maurorappa

ifneq ($(KERNELRELEASE),)
   obj-m := proc.o
else

KERNELDIR ?= /lib/modules/$(shell uname -r)/build

PWD := $(shell pwd)
KBUILD_CFLAGS += $(call cc-option,-Wno-error,)

default:

maurorappa

Check all available kernel tracepoints, for example:

  # cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_adjtimex/format
    name: sys_enter_adjtimex
    ID: 345
    format:
    …..
    field:int common_pid;   offset:4;       size:4; signed:1;

    …..

maurorappa

// Enable webhook for a Bitbucket repository, get the json of the events, parse the json and notify (here in Slack)
// This is well suited to run serverless 

package main

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io/ioutil"

maurorappa

Vanilla image
maurorappa$ docker run -it --rm --entrypoint=sh nginx
# nginx -V
nginx version: nginx/1.19.0
built by gcc 8.3.0 (Debian 8.3.0-6)
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-ht

maurorappa

FROM golang:buster as builder
WORKDIR /go/src/mockApi
COPY . /go/src/mockApi
RUN go get github.com/gorilla/mux
RUN CGO_ENABLED=0 GOOS=linux go build -o mock_api *.go

FROM busybox:latest
COPY --from=builder /go/src/mockApi/mock_api /bin/mock_api
RUN chmod +x /bin/mock_api

maurorappa

I was investigating how to realize a modular, comprehensive and secure solution to log all activities run from an ssh bastion.

The idea is to record in text format all input and output from any command run on the server by a set (potentially everybody, but root can circumveen it) of users. Those operators do need to log on the server via SSH and not tunnel through it (this can be blocked via ssh configs) as they  already perform now. 

I developed this solution using uniquely open source software and I tested on Amazon Linux server. This solution works at a very low level (session bytes copy) and therefore should be compatible with every user activity (like ansible, screen or tmux).


Let’s analyze all the components before seeing how we stitch all together.

SSH daemon configuration : we ensure a specific command is run _before_ every user gets logged on the server, This is done transparently via the configuration stored in .ssh/authorized_keys

maurorappa

package main
import (
	"flag"
	"github.com/stianeikeland/go-rpio"
	"log"
	"time"
	"strings"
)

var (

maurorappa

// find the last successfull build
// you may need to enable these script approvals:
//method hudson.model.Job getBuildByNumber int
//method hudson.model.Job getBuilds
//method hudson.model.Job getLastBuild
//method hudson.model.Job getLastSuccessfulBuild

def lastGreen() {
    def buildName = Jenkins.instance.getItemByFullName("my_great_job")
    if (buildName) {

maurorappa

package main

import (
	"context"
	"flag"
	"fmt"
	"github.com/docker/docker/api/types"
	"github.com/docker/docker/api/types/filters"
	"github.com/docker/docker/client"
	//"github.com/guptarohit/asciigraph"

maurorappa

package main

import (
	"context"
	"fmt"
	"time"
	"github.com/prometheus/client_golang/api"
	"github.com/prometheus/client_golang/api/prometheus/v1"
	"github.com/prometheus/common/model"
)