Skip to content
/ pan-net-lab Public

Test exercise for DevSecOps position @ T-Systems: Ansible, Go, Python, AWK, Bash, Vagrant, nmap, rsyslog, REST API, Ubuntu, GitHub Workflow CI, Markdown

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gorshunovr/pan-net-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github
.github
 
 
ansible
ansible
 
 
getweather
getweather
 
 
scanner
scanner
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
bootstrap.sh
bootstrap.sh
 
 

Repository files navigation

Pan-Net lab

CI-linting

Environment

Environment is expected to be launched via vagrant up command. Vagrant would bring up 2 Ubuntu 16.04 virtual machines:

  • n0 - this is the main VM:

    • Docker
    • Ansible (VM manages itself trough Ansible)
    • Containerized getweather application
    • scanner application

  • n1 - this VM is used for testing purposes only

.
├── ansible/
├── getweather/
├── scanner/
├── bootstrap.sh*
├── LICENSE
├── README.md
└── Vagrantfile

Exercise 1

Programming 1

Please, see README for details on getweather application.

Ansible 1

Ansible is installed on n0 virtual machine via bootstrap.sh shell script, which is called by Vagrant during provisioning process. After Ansible is installed, Vagrant runs Ansible playbook setup.yml:

cd /vagrant/ansible/ && ansible-playbook -i inventory.txt setup.yml

Please, see README for details on Ansible setup and run.

Docker

Ansible playbook builds getweather:1.0 container with Go application packaged into it.

Exercise 2

Programming 2

Please, see README for details on scanner application.

Exercise 3

Syslog configuration

Syslog is configured with the following parameters:

  • default logging to /var/log/*
  • custom log files - per-host logging

Ansible 3

Ansible role rsyslog has been created. Using Jinja2 templates of rsyslog.conf and 50-default.conf files it allows to parametrize the following:

  • logging only default log files
  • logging custom files
  • selecting external log server to send logs to

Default values of parameters are listed in role defaults:

  • rsyslog_udp_server boolean and rsyslog_udp_server_port number for rsyslog.conf file
  • rsyslog_tcp_server boolean and rsyslog_tcp_server_port number for rsyslog.conf file
  • rsyslog_custom_rules list of strings with rules for 50-default.conf.j2 file
  • relay_logs list of facility (e.g. mail, user, etc.), with logs sent to defined destination_server via both UDP and TCP (not RELP).

Verification that logs from other servers are being properly delivered to n0 VM is done by running the following command on test n1 VM under standard user account (assuming 192.168.56.10 is an IP address of n0):

logger --server 192.168.56.10 "Test message from n1 VM"

And checking results on n0 VM:

vagrant@n0:/vagrant/scanner$ sudo grep Test /var/log/n1/system.log
Nov 22 20:48:26 n1 vagrant Test message from n1 VM
vagrant@n0:/vagrant/scanner$

NOTE: Path to log file includes hostname n1 as requested.

Conventions

  • Project uses GitHub Super-Linter action in CI
  • Ansible roles and playbooks should be linted by ansible-lint and/or ansible-review tools
  • Shell scripts should be linted by shellcheck tool
  • AWK scripts should be linted by awk --lint ...
  • Go code should be linted by go fmt ...
  • Documentation should be in Markdown format and linted by markdownlint

About

Test exercise for DevSecOps position @ T-Systems: Ansible, Go, Python, AWK, Bash, Vagrant, nmap, rsyslog, REST API, Ubuntu, GitHub Workflow CI, Markdown

Topics

go bash docker ansible vagrant virtual-machine awk nmap rsyslog ansible-roles playbooks nmap-parser

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages