Bharathkumarraju

---
- name: Harden the image
  hosts: all
  become: true
  roles:
    - dev-sec.os-hardening
    - dev-sec.ssh-hardening
  vars:
    ssh_use_pam: true # to allow access with our key on ec2

Bharathkumarraju

{
  "gcp_image_family": "rhel-7",
  "gcp_zone": "asia-southeast1-a",
  "gcp_ssh_user": "gce-user",
  "aws_region": "ap-southeast-1",
  "aws_ami_filter_name": "RHEL-7.7*x86*",
  "aws_base_ami_owner": "309956199498",
  "aws_ami_name": "RHEL-7.7",
  "aws_instance_type": "t2.medium",
  "aws_ssh_user": "ec2-user"

Bharathkumarraju

    amazon-ebs:         },
    amazon-ebs:         "os_useradd_create_home": true,
    amazon-ebs:         "os_useradd_mail_dir": "/var/spool/mail"
    amazon-ebs:     },
    amazon-ebs:     "ansible_included_var_files": [
    amazon-ebs:         "/root/.ansible/roles/dev-sec.os-hardening/vars/RedHat.yml"
    amazon-ebs:     ],
    amazon-ebs:     "ansible_loop_var": "item",
    amazon-ebs:     "changed": false,
    amazon-ebs:     "item": "/root/.ansible/roles/dev-sec.os-hardening/vars/RedHat.yml"

Bharathkumarraju

From local machine

Step1: If you are in feature branch ...checkout to master first and pull lastest master code to local


bharathkumarraju@R77-NB193% git checkout master
Switched to branch 'master'
Your branch is up to date with 'origin/master'.

bharathkumarraju@R77-NB193 % git pull

Bharathkumarraju

#!/usr/bin/env bash

####################################################################################################################################
#  Delete docker specific tagged images
#     1. Retain last 5 images of helloworldapp
#     2. Retain last 3 images of bharathterraform
#     3. Retain last 2 images of flask_app
#
####################################################################################################################################
export TOKEN="YmhhcmF0aGt1bWFycmFqdStyYWp1OjAySDQ5WFaskldfnsdkfdsmfsdgfnklsnglsdkgsakdgefgerreprogke"

Bharathkumarraju

#!/usr/bin/env bash

####################################################################################################################################
#  Delete docker specific tagged images
#     1. Retain last n images
#
####################################################################################################################################
export TOKEN="YmhhcmF0aGt1bWFycmFqdStyYWp1OjAySDQ5Wlsalgsdgjdsjgldshgoergxzvlzkxvljoigfejsglskzxmvklfdsajpgrjgd"
function retain_last_n() {
    app=$1

Bharathkumarraju

HTTP tunnel

• https://en.wikipedia.org/wiki/HTTP_tunnel

On prem k8s cluster set up with bastion vm

1. Run the bastion vm in your data center or in cloud with connectivity set up (usually vpn) to the on prem data center.
2. Install tinyproxy on the bastion vm and pick a random port as it would be too easy for spam bot with default 8888, set up as systemd service according to https://nxnjz.net/2019/10/how-to-setup-a-simple-proxy-server-with-tinyproxy-debian-10-buster/. Make sure it works by validating with curl --proxy http://127.0.0.1:<tinyproxy-port> https://httpbin.org/ip. And I don't use any user authentication for proxy, so I locked down the firewall rules with my laptop IP/32.
3. Download the kubeconfig file for the k8s cluster to your laptop
4. From your laptop, run

HTTPS_PROXY=<bastion-external-ip>:<tinyproxy-port> KUBECONFIG=my-kubeconfig kubectl get nodes

Bharathkumarraju

import pulumi
from pulumi_aws import s3
from pulumi import Output, Input, ResourceOptions, ComponentResource, set, get
import time
import json
from pydantic import BaseModel


async def w2():
    """Awaitable simulating output"""

Bharathkumarraju

--- # apache_balancer_manager_role do.yml
- name: member_host 
  debug: 
    msg: "member_host {{ member_host }}"

- name: "Get the balancer_manager content"
  uri:
    url: "{{ apache.balancer.url }}"
    follow_redirects: yes
    return_content: yes

Bharathkumarraju

import json
import boto3

def lambda_handler(event, context):
    
    ses = boto3.client('ses')

    body = """
	    Hello and welcome to the SES Lambda Python Demo.