Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »
A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: [simterm] $ sudo apt -y install unattended-upgrades [/simterm] The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be… Read More »
Previously we used cloud-based Sentry version but then reached emails limit and our backend-team left without those notifications which are critical for their work. A self-hosted version was planned a long time ago so now we have a chance to spin it up. The post below describes how to start self-hosted Sentry on an AWS… Read More »
We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »
We have AWS RDS with MariaDB. The error below and its solution aren’t specific to AWS RDS and MariaDB. The next error appears during attempt to kill() a thread in MySQL: [simterm] MariaDB [(none)]> kill 759; ERROR 1095 (HY000): You are not owner of thread 759 [/simterm] The solution is to use the mysql.rds_kill() procedure… Read More »
We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »
I’m sure that using MFA (Multi-Factor Authentication) today is oblivious. For 2FA (2-Factor Authentication) the most used method is TOTP – Time-based One-time Password, when alongside with the common login:password also needs to enter a code generated by a device or software. The most known implementation is Google Authenticator but also there is a… Read More »
Originally, in a Sentinel’s configs, I have used the bind 0.0.0.0 to make them accessible from external hosts. Because of this when I started rolling out this setup on a real environment faced with an issue when Sentinels could not determine a Master host and other Sentinel hosts. In this post – such an issue… Read More »
This story happened on 10/06/2017, adding this post in English now. The original post (Rus) was written almost right after the well-known Not a Petya attack in Ukraine – that’s why it’s used in the title. I had a new project assigned to me. When I started its existing setup investigation – was just… Read More »
AWS CLI supports so-called named profiles stored in the configuration file .aws/config and ~/.aws/credentials file with keys which by default contains the… Well – the “default” profile. An additional profile can be added using the aws configure command with the –profile option. Here is an example of such file with already existing two profiles: [simterm]… Read More »