Naveen Chauhan naavveenn
naavveenn
/ User Creation along with ssh-keys
Created
October 25, 2018 07:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ##Creating multipple users## | |
| - hosts: test | |
| become: yes | |
| gather_facts: no | |
| vars_prompt: | |
| - name: pass | |
| prompt: "Please enter the password" | |
| tasks: | |
| - name: Creating users |
naavveenn
/ Cloudwatch Agent Install
Last active
April 26, 2021 01:15
Cloudwatch agent installation: Make sure to attach a cloudwatch role to your ec2 instance. amazon-cloudwatch-agent.json file should be created before hand (on your local machine or from where you are executing your ansible playbook), other wise cw_agent will not start. Below is the example of amazon-cloudwatch-agent.json.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ###Cloudwatch role should be attached to the ec2 instance### | |
| - hosts: dd ###servers on which you need to run the cw_agent | |
| become: yes | |
| remote_user: root | |
| gather_facts: true | |
| tasks: | |
| - name: Check if Cloudwatch Agent is Installed Already | |
| shell: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status | |
| register: init_status_result |
naavveenn
/ AMI Deletion
Created
July 11, 2018 08:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from datetime import datetime, timedelta | |
| import datetime | |
| import dateutil | |
| def lambda_handler(event, context): | |
| retention_date=datetime.datetime.now() - datetime.timedelta(days=7) | |
| client = boto3.client('ec2') | |
| response = client.describe_images( Filters = [ { 'Name':'tag:delete','Values':["yes"] } ], Owners=['123123123123'] ) | |
| images = response['Images'] | |
| for i in images: |
naavveenn
/ MySQL Query
Created
June 27, 2018 14:58
This playbook checks the city_name in the table and if the city_name doesn't exist then it will insert the city_name into the table.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| tasks: | |
| - name: check city in DB | |
| mysql_query: | |
| login_host: localhost | |
| login_user: naveen | |
| login_password: abc | |
| db: test_db |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /root/creds.yml #contains access_keys and secret keys for my msp account | |
| tasks: | |
| - name: Get STS credentials | |
| sts_assume_role: | |
| role_arn: "arn:aws:iam::xxxxxxxxxxx:role/MSPCrossAccount" #Cross-account role_arn | |
| profile: test #profile name that's mentioned in .aws/config file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /home/ansible/tbb_awscreds.yml | |
| tasks: | |
| - name: Create a Basic CPU Alarm | |
| ec2_metric_alarm: | |
| aws_access_key: "{{ aws_id }}" | |
| aws_secret_key: "{{ aws_key }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /home/ansible/tbb_awscreds.yml | |
| tasks: | |
| - name: Check for the ECS services | |
| shell: aws ecs list-services --cluster "{{ cluster }}" --region ap-south-1 --profile tbb | awk -F ":" '{print $6}' | tr -d '"',"," | awk -F "/" '{print $2}' | sed '/^\s*$/d' > /root/ecs_service.txt | |
| - name: Create a Basic CPU Alarm |
naavveenn
/ Install Mod_Security
Created
May 12, 2018 05:59
Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Step 1: Installing Dependencies for mod_security | |
| yum install gcc make | |
| yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel | |
| Step 2: Installing Mod_Security | |
| Run the following commands as root. | |
| cd /usr/src | |
| wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz | |
| tar xzf modsecurity-apache_2.6.6.tar.gz | |
| cd modsecurity-apache_2.6.6 |
naavveenn
/ Install Mod_Evasive
Last active
May 12, 2018 06:02
Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in the event of an HTTP brute force, Dos or DDos attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Step1:- Installing Dependencies | |
| yum install gcc make | |
| yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel | |
| Step2:-- | |
| cd /usr/src | |
| wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz | |
| tar xzf mod_evasive_1.10.1.tar.gz | |
| cd mod_evasive | |
| apxs -cia mod_evasive20.c |
naavveenn
/ Lynis Audit
Created
May 11, 2018 15:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: demo #list of servers | |
| become: yes | |
| tasks: | |
| - name: Check if Git is installed or not for Debian distro | |
| shell: dpkg -s git #check if git is installed or not | |
| ignore_errors: True | |
| register: output | |
| when: ansible_os_family == "Debian" |
NewerOlder