Cloud Custodian – Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources

Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that’s both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.Custodian can be used to manage AWS accounts by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, etc) and are constructed from a vocabulary of filters and actions.It integrates with AWS Lambda and AWS Cloudwatch events to provide for real time enforcement of policies with builtin provisioning of the Lambdas, or as a simple cron job on a server to execute against large existing fleets.“Engineering the Next Generation of Cloud Governance” by @drewfirment FeaturesComprehensive support for AWS services and resources (> 100), along with 400+ actions and 300+ filters to build policies with.Supports arbitrary filtering on resources with nested boolean conditions.Dry run any policy to see what it would do.Automatically provisions AWS Lambda functions, AWS Config rules, and Cloudwatch event targets for real-time policies.AWS Cloudwatch metrics outputs on resources that matched a policyStructured outputs into S3 of which resources matched a policy.Intelligent cache usage to minimize api calls.Battle-tested – in production on some very large AWS accounts.Supports cross-account usage via STS role assumption.Supports integration with custom/user supplied Lambdas as actions.Supports both Python 2.7 and Python 3.6 (beta) Lambda runtimes Quick Install$ virtualenv –python=python2 custodian$ source custodian/bin/activate(custodian) $ pip install c7n UsageFirst a policy file needs to be created in YAML format, as an example:policies:- name: remediate-extant-keys description: | Scan through all s3 buckets in an account and ensure all objects are encrypted (default to AES256). resource: s3 actions: – encrypt-keys- name: ec2-require-non-public-and-encrypted-volumes resource: ec2 description: | Provision a lambda and cloud watch event target that looks at all new instances and terminates those with unencrypted volumes. mode: type: cloudtrail events: – RunInstances filters: – type: ebs key: Encrypted value: false actions: – terminate- name: tag-compliance resource: ec2 description: | Schedule a resource that does not meet tag compliance policies to be stopped in four days. filters: – State.Name: running – “tag:Environment": absent – "tag:AppId": absent – or: – "tag:OwnerContact": absent – "tag:DeptID": absent actions: – type: mark-for-op op: stop days: 4Given that, you can run Cloud Custodian with:# Validate the configuration (note this happens by default on run)$ custodian validate policy.yml# Dryrun on the policies (no actions executed) to see what resources# match each policy.$ custodian run –dryrun -s out policy.yml# Run the policy$ custodian run -s out policy.ymlCustodian supports a few other useful subcommands and options, including outputs to S3, Cloudwatch metrics, STS role assumption. Policies go together like Lego bricks with actions and filters.Consult the documentation for additional information, or reach out on gitter. Get InvolvedMailing List – https://groups.google.com/forum/#!forum/cloud-custodianGitter – https://gitter.im/capitalone/cloud-custodian Additional ToolsThe Custodian project also develops and maintains a suite of additional tools here https://github.com/capitalone/cloud-custodian/tree/master/tools:SalactusScale out s3 scanning.MailerA reference implementation of sending messages to users to notify them.TrailDBCloudtrail indexing and timeseries generation for dashboardingLogExporterCloud watch log exporting to s3IndexIndexing of custodian metrics and outputs for dashboardingSentryLog parsing for python tracebacks to integrate with https://sentry.io/welcome/Download Cloud-Custodian

Link: http://feedproxy.google.com/~r/PentestTools/~3/UWXPInoFoI8/cloud-custodian-rules-engine-for-cloud.html

Davi Ottenheimer, MongoDB – Paul’s Security Weekly #568

Davi Ottenheimer is a strategist and author focused on cultural disruptions and defense ethics in emerging data platforms and intelligent machines; for more than twenty years’ he has led global teams developing and managing secure systems. Full Show Notes Subscribe to YouTube Channel
The post Davi Ottenheimer, MongoDB – Paul’s Security Weekly #568 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/wXlHKk6FPss/

Kali Linux commands – A to Z Commands

Kali Linux is a known operating system for digital forensics and penetration testing people. It is Debian-derived Linux distribution maintained and funded by Offensive Security Ltd. This OS comes with over 600 penetration-testing programs including Wireshark, Aircrack-ng, John the Ripper, nmap and more. So, it is good for beginners as well. If you are starting, […]
The post Kali Linux commands – A to Z Commands appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/Nqyv9RKbS4k/kali-linux-commands-a-to-z-commands.html

Hindsight – Internet History Forensics For Google Chrome/Chromium

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.It has a simple web UI – to start it, run “hindsight_gui.py" (or on Windows, the packaged "hindsight_gui.exe") and visit http://localhost:8080 in a browser:The only field you are required to complete is "Profile Path". This is the location of the Chrome profile you want to analyze (the default profile paths for different OSes is listed at the bottom of this page). Click "Run" and you’ll be taken to the results page in where you can save the results to a spreadsheet (or other formats).Command LineThere also is command line version of Hindsight – hindsight.py or hindsight.exe. The user guide in the documentation folder covers many topics, but the info below should get you started with the command line version:Example usage: > C:\hindsight.py -i "C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default" -o test_caseCommand Line Options: Option Description -i or –input Path to the Chrome(ium) "Default" directory -o or –output Name of the output file (without extension) -f or –format Output format (default is XLSX, other option is SQLite) -c or –cache Path to the cache directory; only needed if the directory is outside the given "input" directory. Mac systems are setup this way by default. -b or –browser_type The type of browser the input files belong to. Supported options are Chrome (default) and Brave. -l or –log Location Hindsight should log to (will append if exists) -h or –help Shows these options and the default Chrome data locations -t or –timezone Display timezone for the timestamps in XLSX output Default Profile PathsThe Chrome default profile folder default locations are:WinXP: [userdir]\Local Settings\Application Data\Google\Chrome\User Data\DefaultVista/7/8: [userdir]\AppData\Local\Google\Chrome\User Data\DefaultLinux: [userdir]/.config/google-chrome/DefaultOS X: [userdir]/Library/Application Support/Google/Chrome/DefaultiOS: \Applications\com.google.chrome.ios\Library\Application Support\Google\Chrome\DefaultAndroid: /userdata/data/com.android.chrome/app_chrome/DefaultDownload Hindsight

Link: http://feedproxy.google.com/~r/PentestTools/~3/X3A-a_TQZaw/hindsight-internet-history-forensics.html