Naveen Chauhan naavveenn
naavveenn
/ Install Mod_Security
Created
May 12, 2018 05:59
Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Step 1: Installing Dependencies for mod_security | |
| yum install gcc make | |
| yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel | |
| Step 2: Installing Mod_Security | |
| Run the following commands as root. | |
| cd /usr/src | |
| wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz | |
| tar xzf modsecurity-apache_2.6.6.tar.gz | |
| cd modsecurity-apache_2.6.6 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /home/ansible/tbb_awscreds.yml | |
| tasks: | |
| - name: Check for the ECS services | |
| shell: aws ecs list-services --cluster "{{ cluster }}" --region ap-south-1 --profile tbb | awk -F ":" '{print $6}' | tr -d '"',"," | awk -F "/" '{print $2}' | sed '/^\s*$/d' > /root/ecs_service.txt | |
| - name: Create a Basic CPU Alarm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /home/ansible/tbb_awscreds.yml | |
| tasks: | |
| - name: Create a Basic CPU Alarm | |
| ec2_metric_alarm: | |
| aws_access_key: "{{ aws_id }}" | |
| aws_secret_key: "{{ aws_key }}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| vars_files: | |
| - /root/creds.yml #contains access_keys and secret keys for my msp account | |
| tasks: | |
| - name: Get STS credentials | |
| sts_assume_role: | |
| role_arn: "arn:aws:iam::xxxxxxxxxxx:role/MSPCrossAccount" #Cross-account role_arn | |
| profile: test #profile name that's mentioned in .aws/config file |
naavveenn
/ MySQL Query
Created
June 27, 2018 14:58
This playbook checks the city_name in the table and if the city_name doesn't exist then it will insert the city_name into the table.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: local | |
| connection: local | |
| tasks: | |
| - name: check city in DB | |
| mysql_query: | |
| login_host: localhost | |
| login_user: naveen | |
| login_password: abc | |
| db: test_db |
naavveenn
/ AMI Deletion
Created
July 11, 2018 08:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from datetime import datetime, timedelta | |
| import datetime | |
| import dateutil | |
| def lambda_handler(event, context): | |
| retention_date=datetime.datetime.now() - datetime.timedelta(days=7) | |
| client = boto3.client('ec2') | |
| response = client.describe_images( Filters = [ { 'Name':'tag:delete','Values':["yes"] } ], Owners=['123123123123'] ) | |
| images = response['Images'] | |
| for i in images: |
naavveenn
/ Cloudwatch Agent Install
Last active
April 26, 2021 01:15
Cloudwatch agent installation: Make sure to attach a cloudwatch role to your ec2 instance. amazon-cloudwatch-agent.json file should be created before hand (on your local machine or from where you are executing your ansible playbook), other wise cw_agent will not start. Below is the example of amazon-cloudwatch-agent.json.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ###Cloudwatch role should be attached to the ec2 instance### | |
| - hosts: dd ###servers on which you need to run the cw_agent | |
| become: yes | |
| remote_user: root | |
| gather_facts: true | |
| tasks: | |
| - name: Check if Cloudwatch Agent is Installed Already | |
| shell: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status | |
| register: init_status_result |
naavveenn
/ User Creation along with ssh-keys
Created
October 25, 2018 07:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ##Creating multipple users## | |
| - hosts: test | |
| become: yes | |
| gather_facts: no | |
| vars_prompt: | |
| - name: pass | |
| prompt: "Please enter the password" | |
| tasks: | |
| - name: Creating users |
OlderNewer