This project provides a multi-layered defense strategy to protect servers, applications, and websites from various types of cyber attacks. It includes firewall setup, real-time monitoring, vulnerability scanning, DDoS protection, and more. By leveraging tools like Nuclei, Nmap, Fail2Ban, and custom Python/Bash scripts, this project offers a complete solution to securing your IT infrastructure.
- Firewall and Intrusion Detection: Configure iptables firewall rules.
- Real-Time Monitoring and Alerts: Monitor CPU, memory, and disk usage and send alerts.
- Web Application Firewall (WAF): Protect against SQL injection and XSS attacks.
- Brute Force Protection: Use Fail2Ban to block IPs showing signs of brute force.
- Vulnerability Scanning: Automated vulnerability scanning using Nmap.
- DDoS Protection: NGINX rate limiting to prevent DDoS attacks.
- Incident Response: Automatically block IPs when suspicious activity is detected.
- Encrypted Backups: Secure and encrypt backups automatically.
- Run the
firewall/firewall_setup.sh
to configure the basic firewall. - Use
monitoring/real_time_monitor.py
to enable real-time monitoring and alerts. - Configure and run the Web Application Firewall (WAF) using
waf/waf.py
. - Set up brute force protection with
brute_force_protection/fail2ban_setup.sh
. - Automate vulnerability scans with projectdiscovery
vulnerability_scanner/vulnerability_scan.py
. - Apply DDoS protection using the
ddos_protection/ddos_protection.conf
with your NGINX setup. - Enable automated incident response using
incident_response/incident_response.py
. - Backup and encrypt important files with
backups/backup_script.sh
.
Prerequisites
- Linux (Ubuntu/Debian preferred)
- Python 3.6+
- Nuclei by ProjectDiscovery
- Nmap
- NGINX (for DDoS protection)
- Fail2Ban
- iptables and gpg for encryption
- Clone the Repository Clone the repository to your local machine:
git clone https://github.com/lamcodeofpwnosec/IT_Infrastructure_Security.git
- Install Dependencies Install required packages and tools using the following commands:
sudo apt update
sudo apt install python3-pip fail2ban nmap iptables gpg nginx -y
pip3 install psutil requests
- Install Nuclei Install Nuclei by running the following commands:
curl -s https://api.github.com/repos/projectdiscovery/nuclei/releases/latest | grep "browser_download_url.*nuclei-linux-amd64.zip" | cut -d '"' -f 4 | wget -qi -
unzip nuclei-linux-amd64.zip
sudo mv nuclei /usr/local/bin/
Ensure that Nuclei is correctly installed by running:
nuclei -version
- Set Up Firewall Rules Navigate to the `firewall/`` directory and run the firewall setup script:
cd firewall
sudo bash firewall_setup.sh
- Set Up Brute Force Protection Set up Fail2Ban to block brute force attacks:
cd ../brute_force_protection
sudo bash fail2ban_setup.sh
- Configure DDoS Protection Copy the NGINX rate limiting configuration to your NGINX configuration file:
sudo cp ../ddos_protection/ddos_protection.conf /etc/nginx/nginx.conf
sudo systemctl restart nginx
- Real-Time Monitoring To monitor your system's CPU, memory, and disk usage in real-time and send alerts, run the Python script:
cd monitoring
python3 real_time_monitor.py
- Vulnerability Scanning You can run vulnerability scans using either Nmap or Nuclei by following the steps below:
- Nmap Scan:
cd ../vulnerability_scanner
python3 vulnerability_scan.py
Choose option 1 for Nmap and enter the target IP.
- Block Suspicious IP If you detect suspicious activity, you can block an IP by running the following script:
cd ../firewall
sudo bash block_ip.sh <IP_ADDRESS>
- Backup and Encrypt Data To back up and encrypt sensitive data, use the following backup script:
cd ../backups
sudo bash backup_script.sh
IT Infrastructure Security Project was created by @lamcodeofpwnosec.