Posts

Showing posts from 2019

Tech - Sprinkle some Salt - Part 1

Image
Overview With the advent of DevOps, many tools have come up on the topic of automation. These include tools such as Jenkins, TeamCity, Ansible, Chef, Puppet, Vagrant, Terraform etc. And, they are used to deploy infrastructure and applications. However, once an infrastructure or application is deployed into an environment (Development, Testing, Production), there are changes made to it. The operations and/or site reliability teams may tweak operating system, application configuration to ensure that the environment is stable and functioning well. And, when these changes are made, the environment tends to 'drift' when compared to the source code or documentation. This is where tools such as Salt Stack are useful. It is a tool from https://www.saltstack.com . At a high level, Salt is a configuration management system.  Like most other automation tools, it can deploy infrastructure / application.  In addition, it can also monitor and react to various events. This gre

Azure Chronicles - VM Security

Using the cloud has many benefits, some of them such as elasticity and scalability. On the other hand, some other aspects such as security and cost need to be paid attention to. Let's look at the security aspect in this post. Lynis is one of the most popular Linux auditing and hardening tools. It has community and enterprise editions. As an example, the community edition is being used here. Let's scan a Linux based VM in Azure and find out the results. This post assumes that you have an existing subscription in Microsoft Azure. The below steps show how to scan a VM in Azure. A new class of VM's called B1ls was launched. These VM's are quite small and cheap. As this is just an experiment, let's try this new VM. Create a B1ls VM with the Ubunto 18.04 LTS image on it. Make sure that the VM has a public IP address and use a public key for access. Once the VM is created, login to the VM using a tool such as Putty. Follow the steps described here to ins