DevTech101

DevTech101

security

Enabling, Configuring RBAC, TLS Node Bootstrapping On An Existing Kubernetes Cluster – Part 7

Configuring RBAC, TLS Node Bootstrapping On An Existing Kubernetes(1.11) Cluster. Below is a continuation to my previous post(S) part 1-6 on how to configure Kubernetes 3 Master Node cluster. In the post below I am going to show you. How to enable and configure RBAC on an your existing kubernetes cluster. how to automatically bootstrap …

Enabling, Configuring RBAC, TLS Node Bootstrapping On An Existing Kubernetes Cluster – Part 7 Read More »

Configuring NAT Using PF Firewall in Solaris 11 / 12 Zones

Solaris 11/12 PF Firewall NAT Configuration Below is an update on how to configure NAT in Solaris 11/12, the original post used IPfilter(IPF). Since Solaris now officially switched to the BSD firewall(PF) I created the updated example below. Assumptions The network used in the kernel zones are 10.10.1.0/24 The network used on the global zone …

Configuring NAT Using PF Firewall in Solaris 11 / 12 Zones Read More »

Oracle ZFS Appliance(ZFSSA) LDAPS TLS / Diffie-Hellman(DH) SSL Rejected Due To Bit Length

Workaround for Oracle ZFS Appliance(ZFSSA) LDAPS / TLS Reject When Using OUD I recently patched/upgraded firmware on a Oracle ZFS Appliance. Once the upgraded was completed, the ZFS Appliance LDAPS connections stopped working, the error was due to the ZFS Appliance rejecting the Diffie-Hellman(DH) Cipher being used in the LDAPS connections. It turns out the …

Oracle ZFS Appliance(ZFSSA) LDAPS TLS / Diffie-Hellman(DH) SSL Rejected Due To Bit Length Read More »

Configuring Solaris 11 user as Primary Administrator

Configuring a user as Primary Administrator in Solaris To configure a User in Solaris 11.2 as Primary Administrator follow the below steps Note: Primary Administrator was removed in Soalris 11.2 because its of a security concern. /etc/user_attr sshsvc::::type=roles;lock_after_retries=no;defaultpriv=all;profiles=Primary Administrator,All /etc/security/prof_attr.d/core-os Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html /etc/security/exec_attr.d/core-os Primary Administrator:suser:cmd:::*:uid=0;gid=0

Free Alternative to Splunk Using Fluentd and ElasticSearch

Splunk is a great tool for searching logs, but its high cost makes it prohibitive for many teams. In this article, we present a free and open source alternative to Splunk by combining three open source projects: ElasticSearch, Kibana, and Fluentd. http://docs.fluentd.org/articles/free-alternative-to-splunk-by-fluentd

Solaris IPFilter optimization

The default settings are quite conservative, and should be increased. user@opensolaris:~# ipfstat | grep lost fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 798 lost 100 packet state(out): kept 612 lost 234 The default settings are quite conservative. user@opensolaris:~# ipf -T list …

Solaris IPFilter optimization Read More »