How Do You Create and Store an Application-Level Secret on the AWS Cloud?

Problem scenario
You want to create and save an application-level secret in AWS. What do you do?

Solution
Use Secrets Manager.

Procedures

  1. Log into the AWS console.
  2. Go to “Secrets Manager”
  3. Click “Store a new secret”
  4. For the secret type choose “Other type of secrets”.
  5. For the left-most field,

 » Read more..

How Do You Remove the ECDSA Fingerprints of Old Servers That You Will Not Connect to Again?

Problem scenario
You have a server that has run SSH to connect to other servers. You want to remove the fingerprints so the ECDSA key fingerprint will challenge a user to continue connecting. What do you do?

Solution
Run this command where x.x.x.x is the IP address or hostname of the server whose finger print should be removed: ssh-keygen -R x.x.x.x

If you used a hostname with the SSH comands,

 » Read more..

How Can You Change the cgroups Settings for Docker Containers while Bypassing Docker?

Problem scenario
You want to bypass Docker and configure the cgroups directly. You want new Docker containers to be governed by these customized settings. What should you do?

Solution
You may not want to bypass Docker for your cgroup modifications. You should read about the libcontainers. By default Docker uses libcontainers for granular configuration changes along the lines of modifying cgroups settings. You could potentially use LXC,

 » Read more..

What is a Secret in Kubernetes?

Question
What is a Secret in Kubernetes?

Answer
It is a ConfigMap with sensitive data that is encoded in Base64 text. What is a ConfigMap? It is a .yaml with a special format. There is always a “data:” section that is part of the YAML definition of a ConfigMap. The key-value pairs in the “data” section will have keys that appear in regular text;

 » Read more..

What Is The Immutable Bit vs. The Sticky Bit?

Problem scenario
You have heard of the immutable bit and want to know how it is different from the sticky bit. What is the immutable bit versus the sticky bit? What are the differences between the two?

Solution
We like the term “immutable flag” as opposed to “immutable bit” to help distinguish the two. We have three parts to explain this.

Part 1: What is the immutable flag?

 » Read more..

How Do You Open a Port to Connect to a GCP server?

Problem scenario
You are used to AWS Security Groups. You created a firewall rule in GCP. You cannot seem to reach the GCP server. What is wrong?

Possible Solution
Does the GCP firewall rule use the same shorthand notation like this?
x.x.x.x/32

Inbound rules in AWS Security Groups use the /32 to allow an IP address to connect to an EC-2 instance or service.

 » Read more..

How Do You Set up SSH on a Windows 2016 Server with Cygwin?

Problem scenario
You have a heterogeneous enterprise network of servers. You want your Linux machines to communicate and transfer files with your Windows machines. You do not want to use Active Directory. What do you do?

Solution
1. Install Cygwin on the Windows server if it has not been set up already. If you need assistance with this, see this posting.

 » Read more..

Why Cannot You Ping a Server when Nmap Commands to The Server Work?

Problem scenario
You cannot ping a server, but my nmap results show that port 22 on the server is open. You can reach the server with nmap, but not with ping. What is wrong?

Possible solution
Is the server in the AWS Security Group that you think it is? Go to the AWS console and verify the security group for the server is what you think is correct.

 » Read more..

How Do You Set Up a Multi-Node Cluster of Zookeeper?

Problem scenario
You want to set up Zookeeper with three nodes in AWS. What do you do?

Solution
1. Install Zookeeper on each of the servers. If you need assistance with this, see this posting.

2. Modify the zoo.cfg file on each of the servers. Add stanzas like these but substitute foobarX.amazonaws.com with the Public DNS name of each server:

server.1=foobar1.amazonaws.com:2888:3888
server.2=foobar2.amazonaws.com:2888:3888
server.3=foobar3.amazonaws.com:2888:3888
initLimit=5
syncLimit=5

3.

 » Read more..

What is SELinux?

Question
What is SELinux?

Answer
Security-Enhanced Linux (or SELinux) is a kernel module that can be installed and turned on in a Linux server. It categorizes files, hardware resources and processes; to learn more see this posting. It has the ability to restrict access to these categories. If a server is designated as an application server, a database server, or a web server,

 » Read more..