PatchMe - Quick Shell Shock and future Vulnerabilities Auto-Patcher for Multi Operating Sites

AWS Config Rules!

I know what you did last summer…opening all those insecure ports in your security groups to quickly troubleshoot that nasty bug, then in the rush to close this issue, forgot to close back the gate! AWS Config is your friend then :-)

AWS Config Rules is built on top of AWS Config and it allows you to get notified or have action taken when a configuration change is made where it breaches the AWS best practice rules or any of your own set of rules.

Here is the video session on this and the main goodies as well as important notes I found:

  1. It is a change control and auditing solution completely automated! No need for scripts, data store or tracking done by you.
  2. You can troubleshoot and run a time travel like view through your resources, their state and relationships to any other dependent resources exiting through any point in time, including any change or deletion done.
  3. Your data is highly reusable: You get a JSON formatted record of any change to your resources, and where relevant it compatible with the relevant AWS describe commands so you can use that match for validation scenarios.
  4. Powerful correlation: It will use CloudTrail to show you who and when change a resource.
  5. Easily expandable: You create your own rules through AWS Lambda using any language it supports. Rule verifications are triggered based on time or AWS API event (tag created, instance deleted, etc)
  6. Targeted: You easily get a report of what changed when, resources that exist while they shouldn’t or are missing.
  7. Turn events into data by routing AWS Config events SNS notifications into your own event repository in real time.
  8. Coverage: Everything EC2, VPC and CloudTrail related, and now the holy grail: IAM, so now you can dig into who added that policy, or detect when an admin user has been added where it shouldn’t have been.
  9. Availability: AWS Config is available everywhere and AWS Config rules is only available in North Virginia.
  10. Spread: Regional. You need to run and review it in each region separately.. Not quiet as powerful if it were account centered..
  11. Pricing: Right here!

Slides Decks is here:

IMG_3715

Sweet findings in AWS Inspector

Taking a look at the AWS Inspector intro  by Alex Lucas I could see several sweet features all DevOps security minded pros would love (and of course it includes even more goodies).

  1. Covers all the CVE stuff, finds, reports, act (patch, etc) and many more best practices the AWS team had gathered all along.
  2. Recording of activities inside your instances and tracking of suspicious or activities that may harm your defense.
  3. Automation via the AWS CLI, API, including workflow control for vulnerabilities and their mitigation actions (you can mark a vulnerability as clear manually for example, or tag one as needing a review by Auditor, etc)
  4.  Able to catch real time system call operations, analyze and report – such as setting a library file with wide open permissions that is owned by root…
  5. Requires an agent that is ready for Amazon and Ubuntu AMIs for now (more platforms including Windows to follow
  6. Simple and cheap to try, no need to spend time and money on massive software suites. I know that’s AWS core concept, but in the vulnerability scanning world its even more enticing.
  7. Did you know that Amazon Linux instances will automatically patch themselves on any reboot (at least for critical security patches I guess)? Alex mentions this as one of the “obstacles” he had, while he was trying to setup a vulnerable instance that does not have critical patches installed…

Open topics:

  1. What is the Agent’s overhead?
  2. Support for Cloud Watch Integration yet to come
  3. People in the YouTube session seem to be either sleepy or something, because they did not jump of their sits in enthusiasm as I would :-)

Slide deck is here:

Listen to this – Google Cloud Platform (GCP) Podcast has launched!

Part of being in the GCP (Google Cloud Platform) Insiders program (through eMind where I work for) is you get access to cool new resources early on :-)

I love learning through audio, podcasts being one big source of information. So I hooked to the new Google Cloud Platform Podcast and I can see it looks great. Here is why:

  1. Enthusiastic hosts! Francesc and Mark really love what they do and its catching :-)
  2. Each of the chapters focus on a topics that’s part of the GCP Platform, providing both information as well as real world scenarios and implementation details using the technology
  3. The “Question of the week” section deals with interesting cases which come from the field
  4. Timely review of stuff related to GCP

All good stuff and pack in a 25-30 minutes bundle you can consume easily on the way to the office. As to the actual topics and Podcast feeds, and Social Media channels, just head to the GCP podcast page.

Got any other Cloud, Big Data, DevOps related podcast we should listen to?

(Native) Docker Windows Containers Revealed

If you were wondering how exactly does Native Docker for Windows Server look, you would love this Native Docker containers on Windows walk through done by Microsoft Channel9 Visual Studio podcast.

Here is what I loved about it:

  1. General yet very good explanation of what docker is all about and why should you care
  2. What does Native Docker for Windows look like (basically the host for containers is based on Windoes Core edition)
  3. Clarifying the confusion around the mixing of Linux Windows and Docker
  4. Live Demo of launching Windows Docker containers right from Visual Studio deploying the .NET application you develop and into Azure host

Got any other great Docker resources you want to share?

Yours

Jack

Amazon AWS lifts the limit on SQS meesage delivery size to from 256k to 2GB!

Another cool leverage of AWS S3 service, this time for Amazon SQS

“…Amazon Simple Queue Service (SQS) now has an Extended Client Library that enables you to send and receive messages with payloads up to 2GB. Previously, message payloads were limited to 256KB. Using the Extended Client Library, message payloads larger than 256KB are stored in an Amazon Simple Storage Service (S3) bucket, using SQS to send and receive a reference to the payload location…”