Automation & Monitoring
Streamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
SQS security; monitoring baseline (encryption, IAM, DLQs)
Short version: Encrypt queues with KMS, split producer/consumer IAM, set a DLQ, and alarm on queue age/depth. Keep retention/visibility explicit. 1) Create queue with sane defaults Server-side encryption (your KMS key), retention 4–14 days as needed. Visibility timeout ≥ max processing time. DLQ with a reasonable maxReceiveCount (e.g., 5). 2) IAM separation # Producer: send … Read more
Ansible quickstart for secure baselines (idempotent and testable)
Outcome: apply your SSHD/PAM/fail2ban defaults across hosts safely, with check/diff runs and a skeleton for tests. 1) Layout baseline/ ├─ inventory.yaml ├─ site.yaml └─ roles/ └─ hardening/ ├─ tasks/main.yaml ├─ templates/sshd_config.j2 └─ files/sudoers_logging 2) Inventory # inventory.yaml all: hosts: web1.example.com: db1.example.com: vars: ansible_user: admin 3) Playbook # site.yaml – hosts: all become: true roles: – … Read more
AWS monitoring add-ons: what’s worth enabling
Baseline assumption: You already have CloudTrail, basic CloudWatch alarms, and Config turned on. These add-ons layer threat detection and hygiene checks without turning your inbox into a landfill. Enable first (org-wide) GuardDuty — managed threat detection from CloudTrail, DNS, and VPC telemetry. Turn on in all regions; centralise findings. Inspector — automated EC2 and ECR … Read more
CloudWatch: a minimal alerting baseline (with 3 starter alarms)
Last updated: 20 Aug 2025 Short version: set log retention explicitly, wire 3 alarms that actually matter, and keep severity mapping simple. Don’t create 40 “informational” alerts and call it monitoring. 1) Set log retention on day one Pick a default (e.g., 30 or 90 days) for all CloudWatch log groups. “Never expire” is not … Read more
AWS CloudTrail vs CloudWatch vs Config: what to use and when
Short version: CloudTrail is your audit log of API activity, CloudWatch is telemetry + alerting (metrics/logs/events), and Config is resource inventory + compliance. You probably need all three, wired together sensibly. Who does what Goal CloudTrail CloudWatch Config Audit every API call (who/what/when/where) ✔️ — — Real-time alerts (errors, patterns, thresholds) via Logs → Metric … Read more
Diagnose packet loss and throughput with iperf3 (quick guide)
TL;DR: Run the server on one end (iperf3 -s), the client on the other (iperf3 -c host). Test both directions, try single stream then a few parallel streams, and use UDP to quantify loss/jitter. When to use iperf3 Throughput is low and you don’t know if it’s the app, the host, or the network. You … Read more
Vulnerability Scanning with OpenVAS (Greenbone)
Why Vulnerability Management is Core Security Unpatched vulnerabilities are still the #1 root cause of breaches. OpenVAS provides an open-source equivalent to Nessus/Qualys for vulnerability scanning. Deployment Checklist Install Greenbone Community Edition. Run authenticated scans (SSH/WinRM creds). Integrate with patch management (Ansible playbooks). Schedule monthly full scans; weekly delta scans. Track remediation progress with reporting. … Read more
Linux Log Analysis – Turning Noise Into Action
The Problem A Linux server generates thousands of log lines per hour. Without structure, critical alerts drown in noise. Attackers rely on this. Core Logs to Monitor /var/log/auth.log – SSH, sudo, login attempts. /var/log/syslog / messages – system and kernel alerts. journald – structured logging with filters. Application logs – Apache, Nginx, PostgreSQL, etc. Practical … Read more
Using Wazuh for Threat Detection and Log Monitoring
Why SIEM is Non-Negotiable Most organisations already collect logs. Few actually use them. A SIEM turns noise into alerts. Wazuh (fork of OSSEC) offers enterprise-grade SIEM, free and open source. Deployment Checklist Install Wazuh Manager on a central server. Deploy Wazuh Agents to endpoints (Linux, Windows, cloud). Integrate Logs: journald, syslog, Apache, MySQL, cloud services. … Read more
Automating Linux Patch Management with Ansible
Why Patching Matters Most breaches exploit known vulnerabilities, often months or years old. WannaCry (2017) succeeded because thousands of systems weren’t patched despite updates being available. Even today, unpatched Apache, Exim, or kernel flaws are exploited within days of disclosure. Manual patching doesn’t scale. Clients need automation. Ansible Patch Management Checklist Inventory Hosts Define Linux … Read more
Building a Strong Audit Trail with systemd and journald
Why Audit Trails Matter In security incidents, the first question is always: “What happened, when, and who was responsible?” Without reliable logs, the answer is guesswork. Audit trails underpin compliance (GDPR, ISO 27001, CIS Controls) and are often the single factor that separates swift incident response from reputational disaster. On modern Linux systems, systemd-journald is … Read more