add iron bank scripts

rapidfort · Jul 25, 2022 · 3d49a0d · 3d49a0d
1 parent da15f1a
commit 3d49a0d
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 6 deletions.
diff --git a/scripts/nginx_ib.sh b/scripts/nginx_ib.sh
@@ -1,15 +1,18 @@
 #!/bin/bash
 set -x
-echo "Nginx Demo"
+echo "Nginx Ironbank Demo"
+
+# authenticate to docker
+docker login registry1.dso.mil
 
 # pull the latest NGINX image
-docker pull registry1.dso.mil/ironbank/opensource/nginx:latest
+docker pull registry1.dso.mil/ironbank/opensource/nginx/nginx:latest
 
 # run rfstub to generate the stub. this creates a new image, nginx:latest-rfstub
-rfstub registry1.dso.mil/ironbank/opensource/nginx:latest
+rfstub registry1.dso.mil/ironbank/opensource/nginx/nginx:latest
 
 # run the stub. add the SYS_PTRACE capability so that RapidFort can trace the runtime behavior
-docker run --rm -d -p9999:80 --name=my-rf-test --cap-add=SYS_PTRACE registry1.dso.mil/ironbank/opensource/nginx:latest-rfstub
+docker run --rm -d -p9999:8080 --name=my-rf-test --cap-add=SYS_PTRACE registry1.dso.mil/ironbank/opensource/nginx/nginx:latest-rfstub
 sleep 15
 
 # run some tests to exercise the application. you can also point your browser to localhost:9999
@@ -19,13 +22,13 @@ curl localhost:9999
 docker stop my-rf-test
 
 # run rfharden to optimize and secure the image. this creates a new image, nginx:latest-rfhardened
-rfharden registry1.dso.mil/ironbank/opensource/nginx:latest-rfstub
+rfharden registry1.dso.mil/ironbank/opensource/nginx/nginx:latest-rfstub
 
 # check out the various images we created
 docker images | grep nginx
 
 # run the hardened image and test it again
-docker run --rm -d -p9999:80 registry1.dso.mil/ironbank/opensource/nginx:latest-rfhardened
+docker run --rm -d -p9999:8080 registry1.dso.mil/ironbank/opensource/nginx/nginx:latest-rfhardened
 sleep 15
 curl localhost:9999
 

diff --git a/scripts/postgres_ib.sh b/scripts/postgres_ib.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -x
+echo "Postgres Ironbank Demo"
+
+# authenticate to docker
+docker login registry1.dso.mil
+
+#pull the latest Postgres image
+docker pull registry1.dso.mil/ironbank/opensource/postgres/postgresql12:latest
+
+#run rfstub to generate the stub. this creates a new image, Postgres:latest-rfstub
+rfstub registry1.dso.mil/ironbank/opensource/postgres/postgresql12:latest
+
+#run the stub. add the SYS_PTRACE capability so that RapidFort can trace the runtime behavior
+docker run -d --rm -ePOSTGRES_PASSWORD=my_pass -p5432:5432 --name my-rf-test --cap-add=SYS_PTRACE registry1.dso.mil/ironbank/opensource/postgres/postgresql12:latest-rfstub
+sleep 15
+
+#run some tests to exercise the application. 
+curl https://raw.githubusercontent.com/rapidfort/community-images/main/community_images/common/tests/test.psql > test.psql
+docker cp test.psql my-rf-test:/tmp/test.psql
+docker exec -i my-rf-test /bin/bash -c "PGPASSWORD=my_pass psql -U postgres -d postgres -f /tmp/test.psql"
+
+#stop the container
+docker stop my-rf-test
+
+#run rfharden to optimize and secure the image. this creates a new image, Postgres:latest-rfhardened
+rfharden registry1.dso.mil/ironbank/opensource/postgres/postgresql12:latest-rfstub
+
+#check out the various images we created
+docker images | grep postgres
+
+#run the hardened image and test it again
+docker run -d --rm -ePOSTGRES_PASSWORD=my_pass -p5432:5432 --name posgres-hardened registry1.dso.mil/ironbank/opensource/postgres/postgresql12:latest-rfhardened
+sleep 15
+docker cp test.psql posgres-hardened:/tmp/test.psql
+docker exec -i posgres-hardened /bin/bash -c "PGPASSWORD=my_pass psql -U postgres -d postgres -f /tmp/test.psql"
+
+#for more information, please view the Getting Started documentation
+echo "https://docs.rapidfort.com/getting-started/docker"
diff --git a/scripts/redis_ib.sh b/scripts/redis_ib.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -x
+echo "Redis Ironbank Demo"
+
+# authenticate to docker
+docker login registry1.dso.mil
+
+#pull the latest Redis image
+docker pull registry1.dso.mil/ironbank/opensource/redis/redis6:latest
+
+#run rfstub to generate the stub. this creates a new image, redis:latest-rfstub
+rfstub registry1.dso.mil/ironbank/opensource/redis/redis6:latest
+
+#run the stub. add the SYS_PTRACE capability so that RapidFort can trace the runtime behavior
+docker run --rm -d -p 6379:6379 --cap-add=SYS_PTRACE --name my-rf-test registry1.dso.mil/ironbank/opensource/redis/redis6:latest-rfstub
+sleep 15
+
+#run some tests to exercise the application. 
+curl https://raw.githubusercontent.com/rapidfort/community-images/main/community_images/common/tests/test.redis > test.redis
+docker cp test.redis my-rf-test:/tmp/test.redis
+docker exec -i my-rf-test /bin/bash -c "cat /tmp/test.redis | redis-cli --pipe"
+
+#stop the container
+docker stop my-rf-test
+
+#run rfharden to optimize and secure the image. this creates a new image, redis:latest-rfhardened
+rfharden registry1.dso.mil/ironbank/opensource/redis/redis6:latest-rfstub
+
+#check out the various images we created
+docker images | grep redis
+
+#run the hardened image and test it again
+docker run --rm -d -p 6379:6379 --name redis-hardened registry1.dso.mil/ironbank/opensource/redis/redis6:latest-rfhardened
+sleep 15
+docker cp test.redis redis-hardened:/tmp/test.redis
+docker exec -i redis-hardened /bin/bash -c "cat /tmp/test.redis | redis-cli --pipe"
+
+#for more information, please view the Getting Started documentation
+echo "https://docs.rapidfort.com/getting-started/docker"