Watch video on YouTube here: https://youtu.be/ZRd9RTwSm1g by Johnny Netsec
While looking for free online cloud based server monitoring service, I found another two free working sites (NetData and New Relic) providing this service, other than two (Instrumental and DataDog) from my previous video. This video is to give a simple introduction about their free services, and show how to install agent using docker command or one command installer. Related videos for website monitoring: ⚡Create Your Own Free Heroku Hosted UptimeRobot Monitoring Page - https://youtu.be/Fk5Y3WMqWB0 ⚡Five Minutes Build Your Own Free Website Monitoring Site with UptimeRobot- https://youtu.be/dJ4-tvb1pSc ⚡Free Alterative Server Monitoring Cloud Service After Nodequery Service Closed - https://youtu.be/0V-XuhZz-9M ⚡ (Nodequery closed service - not valid anymore) Create a Free NodeQuery Linux Server Monitoring Page on Heroku - https://youtu.be/zUriKEgJrms ⚡Free Server Monitoring Cloud Service Netdata New Relic - https://youtu.be/ZRd9RTwSm1g ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡http://51sec.org ?
Watch video on YouTube here: https://youtu.be/ZRd9RTwSm1g by Johnny Netsec
0 Comments
Nodequery is the cloud server monitoring websites I were using. I introduced in my previous video and also made a github repository to publish a web site for monitoring results. But all of those efforts are gone now. Nodequery stopped their service and website is not accessible anymore. In this video, two free cloud monitoring websites has been tested . The process for adding your servers their dashboard has been recorded in this video. Related videos for website monitoring: ⚡Create Your Own Free Heroku Hosted UptimeRobot Monitoring Page - https://youtu.be/Fk5Y3WMqWB0 ⚡Five Minutes Build Your Own Free Website Monitoring Site with UptimeRobot- https://youtu.be/dJ4-tvb1pSc ⚡Free Alterative Server Monitoring Cloud Service After Nodequery Service Closed - https://youtu.be/0V-XuhZz-9M ⚡ (Nodequery closed service - not valid anymore) Create a Free NodeQuery Linux Server Monitoring Page on Heroku - https://youtu.be/zUriKEgJrms ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡http://51sec.org ?
Watch video on YouTube here: https://youtu.be/0V-XuhZz-9M by Johnny Netsec
A quick video shows how to upgrade Portainer and how to fix a networking related issue. Four commands to update your Portainer docker: 1. docker stop portainer 2. docker rm portainer 3. docker pull portainer/portainer-ce:latest 4. docker run -d -p 9000:9000 \ --name=portainer --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ portainer/portainer-ce:latest Related Post: ✍https://docs.portainer.io/v/ce-2.9/admin/upgrade/docker ✍https://blog.51sec.org/2019/11/portainer-and-docker-usage.html#point1 Related Videos: ?Simple Easy Four Commands to Update Portainer to Latest - https://youtu.be/vAqtjHeIwRg ?Automatically Update Docker Containers Using WatchTower - https://youtu.be/BXi3VjQt5ts ?Portainer Upgrade from 1.24.0 to CE 2.1.1 - https://youtu.be/BSpAj37CjOs ?Upgrade Portainer to Latest Version - https://youtu.be/hygkqx6qe24 Portainer Playlist: ?https://www.youtube.com/playlist?list=PLg7bL1bMpwPXYeLITF_yHR0g3CQr37-Nj ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡http://51sec.org ?
Watch video on YouTube here: https://youtu.be/vAqtjHeIwRg by Johnny Netsec
EUSERV IPv6-Only VPS Usage
This post is a continuous post for working on setting up my EUServ's IPv6-Only vps. It summarizes some of typical usages which I usually will do on normal VPS. Of course it can do more than what I put in this post. I will keep updating once I found some interesting usage for this small IPv6-Only VPS. Related Post VPS Benchmark
Once your EUserv's VPS is up and running, you can first SSH connect to the VPS which has both IPv4 and IPv6 address, then from there connect to EUServ's VPS IP or DNS name:
root@ip-172-31-23-170:~# ssh srv18598.blue.kundencontroller.de
root@ip-172-31-23-170:~# ssh 2a02:0180:0006:0001:0000:0000:0000:34d5
You also can use online terminal, such as sshgate from (https://www.redcoolmedia.net/sshgate/), to do this kind of connection.
After logged into EUServ's IPV6-Only VPS, you can issue following command to get benchmark script and run it. Please make sure you already configured resolv.conf file to have IPv4 outbound connection ability. wget -qO- bench.sh | bash
Or
curl -Lso- bench.sh | bash Results:
[root@srv18598 ~]# wget -qO- bench.sh | bash
----------------------------------------------------------------------
CPU Model : Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz
CPU Cores : 1
CPU Frequency : 3713.235 MHz
CPU Cache : 8192 KB
Total Disk : 9.8 GB (1.8 GB Used)
Total Mem : 976 MB (40 MB Used)
Total Swap : 976 MB (0 MB Used)
System uptime : 21 days, 2 hour 31 min
Load average : 27.54, 23.66, 13.59
OS : CentOS Linux release 7.9.2009 (Core)
Arch : x86_64 (64 Bit)
Kernel : 4.20.8-1.el7.elrepo.x86_64
TCP CC : cubic
Virtualization : LXC
Organization : AS29432 TREX Regional Exchanges Oy
----------------------------------------------------------------------
I/O Speed(1st run) : 83.7 MB/s
I/O Speed(2nd run) : 74.8 MB/s
I/O Speed(3rd run) : 77.0 MB/s
Average I/O speed : 78.5 MB/s
----------------------------------------------------------------------
Node Name Upload Speed Download Speed Latency
Speedtest.net 119.77 Mbps 15.41 Mbps 31.87 ms
Beijing CU 59.62 Mbps 3.20 Mbps 273.41 ms
Shanghai CT 17.59 Mbps 1.09 Mbps 256.54 ms
Shanghai CU 32.96 Mbps 4.27 Mbps 321.16 ms
Guangzhou CT 17.24 Mbps 0.99 Mbps 265.26 ms
Guangzhou CU 35.49 Mbps 1.37 Mbps 301.55 ms
Shenzhen CU 41.36 Mbps 2.86 Mbps 224.77 ms
Hongkong CN 42.09 Mbps 7.53 Mbps 258.92 ms
Singapore SG 17.14 Mbps 2.30 Mbps 380.55 ms
Tokyo JP 20.44 Mbps 3.94 Mbps 309.06 ms
----------------------------------------------------------------------
Install Nodequery Agent
Create a new server from NodeQuery website. It will give you a command to run on your EUServ's VPS.
[root@srv18598 ~]# wget -N --no-check-certificate https://raw.github.com/nodequery/nq-agent/master/nq-install.sh && bash nq-install.sh BeWc7a4jl8q7GRSgWfl2xrtPeKV9LGJf
--2021-02-19 02:55:46-- https://raw.github.com/nodequery/nq-agent/master/nq-install.sh
Resolving raw.github.com (raw.github.com)... 2001:67c:2b0:db32:0:1:b9c7:6e85, 2001:67c:2b0:db32:0:1:b9c7:6c85, 2001:67c:2b0:db32:0:1:b9c7:6d85, ...
Connecting to raw.github.com (raw.github.com)|2001:67c:2b0:db32:0:1:b9c7:6e85|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://raw.githubusercontent.com/nodequery/nq-agent/master/nq-install.sh [following]
--2021-02-19 02:55:53-- https://raw.githubusercontent.com/nodequery/nq-agent/master/nq-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 2001:67c:2b0:db32:0:1:b9c7:6e85, 2001:67c:2b0:db32:0:1:b9c7:6f85, 2001:67c:2b0:db32:0:1:b9c7:6c85, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2001:67c:2b0:db32:0:1:b9c7:6e85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4781 (4.7K) [text/plain]
Saving to: ‘nq-install.sh’
100%[====================================================================================================================================================================>] 4,781 --.-K/s in 0.1s
Last-modified header missing -- time-stamps turned off.
2021-02-19 02:55:53 (41.8 KB/s) - ‘nq-install.sh’ saved [4781/4781]
|
| NodeQuery Installer
| ===================
|
| Downloading nq-agent.sh to /etc/nodequery
|
| + 2021-02-19 02:56:00 URL:https://raw.githubusercontent.com/nodequery/nq-agent/master/nq-agent.sh [8537/8537] -> "/etc/nodequery/nq-agent.sh" [1]
|
| Success: The NodeQuery agent has been installed
|
[root@srv18598 ~]#
Install BT Panel
apt update && apt install curl
curl -sSO http://download.bt.cn/install/new_install.sh && bash new_install.sh
curl -sSO http://download.bt.cn/install/new_install.sh && bash new_install.sh
[root@srv18598 ~]# curl -sSO http://download.bt.cn/install/new_install.sh && bash new_install.sh
+----------------------------------------------------------------------
| Bt-WebPanel 7.0 FOR CentOS/Ubuntu/Debian
+----------------------------------------------------------------------
| Copyright © 2015-2099 BT-SOFT(http://www.bt.cn) All rights reserved.
+----------------------------------------------------------------------
| The WebPanel URL will be http://SERVER_IP:8888 when installed.
+----------------------------------------------------------------------
Do you want to install Bt-Panel to the /www directory now?(y/n): y
Referencesvia Blogger http://blog.51sec.org/2021/10/euserv-ipv6-only-vps-usage.html October 02, 2021 at 08:50PM Network
Thycotic Secret Server Best Practice
Secret Rotation
Secret template - Password requirements
STANDARD SECURITY SettingIs Default True
Prevent Username in Password True
Length between (x) and (x) 12 & 12
Using Characterset Default
Minimum 1 Uppercase (A-Z)
Minimum 1 Lower Case (a-z)
Minimum of 1 Symbol
Require Exclusive Account Usage
HIGH SECURITY SettingIs Default False
Prevent Username in Password True
Length between (x) and (x) 20 & 20
Using Character set Default
Minimum 1 Uppercase (A-Z)
Minimum 1 Lower Case (a-z)
Minimum of 1 Numeric (0-9)
Minimum of 1 Symbol
Require Exclusive Account Usage
Require Comment & (Change or Incident Ticket)
After you created a new Secrete Template, assign a password requirement to it. Secret RotationStandard Security Rotate every 90 days
High Security Rotate every 30 days
Custom Security Rotate when checking in
High security - auto change with heartbeat - 90 days
Standard security - auto change with heartbeat - 30 days
Low security - no auto change - no heartbeat
LaunchersPowerShell
MS SQL Server
SecureCRT
Puty
RDP
WinSCP
Web Password Filler
Web Launcher
Folders
Standardization Example
Example1:
Company Name - Department Name - Location - Device Types / Account Types
This design (above) is useful when utilizing Distributed Engines with Sites that are different physical locations within your environment and you explicitly want to align a Secret Policy with a specific Site. You have a couple of different locations (Dorval and Wynford), by enforcing or by defaulting the “Site” selection for Secrets to a specific physical location and then aligning that Site specific folder to that Secret Policy, you can ensure that when secrets are created under that specific physical location, you ensure that those secrets will utilize the correct Distributed Engine for that location. For accounts/secrets where it does not make sense to organize them based on any particular “Site” we often suggest creating a “Non-Site Specific” folder that exists on the same sub-folder level as your other sites. Folder permissions for this type of folder structure will typically have a Secret Server application specific Administrators group as the owner of the top-level folder. Other departments should require “view” only permissions for this top-level folder. For your departmental folders, they may or may not also include the Secret Server application specific Administrators group as owner. Typically, during initial deployment, we see Secret Server Administrators as owners for departmental folders to assist the department with getting everything setup. Alternatively, they may only contain the departmental specific groups with Owner permission. For very large departments, we recommend having multiple groups for each department. One group may be a departmental administrator’s group and another may be a departmental members group. With this kind of group configuration, the departmental administrators group can have “Owner” permissions over the departmental folder and all subfolders. Then the departmental members group can have either “Edit” or “View” permissions for the departmental folder and all subfolders. At the site or device type level of subfolders, this is where you might consider breaking inheritance to allow “Owner” permissions for the departmental member group. Other Examples:
Secret Server is very flexible and can accommodate many different organization styles. Below are some other folder organizational examples and ideas for a smaller folder structure footprint
1. Department > Device/Account Types
2. Location > Device/Account Types
3. Device/Account Types
Restricted Secrets
Shared Secrets
Unlimited Administration Modevia Blogger http://blog.51sec.org/2021/10/thycotic-secret-server-best-practice.html October 02, 2021 at 08:37PM Thycotic
Switching From Ezoic Hosting to My Own Hosting Arm64 based Ubuntu 20.04
Ezoic DNS and Hosting screwed up my site this morning. All of my root doman's A records are gone and even I added them back in, they are still not working. I am believing some of DNS configuration must be wrong in their backend. Support is not that much helping since it is out of their technical ability. Fortunately I have a back up site created on my Oracle Cloud Arm64 machine. This post is to record all steps I did to switch from Ezoic hosting to my own hosting. Make sure my backup wordpress site is up on one of my subdomain
All of my Nginx, Wordpress and DB dockers deployed by Portainer based on my previous post:
Nginx configuration changed to add two websites in:
oot@4ccb3643b7e4:/# cat /etc/nginx/conf.d/wp.conf
server {
listen 80;
server_name opc2armwp.51sec.eu.org 51sec.org www.51sec.org;
location / {
proxy_pass http://mywp_wordpress_1;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
}
Install All-in-One WP Migration Plug-insSince I have backup file from All-In-One WP Migration plug-in, I will have to install following two plug-ins to restore my backup:
Import the backup file into your wordpress site. Wordpress configuration file change - wp-config.php
Once you imported the backup file, the WordPress Address and Site Address will be different for your site, www.51sec.org. I will need to modify wp-config.php file to make it changed. Following two lines will need to be added into wp-config.php file:
root@ddcb07417c01:/var/www/html# more wp-config.php
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the web site, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* This has been slightly modified (to read environment variables) for use in Docker.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
// a helper function to lookup "env_FILE", "env", then fallback
if (!function_exists('getenv_docker')) {
// https://github.com/docker-library/wordpress/issues/588 (WP-CLI will load this file 2x)
function getenv_docker($env, $default) {
if ($fileEnv = getenv($env . '_FILE')) {
return rtrim(file_get_contents($fileEnv), "\r\n");
}
else if (($val = getenv($env)) !== false) {
return $val;
}
else {
return $default;
}
}
}
define('WP_HOME','https://www.51sec.org');
define('WP_SITEURL','https://www.51sec.org');
Now from wordpress admin portal, you will find out those two URL settings have been locked down.
Cloudflare configuration
Add dns A record to point to my OCP's Arm64 machine's public IP. Remove all other Ezoic hosting's A records.
Make sure SSL/TLS encryption mode is full. Else, my photos URL which is using photo.51sec.org subdomain will fail to load. It will show an error to say there are too many redirections. Install Certbot
Since my Arm64 machine is using Ubuntu20.04, here are two commands to install CertBot:
You will need both. Second command is to install Nginx plugin for Certbot. Using following command to apply ssl cert for website www.51sec.org:
After the step done, here is your wp.conf Nginx configuration looks like:
root@4ccb3643b7e4:/# cat /etc/nginx/conf.d/wp.conf
server {
listen 80;
server_name opc2armwp.51sec.eu.org 51sec.org www.51sec.org;
location / {
proxy_pass http://mywp_wordpress_1;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.51sec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.51sec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
root@4ccb3643b7e4:/#
Referencesvia Blogger http://blog.51sec.org/2021/10/switching-from-ezoic-hosting-to-my-own.html October 02, 2021 at 05:35PM Blog |
|