Security 🔐

It’s been just over a year since I first posted about the Azure DevOps Terraform Pipeline I used to use external link , I say used to use, because that pipeline is now a little outdated. This posts covers the updated Pipeline I am starting to deploy along side my Terraform code. Pipeline Overview The pipeline itself has expanded a little and it now not only uses stages but also depending what Terraform is planning on doing it will trigger a manual approval process should there be any resources being destroyed....

Earlier this week the guys over at sysdig external link announced the availability of Falco, a behavioral security service which is built on top of their core Open Source sysdig engine. As is always the case when I try new things, I launched a Digital Ocean external link Droplet running CentOS 7.2. Once the Droplet was available I ran the command to get the basics configured on the droplet; curl -fsS https://raw.githubusercontent.com/russmckendrick/DOBootstrap/master/do-bootstrap.sh | bash Once the Droplet was configured I installed Falco using the repo provided by sysdig by running the following commands;...

A while I posted about a script I wrote to quickly bootstrap a Digital Ocean droplet external link . One one of the things I noticed while trying to install a few packages is that even though my script had run a yum update I was booting into the original Kernel and this was causing all sorts of hilarity when trying to build a Kernel module, because of this I added a few lines to my script to tell you if the kernel has been updated, and if so what the new version is;...

In my previous post external link I wrote about launching a CentOS 7 Virtual Machine in Azure external link using Terraform external link . As you can see from my original configuration I was adding a password and my own user. This worked well, the machine launched and I could access it as expect and sudo to root. However, when it came to using Terraforms built-in provisioner I started to have problems as the commands I was running need root privileges, when I tried using sudo it would sit there waiting for the password to entered....

As I have mentioned a few times on this blog I tend to use DigtialOcean external link to spin up servers for testing and to host some of my projects. I also still use CentOS 7 external link as my preferred OS. Each time I boot a droplet I run few a couple of tasks to get the server how I prefer it. Run a yum update Enable swap external link Install & configure Fail2Ban external link Enable firewalld Install vim-enhanced, deltarpm & enable EPEL external link As I am lazy and sometimes re-launch instances several times when working on a project I decided to write a quick script to do the above so I don’t have to external link ....

One of the first things I do on a new server is install fail2ban external link . I have written about it before, but that was back when I was still using CentOS 6 external link . Now I am using CentOS 7 the installation has a few more steps. Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban. yum install -y epel-release && yum install -y fail2ban Once installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);...

Sysdig external link looks like it could be a useful addition to a sysadmins list of tools, it is described as; Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top. It’s easy to install external link …. curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash …....

Since I have been playing with Docker external link for the past few weeks external link I have had more servers on-line. I don’t have a static IP address at home so while I have a jump host setup I found I was still being port scanned and brute forced. I only caught a sniff of it in the logs while looking at another problem, even though password authentication is disabled and I only use keys I decided install Fail2Ban external link to start blocking people, just in-case....