Author:
erics, Posted on Friday, February 24th, 2023 at 12:29:58pm
SSH login from older hosts running OS X Yosemite 10.10.5 to macOS Ventura 13.2.1 was not working.
SSH failed with a “No hostkey alg” error.
|
|
vi /etc/ssh/sshd_config HostKeyAlgorithms +ssh-rsa,ssh-dss PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss |
Be sure to stop and start Remote Login under System Settings -> General -> Sharing
Categories: How-To's, Technology Tags: dss, HostKeyAlgorithms, howto, MacOS, PubkeyAcceptedKeyTypes, RSA, ssh, ssh-dss, ssh-rsa, sshd, sshd_config, tips, Ventura, Yosemite | 
No comments
Author:
erics, Posted on Thursday, January 19th, 2023 at 7:38:38pm
David Crosby, Born 1941, Died Jan 18th, 2023 at 81 years old
Categories: Death, Entertainment, Technology Tags: crosby, david, david crosby, death, Rip | No comments
Author:
erics, Posted on Friday, December 30th, 2022 at 11:46:21am
Summary
Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity.
Background
While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account.
Once access is gained, such criminals could launch new, maximum-sized instances all over the world and proceed to harness them for nefarious purposes, often for DDoS attacks and crypto-mining.
These instances can accrue enormous charges in a short time given the cost per instance times the quantity launched.
Attacks like this can cripple an organization financially, especially because Amazon Web Services are NOT flexible about refunding such charges if they happen more than once.
AWS-based Solutions
AWS itself offers a number of paid services to assist with account security, including CloudWatch and Trusted Advisor.
While they are no doubt excellent offerings, I was reluctant to pay more than I had to, and the CloudWatch tool seemed like overkill in terms of complexity.
Chosen Solution
While CloudWatch did not work for me, the underlying CloudTrail service in fact was the answer, when used with the aws command-line tool to query the associated event data periodically via cron for non-Read-Only events.
This solution required me to roll my own tool (in Perl) to interpret the data and alert via email under the desired circumstances.
Solution Steps
- Make sure you have the latest AWS CLI tool installed, Instructions are here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- Create a new Trail in the AWS CloudTrail console.
- Use the aws CLI tool to query non-Read-Only events as JSON
- Look through the provided events to see if any are dangerous.
- Create a wrapper script and call via cron to check cloudtrail once per minute
- Anyone that wants the complete script, please contact me at bloghelp@thewyz.net for more information.
Example CLI Call
|
|
export REGION='us-east-1' export START='2022-12-30T00:00:00Z' /usr/local/bin/aws cloudtrail lookup-events --region $REGION --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --output json --start-time $START |
Example Crontab Entry
|
|
* * * * * /Users/wyzaerd/bin/trailwatch -c 2>&1 >> /Users/wyzaerd/logs/trailwatch.log |
Example Parsing Logic (Perl)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
################################################## my @data = ( $region, $sourceIPAddress, $eventName, $accessKeyId, $userName, $eventTime ); ################################################## ## source IP rules ################################################## if ($sourceIPAddress eq $homeIPAddress) { ## HOME IP $msg = &::makeMsg('HOME',\@data); } elsif ( $sourceIPAddress eq 'ec2.amazonaws.com' or $sourceIPAddress eq 'guardduty.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('GOOD',\@data); } elsif ( $sourceIPAddress eq 'ssm.amazonaws.com' or $sourceIPAddress eq 'workmail.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('WARNING',\@data); ## I choose to not actually warn for these, ## so the next line is commented out: ##$warnings{$TrailEventID} = $msg; ################################################## ## source IP did NOT match any rules - check user ################################################## } else { if ($userName eq 'myBackupUser') { ## BACKUP USER "myBackupUser" $msg = &::makeMsg('BACKUP',\@data); $warnings{$TrailEventID} = $msg; ################################################## } else { my $userName = ( defined($CloudTrailEvent->{userIdentity}->{userName}) and $CloudTrailEvent->{userIdentity}->{userName} ) ? $CloudTrailEvent->{userIdentity}->{userName} : ''; $msg = &::makeMsg('BAD',\@data); $errors{$TrailEventID} = $msg; } } ## end if |
List of AWS Regions
ap-south-1
eu-north-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
ca-central-1
sa-east-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2
Categories: Technology Tags: Attack, AWS, Bad Actor, Cloud, CloudTrail, CloudWatch, Compromise, Crypto, DDOS, Detection, dos, howto, IDS, Intrusion, Intrusion Detection, Mining, tips, Vector | No comments
Author:
erics, Posted on Wednesday, December 7th, 2022 at 2:52:03pm
Tungsten Clustering depends on a number of prerequisites and best practices to function optimally. In this blog post, we explore a critical, yet easily-overlooked step when installing a Tungsten Cluster node - setting up start at boot, ideally under `systemd` control.
Categories: Syndicated Post Tags: | Comments Off on Tungsten Clustering: Plugging the Holes – Risk Mitigation Through Best Practices
Author:
erics, Posted on Thursday, November 24th, 2022 at 10:32:14am
PROBLEM: Unable to sign out of iCloud on OSX Yosemite or disable Keychain
SOLUTION: Delete the following, then reboot:
|
|
~/Library/Application Support/iCloud/ ~/Library/Preferences/Mobile*.plist |
Categories: Technology Tags: 10.10.5, Delete, Error, howto, iCloud, Library, macosx, OSX, plist, Preferences, Remove, tips, Yosemite | No comments
Author:
erics, Posted on Tuesday, November 8th, 2022 at 3:18:55pm
We are pleased to announce that Tungsten Dashboard v1.0.11 is now available. Tungsten Dashboard is a web-based UI for monitoring and managing Tungsten Clustering deployments of MySQL databases, freely included for Tungsten Clustering customers. We provide Tungsten Dashboard in addition to our command-line user interfaces for easy visual monitoring and management of Tungsten Clusters. Users are able to view, monitor and maintain all of their database clusters in one place.
Categories: Syndicated Post Tags: | Comments Off on Now Available: Tungsten Dashboard v1.0.11 Release
Author:
erics, Posted on Friday, October 14th, 2022 at 10:39:47am
30 March 1950 – 14 October 2022
Anthony Robert McMillan OBE (30 March 1950 – 14 October 2022), known professionally as Robbie Coltrane, was a Scottish actor and comedian. He gained worldwide recognition as Rubeus Hagrid in the Harry Potter film series (2001–2011), and as Valentin Dmitrovich Zukovsky in the James Bond films GoldenEye (1995) and The World Is Not Enough (1999). He was appointed an OBE in the 2006 New Year Honours by Queen Elizabeth II for his services to drama. In 1990, Coltrane received the Evening Standard British Film Award – Peter Sellers Award for Comedy. In 2011, he was honoured for his “outstanding contribution” to film at the British Academy Scotland Awards.
Categories: Death, Entertainment Tags: Coltrane, Hagrid, Harry Potter, Robby Coltrane | No comments
Author:
erics, Posted on Tuesday, October 11th, 2022 at 2:54:28pm
Tungsten Clustering contains many tools to monitor your cluster, and today we will look at a new one - the tungsten_get_status
Categories: Syndicated Post Tags: | Comments Off on New Command for Tungsten: tungsten_get_status
Author:
erics, Posted on Tuesday, October 11th, 2022 at 10:30:47am
Born – 16 October 1925 Regent’s Park, London, England
Died – 11 October 2022 (aged 96) Los Angeles, California, US
Categories: Death, Entertainment Tags: Angela Lansbury, Lansbury | No comments
Author:
erics, Posted on Monday, September 19th, 2022 at 9:14:20am
To disable automatic updates in WordPress, simply edit the wp-config.php file in your WordPress root directory and add the following line:
|
|
define( 'WP_AUTO_UPDATE_CORE', false ); |
Categories: Technology Tags: Auto, Automatic, Disable, howto, Stop, tips, update, Updates, WordPress | No comments
