Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parallelized selected benchmarks using GNU Parallel #49

Closed
wants to merge 34 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
8de402e
Complete vps-audit and makeself benchmarks for CI integration + minor…
Geoka1 Dec 23, 2024
4f64a85
set-up-to-date
Geoka1 Dec 27, 2024
78a0ede
deps fix
Geoka1 Dec 27, 2024
1e864e6
fix deps
Geoka1 Dec 27, 2024
ef73a25
Merge branch 'complete-vps-makeself'
Geoka1 Dec 27, 2024
e5d652c
fix deps v2
Geoka1 Dec 27, 2024
d7be5ce
Merge branch 'binpash:main' into main
Geoka1 Dec 27, 2024
952a8e2
fixes
Geoka1 Dec 27, 2024
0fa7a0f
fixes
Geoka1 Dec 27, 2024
1ae7d6d
remove extra files
Geoka1 Dec 27, 2024
d685eec
vps-audit verification changes
Geoka1 Dec 30, 2024
e20dcc1
fetched changes
Geoka1 Dec 30, 2024
235baf4
Added makeself, vps-audit and vps-audit with negation
Geoka1 Jan 2, 2025
7308b9d
change verification for vps, added vps-negate to ci
Geoka1 Jan 2, 2025
51765ff
Make vps-audit work with existing Docker image
Geoka1 Jan 3, 2025
f9461b0
Changed README.md for iptables to work
Geoka1 Jan 3, 2025
70a04e2
vps verification changes
Geoka1 Jan 3, 2025
8926a2a
fix infotest because of varying bin sizes
Geoka1 Jan 4, 2025
9243c16
Make verify.sh fit common format
vagos Jan 4, 2025
3d60532
Bring up-to-date with upstream
Geoka1 Jan 4, 2025
45bc648
vps-audit-negate verification fixes
Geoka1 Jan 5, 2025
0ccc54d
Minor fixes on makeself
Geoka1 Jan 5, 2025
cd30d0e
Added new benchmarks on tests.yml
Geoka1 Jan 5, 2025
855f633
Merge branch 'binpash:main' into main
Geoka1 Jan 6, 2025
1860099
Merge remote-tracking branch 'upstream/main'
Geoka1 Jan 6, 2025
4d737da
Parallelizing benchmarks using GNU-Parallel
Geoka1 Jan 6, 2025
fa2f37d
Introduced GNU Parallel to more benchmarks
Geoka1 Jan 8, 2025
70778dc
Added parallelized VPS audit
Geoka1 Jan 9, 2025
5eb8c40
Changes in GNU parallel benchmarks and added Shark
Geoka1 Jan 10, 2025
b5dacee
Merge branch 'binpash:main' into adding-systems
Geoka1 Jan 11, 2025
e7dfaee
multiple changes in systems
Geoka1 Jan 11, 2025
edd30b2
Changed transformations
Geoka1 Jan 11, 2025
6b9f8e2
Removed time command
Geoka1 Jan 11, 2025
d734976
fixes
Geoka1 Jan 11, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Make vps-audit work with existing Docker image
  • Loading branch information
Geoka1 committed Jan 3, 2025
commit 51765ffe462344bf2c5b8a1dd6e8214d45f1fcf7
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -33,5 +33,5 @@ $ docker build -t bensh .
$ docker run -it bensh

# For development, mount the benchmarks directory
docker run -it -v "$(pwd):/benchmarks" bensh
docker run --cap-add NET_ADMIN --cap-add NET_RAW -it -v "$(pwd):/benchmarks" bensh
```
5 changes: 4 additions & 1 deletion vps-audit-negate/deps.sh
Original file line number Diff line number Diff line change
@@ -10,4 +10,7 @@ sudo apt install -y \
gawk \
iptables \
ufw \
systemd
procps \
net-tools \
fail2ban \
iproute2
6 changes: 3 additions & 3 deletions vps-audit-negate/scripts/vps-audit-negate.sh
Original file line number Diff line number Diff line change
@@ -167,7 +167,7 @@ check_firewall_status() {
check_security "Firewall Status (firewalld)" "PASS" "Firewalld is active and protecting your system"
fi
elif command -v iptables >/dev/null 2>&1; then
if ! iptables -L | grep -q "Chain INPUT"; then
if ! sudo iptables -L | grep -q "Chain INPUT"; then
check_security "Firewall Status (iptables)" "FAIL" "No active iptables rules found - your system may be exposed"
else
check_security "Firewall Status (iptables)" "PASS" "iptables rules are active and protecting your system"
@@ -198,7 +198,7 @@ fi
if ! dpkg -l | grep -q "fail2ban"; then
check_security "Fail2ban" "FAIL" "No brute force protection installed - system is vulnerable to login attacks"
else
if ! systemctl is-active fail2ban >/dev/null 2>&1; then
if ! pgrep -x "fail2ban-server" >/dev/null 2>&1; then
check_security "Fail2ban" "WARN" "Fail2ban is installed but not running - brute force protection is disabled"
else
check_security "Fail2ban" "PASS" "Brute force protection is active and running"
@@ -224,7 +224,7 @@ else
fi

# Check running services
SERVICES=$(systemctl list-units --type=service --state=running | grep "loaded active running" | wc -l)
SERVICES=$(ps --no-headers -eo cmd | wc -l)
if [ "$SERVICES" -ge 40 ]; then
check_security "Running Services" "FAIL" "Too many services running ($SERVICES) - increases attack surface"
elif [ "$SERVICES" -ge 20 ]; then
5 changes: 5 additions & 0 deletions vps-audit-negate/verify.py
Original file line number Diff line number Diff line change
@@ -18,11 +18,16 @@
"SSH Password Auth",
"SSH Port",
"Firewall Status (UFW)",
"Firewall Status (firewalld)",
"Firewall Status (iptables)",
"Firewall Status (nftables)",
"Firewall Status",
"Unattended Upgrades",
"Fail2ban",
"Failed Logins",
"System Updates",
"Running Services",
"Port Scanning",
"Port Security",
"Disk Usage",
"Memory Usage",
5 changes: 4 additions & 1 deletion vps-audit/deps.sh
Original file line number Diff line number Diff line change
@@ -10,4 +10,7 @@ sudo apt install -y \
gawk \
iptables \
ufw \
systemd
procps \
net-tools \
fail2ban \
iproute2
9 changes: 5 additions & 4 deletions vps-audit/scripts/vps-audit.sh
Original file line number Diff line number Diff line change
@@ -176,7 +176,7 @@ check_firewall_status() {
check_security "Firewall Status (firewalld)" "FAIL" "Firewalld is not active - your system is exposed to network attacks"
fi
elif command -v iptables >/dev/null 2>&1; then
if iptables -L | grep -q "Chain INPUT"; then
if sudo iptables -L | grep -q "Chain INPUT"; then
check_security "Firewall Status (iptables)" "PASS" "iptables rules are active and protecting your system"
else
check_security "Firewall Status (iptables)" "FAIL" "No active iptables rules found - your system may be exposed"
@@ -204,7 +204,7 @@ fi

# Check fail2ban
if dpkg -l | grep -q "fail2ban"; then
if systemctl is-active fail2ban >/dev/null 2>&1; then
if ! pgrep -x "fail2ban-server" >/dev/null 2>&1; then
check_security "Fail2ban" "PASS" "Brute force protection is active and running"
else
check_security "Fail2ban" "WARN" "Fail2ban is installed but not running - brute force protection is disabled"
@@ -232,7 +232,8 @@ else
fi

# Check running services
SERVICES=$(systemctl list-units --type=service --state=running | grep "loaded active running" | wc -l)
SERVICES=$(ps --no-headers -eo cmd | wc -l)

if [ "$SERVICES" -lt 20 ]; then
check_security "Running Services" "PASS" "Running minimal services ($SERVICES) - good for security"
elif [ "$SERVICES" -lt 40 ]; then
@@ -363,4 +364,4 @@ echo -e "Review $REPORT_FILE for detailed recommendations."
# Add summary to report
echo "================================" >> "$REPORT_FILE"
echo "End of VPS Audit Report" >> "$REPORT_FILE"
echo "Please review all failed checks and implement the recommended fixes." >> "$REPORT_FILE"
echo "Please review all failed checks and implement the recommended fixes." >> "$REPORT_FILE"
5 changes: 5 additions & 0 deletions vps-audit/verify.py
Original file line number Diff line number Diff line change
@@ -18,11 +18,16 @@
"SSH Password Auth",
"SSH Port",
"Firewall Status (UFW)",
"Firewall Status (firewalld)",
"Firewall Status (iptables)",
"Firewall Status (nftables)",
"Firewall Status",
"Unattended Upgrades",
"Fail2ban",
"Failed Logins",
"System Updates",
"Running Services",
"Port Scanning",
"Port Security",
"Disk Usage",
"Memory Usage",