INT 21h

Hi, I am Vladimir Smagin, SysAdmin and Kaptain. Telegram Email / GIT / Thingiverse / RSS / GPG

Centralize fail2ban blacklisting with ip-blocker-db

№ 11031 В разделе "Sysadmin" от June 17th, 2020,
В подшивках: ,

My own IP storage for fail2ban. Written to blacklist fucking botnets bruteforcing my servers. It centalize information about blocks across all my servers in one single watch tower.

https://git.blindage.org/21h/ip-blocker-db

Нет комментариев »

Vault secret retrieve and save to JSON file

№ 10280 В разделах: Programming Sysadmin от September 1st, 2019,
В подшивках: , ,

I wrote small program to retrieve secrets from Vault and provide them to my PHP and Python apps. ENV variables with connection credentials is useful with Docker containers and even Kubernetes, list of secrets to retrieve can be stored inside Docker image.

Secret stored in Vault

Result file on disk

Source code and binary release https://git.blindage.org/21h/vault-retriever

Нет комментариев »

Tracking in kubedb for Kubernetes

№ 9595 В разделе "Sysadmin" от November 26th, 2018,
В подшивках: , , , ,

Me and my colleague seriously rewriting kubedb to remove bash pornography and implement new functions required by our production and today I found code with… google tracking and it turned on by default! Whhyyy they did it and no said about it??! I think patch of this file will not be accepted to upstream.

Нет комментариев »

Ansible: switch SSHd to use public key auth only, block password auth

№ 9447 В разделе "Sysadmin" от September 28th, 2018,
В подшивках: , ,

This task regexps sshd_config for specific option and sets value to yes. If option not found it will be added to the end of file.

Options you want to change:

    sshd_options:
      PubkeyAuthentication: "yes"
      PasswordAuthentication: "no" 

Now remove from config all options you want to change:

- name: Remove all marked options from config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: absent
    regexp: '{{ item.key }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

Nice, now add your options to sshd config:

- name: Add marked options to config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: present
    line: '{{ item.key }} {{ item.value }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

If you want replace string option:

- name: Set PubkeyAuthentication = yes
  become: yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PubkeyAuthentication no'
    line: 'PubkeyAuthentication yes'

Full sample here https://git.blindage.org/21h/ansible-library/src/branch/pubkey_sshd

Нет комментариев »

Convert PPK to PEM without putty-tools

№ 9407 В разделе "Sysadmin" от September 12th, 2018,
В подшивках: ,

Public ppk key to openssh and out to authorized_keys file

ssh-keygen -i -f sergey.ppk >> ~/.ssh/authorized_keys

Нет комментариев »

Яндекс.Метрика

Fortune cookie: Spam del giorno: ! vi offre ogni giorno Porno Gratuito seelzionato