Nginx (v1.17.6) fails to start in CentOS7

I am posting this here as a reminder that Centos7 has a weird systemD bug with Nginx

SYMPTOMS:

   1) Nginx restart fails after a yum update 
   2) Error:    
      
      [root@centos7VM user]# systemctl status nginx.service
      nginx.service - nginx - high performance web server
         Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
         Active: failed (Result: timeout) since Sun 2019-12-01 21:19:26 MST; 1min 21s ago
              Docs: http://nginx.org/en/docs/
         Process: 820 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
      Dec 01 11:16:00 servername nginx[842]: nginx: the configuration file /etc/nginx/nginx.c… ok
Continue reading “Nginx (v1.17.6) fails to start in CentOS7”

AWS GuardDuty – MultiAccount

GuardDuty is a very solid service but it can give you some challenges when you have several AWS accounts spanning several regions. So here’s a way to manage all the findings from several accounts and regions. This how-to summarizes the steps and will provide links to already published ones from AWS.

1) — Pick a Master Account where you can manage/view all the findings for all your accounts. This is a quick how-to: https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/


Continue reading!

Favorite AWS Cli command(s)

  • This will copy all the objects from one S3 bucket to another —

aws s3 cp s3://bucket1 s3://bucket2  –recursive   –grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=emailaddress=awsaccountemailaddress

*if bucket2 is in a different AWS account, it will need a bucket policy allowing bucket1 user to write to it.

  • This will list running instances’ instanceID, privateIP, and Tag=Name —

    aws ec2 describe-instances –filters “Name=instance-state-code”,”Values=16″ –query “Reservations[*].Instances[*].[InstanceId, PrivateIpAddress, Tags[?Key==’Name’].Value | [0]]” –output table –region us-east-1 –profile production

  • This will export running instances’  InstanceID, InstanceType, Tag=Name, Tag=Project to a .tsv file (linux) which Excel will be able to open —

aws ec2 describe-instances –output text –filters “Name=instance-state-code”,”Values=16″ –query ‘Reservations[*].Instances[*].[InstanceId, InstanceType,  [Tags[?Key==`Name`].Value] [0][0], [Tags[?Key==`Project`].Value] [0][0]]’ > test.tsv

Continue reading “Favorite AWS Cli command(s)”

GCP – Install a VPN server (for client access) on Google Compute Engine

** This needs to be updated. Stay tuned…

REQUIREMENTS:

  • You know how to spin up a Compute Engine instance
  • You are familiar with linux
  • You have no time to read lengthy how-tos – this build took me 15 minutes

USE CASE:

  • I like taking advantage of free wifi (sbux, friends, etc) but want to keep my traffic encrypted.
  • I prefer to use the native mac vpn client

Continue reading “GCP – Install a VPN server (for client access) on Google Compute Engine”