Icinga PowerShell Framework

 Tue, 05 Nov 2019 18:08:13 +0100 


Icinga Director v1.7.0

 Mon, 30 Sep 2019 11:01:42 +0200 
Finally \o/

#^Icinga Director v1.7.0 has been released
Over the last four years, the Icinga Director has grown from an optional configuration add-on to a mature Software product with lot‘s of features. Most Icinga installations are now driven by the Director, no matter whether they are small or huge, manually curated or fully automated.
But it will not stop here. Many cool ideas are eager to finally become reality. Director v1.7 is a huge step in that direction, as it lays the foundation for a completely new type of features. We are now able to delegate complex tasks to a dedicated background daemon that has been introduced with this version. New library modules have been published, allowing us to share cool bleeding edge funtionality among different modules in a more efficient way.

The first release that includes my property modifier from December last year. ;-)

Kata Containers

 Fri, 20 Sep 2019 12:43:57 +0200 
#^Kata Containers isolieren Workloads von Docker und Kubernetes - Aus Linux-Magazin 12/2018
Kata Containers versuchen die Leichtgewichtigkeit von Containern mit der strengen Isolation echter Server zu kombinieren. Dafür muss sich der Docker-User nicht einmal an neue Kommandos gewöhnen.
 Fri, 20 Sep 2019 10:53:35 +0200 
#^Icinga 2.11
Now we are here, after many months of development – we proudly release Icinga 2.11 available today.

Bleeding edge
It has been an emotional ride with many changes under the hood. The most obvious change is that Icinga’s distributed cluster operates more stable, the past quirks with hanging certificate signing requests or dead-locked TLS handshakes are now gone. This required us to go an unusual route: Evaluate new libraries and programming techniques in order to replace hand-written lower layered code, with later replacing the entire code base for the network stack operations in Icinga. This is a massive effort in quality and stability where users had called out for 3.0 already.

Zentrales Logging mit dem Elastic Stack

 Fri, 23 Aug 2019 17:25:13 +0200 last edited: Fri, 23 Aug 2019 18:16:09 +0200  

#^Zentrales Logging mit dem Elastic Stack
on media.ccc.de

Dezentrales Logging wird mit der steigenden Zahl von zu überwachenden Prozessen immer aufwändiger. Deshalb gibt es seit mehreren Jahren Tools welche das Zentrale Logging unterstützen. In diesem Vortrag soll der Elastic Stack als ein solches Tool vorgestellt werden.

In der Welt der Microservices ist die Anzahl der Logs-produzierenden Prozesse sehr groß und liegt durchaus im Bereich von 100-1000 Prozessen. Eine manuelle Log-Verarbeitung ist hier so gut wie undenkbar. Doch auch monolithische Services laufen oftmals dezentral und das Analysieren der Produktions-Logs ist dann häufig auch mit viel Aufwand verbunden. Mithilfe eines zentralen Loggins lässt sich eine viel bessere Übersicht über den Gesamtzustand eines Systems gewinnen, da nicht jedes Log einzeln untersucht werden muss, sondern die Logs aggregiert und somit auch leicht automatisiert ausgewertet werden können. Der Elastic-Stack bietet die Möglichkeit, große Mengen an Logs zu speichern und zu durchsuchen. Das Ökosystem um den ELK-Stack unterstützt Entwickler, DevOps usw. dabei, die Logs schnell und einfach aufzubereiten, damit diese gut analysierbar sind. In diesem Vortrag werden die Vor- und Nachteile des zentralen Loggins dargelegt und gezeigt, wie sich der Elastic Stack in Umgebungen einbinden lässt.

#ELK #FrOSCon14 #FrOSCon2019


 Fri, 05 Jul 2019 14:49:20 +0200 
To access a cheat sheet you can simply issue a plain HTTP or HTTPS request specifying the topic name in the query URL:
    curl cheat.sh/tar
    curl #^https://cheat.sh/tar

Elastic SIEM

 Wed, 26 Jun 2019 16:51:24 +0200 
#^SIEM on the Elastic Stack | Elastic SIEM
Security teams use Elastic SIEM to detect threats by analyzing events from network, host, and cloud technologies, as well as other data sources.

Elastic SIEM equips security practitioners with easy data ingestion via Beats, shareable analytics based on the Elastic Common Schema (ECS), and the ability to interact with security data using the #SIEM app in Kibana. As threats continue to evolve, so too will Elastic SIEM.

No Excuse

 Fri, 21 Jun 2019 14:42:53 +0200 
#^SQL is No Excuse to Avoid DevOps - ACM Queue
A friend recently said to me, "We can't do DevOps, we use a SQL database." I nearly fell off my chair. Such a statement is wrong on many levels.
"But you don't understand our situation!" he rebuffed. "DevOps means we'll be deploying new releases of our software more frequently! We can barely handle deployments now and we only do it a few times a year!"
I asked him about his current deployment process.

Icinga Reporting

 Mon, 17 Jun 2019 14:21:50 +0200 
Icinga Reporting – Hands On
After our initial release of Icinga Reporting for early adopters we continued our development and are happy to release v0.9.1 today. The release includes bug fixes and some minor enhancements for the usability.
 Wed, 29 May 2019 11:24:37 +0200 
#^DNS-OARC 30: Bad news for DANE | APNIC Blog
For many years the Domain Name X.509 certification system, or WebPKI, has been the weak point of Internet security. By ‘weak point’ you could as easily substitute ‘festering, rancid, underbelly’ and you would still be pretty much right on the mark! The massively distributed trust system has proved to be unmanageable in terms of integrity and there is a regular flow of stories of falsely issued certificates that have been used to perform intrusion attacks, eavesdrop on users, corrupt data and many other forms of malicious behaviours.


 Fri, 03 May 2019 00:22:33 +0200 
#^Ransomware: The key lesson Maersk learned from battling the NotPetya attack | ZDNet

Protection is important - but it's equally as important to ensure your recovery process is strong, says head of cybersecurity compliance at the shipping giant.


The Director

 Wed, 24 Apr 2019 18:37:38 +0200 
#Icinga Director is such a wonderful tool. You pay more attention to your #CMDB and IT documentation and your monitoring system syncs nicely. \o/
For sure it is no out of the box solution, you need to plan and prepare a lot beforehand, but afterwards it is so flexible and nice to use.

#^Monitoring Automation with Icinga – The Director

I’m not going to list all benefits of automating your monitoring system. If you’re here and reading this, you are most likely very aware that maintaining a large infrastructure is a big challenge.
Automating the monitoring process for a huge amount of servers, virtual machines, applications, services, private and public clouds was a main driver for us when we decided to build Icinga 2. In fact, monitoring large environments is not a new demand for us at all. We experienced this challenge in tandem with many corporations for many years. Finally, it lead us to build features like our rule based configuration, Icinga’s REST API and various modules, cookbooks, roles and playbooks for different configuration management tools.

MariaDB The Story So Far

 Thu, 14 Mar 2019 10:44:55 +0100 
#^MariaDB 10.3 » ADMIN Magazine
What lacked maturity in MariaDB 10.2 has now been sorted out in version 10.3. We look at the benefits you can reap now.


 Thu, 28 Feb 2019 14:09:39 +0100 
Interesting talk from Daniel Stenberg

#^HTTP/3 is the next coming HTTP version
by Daniel Stenberg on YouTube
 Tue, 26 Feb 2019 01:36:28 +0100 
#^BSI -  IT-Grundschutz-Kompendium - Edition 2019
Die Edition 2019 des IT-Grundschutz-Kompendiums enthält insgesamt 94 IT-Grundschutz-Bausteine. Darunter sind 14 neue IT-Grundschutz-Bausteine sowie die 80 Bausteine aus der Edition 2018. Von diesen wurden 36 Bausteine für die Edition 2019 überarbeitet. Im IT-Grundschutz-Kompendium wird an einigen Stellen auf Bausteine verwiesen, die noch nicht in der ersten oder zweiten Edition veröffentlicht sind.
 SysAdmin  GS

One API call away from Domain Admin

 Wed, 30 Jan 2019 12:21:06 +0100 
Oh this one is wonderful. I love it!

#^Abusing Exchange: One API call away from Domain Admin

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange. This attack is possible by default and while no patches are available at the point of writing, there are mitigations that can be applied to prevent this privilege escalation. This blog details the attack, some of the more technical details and mitigations, as well as releasing a proof-of-concept tool for this attack which I’ve dubbed “PrivExchange”.

And now imagine that agencies and governments collect such entries to IT-systems and wonder how many of them they might still know about.

CI/CD tools

 Fri, 11 Jan 2019 17:45:01 +0100 
#^7 CI/CD tools for sysadmins | Opensource.com
An easy guide to the top open source continuous integration, continuous delivery, and continuous deployment tools.

Sharing is Caring

 Fri, 21 Dec 2018 11:51:06 +0100 
#^MISP » ADMIN Magazine 48/2018
Shared Protection By Matthias Wübbeling
The Malware Information Sharing Platform lets you record and document security incidents – and share the information with users on other networks.
Cunning attackers often collaborate with others and share information about vulnerabilities. Companies, on the other hand, face hackers as lone warriors and all too often rely on traditional security technologies. But companies can also share IT security knowledge. One platform for sharing security information is the Malware Information Sharing Platform (MISP).

#^MISP - Malware Information Sharing Platform and Threat Sharing - The Open Source Threat Intelligence Platform
MISP - a threat information sharing platform - The Open Source Threat Intelligence Platform

Director v1.6.0

 Tue, 11 Dec 2018 12:23:14 +0100 
I really like Icinga Director and the new feature to work with multiple instances sounds to improve our workflow a lot.

#^Director v1.6.0 is available
Icinga Director v1.6.0 has been released with Multi-Instance Support, Configuration Baskets and improved Health Checks. We’re excited to announce new features that will help you to work more efficiently.

Reminds me I still need to commit a parse_url PropertyModifier upstream.

Fallwinde abseits der Technologie

 Fri, 07 Dec 2018 14:08:55 +0100 
#^Den Wechsel in die Cloud vorbereiten - Linux Magazin
Weil die Cloud omnipräsent ist, meinen einige Unternehmen, dass es ein Kinderspiel sei, ihre Geschäftsanwendungen zu Amazon, Google, Microsoft und Co. auszulagern. Tatsächlich lauern auf dem Weg nach oben tückische Fallwinde gerade abseits der Technologie.
Schenkt man den einschlägigen Werbeanzeigen Glauben, dann ist es kinderleicht, die Dienste von Cloudanbietern wie Amazon, Google, Microsoft & Co. zu nutzen. Zugleich suggeriert das Marketing der Firmen, der Weg in die Wolke sei völlig unkompliziert. Tatsächlich präsentiert sich der Wechsel in die Cloud häufig als mehrdimensionale Herausforderung. Der Artikel beleuchtet einige der Hürden, legt den Fokus aber auf die nicht-technische Seite.