Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

DevOps interview questions

John Menerick

directory '/etc/elasticsearch' do

        recursive :true

        owner   'elasticsearch'

        group   'root'

        mode    755

end

directory '/var/log/elasticsearch' do

        recursive :true

        owner   'elasticsearch'

        group   'root'

        mode    755

end

Can you spot the 5 fundamental flaws in the above config for Elastic Search?

1.  The directory / files are hardcoded.  You want to avoid this at all costs.  Otherwise, what is the point of your agile and maintainable software-defined-infrastructure?

2.  Setting the owner to elasticsearch is a security hole.  It has a daemon-writeable configuration directory.  Ensure your software follows the principle behind least privileges.

3.  Setting group to root fails on bsd.

4.  Owner / Group are not DRY. 

5.  Filesystem permissions are incorrect.

Lazy AWS devops

Security is hard. Security Tools are harder. Cloud Security Tools are hardest.