How Do You Use a NACL in AWS?

Problem scenario
You have a VPC. You want a NACL to protect your VPC from hackers and other networks. What do you do?

Solution
Network ACLs are created by default when you create a VPC. They can be configured the same way Security Groups are configured in the AWS Console. Go to the VPC Dashboard -Security -Network ACLs. Click on the relevant Network ACL.

 » Read more..

How Do You Troubleshoot Ansible Errors about SELinux?

Problem scenario
You have Python 3 installed, but you do not have pip3 installed. One of the following also apply to your situation:

Problem scenario #1
You run an Ansible playbook. You receive the error message “Aborting, target uses selinux but python bindings (libselinux-python) aren’t installed.”

Problem scenario #2
You run an Ansible playbook.

 » Read more..

How Do You Get the libselinux-python to Work with Python 3?

Problem scenario
You have Python 2 and Python 3 installed. When you run Python 3 programs, you get an error message about selinux. The message is consistent with libselinux-python not being installed.

When you enter the Python interpreter for Python 2, you can run this command without errors: import selinux

But when you enter the Python interpreter for Python 3 (e.g., python3), you get errors when you run this command: import selinux

Security of the server is not critical,

 » Read more..

How Do You Troubleshoot the Adaware Antivirus Problem of “Definitions could not be updated”?

Problem scenario
You are using Adaware Antivirus. You try to download the latest definitions, but you get this error message: “Definitions could not be updated Something prevented the definitions from updating. Please try again at a later time.”

How do you update Adaware Antivirus?

Solution
Try a different internet connection. Some public WiFi spots may block certain ports. VPN tunnels may not help solve the problem.

 » Read more..

Should Environmental Data Be Placed Into Version Control?

Problem scenario
You are not sure if environmental specific values should be placed into version control. What should do you?

Solution
Some people think that everything should go into version control. But others disagree. Here are examples of each philosophy:

“You need to get everything in version control. Everything. Not just the code, but everything required to build the environment.” (This was taken from page 297 of The Phoenix Project.) This is very clear in how it disagrees with the twelve-factor app principles.

 » Read more..

Why Does a User Not Have Access to a VPC when The Configuration Appears to Allow For Connectivity?

Problem scenario
A user has no access to a VPC from her workstation. What are three ways a user can be given access to resources in a VPC?

Four Possible, Independent Solutions

  1. Network Access Control lists. These are IP address firewalls for the VPCs themselves. Based on the IP address of the user’s workstation, Network Access Control lists can allow or disallow traffic to the VPC.

 » Read more..

Cyber Security News on May 15, 2020

SaltStack has a critical vulnerability. You can read more about it here or view the CVE on the NIST website here.

COVID-19 has apparently contributed to an uptick in cyber crimes. You can read more about it here.

 » Read more..

How Do You Find the Minimum Password Length in AWS?

Problem scenario
You are now an AWS administrator for an existing company. You want to find out what the password requirements are (e.g., minimum length, maximum duration, complexity requirements etc.) for IAM users. What do you do to find the minimum length?

Solution
Log into the AWS console. Go to IAM -Account Settings.

 » Read more..

What is the AWS CLI Command to Show the Security Group IDs?

Problem scenario
You are now administering an AWS account. You have the AWS CLI installed and configured. How do you find out what Security Group IDs there are?

Solution
Run this command:
aws ec2 describe-security-groups | grep -i groupid

 » Read more..

How Do You Create a Customer Managed Key in AWS?

Problem scenario
You want to create a CMK in Amazon web servers. What do you do?

Solution
Use Secrets Manager with Amazon’s Key Management Service.

1. Log into the AWS console.
2. Go to “Key Management Service”
3. Click on “Create key”
4. Enter an “Alias”. Normally you won’t click on the “Advanced options” unless you have a special reason.

 » Read more..