The risks and merits of automation   Recently updated !

Today morning a customer decided to deploy a new /etc/ntp.conf configuration file, using his own automation software. His approach was somewhat more aggressive than desired, so he broke NTP on 30+ servers, leading to an alert flood. Using an Ansible role, I was able to re-install the correct ntp.conf and restore this important service within […]

/var usage

Cisco Prime 3.x fills up /var

Symptom : Prime 3.7 won’t start. Reason : /var is full, as /var/log/wtmp fills up quickly : sudo -i ls -l /var/log/wtmp ade # utmpdump /var/log/wtmp | more [5] [06834] [tyS0] [ ] [ttyS0] [ ] [] [Tue Feb 04 21:30:45 2020 CET] [5] [06835] [tyS1] [ ] [ttyS1] [ ] [] [Tue Feb 04 […]

Adding empty HTTP headers via libcurl (pycurl)

When testing for the correct behavior of the OWASP ModSecurity Core Rule Set, a popular Web Application Firewall rule set, I needed to send empty Acccept- and User-Agent headers. This is relatively simple on the command line with curl: $> curl –header “User-Agent;” Pulling this off with libcurl (pycurl in my case), was way […]

auto-upgrade pip in Ansible role/task

Lets say you have an Ansible role in which you create a virtual-environment using Python 3.x: – name: Install python venv and requirements environment: http_proxy: https_proxy: HTTP_PROXY: HTTPS_PROXY: pip: extra_args: ‘–trusted-host’ requirements: /path/to/requirements.txt virtualenv: /path/to/venv virtualenv_command: /opt/python-3.7.0/bin/python3.7 -m venv If your requirements.txt only contains the modules you really need for […]