Falco by sysdig

Earlier this week the guys over at sysdig announced the availability of Falco, a behavioral security service which is built on top of their core Open Source sysdig engine. As is always the case when I try new things, I launched a Digital Ocean Droplet running CentOS 7.2. Once the Droplet was available I ran the command to get the basics configured on the droplet; curl -fsS https://raw.githubusercontent.com/russmckendrick/DOBootstrap/master/do-bootstrap.sh | bash Once the Droplet was configured I installed Falco using the repo provided by sysdig by running the following commands;...

May 22, 2016 · 3 min · Russ Mckendrick

Adding a SSH Key to Azure

In my previous post I wrote about launching a CentOS 7 Virtual Machine in Azure using Terraform. As you can see from my original configuration I was adding a password and my own user. This worked well, the machine launched and I could access it as expect and sudo to root. However, when it came to using Terraforms built-in provisioner I started to have problems as the commands I was running need root privileges, when I tried using sudo it would sit there waiting for the password to entered....

July 22, 2015 · 2 min · Russ Mckendrick

Digital Ocean Bootstrap

As I have mentioned a few times on this blog I tend to use DigtialOcean to spin up servers for testing and to host some of my projects. I also still use CentOS 7 as my preferred OS. Each time I boot a droplet I run few a couple of tasks to get the server how I prefer it. Run a yum update Enable swap Install & configure Fail2Ban Enable firewalld Install vim-enhanced, deltarpm & enable EPEL As I am lazy and sometimes re-launch instances several times when working on a project I decided to write a quick script to do the above so I don’t have to....

June 28, 2015 · 1 min · Russ Mckendrick

Fail2Ban on CentOS 7

One of the first things I do on a new server is install fail2ban. I have written about it before, but that was back when I was still using CentOS 6. Now I am using CentOS 7 the installation has a few more steps. Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban. yum install -y epel-release && yum install -y fail2ban Once installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);...

March 29, 2015 · 2 min · Russ Mckendrick

Hackers

Since I have been playing with Docker for the past few weeks I have had more servers on-line. I don’t have a static IP address at home so while I have a jump host setup I found I was still being port scanned and brute forced. I only caught a sniff of it in the logs while looking at another problem, even though password authentication is disabled and I only use keys I decided install Fail2Ban to start blocking people, just in-case....

May 10, 2014 · 1 min · Russ Mckendrick