R.I.P. David Crosby
David Crosby, Born 1941, Died Jan 18th, 2023 at 81 years old
David Crosby, Born 1941, Died Jan 18th, 2023 at 81 years old
Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity.
While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account.
Once access is gained, such criminals could launch new, maximum-sized instances all over the world and proceed to harness them for nefarious purposes, often for DDoS attacks and crypto-mining.
These instances can accrue enormous charges in a short time given the cost per instance times the quantity launched.
Attacks like this can cripple an organization financially, especially because Amazon Web Services are NOT flexible about refunding such charges if they happen more than once.
AWS itself offers a number of paid services to assist with account security, including CloudWatch and Trusted Advisor.
While they are no doubt excellent offerings, I was reluctant to pay more than I had to, and the CloudWatch tool seemed like overkill in terms of complexity.
While CloudWatch did not work for me, the underlying CloudTrail service in fact was the answer, when used with the aws command-line tool to query the associated event data periodically via cron for non-Read-Only events.
This solution required me to roll my own tool (in Perl) to interpret the data and alert via email under the desired circumstances.
1 2 3 |
export REGION='us-east-1' export START='2022-12-30T00:00:00Z' /usr/local/bin/aws cloudtrail lookup-events --region $REGION --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --output json --start-time $START |
1 |
* * * * * /Users/wyzaerd/bin/trailwatch -c 2>&1 >> /Users/wyzaerd/logs/trailwatch.log |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
################################################## my @data = ( $region, $sourceIPAddress, $eventName, $accessKeyId, $userName, $eventTime ); ################################################## ## source IP rules ################################################## if ($sourceIPAddress eq $homeIPAddress) { ## HOME IP $msg = &::makeMsg('HOME',\@data); } elsif ( $sourceIPAddress eq 'ec2.amazonaws.com' or $sourceIPAddress eq 'guardduty.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('GOOD',\@data); } elsif ( $sourceIPAddress eq 'ssm.amazonaws.com' or $sourceIPAddress eq 'workmail.amazonaws.com' ) { ## AWS MGMT CALL $msg = &::makeMsg('WARNING',\@data); ## I choose to not actually warn for these, ## so the next line is commented out: ##$warnings{$TrailEventID} = $msg; ################################################## ## source IP did NOT match any rules - check user ################################################## } else { if ($userName eq 'myBackupUser') { ## BACKUP USER "myBackupUser" $msg = &::makeMsg('BACKUP',\@data); $warnings{$TrailEventID} = $msg; ################################################## } else { my $userName = ( defined($CloudTrailEvent->{userIdentity}->{userName}) and $CloudTrailEvent->{userIdentity}->{userName} ) ? $CloudTrailEvent->{userIdentity}->{userName} : ''; $msg = &::makeMsg('BAD',\@data); $errors{$TrailEventID} = $msg; } } ## end if |
ap-south-1
eu-north-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
ca-central-1
sa-east-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2
PROBLEM: Unable to sign out of iCloud on OSX Yosemite or disable Keychain
SOLUTION: Delete the following, then reboot:
1 2 |
~/Library/Application Support/iCloud/ ~/Library/Preferences/Mobile*.plist |
30 March 1950 – 14 October 2022
Anthony Robert McMillan OBE (30 March 1950 – 14 October 2022), known professionally as Robbie Coltrane, was a Scottish actor and comedian. He gained worldwide recognition as Rubeus Hagrid in the Harry Potter film series (2001–2011), and as Valentin Dmitrovich Zukovsky in the James Bond films GoldenEye (1995) and The World Is Not Enough (1999). He was appointed an OBE in the 2006 New Year Honours by Queen Elizabeth II for his services to drama. In 1990, Coltrane received the Evening Standard British Film Award – Peter Sellers Award for Comedy. In 2011, he was honoured for his “outstanding contribution” to film at the British Academy Scotland Awards.
Tungsten Clustering contains many tools to monitor your cluster, and today we will look at a new one - the
command, included with Tungsten versions 6.1.19+ and 7.0.2+. This tool was created in response to a customer request for a simple script that could display the status of all nodes cluster-wide for any topology from a single place. The status includes the datasource and replicator layers along with the policy for each cluster.tungsten_get_status
Born – 16 October 1925 Regent’s Park, London, England
Died – 11 October 2022 (aged 96) Los Angeles, California, US
To disable automatic updates in WordPress, simply edit the wp-config.php
file in your WordPress root directory and add the following line:
1 |
define( 'WP_AUTO_UPDATE_CORE', false ); |
Tungsten Replicator is a powerful tool with many great features, and today we will look at a new one - the ability to Pause and Resume a replication service. Until now, the only way to stop a replication stream was to take the service offline, and put it back online when it is needed again. The online process involves a number of internal steps and overhead, and if there are many THL files on disk, it could take some time to index them all before the service can come fully online. To remove the overhead of the startup time, the new pause/resume feature was developed for the Replicator, and is accessed via the trepctl
command.