Protect Against POODLE Attack with AWS ELBs

Nerd Herd Logo

In another round of SSL vulnerabilities the latest threat is against SSL 3.0. The so called POODLE attack (Padding Oracle On Downgraded Legacy Encryption) is actually a flaw in the 3.0 implementation and you should disable SSL 3.0 support to protect your users. If you have chosen to off load SSL to the Amazon ELB (elastic load balancer) luckily this is very easy to do. Its just a case of … Continue Reading

| Tagged , , , | Leave a comment

Convert windows PFX SSL certs to OpenSSL

SSL-Certificate-Secrity

Recently when porting a customer to AWS we went through the procedure of off loading their SSL certs to the Elastic Load Balancing Layer. This gave us a performance boost on the IIS servers as there is no overhead of encryption/decryption of SSL packets. The old servers had IIS SSL certs on them so we put together this procedure to port the certs to a PEM file for the Key … Continue Reading

| Tagged , , | Leave a comment

Generate signed URLs from the command line for S3 Objects

Just a quick script to help you generate expiring signed URL’s for S3 objects. You’ll need python and boto installed and have a working .boto file with your keys in it. $ ./signed-url.py usage: signed-url.py [-h] -b BUCKET -o OBJECT [-t TIME] signed-url.py: error: argument -b/–bucket is required You can down load the code here, or copy the code below: https://gist.github.com/richarvey/637cd595362760858496

| Tagged , , | Leave a comment

SESMailer

amazon-ses-logo-297x3001

SESMailer is nodeJS script that acts as a gateway between a static website contact form (for example hosted on S3) and an E-Mail recipient. Using javascript the message is passed to SESMailer which then uses Amazon SES to deliver the mail to the desired user. All ‘to’ and ‘from’ email address are kept private in the html form by generating encrypted strings using password.js which hashes the addresses with a salt of your choice. This prevents bots finding your E-Mail address in the … Continue Reading

| Tagged , , , , , | Leave a comment

Easily Download all the AWS documentation

After a rewrite in python this script is back and will make it easier to download the PDF’s from amazon’s website so you have them to hand and when offline. You can pull the code down from github at this location: https://github.com/richarvey/getAWSdocs To check out the repository run: [code lang=”bash”] git clone https://github.com/richarvey/getAWSdocs.git [/code] To run the script [code lang=”bash”] ./getAWSdocs.py [/code] All the documents will be downloaded into a directory … Continue Reading

| Tagged , , | Leave a comment

MySQL Backups in OpsWorks

opsworks

OpsWorks now offers RDS support but if you still want to run your own MySQL tier on EC2 using the OpsWork recipes, you’ll probably need to think about backing up your DB. To make this a little easier I’ve put together a script that used correctly can create non-clean hourly dumps, and full clean backups at your scheduled time. This should also work if you are building your own MySQL … Continue Reading

| Tagged , , , , , | 1 Comment

Mount a Qcow2 Image in Linux for Editing

Recently I’ve needed to edit some qcow2 disk images before booting them with KVM, to change the default password or IP address/hostname etc etc. Luckily I found that linux lets you do this pretty easily with just a couple of extra commands on top of your normal ‘mount’. This was tested in Ubuntu 12.04+ so you may need to change slightly on your distro. First load the ndb module: sudo … Continue Reading

| Tagged , , , | Leave a comment

HowTo Install KVM and OpenVSwitch in Ubuntu 14.04

kvmbanner-logo2

A quick and dirty guide to installing KVM with OpenVSwitch in Ubuntu 14.04 (I have a feeling this should also work in debian 7, feel free to comment if it doesn’t) Install required packages sudo apt-get install openvswitch-switch qemu-kvm libvirt-bin After the install has completed we need to remove/destroy the bridge and recreate it in OpenVSwitch using the ovs tools. Setup networking Using ovs and virsh set the network up: … Continue Reading

| Tagged , , , , , | 2 Comments

s3redirect

s3redirect is simple script to set up objects in Amazon S3 with the meta data for web redirects, allowing you to build a massively scalable URL shortening/redirecting service The source is available on github here: https://github.com/richarvey/s3redirect Requirements You’ll require the following installed to run the s3redirect scripts. Python Lib boto 2.7.3+ AWS Account S3 and CloudFront Setup Create an S3 bucket via the console or command line tools and enable Static Website Hosting. … Continue Reading

| Tagged , , , | Leave a comment

AWS S3 Security Policies using IAM

Here are a couple of quick example IAM policies to secure a user on AWS S3 access either to a single bucket, or a sub folder in a S3 bucket (shared bucket). Using these rules should allow users to use tools like cloudberry or S3fox and the API without problems, if you are too strict these tend to fail, so you’ll have to let all users have permissions to list … Continue Reading

| Tagged , , , | Leave a comment