178 lines
5.2 KiB
Bash
Executable File
178 lines
5.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Docker container diagnostic script
|
|
# Run this inside the sslh-lab-client container
|
|
|
|
set -e
|
|
|
|
echo "=========================================="
|
|
echo "SSLH Multiplex Lab - Container Diagnostics"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
echo "=== 1. Container Information ==="
|
|
echo "Hostname: $(hostname)"
|
|
echo "Container ID: $(hostname)"
|
|
echo ""
|
|
|
|
echo "=== 2. Network Configuration ==="
|
|
echo "--- IP Addresses ---"
|
|
ip addr show || ifconfig || echo "Could not get IP addresses"
|
|
echo ""
|
|
|
|
echo "--- Routing Table ---"
|
|
ip route show || route -n || echo "Could not get routing table"
|
|
echo ""
|
|
|
|
echo "--- DNS Configuration ---"
|
|
cat /etc/resolv.conf
|
|
echo ""
|
|
|
|
echo "=== 3. DNS Resolution Tests ==="
|
|
echo "Testing DNS resolution:"
|
|
for host in google.com cloudflare.com 8.8.8.8; do
|
|
if nslookup "$host" >/dev/null 2>&1 || getent hosts "$host" >/dev/null 2>&1; then
|
|
echo " $host: RESOLVES"
|
|
else
|
|
echo " $host: FAILS"
|
|
fi
|
|
done
|
|
echo ""
|
|
|
|
echo "=== 4. Firewall Rules (iptables) ==="
|
|
echo "--- OUTPUT Chain ---"
|
|
iptables -L OUTPUT -n -v 2>/dev/null || echo "Could not read iptables OUTPUT chain"
|
|
echo ""
|
|
|
|
echo "=== 5. Outbound Connectivity Tests ==="
|
|
echo "--- Testing TCP 443 (HTTPS) ---"
|
|
if timeout 3 bash -c '</dev/tcp/8.8.8.8/443' 2>/dev/null; then
|
|
echo "TCP 443 to 8.8.8.8: ALLOWED"
|
|
else
|
|
echo "TCP 443 to 8.8.8.8: BLOCKED or FAILED"
|
|
fi
|
|
|
|
if timeout 3 bash -c '</dev/tcp/google.com/443' 2>/dev/null; then
|
|
echo "TCP 443 to google.com: ALLOWED"
|
|
else
|
|
echo "TCP 443 to google.com: BLOCKED or FAILED"
|
|
fi
|
|
echo ""
|
|
|
|
echo "--- Testing UDP 53 (DNS) ---"
|
|
if timeout 2 bash -c 'echo > /dev/udp/8.8.8.8/53' 2>/dev/null || dig @8.8.8.8 google.com +short >/dev/null 2>&1; then
|
|
echo "UDP 53 to 8.8.8.8: ALLOWED"
|
|
else
|
|
echo "UDP 53 to 8.8.8.8: BLOCKED or FAILED"
|
|
fi
|
|
echo ""
|
|
|
|
echo "--- Testing Blocked Ports (should fail) ---"
|
|
if timeout 2 bash -c '</dev/tcp/8.8.8.8/80' 2>/dev/null; then
|
|
echo "WARNING: TCP 80 to 8.8.8.8: ALLOWED (should be blocked!)"
|
|
else
|
|
echo "TCP 80 to 8.8.8.8: BLOCKED (correct)"
|
|
fi
|
|
|
|
if timeout 2 bash -c '</dev/tcp/8.8.8.8/22' 2>/dev/null; then
|
|
echo "WARNING: TCP 22 to 8.8.8.8: ALLOWED (should be blocked!)"
|
|
else
|
|
echo "TCP 22 to 8.8.8.8: BLOCKED (correct)"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 6. Server Information ==="
|
|
if [ -f /server-info.txt ]; then
|
|
echo "Server info file:"
|
|
cat /server-info.txt
|
|
else
|
|
echo "Server info file not found"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 7. SSH Keys ==="
|
|
if [ -d /keys ]; then
|
|
echo "Keys directory exists:"
|
|
ls -la /keys/
|
|
if [ -f /keys/id_ed25519 ]; then
|
|
echo "SSH key found: /keys/id_ed25519"
|
|
echo "Key permissions: $(stat -c%a /keys/id_ed25519 2>/dev/null || stat -f%OLp /keys/id_ed25519 2>/dev/null)"
|
|
else
|
|
echo "SSH key not found in /keys/"
|
|
fi
|
|
else
|
|
echo "Keys directory not found"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 8. WireGuard Configs ==="
|
|
if [ -d /wireguard ]; then
|
|
echo "WireGuard directory exists:"
|
|
ls -la /wireguard/
|
|
for wg_file in /wireguard/*.conf; do
|
|
if [ -f "$wg_file" ]; then
|
|
echo " Config: $(basename "$wg_file")"
|
|
fi
|
|
done
|
|
else
|
|
echo "WireGuard directory not found"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 9. Testing SSLH Server Connectivity ==="
|
|
if [ -f /server-info.txt ]; then
|
|
server_ip=$(grep "Server IP:" /server-info.txt | awk '{print $3}')
|
|
domain=$(grep "Domain:" /server-info.txt | awk '{print $2}')
|
|
|
|
if [ -n "$server_ip" ]; then
|
|
echo "Testing connectivity to server IP: $server_ip"
|
|
echo "--- Testing SSH on port 443 (via SSLH) ---"
|
|
if timeout 3 bash -c '</dev/tcp/'"$server_ip"'/443' 2>/dev/null; then
|
|
echo "TCP 443 to $server_ip: REACHABLE"
|
|
else
|
|
echo "TCP 443 to $server_ip: NOT REACHABLE"
|
|
fi
|
|
|
|
echo "--- Testing HTTPS on port 443 (via SSLH) ---"
|
|
if timeout 3 curl -k -v https://"$server_ip":443/ 2>&1 | head -10; then
|
|
echo "HTTPS to $server_ip:443: RESPONDING"
|
|
else
|
|
echo "HTTPS to $server_ip:443: NOT RESPONDING"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "$domain" ]; then
|
|
echo ""
|
|
echo "Testing connectivity to domain: $domain"
|
|
echo "--- DNS Resolution ---"
|
|
if nslookup "$domain" >/dev/null 2>&1 || getent hosts "$domain" >/dev/null 2>&1; then
|
|
resolved_ip=$(nslookup "$domain" 2>/dev/null | grep -A1 "Name:" | grep "Address:" | awk '{print $2}' | head -1)
|
|
if [ -z "$resolved_ip" ]; then
|
|
resolved_ip=$(getent hosts "$domain" | awk '{print $1}' | head -1)
|
|
fi
|
|
echo " $domain resolves to: $resolved_ip"
|
|
|
|
echo "--- Testing HTTPS to domain on port 443 ---"
|
|
if timeout 3 curl -k -v https://"$domain":443/ 2>&1 | head -10; then
|
|
echo "HTTPS to $domain:443: RESPONDING"
|
|
else
|
|
echo "HTTPS to $domain:443: NOT RESPONDING"
|
|
fi
|
|
else
|
|
echo " $domain: DNS RESOLUTION FAILED"
|
|
fi
|
|
fi
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 10. Process List ==="
|
|
ps aux || echo "Could not list processes"
|
|
echo ""
|
|
|
|
echo "=== 11. Environment Variables ==="
|
|
env | sort
|
|
echo ""
|
|
|
|
echo "=========================================="
|
|
echo "Container Diagnostics Complete"
|
|
echo "=========================================="
|