211 lines
6.3 KiB
Bash
Executable File
211 lines
6.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Comprehensive deployment verification script
|
|
# Run this on the VPS after setup to verify all services and configurations
|
|
|
|
set -e
|
|
|
|
echo "=========================================="
|
|
echo "SSLH Multiplex Lab - Deployment Verification"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
echo "=== 1. System Information ==="
|
|
echo "Hostname: $(hostname)"
|
|
echo "IP Address: $(hostname -I | awk '{print $1}')"
|
|
echo "Uptime: $(uptime -p)"
|
|
echo ""
|
|
|
|
echo "=== 2. User Accounts ==="
|
|
echo "demouser exists: $(id demouser >/dev/null 2>&1 && echo 'YES' || echo 'NO')"
|
|
echo "testuser exists: $(id testuser >/dev/null 2>&1 && echo 'YES' || echo 'NO')"
|
|
echo ""
|
|
|
|
echo "=== 3. SSH Service ==="
|
|
if systemctl is-active --quiet sshd; then
|
|
echo "SSH service: RUNNING"
|
|
systemctl status sshd --no-pager -l | head -5
|
|
else
|
|
echo "SSH service: NOT RUNNING"
|
|
systemctl status sshd --no-pager -l || true
|
|
fi
|
|
echo "SSH listening on port 22: $(ss -tlnp | grep ':22 ' && echo 'YES' || echo 'NO')"
|
|
echo ""
|
|
|
|
echo "=== 4. Nginx Service ==="
|
|
if systemctl is-active --quiet nginx; then
|
|
echo "Nginx service: RUNNING"
|
|
systemctl status nginx --no-pager -l | head -5
|
|
else
|
|
echo "Nginx service: NOT RUNNING"
|
|
systemctl status nginx --no-pager -l || true
|
|
fi
|
|
echo "Nginx listening on port 8444: $(ss -tlnp | grep ':8444 ' && echo 'YES' || echo 'NO')"
|
|
echo "Nginx listening on port 80: $(ss -tlnp | grep ':80 ' && echo 'YES' || echo 'NO')"
|
|
echo ""
|
|
|
|
echo "=== 5. Nginx Configuration ==="
|
|
if [ -f /etc/nginx/sites-available/sslh-proxy ]; then
|
|
echo "sslh-proxy config: EXISTS"
|
|
echo "Config file size: $(wc -l < /etc/nginx/sites-available/sslh-proxy) lines"
|
|
if [ -L /etc/nginx/sites-enabled/sslh-proxy ]; then
|
|
echo "sslh-proxy config: ENABLED"
|
|
else
|
|
echo "sslh-proxy config: NOT ENABLED (symlink missing)"
|
|
fi
|
|
else
|
|
echo "sslh-proxy config: MISSING"
|
|
fi
|
|
|
|
if [ -f /etc/nginx/sites-available/acme-challenge ]; then
|
|
echo "acme-challenge config: EXISTS"
|
|
if [ -L /etc/nginx/sites-enabled/acme-challenge ]; then
|
|
echo "acme-challenge config: ENABLED"
|
|
else
|
|
echo "acme-challenge config: NOT ENABLED (symlink missing)"
|
|
fi
|
|
else
|
|
echo "acme-challenge config: MISSING"
|
|
fi
|
|
|
|
echo "Default nginx configs removed:"
|
|
[ -f /etc/nginx/sites-enabled/default ] && echo " WARNING: default still exists" || echo " OK: default removed"
|
|
[ -f /etc/nginx/sites-enabled/000-default ] && echo " WARNING: 000-default still exists" || echo " OK: 000-default removed"
|
|
[ -f /etc/nginx/conf.d/default.conf ] && echo " WARNING: conf.d/default.conf still exists" || echo " OK: conf.d/default.conf removed"
|
|
echo ""
|
|
|
|
echo "=== 6. Nginx Configuration Test ==="
|
|
if nginx -t 2>&1; then
|
|
echo "Nginx configuration: VALID"
|
|
else
|
|
echo "Nginx configuration: INVALID"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 7. SSLH Service ==="
|
|
if systemctl is-active --quiet sslh; then
|
|
echo "SSLH service: RUNNING"
|
|
systemctl status sslh --no-pager -l | head -10
|
|
else
|
|
echo "SSLH service: NOT RUNNING"
|
|
echo "SSLH status:"
|
|
systemctl status sslh --no-pager -l || true
|
|
echo ""
|
|
echo "Recent SSLH logs:"
|
|
journalctl -u sslh -n 20 --no-pager || true
|
|
fi
|
|
echo "SSLH listening on port 443: $(ss -tlnp | grep ':443 ' && echo 'YES' || echo 'NO')"
|
|
echo ""
|
|
|
|
echo "=== 8. SSLH Configuration ==="
|
|
if [ -f /etc/sslh.cfg ]; then
|
|
echo "SSLH config file: EXISTS"
|
|
echo "Config file size: $(wc -l < /etc/sslh.cfg) lines"
|
|
echo "Config file contents:"
|
|
cat /etc/sslh.cfg
|
|
echo ""
|
|
else
|
|
echo "SSLH config file: MISSING"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 9. Let's Encrypt Certificates ==="
|
|
if [ -d /etc/letsencrypt/live ]; then
|
|
echo "Let's Encrypt directory: EXISTS"
|
|
for domain_dir in /etc/letsencrypt/live/*/; do
|
|
if [ -d "$domain_dir" ]; then
|
|
domain=$(basename "$domain_dir")
|
|
echo " Domain: $domain"
|
|
if [ -f "$domain_dir/fullchain.pem" ]; then
|
|
echo " fullchain.pem: EXISTS ($(stat -c%s "$domain_dir/fullchain.pem") bytes)"
|
|
else
|
|
echo " fullchain.pem: MISSING"
|
|
fi
|
|
if [ -f "$domain_dir/privkey.pem" ]; then
|
|
echo " privkey.pem: EXISTS ($(stat -c%s "$domain_dir/privkey.pem") bytes)"
|
|
else
|
|
echo " privkey.pem: MISSING"
|
|
fi
|
|
fi
|
|
done
|
|
else
|
|
echo "Let's Encrypt directory: NOT FOUND (using self-signed certificates)"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 10. Demo Page ==="
|
|
if [ -d /var/www/demo ]; then
|
|
echo "Demo directory: EXISTS"
|
|
if [ -f /var/www/demo/index.html ]; then
|
|
echo "Demo page: EXISTS"
|
|
echo "Demo page content (first 5 lines):"
|
|
head -5 /var/www/demo/index.html
|
|
else
|
|
echo "Demo page: MISSING"
|
|
fi
|
|
else
|
|
echo "Demo directory: MISSING"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 11. Local Service Tests ==="
|
|
echo "Testing HTTP (port 80):"
|
|
if curl -s http://127.0.0.1:80/ 2>&1 | head -1; then
|
|
echo " HTTP: RESPONDING"
|
|
else
|
|
echo " HTTP: NOT RESPONDING"
|
|
fi
|
|
|
|
echo "Testing HTTPS (port 8444):"
|
|
if curl -k -s https://127.0.0.1:8444/ 2>&1 | head -1; then
|
|
echo " HTTPS: RESPONDING"
|
|
else
|
|
echo " HTTPS: NOT RESPONDING"
|
|
fi
|
|
|
|
echo "Testing SSLH -> Nginx (port 443 -> 8444):"
|
|
if timeout 2 bash -c '</dev/tcp/127.0.0.1/8444' 2>/dev/null; then
|
|
echo " SSLH can reach Nginx: YES"
|
|
else
|
|
echo " SSLH can reach Nginx: NO (connection refused)"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 12. SMB Service ==="
|
|
if systemctl is-active --quiet smbd 2>/dev/null || systemctl is-active --quiet samba 2>/dev/null; then
|
|
echo "SMB service: RUNNING"
|
|
else
|
|
echo "SMB service: NOT RUNNING"
|
|
fi
|
|
echo "SMB listening on port 445: $(ss -tlnp | grep ':445 ' && echo 'YES' || echo 'NO')"
|
|
echo ""
|
|
|
|
echo "=== 13. Firewall (UFW) ==="
|
|
if command -v ufw >/dev/null 2>&1; then
|
|
echo "UFW status:"
|
|
ufw status | head -10
|
|
else
|
|
echo "UFW: NOT INSTALLED"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 14. Cloud-init Status ==="
|
|
if [ -f /var/lib/cloud/instance/boot-finished ]; then
|
|
echo "Cloud-init: COMPLETED"
|
|
if [ -f /var/log/cloud-init.log ]; then
|
|
echo "Last 10 lines of cloud-init.log:"
|
|
tail -10 /var/log/cloud-init.log
|
|
fi
|
|
else
|
|
echo "Cloud-init: STILL RUNNING"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== 15. Listening Ports Summary ==="
|
|
echo "All listening TCP ports:"
|
|
ss -tlnp | grep LISTEN | awk '{print $4}' | sort -u
|
|
echo ""
|
|
|
|
echo "=========================================="
|
|
echo "Verification Complete"
|
|
echo "=========================================="
|