I have been a Hashicorp fan boy for a couple of years now. I am impressed, and happy with pretty much everything they have done from Vagrant to Consul and more. In short they make the DevOps world a better place. That being said this article is about the aptly named Terraform product. Here is how […]
Continue ReadingCategory: Security
Storing passwords securely using Pass (GPG)
Today we live in an endless sea of passwords, which are a very inefficient and ineffective means of securing our data & environments. Many companies are trying to solve this problem using a variety of techniques that all revolve around various forms of multi-factor authentication. However, in the mean time were all screwed 😉 Just kidding. Quick […]
Continue ReadingHow to use Boto to Audit your AWS EC2 instance security groups
Boto is a Software Development Kit for accessing the AWS API’s using Python. https://github.com/boto/boto3 Recently, I needed to determine how many of my EC2 instances were spawned in a public subnet, that also had security groups with wide open access on any port via any protocol to the instances. Because I have an IGW (Internet […]
Continue ReadingPreventing (bind9) DNS Naughty-ness (named.conf & iptables/ufw) on Ubuntu
If you run a DNS server on the Internet with a default configuration many people/robots will take advantage of you. The same is true for Mail, but that is another article. Needless to say if you are running a service on the Internet, the naughty goblins will find you. To thwart these dirty criminals all […]
Continue ReadingIntroducing Vault
Vault Vault is a command line utility for encrypting & decrypting things. Those things are stored on disk in hidden files, meaning in *nix they simply have a ‘.’ in front and don’t show up unless you type ls -la 😉 But anyway, who cares if someone can locate the files ! They are AES encrypted […]
Continue Reading