This is the second of three posts about Elastic Stack.
The Elastic Stack service is available to anyone who can reach it by default. This allows you to choose your security level and tools to provide it.
A simple search on Shodan for Kibana or Elasticsearch will quickly reveal that many do not secured their logs. I hope this post will encourage you to do so.
One efficient way to increase security is to place Elasticsearch and Kibana ... [continue reading]
For cattle purposes, it makes sense to follow a build-once-run-many principle. This is what we prefer for the machines powering our infrastructure. The current build method for deployments uses the tool-chain from the virt-manager project to achieve this.
The combination of virt-install(1) and virt-builder(1) provides a layered approach for generating disk-images. Those images can then be used as a base for constructing images for the different environments that we support:
bash has many things that just works automagically. Did you know it has a built-in pseudo-random number generator? Let’s play games!
Before continuing, note that this is pseudo-randomization with a small footprint. DO NOT use it for security, scrambling, passwords, or anything even scarcely security related.
The random function in bash is called by the magic variable RANDOM. It gives you a more or ... [continue reading]
As mentioned in a previous blog entry, this site is deployed to an S3 website bucket when the Git master branch receives a push. I will here explain how we created and configured the website bucket in question, as well as explain the varnish configuration in front of it.
The S3 storage we use is Ceph with a S3-compatible Ceph Object Gateway (radosgw) interface, but the process should work for any S3 compatible storage with website-bucket functionality.
In this ... [continue reading]
It’s easy to get lost in Windows large event logs and log files during troubleshooting, here to help are PowerShell cmdlets Get-EventLog and Get-Content.
These cmdlets shows PowerShell’s strength comparing to the built-in GUI-tools in Windows. Let’s start with cmdlet Get-EventLog to get some information from an event log. Examples below is how I often work with these cmdlets when searching for logged events on hosts.
Start PowerShell from a command prompt by typing ... [continue reading]
ncat is a utility that is like the UNIX cat command but for network connections. It’s based on the original netcat and comes with a couple of more modern features.
In this short post, we’ll go through a couple of examples to see exactly what uses this tool has. I’m currently using ncat version 7.01, in Ubuntu 16.04. ncat is a part of the nmap package in Ubuntu.
A couple of the features of ncat, some ... [continue reading]
When an ISP or Autonomous System (AS) such as Redpill Linpro acquires a block of globally unique IP addresses (called a prefix), it must advertise it to the global Internet routing table. This advertisement causes all other ASes in the world to find out that the new prefix is now alive, and also how and where to send any IP packets destined for it. Connectivity is established, and everybody is happy. Right?
Except there is a problem. The ... [continue reading]
This is the first of three posts about Elastic Stack.
At a glance, Elastic Stack is a web based search engine. It’s like Google. For your logs.
Elastic stack contains multiple components.
You might, like me, once have tried to get something to run on the first Monday of the month, or maybe the last Friday of the month, or something else that’s a combination of a weekday (Mon–Sun) and a «week» (i.e. a date range, like 01–07). The naive approach is to use cron as you would expect it to work:
0 0 1-7 * 1 /usr/bin/foo The surprise comes when this makes foo ... [continue reading]
I’ve always had a bad conscience about the audit trail on the servers I manage. Sure, we use personal accounts and sudo, so we know who ran every command. Unfortunately, the command in the sudo log is often just “bash”.
The reason for this is simple: It is quite awkward to work in the shell when TAB completion doesn’t work. You want to read the error log in /var/log/httpd? Too bad, the directory is off limits for normal users. So ... [continue reading]