DevOps Hunter Security Automation

SELinux on Ubuntu Here is a simple objective of this post is to install, activate and disable the SELinux on Ubunutu. What is actually SELinux? S ecurity- E nhanced Linux (SELinux) is a security architecture for Linux® systems that allows administrators to have more control over who can access the system. Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls. SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Here I'll explore the possible options on Ubuntu. How to install SELinux on Ubuntu? This regular package installation apt install policycoreutils selinux-utils selinux-basics -y How to activate SELinux on Ubuntu? To activate the SELinux we need to edit the config file. selinux-activate To get this effected need to reboot the Linux VM/machine. Understanding Configure SELinux SE...

Hi Guys! Welcome to DevOps Hunter full of technical bytes for cloud computing and DevOps Engineers.  In this post, I would like to share my experiment with Azure cloud launching Ubuntu VM to work on Docker-CE installation. The docker documentation provides the simplified convenient script for almost every Linux platform where all the steps are described there or in our previous blog post are included in it. Get started Docker for Azure on Ubuntu Linux Step 1 : Login your Azure Cloud account. Step 2 : Get the connection details of Ubuntu16.04 VM              Open the GitBash or Git CMD to run the following : ssh viswasri@23.1101.16.242 # Try with your VM here Step 3 : Validate is there any docker installed version sudo docker version Step 4 : Use the Convenient way of installation that isusing scripted way. curl -fsSL https://get.docker...

Cloud Monitoring for Beginners! There is a Docker Playground which is widely used to test the docker commands. In the same way, I would like to use the Kibana charts for multiple testing purposes, And also wanted to test the data loading/extracting the metric data in the elastic(formerly it was called elastic-search) The greatest capability of this stack is based on the 'Lucien search engine', which is the base for the Google search engine. The only path that you need to identify here is, how you can utilize the super-fast search capabilities and powerful visualizations with Kibana. In this post, I would like to explore the possible options to establish the playground for elastic-Kibana services, which will be integrated with the most widely used in the CNCF environments that is fluentd for data. we can also use the other option as an ELK playground learning lab. In that case, we need to use filebeat instead of fluentd. Note that earlier it was named logstash-forwarder now it...

In this blog-post, I would like to discuss Docker Storage and storage drivers and Application data management using Docker Volumes. Every fact we explore in detailed experimented and collected and published here. Docker Container Persistent Storage When you see the word 'Storage' we get in mind that HARD disk, CD, DVD, pen drive, shared NFS, etc., For Docker storage that referred to the storage of images, containers, volumes and we need to store the data that belongs to an application. It may be an application code or database that referred to in the application service. Each one has its own isolation with others.  Actual physical Storage deals with different devices. Linux got the Logical storage devices where you can make use of single disk into multiple disks drives called logical drives as we see in Windows (C: D:). Disk space can be shared across multiple containers partition of disks and a group of partitions. Docker uses this capability with special storage dr...

This post is a continuous post of Docker Enterprise edition  on CentOS7 usage. Let's understand the usage of the DTR. How we can integrate it with Docker UCP? How the DTR help us to maintain the docker repository easy way. What benefits we can get with DTR? As we had already installed docker-ee and UCP deployed on it with swarm cluster on a CentOS7. What is new in Docker Trusted Registry? Here I've collected some of the DTR Primary Usage Scenarios CI/CD with Docker • Image repository - Centrally located base images • Simple upgrades - Store individual build images • Scan and Pull tested images to production Containers as a Service (CaaS) • Deploy Jenkins executors or nodes • Instant-on developer environment • Selected curated apps from a catalog • Dynamic composition of micro-services (“PAAS”) General Features • Organizations, Teams & Repositories permissions UI • Search index, API & UI • Interactive API documentation • Image deletion from ind...

Hey, dear Docker DevOps enthusiast! In this post we will discuss about docker security, docker service security, docker engine-level security, etc. SELinux is Security-Enhanced Linux it provides a mechanism for supporting access control security policies SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distros. The 'root' user by default owns the processes spawned by a container are run. secgroup limits the disk quota. Security Issue Rotate your join-token for both worker and manager when there is a suspicion that someone might have got access to the token for adding managers to the cluster. Secretes are immutable in a docker swarm cluster. They cannot be updated sof if you want to modify the secret then you have to create a new secret file and update that to the existing service. step 1: First we need to Create new secret, step 2: Attach the newly created secret with an update option the service to use this n...

Hello DevOps enthusiast, In this post, We will discuss docker-compose why we need and how it can resolve the multi-container application issues. What is it's limitations? How Docker-compose works? What is Docker-compose? why? If we are working on multi-container apps then it is a hassle because we would be doing repeatedly the following tasks: Build images from Dockerfiles  Pull images from the Hub or a private registry  Configure and create multiple containers for each service required to run the application Start and stop containers individually each one Stream their logs to check the status and troubleshoot In contrast to all the above hassles, The Docker compose developed as best tool for defining & running multi-container docker applications. We can use YAML files to configure application services (docker-compose.yml) Simplified control for multi-container applications - we can start all services with a single command: docker compose up and can st...