
README
Normal file
13
README
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Como funciona a parada:
|
||||
|
||||
Wireguard (final 254) passa a ser a única rota de saída do Acu
|
||||
O Acu é acessado através do Haproxy (que tem acesso direto à net)
|
||||
|
||||
# Alterações realizadas nos containers
|
||||
|
||||
- Wireguard teve adicionado o pacote do IPtables e um script de boot que configura
|
||||
o mascaramento de IP a partir de qualquer interface.
|
||||
|
||||
- Accunetix teve o script de boot awvs.sh modificado para modificar as rotas padrão
|
||||
para sair pela VPN
|
||||
|
2
acunetix/.gitignore
vendored
Normal file
2
acunetix/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
license
|
||||
licensetar.gz
|
20
awvs.sh
Executable file
20
awvs.sh
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/env bash
|
||||
clear
|
||||
echo -e "\033[1;31m ___ _ ___ _______ \033[0m"
|
||||
echo -e "\033[1;32m / | | / / | / / ___/ \033[0m"
|
||||
echo -e "\033[1;33m / /| | | /| / /| | / /\__ \\ \033[0m"
|
||||
echo -e "\033[1;34m / ___ | |/ |/ / | |/ /___/ / \033[0m"
|
||||
echo -e "\033[1;35m /_/ |_|__/|__/ |___//____/ \033[0m"
|
||||
echo -e "\033[1;36m \033[0m"
|
||||
echo -e "\033[1;34m -------------- \033[0m"
|
||||
echo -e "\033[1;31m Thank's fahai && Open Source Enthusiast \n\033[0m"
|
||||
echo -e "\033[1;32m [ help ] \033[0m"
|
||||
echo -e "\033[1;35m [ https://www.fahai.org/index.php/archives/146/ ] \033[0m"
|
||||
echo -e "\033[1;33m [ https://github.com/XRSec/AWVS14-Update ] \n\033[0m"
|
||||
echo -e "\033[1;34m [ https://awvs.vercel.app/ ] \n\033[0m"
|
||||
|
||||
cat /awvs/acunetix/.hosts >> /etc/hosts
|
||||
cat /etc/hosts | grep acunetix
|
||||
route del -net default
|
||||
route add -net default gw 10.255.252.254
|
||||
su -l acunetix -c /home/acunetix/.acunetix/start.sh
|
4
create-networks.sh
Executable file
4
create-networks.sh
Executable file
|
@ -0,0 +1,4 @@
|
|||
#docker network create --subnet 10.255.252.0/24 vpn
|
||||
docker network create --subnet 10.255.251.0/24 pg_opn
|
||||
docker network create --subnet 10.255.252.0/24 pg_vpn
|
||||
docker network create --internal --subnet 10.255.253.0/24 pg_bus
|
69
docker-compose.yaml
Normal file
69
docker-compose.yaml
Normal file
|
@ -0,0 +1,69 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
wireguard:
|
||||
build: images/wireguard
|
||||
container_name: wireguard
|
||||
privileged: true
|
||||
# ports:
|
||||
# - "3443:3443"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
sysctls:
|
||||
- net.ipv4.conf.all.src_valid_mark=0
|
||||
- net.ipv6.conf.all.disable_ipv6=0
|
||||
- net.ipv4.ip_forward=1
|
||||
# restart: unless-stopped
|
||||
volumes:
|
||||
- ./wireguard/wg0.conf:/config/wg0.conf
|
||||
- /lib/modules:/lib/modules
|
||||
- ./iptables.sh:/config/custom-cont-init.d/iptables.sh
|
||||
networks:
|
||||
pg_opn:
|
||||
ipv4_address: 10.255.251.254
|
||||
pg_vpn:
|
||||
ipv4_address: 10.255.252.254
|
||||
|
||||
acunetix:
|
||||
build: images/acunetix
|
||||
container_name: acunetix
|
||||
privileged: true
|
||||
restart: unless-stopped
|
||||
#ports:
|
||||
# - "3443:3443"
|
||||
volumes:
|
||||
- ./acunetix/license:/home/acunetix/.acunetix/data/license
|
||||
- ./awvs.sh:/awvs/awvs.sh
|
||||
depends_on:
|
||||
- wireguard
|
||||
networks:
|
||||
pg_vpn:
|
||||
ipv4_address: 10.255.252.252
|
||||
|
||||
proxy:
|
||||
image: haproxytech/haproxy-alpine
|
||||
restart: always
|
||||
ports:
|
||||
- "3443:3443"
|
||||
volumes:
|
||||
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
|
||||
- ./domain.pem:/domain.pem
|
||||
networks:
|
||||
pg_opn:
|
||||
ipv4_address: 10.255.251.253
|
||||
pg_vpn:
|
||||
ipv4_address: 10.255.252.253
|
||||
|
||||
|
||||
networks:
|
||||
pg_opn:
|
||||
external:
|
||||
name: pg_opn
|
||||
pg_vpn:
|
||||
external:
|
||||
name: pg_vpn
|
14
haproxy.cfg
Normal file
14
haproxy.cfg
Normal file
|
@ -0,0 +1,14 @@
|
|||
global
|
||||
defaults
|
||||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
|
||||
frontend http-in
|
||||
bind :3443 ssl crt /domain.pem
|
||||
default_backend main
|
||||
|
||||
backend main
|
||||
mode http
|
||||
server main 10.255.252.252:3443 ssl verify none
|
||||
|
6
images/acunetix/Dockerfile
Normal file
6
images/acunetix/Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
|||
FROM xrsec/awvs
|
||||
|
||||
RUN apt-get -y update && \
|
||||
apt-get -y install net-tools && \
|
||||
apt-get -y clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
6
images/wireguard/Dockerfile
Normal file
6
images/wireguard/Dockerfile
Normal file
|
@ -0,0 +1,6 @@
|
|||
FROM linuxserver/wireguard
|
||||
|
||||
RUN apt-get -y update && \
|
||||
apt-get -y install iptables && \
|
||||
apt-get -y clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
2
iptables.sh
Executable file
2
iptables.sh
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/bin/bash
|
||||
iptables -t nat -A POSTROUTING -j MASQUERADE
|
1
wireguard/.gitignore
vendored
Normal file
1
wireguard/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
wg0.conf
|
11
wireguard/wg0.conf.example
Normal file
11
wireguard/wg0.conf.example
Normal file
|
@ -0,0 +1,11 @@
|
|||
[Interface]
|
||||
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
Address = XXXXXXXXXXXXXXX
|
||||
DNS = XXXXXXXXXXXXXXXXX
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
AllowedIPs = 0.0.0.0/0,::0/0
|
||||
Endpoint = XXXXXXXXXXXXXXXXXXXXX
|
Loading…
Reference in a new issue