| default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam' | |
| default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes' | |
| default['sshd']['sshd_config']['PasswordAuthentication'] = 'no' |
| ################################################### | |
| ## | |
| ## Alertmanager YAML configuration for routing. | |
| ## | |
| ## Will route alerts with a code_owner label to the slack-code-owners receiver | |
| ## configured above, but will continue processing them to send to both a | |
| ## central Slack channel (slack-monitoring) and PagerDuty receivers | |
| ## (pd-warning and pd-critical) | |
| ## |
Hi I'm Ilan, I work at Datadog, a monitoring and analytics platform for large-scale applications and infrastructure. I've been at Monitorama this week and figured I'd make it easy to find the talks from the conference.
Datadog is hiring! Come join me
Optimizing for Learning - Logan McDonald (BuzzFeed)
| #!/bin/python | |
| import argparse | |
| import tempfile | |
| import shutil | |
| import subprocess | |
| import sys | |
| import traceback | |
| import requests | |
| import logging | |
| import re |
~/.aws/configAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN (for boto2) / AWS_SESSION_TOKEN (for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modules
DevOps started out as "Agile Systems Administration". In 2008, at the Agile Conference in Toronto, Andrew Shafer posted an offer to moderate an ad hoc "Birds of a Feather" meeting to discuss the topic of "Agile Infrastructure". Only one person showed up to discuss the topic: Patrick Debois. Their discussions and sharing of ideas with others advanced the concept of "agile systems administration". Debois and Shafer formed an Agile Systems Administrator group on Google, with limited success. Patrick Debois did a presentation called "Infrastructure and Operations" addressing
Collecting some information about the extend and affected products and keys of the Infineon RSA vulnerability (ROCA).
Estonian eID cards
| #!/bin/bash | |
| set -euo pipefail | |
| openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req -keyout privkey.pem | |
| openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
| openssl req -x509 -in server.req -text -key server.key -out server.crt | |
| chmod 600 server.key | |
| test $(uname -s) = Linux && chown 70 server.key | |
| docker run -d --name postgres -e POSTGRES_HOST_AUTH_METHOD=trust -v "$(pwd)/server.crt:/var/lib/postgresql/server.crt:ro" -v "$(pwd)/server.key:/var/lib/postgresql/server.key:ro" postgres:12-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
| FROM nginx:alpine | |
| ENV CONSUL_TEMPLATE_VERSION=0.18.5 | |
| RUN apk add --update curl unzip ca-certificates \ | |
| && curl -Ls https://releases.hashicorp.com/consul-template/${CONSUL_TEMPLATE_VERSION}/consul-template_${CONSUL_TEMPLATE_VERSION}_linux_amd64.zip -o consul-template.zip \ | |
| && unzip consul-template.zip -d /bin \ | |
| && rm -f consul-template* \ | |
| && apk del curl unzip \ | |
| && rm -rf /var/cache/apk/* |
| # By default, Docker containers run as the root user. This is bad because: | |
| # 1) You're more likely to modify up settings that you shouldn't be | |
| # 2) If an attacker gets access to your container - well, that's bad if they're root. | |
| # Here's how you can run change a Docker container to run as a non-root user | |
| ## CREATE APP USER ## | |
| # Create the home directory for the new app user. | |
| RUN mkdir -p /home/app |