Category Archives: Security

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update
0 (0)

24 May 2019

In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »

Debian: unattended-upgrades – automatic upgrades installation with email notifications via AWS SES
0 (0)

23 May 2019

A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: [simterm] $ sudo apt -y install unattended-upgrades [/simterm] The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be… Read More »

Bitwarden: an organization’s password manager self-hosted version installation on an AWS EC2
0 (0)

1 May 2019

We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »

Linux: GPG-keys, Pass – passwords manager, and passwords import from the KeePass database
0 (0)

25 April 2019

pass – a password manager for Linux/UNIX. Stores data in tree-based directories/files structure and encrypts files with a GPG-key. In Arch Linux present by default, in Debian can be installed using apt from default repositories: [simterm] $ sudo apt install pass [/simterm] For macOS can be installed with Homebrew: [simterm] $ brew install pass [/simterm]… Read More »

Authy: step by step Multi-Factor Authentication configuration for Github and AWS
0 (0)

17 April 2019

I’m sure that using MFA (Multi-Factor Authentication) today is oblivious. For 2FA (2-Factor Authentication) the most used method is TOTP – Time-based One-time Password, when alongside with the common login:password also needs to enter a code generated by a device or software. The most known implementation is Google Authenticator but also there is a lot… Read More »

Jenkins: a job to check a Github organization’s public repositories list
0 (0)

16 April 2019

Proceeding with a Github repositories checker. To recall: the idea is to have such a check in case if somebody from developers accidentally will share our project’s private repository as public, or will create a public repository instead of making it as a private one – we will get a Slack alarm about such a… Read More »

MySQL/MariaDB: like Petya ransomware for MySQL and ‘root’@’%’ access
0 (0)

3 April 2019

This story happened on 10/06/2017, adding this post in English now. The original post (Rus) was written almost right after the well-known Not a Petya attack in Ukraine – that’s why it’s used in the title. I had a new project assigned to me. When I started its existing setup investigation – was just shocked.… Read More »

TestRail: QA Test Case Management installation on Linux
0 (0)

22 March 2019

TestRail – Test Case Management Software for QA and Development Teams. Well – that’s all needed as a description) Below – its installation on Debian Linux with NGINX, Let’s Encrypt, PHP-FPM, MariaDB, and Exim. Project’s homepage – www.gurock.com/testrail Installation official documentation – here>>>. Setup will be on an AWS EC2. LEMP and SSL Login to… Read More »

Prometheus: RTFM blog monitoring set up with Ansible – Grafana, Loki, and promtail
0 (0)

10 March 2019

After implementing the Loki system on my job’s project – I decided to add it for myself, so see my RTFM blog server’s logs. Also – want to add the node_exporter and alertmanager, to be notified about high disk usage. In this post, I’ll describe the Prometheus, node_exporter, Grafana, Loki, and promtail set up process… Read More »

OpenVPN: SSL and hostname configuration
0 (0)

26 February 2019

We already have our OpenVPN AS running in Production, so a few more posts about last steps in its configuration. For now – need to configure SSL to avoid alerts in clients browsers. OpenVPN AS documentation for SSL setup – here>>>. Let’s Encrypt Install Let’s Encrypt client: [simterm] root@openvpnas2:~# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt [/simterm] Open… Read More »