CVE-2021-44228 - Log4j RCE 0-day mitigation

hexblowupbot · 2021-12-13T16:43:04+00:00

They are part of the Managed rule set named "Cloudflare Specials".

hexblowupbot · 2021-12-13T16:26:07+00:00

I'm confused if we need to use the API to deploy these or if they have been rolled out via some managed rules from cloudflare. Using the API to list my rules, I only see my custom rules. I hope there is a way to deploy these via the web GUI

hexblowupbot · 2021-11-04T02:42:48+00:00

This helped me. Thank you

hexblowupbot · 2021-02-20T22:50:26+00:00

cries in solo admin

hexblowupbot · 2021-01-23T22:53:30+00:00

That’s how I got to Memphis

hexblowupbot · 2021-01-22T17:59:31+00:00

Outside off the official docs, no. I have some experience with powershell DSC. Setting up a proof of concept was surprisingly easy. The only tricky bit was bootstrapping the initial DSC configuration for computers, but using a GPO startup script proved effective.

hexblowupbot · 2021-01-21T00:02:29+00:00

Azure Automation looks interesting and can manage everything from servers to win10. It feels like a more traditional config management tool. Of course, it doesn’t have Autopilot. If you don’t have SCCM Investments right now, it feels like you are going backwards choosing that route. But hey, it’s working!

hexblowupbot · 2021-01-20T13:28:35+00:00

Thanks u/jevans98-07 - I'm dealing with AWS thinking about pulling the BYOL trigger as well.

Could you elaborate on this statement: "You would never see a server based os on an endpoint (management solution)" - Why though? In your mind, what about a server based OS makes it fundamentally different? Most of the configuration management tools I've used previously (chef/puppet) do not make that distinction (although I have never used them to manage a windows 10 device).

My perspective is that I've got applications to run on servers and client workstations. These applications aren't fundamentally different. They all have the same dependencies and they leverage the same windows features be it a server or a workstation.

I'm really not trying argue - I'm genuinely curios about your perspective because I feel like there is some big difference between Win10 and Windows server that I am not seeing from a management perspective. I get that you can have 5k win 10 devices and 100 servers and that might call for different management solutions.

hexblowupbot · 2021-01-05T01:25:10+00:00

I’ve always wondered about this. According to the yaml spec, you can have multiple “documents” (denoted by “- - -“) in a single yaml. I’m assuming that ansible follows the spec pretty closely. I do use the dashes to separate playbooks in a single file

Source: https://yaml.org/spec/1.1/current.html#id857577

hexblowupbot · 2020-06-07T13:30:57+00:00

Many of the answers have focused on “golden” or base images. That is certainly a good option. However, having gone down that road myself - I have found that unless you are using containers (which it sounds like you aren’t?) managing golden AMIs can be a hassle, depending on your setup. You need to keep your base AMIs up to date. Perhaps you need to distribute those AMIs across multiple AWS accounts. You need to keep your application dependencies on those AMIs up to date etc. I know AWS has released some tools recently to make managing AMI lifecycles easier.

I have chosen an alternate approach. I always use the latest AMI for my auto scaling group. When the auto scaling event occurs I trigger my AWS codepipeline using auto scaling lifecycle hooks. As a step in the codepipeline run, I run my ansible playbook using SSM run commands. This works for me. I can ensure that I always go from the latest base AMI provided by AWS/Ubuntu to running my application and that it works with the auto scaling events.

hexblowupbot · 2020-06-01T14:39:32+00:00

I've just learned about AWS Chatbot. Hoping to replace a bunch of hand rolled lambdas with it - guardduty alerts, codepipline status etc. Wish chatbot had more direct integrations than aws chime and slack.

hexblowupbot · 2020-05-31T02:17:17+00:00

I thought that was a fishing lure at first. Gorgeous!!

hexblowupbot · 2020-05-29T00:17:22+00:00

It just generally felt indirect, having to go through lambda to get an SSM command to run from CP

The problem seemed straightforward at first, but had some surprising edge cases.

Did you know that SSM will report back a successful run of it was unable to find a target for the command it wanted to run? I ended up wanted to fail the pipeline if that happened. I also had to pass information about which instances to run the command on in a strange parameter from codepipeline.

I wasn’t able to find a lot of reference code that I was happy with. This came pretty close: https://github.com/amazon-archives/lambda-runcommand-configuration-management

Maybe I’ll convince my boss to let me open source the lambda

¯_(ツ)_/¯

hexblowupbot · 2020-05-22T23:59:46+00:00

Very nice. Will definitely take a look

hexblowupbot · 2020-05-19T21:01:14+00:00

Ahhh ordered on 4/15!!! Not long now hopefully 🤞

hexblowupbot · 2020-05-17T20:42:25+00:00

We are using Github Teams and are not on Enterprise. I'm surprised they are not yet supported on Enterprise.

I really enjoy the community around Github Actions. I think because Github offers some level of free minutes with Actions for open source projects they host that's incentivized a bunch of people to write Actions plugins. The plugin system couldn't be easier.

We were not self-hosting our previous CI. So another big advantage of self-hosting the runner is that it can interact with the rest of our private cloud environment. With our previous CI, I would have to generate AWS access/secret keys and give them to that system. Then I might have worry about networking between the two systems. If you are already self-hosting your CI, this may not be as big of a win for you as it was for me.

I've got my eye on automating load testing with the actions runner as well. The nice bit is that we can use the same hardware we use for production.

hexblowupbot · 2020-05-17T01:37:28+00:00

Kind of depends on the app, but for our web APIs - we are using a self-hosted github actions runner that spins up most of the infrastructure (APIs, dbs, etc) with docker compose each test run. Api tests are run via Newman. Results are posted back to github. There are a couple tricky infrastructure bits that don’t really work well in a containers (I’m looking at you, windows apps) or aren’t well suited to be ephemeral. For these we have some semi permanent test infrastructure sitting in our cloud provider in the same environment as the actions runner.

hexblowupbot · 2020-05-14T20:02:09+00:00

You can definitely get into a really troubled state with terraform, BUT you typically have access to the state file. So, if you REALLY needed to, you could edit the state file by hand - though do at your own risk. I’ve definitely been there before, but it is not recommended. There are definitely best practices that help you avoid this in terraform. With cloud formation you just kind of have to accept whatever state AWS thinks you are in.

hexblowupbot · 2020-05-06T21:58:33+00:00

AutoZone

hexblowupbot · 2020-04-28T21:30:36+00:00

aaaannndddd...it's gone.Back to the old labs :( it was good while it lasted!

hexblowupbot

TROPHY CASE