Skip to content

Instantly share code, notes, and snippets.

# HOWTO: Installing Vault On AWS with S3 backend
This is a HOWTO on installing [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault) on AWS with S3.
Components used:
* [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault)
* [AWS S3](https://aws.amazon.com/s3/)
* [AWS IAM](https://aws.amazon.com/iam/)
* [AWS EC2](https://aws.amazon.com/ec2/)
* [OpenSSL](https://www.openssl.org/)

Vault PKI Root and Intermediate Certificates

Root Certificate

vault mount -path=pki-root pki

vault mount-tune -max-lease-ttl=87600h pki-root

# This will write a json file to the filesystem.
vault write -format=json pki-root/root/generate/exported \
 common_name=example.com \
@therandomsecurityguy
therandomsecurityguy / cardano-node-upgrade.md
Last active May 7, 2021 13:57
Upgrading Cardano nodes

Running Cardano relays and block nodes is a fun project, but upgrading nodes can be a bit of a pain. I compiled some simple steps I used to upgrade from Cardano node 1.26.1 to 1.26.2.

  1. Update/upgrade and install cabal requirements
sudo apt update -y
sudo apt upgrade -y

sudo apt install build-essential curl libffi-dev libffi7 libgmp-dev libgmp10 libncurses-dev libncurses5 libtinfo5 -y

Keybase proof

I hereby claim:

  • I am therandomsecurityguy on github.
  • I am dchamorro (https://keybase.io/dchamorro) on keybase.
  • I have a public key whose fingerprint is EF75 2860 41CA FA9C C088 364E 1C01 B4C1 A1F8 2C12

To claim this, I am signing this object:

@therandomsecurityguy
therandomsecurityguy / ubuntu16.04.sh
Created September 25, 2018 21:42
Ubuntu 16.04 hardening script
#!/bin/bash
# Title: Ubuntu 16.04 Hardening
#
# DESCRIPTION: MODIFY / CHANGE / UPDATE / CONFIGURE
#
# Patching and Software Updates
apt-get -y update
apt-get -y upgrade
#
# File System Configuration
@therandomsecurityguy
therandomsecurityguy / slack-black.css
Last active August 21, 2018 16:29
Slack Black theme
body { background: #222; color: #e6e6e6; }
a { color: #949494; }
a:link, a:visited { color: #949494; }
a:hover, a:active, a:focus { color: #c7c7c7; }
hr { border-bottom: 1px solid #424242; border-top: 1px solid #222; }
@therandomsecurityguy
therandomsecurityguy / vault.service
Created June 22, 2017 16:14
Vault server service for systemd
[Unit]
Description=vault server
Requires=network-online.target
After=network-online.target consul.service
[Service]
EnvironmentFile=-/etc/sysconfig/vault
Restart=on-failure
ExecStart=/usr/local/bin/vault server $OPTIONS -config=/etc/vault.d
@therandomsecurityguy
therandomsecurityguy / consul.service
Last active June 22, 2017 16:13
Consul service for systemd
[Unit]
Description=consul agent
Requires=network-online.target
After=network-online.target
[Service]
EnvironmentFile=-/etc/sysconfig/consul
Environment=GOMAXPROCS=2
Restart=on-failure
ExecStart=/usr/local/bin/consul agent $OPTIONS -config-dir=/etc/consul.d
#!/bin/sh
#
# This is an example script for using netperf. Feel free to modify it
# as necessary, but I would suggest that you copy this one first.
#
# This version has been modified to take advantage of the confidence
# interval support in revision 2.0 of netperf. it has also been altered
# to make submitting its resutls to the netperf database easier
#
# usage: ./netperf_tcp_stream.sh [machine A's IP] [CPU] [-Tx,x] > filename.txt
#!/bin/sh
#
# This is an example script for using netperf. Feel free to modify it
# as necessary, but I would suggest that you copy this one first.
# This script performs various UDP unidirectional stream tests.
# usage: ./netperf_udp_stream.sh [machine A's IP] [CPU] [-Tx,x] > filename.txt
#
if [ $# -gt 4 ]; then
echo "try again, correctly -> udp_stream_script hostname [CPU] [-Tx,x] [I]"