The purpose of this document is to help with configuring and troubleshooting using TLS on the connection between Beats and Logstash.
You must configure TLS on both the client and server to make this work. This
// Deduplicate returns a new slice with duplicates values removed. | |
func Deduplicate(s []string) []string { | |
if len(s) == 0 { | |
return s | |
} | |
result := []string{} | |
seen := make(map[string]struct{}) | |
for _, val := range s { | |
if _, ok := seen[val]; !ok { |
# Installs golang on Windows. | |
# | |
# # Run script: | |
# .\install-go.ps1 -version 1.5.3 | |
# | |
# # Download and run script: | |
# $env:GOVERSION = '1.5.3' | |
# iex ((new-object net.webclient).DownloadString('SCRIPT_URL_HERE')) | |
Param( | |
[String]$version, |
#!/bin/bash -e | |
function setup_profile() { | |
profile=$1 | |
cat << 'EOF' >> $profile | |
export GOROOT=/go1.5.1-solaris | |
export GOPATH=$HOME/go | |
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH | |
[ ! -d "$GOPATH" ] && mkdir $GOPATH | |
EOF |
# Print attributes inside of DSA/RSA file: | |
openssl cms -in ORG.RSA -inform DER -noout -cmsout -print | |
# Verify the signature: | |
openssl smime -verify -inform DER -in ORG.RSA -content ORG.SF -noverify | |
# Print signing chain: | |
openssl pkcs7 -text -in ORG.RSA -inform DER -print_certs -noout |
# Install openscap tool. | |
sudo yum install openscap-utils | |
# Generate report based on RedHat's scap-security-guide project (SSG). | |
# Requires EPEL. | |
sudo yum install scap-security-guide | |
oscap xccdf eval --profile stig-rhel6-server-upstream \ | |
--results /tmp/`hostname`-ssg-results.xml \ | |
--report /tmp/`hostname`-ssg-results.html \ | |
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \ |
#%PAM-1.0 | |
# Skip Google Authenticator for the vagrant user: | |
auth [success=1 default=ignore] pam_succeed_if.so user = vagrant | |
auth required pam_google_authenticator.so | |
auth required pam_unix.so | |
auth required pam_sepermit.so | |
auth include password-auth | |
account required pam_nologin.so |
/* | |
* Copyright 2011 Andrew Kroh | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software |
puppet filebucket --bucket /var/lib/puppet/clientbucket -l get b52b12f6059f118d2db377b92e8458eb |
augeas{ '/etc/fstab - nosuid on /sys': | |
context => "/files/etc/fstab", | |
changes => [ | |
"ins opt after /files/etc/fstab/*[file = '/sys']/opt[last()]", | |
"set *[file = '/sys']/opt[last()] nosuid", | |
], | |
onlyif => "match *[file = '/sys']/opt[. = 'nosuid'] size == 0", | |
} | |
augeas{ '/etc/fstab - acl on /sys': |