Redhat OpenShift: Technology Preview 2 of Service Mesh Now Available


In this release redhat have added a whole new user interface from the upstream Kiali project. The Kiali user interface can help Istio users understand what’s happening in their service mesh, can show how the various components are connected, and can help to detect issues (HTTP 500, pod not started, misconfigurations) to better fix those.
An animated graph helps provide a more natural way to visualize both the inter-component request latency (speed of the dots) and the amount of traffic between two components

For further details please read this

Jenkins CI/CD in 5 mins

Jenkins aka hudson is still the most prominent Devops tool (since 2004) for Continuous Integration and Continuous Deployment

This is a (very) quick guide to running Jenkins within a Containerisation environment, locally using Docker on your laptop.

You maybe a single developer or just a small team. Why run Jenkins on a costly Virtual Machine in the cloud when you can run it locally on you laptop, or on an old PC or laptop in the office, but only when you need it (saving$)

  1. Install docker https://docs.docker.com/getting-started on you laptop
  2. Download docker image from dockerhub
  3. Run docker container

For further instructions see image above.

For a munch longer complete 8 hr trading video on Devops CI/CD pipelines see Video

fail2ban automatic Intrusion Detection and Prevention software

ftpuzerfail2ban ips/ids works on any Linux server and protects your system with automatic firewall block of anyone trying to access your server maliciously and block their public ip for periods or indefinitely.

The Ban can be extended and the amount of invalid passwords or invalid page requests and can be triggered to tighten the prevention of abuse of the server.

Install fail2ban using you favorite package manager

apt-get install fail2ban
yum install fail2ban

service fail2ban start

show firewall rules including any blocked IPs:

root@someserver:/etc/fail2ban/jail.d# iptable -list
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp — anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all — 148.252.128.163 anywhere reject-with icmp-port-unreachable <——Banned Ip for jail sshd
RETURN all — anywhere anywhere

remove Baned IP from iptables
!***However this leaves to IP still listed in fail2ban and wont block again, so see next section

root@someserver:/etc/fail2ban/jail.d# iptables -D f2b-sshd 1
at

Need to remove this from fail2ban

<pre>root@someserver:/etc/fail2ban/jail.d# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
</pre>

list the contents of the jail

root@someserver:/etc/fail2ban/jail.d# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 11
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 148.252.128.163

unban ip
fail2ban-client set sshd unbanip 148.252.128.163

check the ban is off

tail -f /var/log/fail2ban.log
2018-06-30 09:09:03,416 fail2ban.actions [18644]: NOTICE [sshd] Unban 148.252.128.163

When testing and using an invalid user and password using ssh, it triggers regex 3 times:

2018-06-30 09:10:52,845 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:00,098 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:06,266 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:06,274 fail2ban.actions [18644]: NOTICE [sshd] Ban 148.252.128.163 <——Ban enforced after 3 retries(maxretry)

The default for ssh is 5 retry’s in 60 Seconds. I have decreased this to 3 by adding entry ‘maxretry = 3’ to file in /etc/fail2ban/jails.d

Further Details and full list of commands
https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options

How to Manually Unblock / Unban IP Address in fail2ban

Changing WordPress Author of Article from Admin user

Its not good practice to list the authors of a wordpress arcticle, especially if they are an admin user of wordpress. This would give a hacker valid username and they can then attempt to guess the password and then have full access to wordpress site.

Should you need to change the name of the Author who wrote an arcticle or ‘post’ in wordpress, here’s the Dbase sql statement to do that:

  • login to mysql database on linux command line as wordpress user mysql -uwpressuser -p  wordpressdb
  • find list of users and there author id’s

select * from wp_users;

  • Then find list of articles and list by author with id 1

select ID,post_author, post_date, post_title from wp_posts where post_author=1;

Finally, to alter the posts author ID to an alternative NON admin user:

update wp_posts SET post_author=5 where ID=238;

If you would like to remove the users name altogether from future posts read this

Container Adoption Trends for 2019

The Datadog survey updated in June 2018 shows a trend where 25% of companies have already adopted Docker and the remaining ones are catching up very fast.

Kubernetes, OpenShift, Apache Mesos, and Docker Swarm, managing a platform or infrastructure with thousands of containers is now much easier. One engineer alone can now manage the heterogeneous deployments of containerized application, with the help of automation power provided by orchestrators.

A couple of years back databases were thought to be something which was kept outside of container technology, but today we have NuoDB which is a container-native and cloud-native database especially designed and developed to run on containers to support WebScale capabilities at a database level.

The benefits of containers over the VMs are already proven in applications world, so there is a very high interest across industry to reap the same benefits for telco VNFs also.RedHat &ONAP also covers this in details in internal documents

If you would like to read the full article Click Here

 

Poor old wheezy his Linux useful days are numbered

Debian support for their Wheezy version 7 of Linux comes to the end this May 2018. After this date no new bug fixes for security patches will be created

https://wiki.debian.org/LTS

So the popular penguin is making the most of things whilst they last.

If you have debian, Ubuntu or kali  Linux installed please check which version is running as you might need to upgrade.

If you need any #Advice on how to #upgrade your #opensource products or serviced please contact SOSC we’re be happy to #help

To check your version:

Open a Terminal  &  Type:

lsb_release -a

you should then see:

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty

on Ubuntu watch out for these version what will expire with Wheezy

13.10  saucy      wheezy  / sid
13.04  raring     wheezy  / sid
12.10  quantal    wheezy  / sid
12.04  precise    wheezy  / sid
11.10  oneiric    wheezy  / sid

Ideally if your on Ubuntu you need to be on one of these versions with the following end of Lifetime support Dates

Ubuntu 16.04.1 LTS Xenial Xerus April 2021
Ubuntu 16.04 LTS Xenial Xerus April 2021
Ubuntu 14.04.5 LTS Trusty Tahr April 2019

Centos users look here:  https://wiki.centos.org/About/Product

 

 

Has the World gone LAMP mad? I Love LAMP, Do you ?

Happy Days ! ( ignore their faces in this video)

Who would have though I.T ?

A few years ago you would never have seen #Microsoft MCP working from a #Mac especially promoting one of their products. With #Devops comes many #opportunities even with FREE Training !

(That was unheard of two or more years ago too!)

LOL

Can you spot the product placement in this FREE Microsoft #Azure training video. Other Laptop’s by other suppliers are also available to run Azure console.

I’ve even heard you can use Azure products on a Linux Desktop !!!

The worlds gone #LAMP mad.  I LOVE IT!

KALI web Pentration on Raspberry Zero

Didn’t take long to get our #RaspberryPi Zero working with #Kali #Linux

We’ve now got a zero footprint #Pentration tester for4G wifi or ethernet

Thanks to all working@Re4sonKernel and the @pi-tail  solution.

Another example of #OpenSource at its best. Both inivitive and useful. How else would you test Wifi Security on a train ?  LOL

Better than carrying a laptop around too , thats for sure. Look how small it is..