Category: Security

Mesos cluster with Marathon running Docker

Hi So for hosting docker in large scale i have tested mesos cluster.  Here is a guide for setting up 3 nodes in mesos running Centos 7. And the adding Marathon to controll the dockers running. The network mesos-master 172.0.0.10 mesos-slave1 172.0.0.11 mesos-slave2 172.0.0.12   The node also have on nic connect to the network with internet access.   Security… Read more →

Python DOS protection (iptables,dos)

here are a small script I use to have some sort of dos protection on my webservers.   import subprocess whitelist=[‘192.168.1.2’] blockvalue=2 alertvalue=1 proc = subprocess.Popen(“netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n”, shell=True,stdout=subprocess.PIPE) running = proc.stdout.read() runing_sorted = running.split(‘\n’) for r in runing_sorted: con =r.split() if len(con) ==2: #If… Read more →

vmware to kvm (OWASP broken webb app on KVM)

So I uses kvm for my virtual server. But i got OWASP broken webb app in vmware format and its not ok. But with the help from google i found some help to get the OWASP Broken Webb App on my kvm hosts. I follewed the info from this page   http://blog.bodhizazen.net/linux/convert-vmware-vmdk-to-kvm-qcow2-or-virtualbox-vdi/     1. Download and unzip Owasp Broken… Read more →

OAuth2 Server on Python (with flask on Centos)

So at work we have started to look at OAuth2 for our web apps. So on our creativ friday today i started looking at putting together an OAuth2 server using python and flask. I followed the guide from this page http://lepture.com/en/2013/create-oauth-server And after some work I got an working server and client running on my Centos server. The code only uses… Read more →

Blocking unwanted traffic (ddos,scrapers) Apache, Iptables

So spent last evning blocking ip comming from packetflip to our server. Looks in our Apache access log that there was some evil scraping going on so we started blocking. But its not that funny to block many ip manually so time for some scripts.   First some info to use  Packetflip user agent was Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;… Read more →