A quick note mainly for myself on how to enable remote access in PostgreSQL and create its database dump. An EC2-server moved to our AWS account with one website. During an attempt to connect to the PostgreSQL running on this host – the “FATAL: Peer authentication failed for user “name”” appears. And the same error… Read More »
Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »
A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: [simterm] $ sudo apt -y install unattended-upgrades [/simterm] The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be… Read More »
We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »
pass – a password manager for Linux/UNIX. Stores data in tree-based directories/files structure and encrypts files with a GPG-key. In Arch Linux present by default, in Debian can be installed using apt from default repositories: [simterm] $ sudo apt install pass [/simterm] For macOS can be installed with Homebrew: [simterm] $ brew install pass [/simterm]… Read More »
I’m sure that using MFA (Multi-Factor Authentication) today is oblivious. For 2FA (2-Factor Authentication) the most used method is TOTP – Time-based One-time Password, when alongside with the common login:password also needs to enter a code generated by a device or software. The most known implementation is Google Authenticator but also there is a… Read More »
Proceeding with a Github repositories checker. To recall: the idea is to have such a check in case if somebody from developers accidentally will share our project’s private repository as public, or will create a public repository instead of making it as a private one – we will get a Slack alarm about such a… Read More »
This story happened on 10/06/2017, adding this post in English now. The original post (Rus) was written almost right after the well-known Not a Petya attack in Ukraine – that’s why it’s used in the title. I had a new project assigned to me. When I started its existing setup investigation – was just… Read More »
chroot() was added to the Version 7 Unix in 1979 and used for filesystem isolation. In fact, it’s the predecessor of the whole current containerization idea, just now there are namespaces and cgroups are used while earlier chroot was used to create an environment which is isolated from a host and can be used for… Read More »
The task is to send an email alert when SSH-login was made from a not whitelisted IPs. Will use Monit here. Install it: [simterm] root@jenkins-dev:/home/admin# apt update && apt -y install monit [/simterm] Configure email settings: set localhost (we have a local eximhere), email’s format and email’s receiver. Edit the /etc/monit/monitrc file: … set mailserver localhost… Read More »