Pages

Monday, October 31, 2016

Appending Date in a PowerShell Script

The following example shows how we can append date on a file or object in a power shell. Following example uses a Aws Command for creating a Aws Image with Date Appended.

====
$CurrentDate = (Get-Date).tostring("dd-MM-yyyy-hh")
aws ec2 create-image --instance-id i-3442a --name ("test_" + $CurrentDate) --description ("test_" + $CurrentDate) --no-reboot
====

Monday, August 15, 2016

Aws Flowlogs for Traffic Monitoring

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

Flow logs can help you with a number of tasks; for example, to troubleshoot why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic that is reaching your instance.

To create Flow log for your subnet we followed these steps:
1. Creating Log group in your CloudWatch:
  - We created new log group in your CloudWatch to log your entries.
  - Please remember your can use same log group for multiple flow log you create.
  - To create log group: AWS Management console -> CloudWatch -> Logs --> Create new log group

2. Create Flow Log for VPC
  - Open the Amazon EC2 console -> Service VPC
  - In the navigation pane, choose VPC then select your VPC
  - From VPC Action select Create a Flow Log
Please refer this link to get more information on this: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#create-flow-log

Note that VPC Flow Log Records[1] is a space-separated string that has the format outline in our document, where 14 fields are available, and field #11 & #12 has recorded the time in Unix seconds)

According to the Filter & Pattern Syntax[2], we can filter the log events matching our conditions for space-delimited logs.

Example filter (as we dont care the 1st 10 fields in this case, so we use ... )

[..., start, end, action, status]

Say if we need to capture the vpc flow log between Sat, 06 Aug 2016 04:35:56 GMT and Sun, 07 Aug 2016 04:35:56 GMT

using epoch time converter(http://www.epochconverter.com/ for example), we get the Unix time in second being 1470458156 & 1470544556

so the filter we will be using become

[..., start>1470458156, end<1470544556, action, status]

So you can follow link[3], To search all log entries after a given start time using the Amazon CloudWatch console

Goto AWS CloudWatch Console-> Logs -> Select the vpc flowlog log group -> above "Log Streams List", click "Search Event"

and use the [..., start>1470458156, end<1470544556, action, status] in the filter field, then press Enter.

You can modify the filter accordingly for more conditions.


Resource Links: [1] AWS - VPC - VPC Flow Logs - Flow Log Records https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records [2] AWS - CloudWatch - Searching and Filtering Log Data - Filter and Pattern Syntax - Using Metric Filters to Extract Values from Space-Delimited Log Events https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/FilterAndPatternSyntax.html#d0e26783 [3] AWS - CloudWatch - To search all log entries after a given start time using the Amazon CloudWatch console https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/SearchDataFilterPattern.html

Wednesday, August 3, 2016

Extract public/private key from a PKCS#12

You can use following commands to extract public/private key from a PKCS#12 container:
  • Private key:
    openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem
  • Certificates:
    openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem
    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
  •  openssl pkcs12 -in Sample.pfx -out Sample.pem -nodes