Python-Programming-AI-Augmented-Security-Automation-and-Cloud-Simulation/lab17-golden-config-enforcement/commands.sh at main · abdul4rehman215/Python-Programming-AI-Augmented-Security-Automation-and-Cloud-Simulation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# --- Step 1: Install Required Tools ---
sudo apt update
sudo apt install -y python3 python3-pip python3-venv git
mkdir -p ~/golden-config-lab
cd ~/golden-config-lab
python3 -m venv venv
source venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install pyyaml jsonschema deepdiff

# --- Step 2: Create Lab Directory Structure ---
mkdir -p ~/golden-config-lab/golden ~/golden-config-lab/current ~/golden-config-lab/scripts ~/golden-config-lab/logs
cd ~/golden-config-lab
tree -d -L 1

# --- Create a golden configuration for a web server ---
nano golden/webserver_golden.yaml
cat golden/webserver_golden.yaml

# --- Create a golden configuration for SSH service ---
nano golden/ssh_golden.yaml
cat golden/ssh_golden.yaml

# --- Step 1.2: Create Configuration Schema Validator ---
nano golden/config_schema.json
cat golden/config_schema.json

# --- Step 2.1: Create Configuration Validator Script ---
nano scripts/config_enforcer.py
chmod +x scripts/config_enforcer.py
python3 -m py_compile scripts/config_enforcer.py
echo $?

# --- Create a compliant configuration ---
nano current/webserver_compliant.yaml
cat current/webserver_compliant.yaml

# --- Create a non-compliant configuration with violations ---
nano current/ssh_violation.yaml
cat current/ssh_violation.yaml

# --- Key implementation points ---
find . -maxdepth 2 -type f | sort

# --- Step 2.4: Create Automated Enforcement Hook ---
nano scripts/pre_deploy_check.sh

# --- Runs before any configuration deployment ---
chmod +x scripts/pre_deploy_check.sh
cat scripts/pre_deploy_check.sh

# --- Step 2.5: Create Reporting Dashboard Script ---
nano scripts/compliance_report.py
chmod +x scripts/compliance_report.py
python3 -m py_compile scripts/compliance_report.py
echo $?

# --- Step 1: Test Compliant Configuration ---
cd ~/golden-config-lab
source venv/bin/activate
mv current/ssh_violation.yaml current/ssh_violation.yaml.disabled
python3 scripts/config_enforcer.py
echo $?

# --- Step 2: Test Violation Detection ---
mv current/ssh_violation.yaml.disabled current/ssh_current.yaml
ls current/
python3 scripts/config_enforcer.py

# --- Step 3: Review Violation Logs ---
ls -la logs/
cat logs/violations_*.log

# --- Step 4: Test Pre-deployment Hook ---
./scripts/pre_deploy_check.sh

# --- Step 5: Generate Compliance Report ---
python3 scripts/compliance_report.py

# --- Import Errors ---
source ~/golden-config-lab/venv/bin/activate
python3 -m pip install --upgrade pyyaml jsonschema deepdiff

# --- YAML Parsing Errors ---
python3 -c "import yaml; yaml.safe_load(open('current/webserver_compliant.yaml'))"
echo $?

# --- Permission Denied ---
chmod +x scripts/*.py scripts/*.sh
ls -l scripts/

# --- No Violations Detected ---
diff -u golden/ssh_golden.yaml current/ssh_current.yaml

# --- Final Project Snapshot ---
find . -maxdepth 2 -type f | sort