A blog site on our Real life experiences with various phases of DevOps starting from VCS, Build & Release, CI/CD, Cloud, Monitoring, Containerization.
MongoDB is the most popular NoSQL and an open-source document-oriented database. The term NoSQL means ‘non-relational’.This simply means mongo does not base on a table-like relational database structure. It is moreover a schemaless database. In Mongo information is stored in JSON-style documents.
It claims to be the world’s most widely used open-source host-based intrusion detection system. In short, we can call it HIDS. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. This is made up of two parts: Ossec server and Ossec agent. The Ossec server is used to monitor other servers that we call Ossec agents. At any time, an agent can be added to the Ossec server for its monitoring and can be removed. For that, server and agent connections need to be established, which we will be discussing. It also provides a Web interface for showing all alerts, logs, and agent information.
1) Attacker launched a brute force attack against your machine. Now you need to track him. For that, you need his IP address. First, on your Ossec server, do:
cat/var/ossec/logs/alerts/alerts.log
Where you find Source IP against the alert of SSH insecure connection attempt rule. Secondly, we can get it from a UI-based alert.
Continue reading “HOST-BASED INTRUSION DETECTION USING OSSEC”What is Patching?
A patch is a set of updates to a server or its supporting data designed to update, fix and improve, including fixing security vulnerabilities and other bugs. They may be applied to program files on a storage device or in computer memory. Patches may be permanent or temporary.
In a brief overview, you need to perform the following tasks for patch management:
1. Create a patch catalog.
2. Analyze the target to determine the patches that need to deploy.
3. Deploy the required patches to targets requiring remediation.
4. Analyze the targets again to ensure each server has the correct patch.
When we talk about service mesh, consul is one of the open-source tools which is widely used as a service discovery for multiple ephemeral or non-ephemeral resources. There are multiple consuls [service mesh] alternatives which are used as a service discovery but we won’t be discussing service discovery & alternative comparisons here.
If we talk about consul, it is not only used as a service mesh but also provides multiple options and features other than a service mesh. Yes, you heard it right, this lad can do lots of things that we didn’t know or haven’t explored yet.
Let’s talk about some of the options or features provided by the consul and further, we will discuss some of the aspects and impact of things provided by the consul.
Continue reading “Learn How to Control Consul Resources Using ACL”During this lockdown period, people are usually working from home which means they all are contributing to work by staying at home. So, if someone wants to work on something online, such as on a particular private or public server of a company, depending on the scenario, will need a network route to that server.
Meaning, they first need access to that particular server either via a public network or using VPN. These things have their own set of complexities. Therefore, we will discuss a few aspects of network access & their drawbacks:
Continue reading “OpenVPN – A Custom Iptables journey”