OSSEC frequency rules and active-response: ensure same_source_ip is set
I've been using the Drupal decoder for OSSEC for a number of years, to detect things like brute-force login attempts as alerted by the Syslog module.Tags: ossecsecuritydrupalsysadmin
View ArticleInterview with BetterCloud about I.T and communication
I was one of three professionals recently interviewed by BetterCloud for a series on blending the art of effective communication into I.T (with a focus on communicating to people in a less-technical...
View Articlemig5 in another BetterCloud article about communication and I.T
As a separate piece to the previous three part series published, I was featured in another BetterCloud article about elevating the perception of I.T teams in the wider parts of organisations.This...
View ArticleSource based load-balancing in HAproxy based on X-Forwarded-For header
We had some application servers behind an active/passive HAproxy loadbalancer pair (using keepalived to arbitrate the IP on failover).We needed to put a WAF product in front of the HAproxy pair (e.g...
View ArticleNagios script for VMware memory balloon size
Couldn't find a Nagios plugin for checking the VMware 'memory balloon' percentage, after observing a server that due to hypervisor issues was ballooning too much. For more on that subject, you can read...
View ArticleDeploying and managing Autoscaled Drupal applications at AWS with Terraform,...
As part of a prototype/experiment for a customer, I decided to 'eat my own dogfood' and put this site onto an autoscale cluster at AWS. In doing so, I wanted to manage my infrastructure using Terraform...
View ArticleTerraform remote state and errors about AWS_DEFAULT_REGION
This may be obvious to others, but it wasn't to me.I was setting up Terraform remote state storage (to an s3 bucket) like so: terraform remote config -backend=s3 \...
View ArticleMigrating a Vagrant VM into Qubes as StandaloneVM
I had a Vagrant VM on my other laptop that I wanted to convert into a Qubes AppVM (StandaloneVM).The disk was lazy allocated 40GB but only using about 1.3GB within the guest.The underlying disk of the...
View ArticleVirus scanning your Qubes VMs and Templates with ClamAV
Here's a simple script to iterate over your VMs (and, optionally, your templates) and run clamscan against them.Tags: qubesinfosecclamavlinux
View ArticleUsing a 'quasi'-disposable VM for UpdateVM in Qubes
In Qubes, the dom0 is updated via an 'UpdateVM' which is responsible for downloading any new packages (since dom0 has no direct network access of its own).Typically the UpdateVM is your sys-firewall or...
View Article
