Previously I’ve looked at Azure DevOps as a fantastic platform for deploying CI/CD pipelines, and it is, however it’s obvious inclination for Azure makes it something of an issue when trying to work on other public cloud providers, and Azure obviously isn’t the only game in town. There’s also the issue of complexity. Whilst Azure DevOps is incredibly flexible and powerful, this leads to complexity and we don’t always need . . .
In a complex Linux environment where multiple administrators have a requirement to manage countless machines (or even a small amount of machines), there is inevitably a requirement to manage SSH Private Keys, as well as the large administrative overhead that comes with cycling them when they expire, or new admins join or move teams. Vault offers us a method to remove the churn of key cycling. A fantastic feature of . . .
In previous posts I’ve looked at the setup of AlienVault OSSIM and managing logs from both Windows and Linux Operating Systems. However as any admin knows dealing with servers is only half the battle when it comes to logs, network devices are arguably the most important part. In this post we’ll be looking at log management for Juniper JUNOS, Cisco IOS and VMware EXSi devices in particular, all of which . . .
In a previous post we’ve looked at how to build Azure infrastructure with Terraform and handle sensitive secrets by storing them within Vault and looking them up at run time. This however still poses a problem if we’re using the default local backend for Terraform; particularly that these secrets will be stored in plain text in the resulting state files and in a local backend they will be absorbed in . . .
In a previous post we looked at building AlienVault OSSIM, but the setup of a SIEM is pretty Spartan without any data sources feeding it. The Operating System integration for AlienVault is surprisingly Windows-centric for a Linux platform, so lets look at the somewhat involved process for gathering logs from Linux servers using AlienVault. Some Quick Setup For this configuration, we’ll be monitoring the existing Vault server mc-vault capturing the . . .
In a previous post we looked at building AlienVault OSSIM, but the setup of a SIEM is pretty Spartan without any data sources feeding it. The Operating System integration for AlienVault is surprisingly Windows-centric for a Linux platform, but let’s take a look at it. Windows Log Management For this configuration, we’ll be using the existing mc-ossim OSSIM server set up previously and capturing logs from a Domain Controller named . . .
I noticed around 2015 that SIEM became the new buzzword that IT consultancies started throwing around to sell things that sensible admins had already been doing for decades, namely a centralised platform for the storing and management of logs. The king of these solutions is unarguably ELK (now known as ElasticStack), however ELK is a dark art and scares a lot of people away, when we’re talking about a SIEM . . .
Previously I’ve looked in detail at the uses of two of Hashicorp’s offering’s; Terraform and Vault. Predictably, the union of these two platforms allows for some ideal ways to further streamline the process of cloud provisioning, in this case by securely handling the myriad secrets needed for cloud shaping and configuration. In this post I’ll be looking at a fairly simple configuration to get started. The sample code for this . . .
Even in the age of Linux dominance on public clouds, there’s no denying that Windows still rules the roost in on-premise deployments and Active Directory still lies at the heart of authentication schemes. AD is everywhere to the point where it’s a surprise for some admins to learn that LDAP and Kerberos aren’t native to Microsoft. Knowing that, it is often essential for a good product to provide LDAP authentication . . .
In my recent posts I’ve covered the hardened setup of Vault and covered the basics of using the REST API. As we’ve seen so far, Vault is primarily designed for programmatic interactions from external systems via the API, so lets take a look a favourite of mine; Ansible Tower, which is a prime candidate as a third party system which often has a requirement to call secrets from external systems. . . .