Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

This commit is contained in:
Translator
2024-12-31 19:00:04 +00:00
parent 7770a50092
commit 10e2881a9b
244 changed files with 8499 additions and 11339 deletions
@@ -1,139 +1,127 @@
# DO - Basic Information
# DO - Osnovne informacije
{{#include ../../banners/hacktricks-training.md}}
## Basic Information
## Osnovne informacije
DigitalOcean is a **cloud computing platform that provides users with a variety of services**, including virtual private servers (VPS) and other resources for building, deploying, and managing applications. **DigitalOcean's services are designed to be simple and easy to use**, making them **popular among developers and small businesses**.
DigitalOcean je **platforma za cloud računarstvo koja korisnicima pruža razne usluge**, uključujući virtuelne privatne servere (VPS) i druge resurse za izgradnju, implementaciju i upravljanje aplikacijama. **Usluge DigitalOcean-a su dizajnirane da budu jednostavne i lake za korišćenje**, što ih čini **popularnim među programerima i malim preduzećima**.
Some of the key features of DigitalOcean include:
Neke od ključnih karakteristika DigitalOcean-a uključuju:
- **Virtual private servers (VPS)**: DigitalOcean provides VPS that can be used to host websites and applications. These VPS are known for their simplicity and ease of use, and can be quickly and easily deployed using a variety of pre-built "droplets" or custom configurations.
- **Storage**: DigitalOcean offers a range of storage options, including object storage, block storage, and managed databases, that can be used to store and manage data for websites and applications.
- **Development and deployment tools**: DigitalOcean provides a range of tools that can be used to build, deploy, and manage applications, including APIs and pre-built droplets.
- **Security**: DigitalOcean places a strong emphasis on security, and offers a range of tools and features to help users keep their data and applications safe. This includes encryption, backups, and other security measures.
- **Virtuelni privatni serveri (VPS)**: DigitalOcean pruža VPS koji se mogu koristiti za hostovanje veb sajtova i aplikacija. Ovi VPS su poznati po svojoj jednostavnosti i lakoći korišćenja, i mogu se brzo i lako implementirati koristeći razne unapred pripremljene "droplete" ili prilagođene konfiguracije.
- **Skladištenje**: DigitalOcean nudi niz opcija za skladištenje, uključujući objektno skladištenje, blok skladištenje i upravljane baze podataka, koje se mogu koristiti za skladištenje i upravljanje podacima za veb sajtove i aplikacije.
- **Alati za razvoj i implementaciju**: DigitalOcean pruža niz alata koji se mogu koristiti za izgradnju, implementaciju i upravljanje aplikacijama, uključujući API-je i unapred pripremljene droplete.
- **Bezbednost**: DigitalOcean stavlja veliki naglasak na bezbednost i nudi niz alata i karakteristika koje pomažu korisnicima da drže svoje podatke i aplikacije sigurnim. Ovo uključuje enkripciju, rezervne kopije i druge mere bezbednosti.
Overall, DigitalOcean is a cloud computing platform that provides users with the tools and resources they need to build, deploy, and manage applications in the cloud. Its services are designed to be simple and easy to use, making them popular among developers and small businesses.
Sve u svemu, DigitalOcean je platforma za cloud računarstvo koja korisnicima pruža alate i resurse potrebne za izgradnju, implementaciju i upravljanje aplikacijama u cloudu. Njegove usluge su dizajnirane da budu jednostavne i lake za korišćenje, što ih čini popularnim među programerima i malim preduzećima.
### Main Differences from AWS
### Glavne razlike u odnosu na AWS
One of the main differences between DigitalOcean and AWS is the **range of services they offer**. **DigitalOcean focuses on providing simple** and easy-to-use virtual private servers (VPS), storage, and development and deployment tools. **AWS**, on the other hand, offers a **much broader range of services**, including VPS, storage, databases, machine learning, analytics, and many other services. This means that AWS is more suitable for complex, enterprise-level applications, while DigitalOcean is more suited to small businesses and developers.
Jedna od glavnih razlika između DigitalOcean-a i AWS-a je **raspon usluga koje nude**. **DigitalOcean se fokusira na pružanje jednostavnih** i lakih za korišćenje virtuelnih privatnih servera (VPS), skladištenja i alata za razvoj i implementaciju. **AWS**, s druge strane, nudi **mnogo širi spektar usluga**, uključujući VPS, skladištenje, baze podataka, mašinsko učenje, analitiku i mnoge druge usluge. To znači da je AWS pogodniji za složene, aplikacije na nivou preduzeća, dok je DigitalOcean više prilagođen malim preduzećima i programerima.
Another key difference between the two platforms is the **pricing structure**. **DigitalOcean's pricing is generally more straightforward and easier** to understand than AWS, with a range of pricing plans that are based on the number of droplets and other resources used. AWS, on the other hand, has a more complex pricing structure that is based on a variety of factors, including the type and amount of resources used. This can make it more difficult to predict costs when using AWS.
Još jedna ključna razlika između dve platforme je **struktura cena**. **Cene DigitalOcean-a su generalno jednostavnije i lakše** za razumevanje od AWS-a, sa nizom planova cena koji se zasnivaju na broju dropleta i drugih korišćenih resursa. AWS, s druge strane, ima složeniju strukturu cena koja se zasniva na raznim faktorima, uključujući tip i količinu korišćenih resursa. Ovo može otežati predviđanje troškova prilikom korišćenja AWS-a.
## Hierarchy
## Hijerarhija
### User
### Korisnik
A user is what you expect, a user. He can **create Teams** and **be a member of different teams.**
Korisnik je ono što očekujete, korisnik. On može **kreirati timove** i **biti član različitih timova.**
### **Team**
### **Tim**
A team is a group of **users**. When a user creates a team he has the **role owner on that team** and he initially **sets up the billing info**. **Other** user can then be **invited** to the team.
Tim je grupa **korisnika**. Kada korisnik kreira tim, on ima **ulogu vlasnika tog tima** i inicijalno **postavlja informacije o naplati**. **Ostali** korisnici mogu biti **pozvani** u tim.
Inside the team there might be several **projects**. A project is just a **set of services running**. It can be used to **separate different infra stages**, like prod, staging, dev...
Unutar tima može biti nekoliko **projekata**. Projekat je samo **set usluga koje rade**. Može se koristiti za **odvajanje različitih faza infrastrukture**, kao što su prod, staging, dev...
### Project
### Projekat
As explained, a project is just a container for all the **services** (droplets, spaces, databases, kubernetes...) **running together inside of it**.\
A Digital Ocean project is very similar to a GCP project without IAM.
Kao što je objašnjeno, projekat je samo kontejner za sve **usluge** (droplete, prostore, baze podataka, kubernetes...) **koje rade zajedno unutar njega**.\
Digital Ocean projekat je vrlo sličan GCP projektu bez IAM-a.
## Permissions
## Dozvole
### Team
### Tim
Basically all members of a team have **access to the DO resources in all the projects created within the team (with more or less privileges).**
U suštini, svi članovi tima imaju **pristup DO resursima u svim projektima kreiranim unutar tima (sa više ili manje privilegija).**
### Roles
### Uloge
Each **user inside a team** can have **one** of the following three **roles** inside of it:
Svaki **korisnik unutar tima** može imati **jednu** od sledeće tri **uloge** unutar njega:
| Role | Shared Resources | Billing Information | Team Settings |
| ---------- | ---------------- | ------------------- | ------------- |
| **Owner** | Full access | Full access | Full access |
| **Biller** | No access | Full access | No access |
| **Member** | Full access | No access | No access |
| Uloga | Deljeni resursi | Informacije o naplati | Podešavanja tima |
| ---------- | ---------------- | --------------------- | ----------------- |
| **Vlasnik**| Potpun pristup | Potpun pristup | Potpun pristup |
| **Naplata**| Nema pristup | Potpun pristup | Nema pristup |
| **Član** | Potpun pristup | Nema pristup | Nema pristup |
**Owner** and **member can list the users** and check their **roles** (biller cannot).
**Vlasnik** i **član mogu da navedu korisnike** i provere njihove **uloge** (naplata ne može).
## Access
## Pristup
### Username + password (MFA)
### Korisničko ime + lozinka (MFA)
As in most of the platforms, in order to access to the GUI you can use a set of **valid username and password** to **access** the cloud **resources**. Once logged in you can see **all the teams you are part** of in [https://cloud.digitalocean.com/account/profile](https://cloud.digitalocean.com/account/profile).\
And you can see all your activity in [https://cloud.digitalocean.com/account/activity](https://cloud.digitalocean.com/account/activity).
Kao i na većini platformi, da biste pristupili GUI-u, možete koristiti set **važećeg korisničkog imena i lozinke** za **pristup** cloud **resursima**. Kada se prijavite, možete videti **sve timove čiji ste deo** na [https://cloud.digitalocean.com/account/profile](https://cloud.digitalocean.com/account/profile).\
I možete videti sve svoje aktivnosti na [https://cloud.digitalocean.com/account/activity](https://cloud.digitalocean.com/account/activity).
**MFA** can be **enabled** in a user and **enforced** for all the users in a **team** to access the team.
**MFA** može biti **omogućena** za korisnika i **nametnuta** za sve korisnike u **timu** da pristupe timu.
### API keys
In order to use the API, users can **generate API keys**. These will always come with Read permissions but **Write permission are optional**.\
The API keys look like this:
### API ključevi
Da bi koristili API, korisnici mogu **generisati API ključeve**. Ovi ključevi će uvek imati Read dozvole, ali su **Write dozvole opcione**.\
API ključevi izgledaju ovako:
```
dop_v1_1946a92309d6240274519275875bb3cb03c1695f60d47eaa1532916502361836
```
The cli tool is [**doctl**](https://github.com/digitalocean/doctl#installing-doctl). Initialise it (you need a token) with:
Alat za komandnu liniju je [**doctl**](https://github.com/digitalocean/doctl#installing-doctl). Inicijalizujte ga (potreban vam je token) sa:
```bash
doctl auth init # Asks for the token
doctl auth init --context my-context # Login with a different token
doctl auth list # List accounts
```
Podrazumevano, ovaj token će biti zapisan u čistom tekstu na Mac-u u `/Users/<username>/Library/Application Support/doctl/config.yaml`.
By default this token will be written in clear-text in Mac in `/Users/<username>/Library/Application Support/doctl/config.yaml`.
### Ključevi za pristup Spaces
### Spaces access keys
These are keys that give **access to the Spaces** (like S3 in AWS or Storage in GCP).
They are composed by a **name**, a **keyid** and a **secret**. An example could be:
Ovo su ključevi koji daju **pristup Spaces** (kao S3 u AWS-u ili Storage u GCP-u).
Sastoje se od **imena**, **keyid** i **secret**. Primer bi mogao biti:
```
Name: key-example
Keyid: DO00ZW4FABSGZHAABGFX
Secret: 2JJ0CcQZ56qeFzAJ5GFUeeR4Dckarsh6EQSLm87MKlM
```
### OAuth Application
OAuth applications can be granted **access over Digital Ocean**.
OAuth aplikacije mogu dobiti **pristup preko Digital Ocean**.
It's possible to **create OAuth applications** in [https://cloud.digitalocean.com/account/api/applications](https://cloud.digitalocean.com/account/api/applications) and check all **allowed OAuth applications** in [https://cloud.digitalocean.com/account/api/access](https://cloud.digitalocean.com/account/api/access).
Moguće je **kreirati OAuth aplikacije** na [https://cloud.digitalocean.com/account/api/applications](https://cloud.digitalocean.com/account/api/applications) i proveriti sve **dozvoljene OAuth aplikacije** na [https://cloud.digitalocean.com/account/api/access](https://cloud.digitalocean.com/account/api/access).
### SSH Keys
It's possible to add **SSH keys to a Digital Ocean Team** from the **console** in [https://cloud.digitalocean.com/account/security](https://cloud.digitalocean.com/account/security).
Moguće je dodati **SSH ključeve u Digital Ocean tim** iz **konsole** na [https://cloud.digitalocean.com/account/security](https://cloud.digitalocean.com/account/security).
This way, if you create a **new droplet, the SSH key will be set** on it and you will be able to **login via SSH** without password (note that newly [uploaded SSH keys aren't set in already existent droplets for security reasons](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/)).
Na ovaj način, ako kreirate **novi droplet, SSH ključ će biti postavljen** na njemu i moći ćete da **se prijavite putem SSH** bez lozinke (napomena: novi [otpremljeni SSH ključevi nisu postavljeni na već postojeće droplete iz bezbednosnih razloga](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/)).
### Functions Authentication Token
The way **to trigger a function via REST API** (always enabled, it's the method the cli uses) is by triggering a request with an **authentication token** like:
Način **da se aktivira funkcija putem REST API** (uvek omogućeno, to je metoda koju koristi cli) je slanjem zahteva sa **tokenom za autentifikaciju** kao:
```bash
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
```
## Logs
### User logs
The **logs of a user** can be found in [**https://cloud.digitalocean.com/account/activity**](https://cloud.digitalocean.com/account/activity)
**Logovi korisnika** se mogu pronaći na [**https://cloud.digitalocean.com/account/activity**](https://cloud.digitalocean.com/account/activity)
### Team logs
The **logs of a team** can be found in [**https://cloud.digitalocean.com/account/security**](https://cloud.digitalocean.com/account/security)
**Logovi tima** se mogu pronaći na [**https://cloud.digitalocean.com/account/security**](https://cloud.digitalocean.com/account/security)
## References
- [https://docs.digitalocean.com/products/teams/how-to/manage-membership/](https://docs.digitalocean.com/products/teams/how-to/manage-membership/)
{{#include ../../banners/hacktricks-training.md}}