How to safely log into other AWS accounts from within a single AWS login account? The third part of the series goes over the specifics of cross-account assumable IAM roles. Additionally it will cover IAM permissions as well as permission boundaries in great detail. This is going to be the glue that will magically link
Category Archives: Administration
This series has already covered a few basics about ~/.ssh/config in terms of how to simplify the usage of ssh tunnelling. In order to round this up a bit more, I will add some information you should be aware of about ~/.ssh/config. This is only intended to be a quick reminder about how it is
Now that you are able to create various forward or reverse SSH tunnels with lots of options and even simplify your live with ~/.ssh/config you probably also want to know how make a tunnel persistent. By persistent I mean, that it is made sure the tunnel will always run. For example, once your ssh connection
If you have read the previous article of this series, you should be able to create forward and reverse tunnels with ease. In addition to the previously shown examples I will address some more advanced options for SSH tunnels in general. Article series SSH tunnelling for fun and profit Local vs Remote Tunnel options AutoSSH
When it comes to the art of SSH tunnelling, there are basically two options where to relay a port to.
You can relay a port from a remote server to your local machine with `ssh -L`, hence called local port forwarding. A very basic use-case is if your remote server has a MySQL database daemon listening on port `3306` and you want to access this daemon from your local computer.
The second option is to make your local port available on a remote server (`ssh -R`). Remote port forwarding might come in handy if you for example want to make your local web-server available on a port of a public server, so that someone can quickly check what your local web-server provides without having to deploy it somewhere publicly.
If you are responsible for monitoring lots of drupal sites, the built-in update notification will not be sufficient. check_drupal is a new and drupal version independent nagios plugin which does not require any change on your existing code.
How can you make sure all your system binaries and configuration files have not been compromised by an intruder? You can of course run rkhunter or AIDE on a regular base or via cron, but this is only going to show you, that a MD5 checksum has been changed. Using git as an intrusion detection
Git like a pro will present some more advanced git tricks, you might not have heard about. This is going to be a collection of deluxe git stuff I have picked up somewhere or written myself. It is also going to be a repeating section, so stay tuned and look for other posts on git
You plan to make secure and automated mysql database backups on your server? There is a lot more to it than just using mysqldump from inside cron. Don’t step into the pitfalls many people do and risk to compromise all of your databases. What makes a well designed and secure database backup script? For that