|
erics, Posted on Thursday, January 19th, 2023 at 7:38:38pm
David Crosby, Born 1941, Died Jan 18th, 2023 at 81 years old
Categories: Death, Entertainment, Technology crosby, david, david crosby, death, Rip | 
No comments
erics, Posted on Friday, December 30th, 2022 at 11:46:21am
Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity.
While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account.
Once access is gained, such criminals could launch new, maximum-sized instances all over the world and proceed to harness them for nefarious purposes, often for DDoS attacks and crypto-mining.
These instances can accrue enormous charges in a short time given the cost per instance times the quantity launched.
Attacks like this can cripple an organization financially, especially because Amazon Web Services are NOT flexible about refunding such charges if they happen more than once.
AWS itself offers a number of paid services to assist with account security, including CloudWatch and Trusted Advisor.
While they are no doubt excellent offerings, I was reluctant to pay more than I had to, and the CloudWatch tool seemed like overkill in terms of complexity.
While CloudWatch did not work for me, the underlying CloudTrail service in fact was the answer, when used with the aws command-line tool to query the associated event data periodically via cron for non-Read-Only events.
This solution required me to roll my own tool (in Perl) to interpret the data and alert via email under the desired circumstances.
|
1 2 3 |
export REGION='us-east-1' export START='2022-12-30T00:00:00Z' /usr/local/bin/aws cloudtrail lookup-events --region $REGION --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --output json --start-time $START |
|
1 |
* * * * * /Users/wyzaerd/bin/trailwatch -c 2>&1 >> /Users/wyzaerd/logs/trailwatch.log |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
################################################## my @data = ( $region, $sourceIPAddress, $eventName, $accessKeyId, $userName, $eventTime ); ################################################## ## source IP rules ################################################## if ($sourceIPAddress eq $homeIPAddress) { ## HOME IP $msg = &::makeMsg('HOME',\@data); } elsif ( $sourceIPAddress eq 'ec2.amazonaws.com' or $sourceIPAddress eq 'guardduty.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('GOOD',\@data); } elsif ( $sourceIPAddress eq 'ssm.amazonaws.com' or $sourceIPAddress eq 'workmail.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('WARNING',\@data); ## I choose to not actually warn for these, ## so the next line is commented out: ##$warnings{$TrailEventID} = $msg; ################################################## ## source IP did NOT match any rules - check user ################################################## } else { if ($userName eq 'myBackupUser') { ## BACKUP USER "myBackupUser" $msg = &::makeMsg('BACKUP',\@data); $warnings{$TrailEventID} = $msg; ################################################## } else { my $userName = ( defined($CloudTrailEvent->{userIdentity}->{userName}) and $CloudTrailEvent->{userIdentity}->{userName} ) ? $CloudTrailEvent->{userIdentity}->{userName} : ''; $msg = &::makeMsg('BAD',\@data); $errors{$TrailEventID} = $msg; } } ## end if |
ap-south-1
eu-north-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
ca-central-1
sa-east-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2
Categories: Technology Attack, AWS, Bad Actor, Cloud, CloudTrail, CloudWatch, Compromise, Crypto, DDOS, Detection, dos, howto, IDS, Intrusion, Intrusion Detection, Mining, tips, Vector | No comments
erics, Posted on Wednesday, December 7th, 2022 at 2:52:03pm
Categories: Syndicated Post | Comments Off on Tungsten Clustering: Plugging the Holes – Risk Mitigation Through Best Practices
erics, Posted on Thursday, November 24th, 2022 at 10:32:14am
PROBLEM: Unable to sign out of iCloud on OSX Yosemite or disable Keychain
SOLUTION: Delete the following, then reboot:
|
1 2 |
~/Library/Application Support/iCloud/ ~/Library/Preferences/Mobile*.plist |
Categories: Technology 10.10.5, Delete, Error, howto, iCloud, Library, macosx, OSX, plist, Preferences, Remove, tips, Yosemite | No comments
erics, Posted on Tuesday, November 8th, 2022 at 3:18:55pm
Categories: Syndicated Post | Comments Off on Now Available: Tungsten Dashboard v1.0.11 Release
erics, Posted on Friday, October 14th, 2022 at 10:39:47am
30 March 1950 – 14 October 2022
Anthony Robert McMillan OBE (30 March 1950 – 14 October 2022), known professionally as Robbie Coltrane, was a Scottish actor and comedian. He gained worldwide recognition as Rubeus Hagrid in the Harry Potter film series (2001–2011), and as Valentin Dmitrovich Zukovsky in the James Bond films GoldenEye (1995) and The World Is Not Enough (1999). He was appointed an OBE in the 2006 New Year Honours by Queen Elizabeth II for his services to drama. In 1990, Coltrane received the Evening Standard British Film Award – Peter Sellers Award for Comedy. In 2011, he was honoured for his “outstanding contribution” to film at the British Academy Scotland Awards.
Categories: Death, Entertainment Coltrane, Hagrid, Harry Potter, Robby Coltrane | No comments
erics, Posted on Tuesday, October 11th, 2022 at 2:54:28pm
Tungsten Clustering contains many tools to monitor your cluster, and today we will look at a new one - the tungsten_get_status
Categories: Syndicated Post | Comments Off on New Command for Tungsten: tungsten_get_status
erics, Posted on Tuesday, October 11th, 2022 at 10:30:47am
Born – 16 October 1925 Regent’s Park, London, England
Died – 11 October 2022 (aged 96) Los Angeles, California, US
Categories: Death, Entertainment Angela Lansbury, Lansbury | No comments
erics, Posted on Monday, September 19th, 2022 at 9:14:20am
To disable automatic updates in WordPress, simply edit the wp-config.php file in your WordPress root directory and add the following line:
|
1 |
define( 'WP_AUTO_UPDATE_CORE', false ); |
Categories: Technology Auto, Automatic, Disable, howto, Stop, tips, update, Updates, WordPress | No comments
erics, Posted on Thursday, September 15th, 2022 at 10:48:46am
Tungsten Replicator is a powerful tool with many great features, and today we will look at a new one - the ability to Pause and Resume a replication service. Until now, the only way to stop a replication stream was to take the service offline, and put it back online when it is needed again. The online process involves a number of internal steps and overhead, and if there are many THL files on disk, it could take some time to index them all before the service can come fully online. To remove the overhead of the startup time, the new pause/resume feature was developed for the Replicator, and is accessed via the trepctl command.
Categories: Syndicated Post | Comments Off on Tungsten Replicator: New Pause and Resume Feature in v7.0.2
