mirror of
https://github.com/mblanke/ThreatHunt.git
synced 2026-03-01 14:00:20 -05:00
this is the first commit for the Claude Iteration project.
This commit is contained in:
31
deploy/aws-deploy.yml
Normal file
31
deploy/aws-deploy.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
# AWS ECS Deployment Configuration
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
database:
|
||||
image: postgres:15
|
||||
environment:
|
||||
POSTGRES_DB: threat_hunter
|
||||
POSTGRES_USER: ${DB_USER}
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
|
||||
backend:
|
||||
image: your-registry/threat-hunter-backend:latest
|
||||
environment:
|
||||
DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@database:5432/threat_hunter
|
||||
SECRET_KEY: ${SECRET_KEY}
|
||||
FLASK_ENV: production
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
frontend:
|
||||
image: your-registry/threat-hunter-frontend:latest
|
||||
ports:
|
||||
- "80:3000"
|
||||
depends_on:
|
||||
- backend
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
18
deploy/backup/backup.sh
Normal file
18
deploy/backup/backup.sh
Normal file
@@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Database backup
|
||||
BACKUP_DIR="/backups"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
|
||||
echo "Creating database backup..."
|
||||
docker exec threat-hunter-db pg_dump -U admin threat_hunter > "$BACKUP_DIR/db_backup_$DATE.sql"
|
||||
|
||||
# File uploads backup
|
||||
echo "Backing up uploads..."
|
||||
tar -czf "$BACKUP_DIR/uploads_backup_$DATE.tar.gz" ./uploads
|
||||
|
||||
# Keep only last 7 days of backups
|
||||
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
|
||||
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
|
||||
|
||||
echo "Backup completed: $DATE"
|
||||
28
deploy/deploy.sh
Normal file
28
deploy/deploy.sh
Normal file
@@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
echo "🚀 Deploying Cyber Threat Hunter..."
|
||||
|
||||
# Build and push images
|
||||
echo "📦 Building Docker images..."
|
||||
docker build -t your-registry/threat-hunter-backend:latest ./backend
|
||||
docker build -t your-registry/threat-hunter-frontend:latest ./frontend
|
||||
|
||||
echo "🔄 Pushing to registry..."
|
||||
docker push your-registry/threat-hunter-backend:latest
|
||||
docker push your-registry/threat-hunter-frontend:latest
|
||||
|
||||
# Deploy based on environment
|
||||
if [ "$1" = "kubernetes" ]; then
|
||||
echo "☸️ Deploying to Kubernetes..."
|
||||
kubectl apply -f deploy/kubernetes/
|
||||
elif [ "$1" = "swarm" ]; then
|
||||
echo "🐳 Deploying to Docker Swarm..."
|
||||
docker stack deploy -c deploy/docker-stack.yml threat-hunter
|
||||
else
|
||||
echo "🐙 Deploying with Docker Compose..."
|
||||
docker-compose -f docker-compose.prod.yml up -d
|
||||
fi
|
||||
|
||||
echo "✅ Deployment complete!"
|
||||
55
deploy/docker-stack.yml
Normal file
55
deploy/docker-stack.yml
Normal file
@@ -0,0 +1,55 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
database:
|
||||
image: postgres:15
|
||||
environment:
|
||||
POSTGRES_DB: threat_hunter
|
||||
POSTGRES_USER_FILE: /run/secrets/db_user
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
secrets:
|
||||
- db_user
|
||||
- db_password
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
|
||||
backend:
|
||||
image: your-registry/threat-hunter-backend:latest
|
||||
environment:
|
||||
DATABASE_URL: postgresql://admin:secure_password_123@database:5432/threat_hunter
|
||||
SECRET_KEY_FILE: /run/secrets/secret_key
|
||||
secrets:
|
||||
- secret_key
|
||||
deploy:
|
||||
replicas: 3
|
||||
update_config:
|
||||
parallelism: 1
|
||||
delay: 10s
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
frontend:
|
||||
image: your-registry/threat-hunter-frontend:latest
|
||||
ports:
|
||||
- "80:3000"
|
||||
deploy:
|
||||
replicas: 2
|
||||
update_config:
|
||||
parallelism: 1
|
||||
delay: 10s
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
|
||||
secrets:
|
||||
db_user:
|
||||
external: true
|
||||
db_password:
|
||||
external: true
|
||||
secret_key:
|
||||
external: true
|
||||
37
deploy/kubernetes/deployment.yaml
Normal file
37
deploy/kubernetes/deployment.yaml
Normal file
@@ -0,0 +1,37 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: threat-hunter-backend
|
||||
spec:
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: threat-hunter-backend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: threat-hunter-backend
|
||||
spec:
|
||||
containers:
|
||||
- name: backend
|
||||
image: your-registry/threat-hunter-backend:latest
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: threat-hunter-secrets
|
||||
key: database-url
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: threat-hunter-backend-service
|
||||
spec:
|
||||
selector:
|
||||
app: threat-hunter-backend
|
||||
ports:
|
||||
- port: 5000
|
||||
targetPort: 5000
|
||||
type: LoadBalancer
|
||||
21
deploy/monitoring/docker-compose.monitoring.yml
Normal file
21
deploy/monitoring/docker-compose.monitoring.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
prometheus:
|
||||
image: prom/prometheus
|
||||
ports:
|
||||
- "9090:9090"
|
||||
volumes:
|
||||
- ./prometheus.yml:/etc/prometheus/prometheus.yml
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana
|
||||
ports:
|
||||
- "3001:3000"
|
||||
environment:
|
||||
GF_SECURITY_ADMIN_PASSWORD: admin
|
||||
volumes:
|
||||
- grafana_data:/var/lib/grafana
|
||||
|
||||
volumes:
|
||||
grafana_data:
|
||||
26
deploy/security/security-checklist.md
Normal file
26
deploy/security/security-checklist.md
Normal file
@@ -0,0 +1,26 @@
|
||||
# Security Deployment Checklist
|
||||
|
||||
## Pre-Deployment
|
||||
- [ ] Change all default passwords
|
||||
- [ ] Generate strong SECRET_KEY
|
||||
- [ ] Setup SSL/TLS certificates
|
||||
- [ ] Configure firewall rules
|
||||
- [ ] Set up backup strategy
|
||||
|
||||
## Database Security
|
||||
- [ ] Use strong database passwords
|
||||
- [ ] Enable database encryption
|
||||
- [ ] Configure database firewall
|
||||
- [ ] Set up regular backups
|
||||
|
||||
## Application Security
|
||||
- [ ] Update all dependencies
|
||||
- [ ] Configure CORS properly
|
||||
- [ ] Enable rate limiting
|
||||
- [ ] Set up monitoring/logging
|
||||
|
||||
## Infrastructure Security
|
||||
- [ ] Use private networks
|
||||
- [ ] Configure load balancer
|
||||
- [ ] Set up intrusion detection
|
||||
- [ ] Regular security updates
|
||||
29
deploy/setup-prod.bat
Normal file
29
deploy/setup-prod.bat
Normal file
@@ -0,0 +1,29 @@
|
||||
@echo off
|
||||
echo Setting up production environment...
|
||||
|
||||
REM Create environment file
|
||||
echo Creating .env.prod file...
|
||||
(
|
||||
echo DB_USER=threat_hunter_user
|
||||
echo DB_PASSWORD=%RANDOM%%RANDOM%
|
||||
echo SECRET_KEY=%RANDOM%%RANDOM%%RANDOM%
|
||||
echo FLASK_ENV=production
|
||||
) > .env.prod
|
||||
|
||||
REM Setup SSL certificates
|
||||
echo Setting up SSL certificates...
|
||||
mkdir ssl
|
||||
REM Add your SSL certificate generation here
|
||||
|
||||
REM Create backup directory
|
||||
mkdir backups
|
||||
mkdir logs
|
||||
|
||||
REM Setup firewall rules
|
||||
echo Configuring firewall...
|
||||
netsh advfirewall firewall add rule name="HTTP" dir=in action=allow protocol=TCP localport=80
|
||||
netsh advfirewall firewall add rule name="HTTPS" dir=in action=allow protocol=TCP localport=443
|
||||
|
||||
echo Production setup complete!
|
||||
echo Please update .env.prod with your actual values
|
||||
pause
|
||||
Reference in New Issue
Block a user