SA Bagus

OS: Debian 12 Steps 1: Install Apache2  sudo apt update sudo apt install apache2 Step 2: Install ModSecurity with Apache on Debian/Ubuntu The ModSecurity module for Apache is included in the default Debian/Ubuntu repository. To install it, run sudo apt install libapache2-mod-security2 Then enable this module. sudo a2enmod security2 Restart Apache for the change to take effect. sudo systemctl restart apache2 Step 3: Configure ModSecurity Check  /etc/apache2/mods-enabled/security2.conf In the above configuration file, you can find the following line. Make sure its exists IncludeOptional /etc/modsecurity/*.conf And copy example configuration file into /etc/modsecurity/modsecurity.conf mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf Find the following configuration and then change like below: #SecRuleEngine DetectionOnly SecRuleEngine On Step 4: Enable the Latest Rule Set to be continued Ref: https://www.linuxbabe.com/security/modsecurity-apache-debian-ub

 Below is a simple example of a Dockerfile to create a Docker container with Debian OS and MySQL installed. This example uses the official MySQL Docker image available on Docker Hub. # Use the official Debian base image FROM debian:latest # Set environment variables for MySQL ENV MYSQL_ROOT_PASSWORD=root_password ENV MYSQL_DATABASE=mydatabase ENV MYSQL_USER=myuser ENV MYSQL_PASSWORD=mypassword # Install MySQL server RUN apt-get update && apt-get install -y \     mysql-server \     && rm -rf /var/lib/apt/lists/* # Configure MySQL to allow remote connections RUN sed -i 's/127.0.0.1/0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf # Expose the MySQL port EXPOSE 3306 # Start MySQL server on container startup CMD ["mysqld"] # To build the Docker image, run: # docker build -t debian-mysql . # To run the container, execute: # docker run -d -p 3306:3306 --name mysql-container debian-mysql Please note that setting a root password for MySQL in this manner is not rec

Basically podman will use qemu as emulator with fedora core os to host the container. Run docker and mount some folder on the laptop host. Steps: 1. Stop container machine podman machine stop or podman machine stop your-machine-name 2. Create and start a machine named "my-tools" without  any bindings. podman machine init --now my-tools 3. Set the connection to the "tools" machine as the default connection. podman system connection default my-tools 4. Example run a container to my-tools machine and than try to lists the content of the Mac /Users/bagussa/home directory. podman run --rm -v /Users/bagussa/home:/home debian:latest ls -la /Users Thanks!

Buat direktori dimana certificate akan disimpan  Disini menggunakan virtualenv untuk menginstall certbot nya namun bisa juga langsung sebetulnya menggunakan seperti apt/yum, dll. contoh: mkdir PY-VIRTUALENV cd PY-VIRTUALENV python3.8 -m venv virtualenv source virtualenv/bin/activate certbot certonly --config-dir . --work-dir . --logs-dir . --manual -d *.your-domain.com --preferred-challenges dns Ada beberapa verifikasi seperti http, namun kali ini menggunakan verifikasi DNS dibagian bawah penting dilakukan terlebih dahulu untuk mendapatkan certificate dari letsencrypt, setelah menambahkan record TXT dan menunggu propagasi, command diatas bisa dilakukan kembali. Output: Saving debug log to /Users/sa.bagus/CODE/PY-VIRTUALENV/letsencrypt.log Requesting a certificate for *.your-domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name: _acme-challenge.*.your-domain.com. with the following value: ajksjaksjkajskaj

Membuat VPC Network VPC adalah isolated network untuk setiap customer, GCP VPC Network bisa across region, didalam nya bisa membuat subnetwork untuk masing-masing region, didalam nya ada firewall yang bisa dipasang untuk mengatur/membatasi traffic ke resources yang ada didalam VPC seperti instance. create-network.sh #!/bin/bash # Set your GCP project ID project_id=" your-project " # Set the VPC network name vpc_name=" your-global-vpc-network " # Function to create a subnet create_subnet() {   local subnet_name=$1   local ip_range=$2   local region=$3  gcloud compute networks subnets create $subnet_name \     --network $vpc_name \     --range $ip_range \     --region $region } # Set the project gcloud config set project $project_id # Create the VPC network echo "y" | gcloud compute networks create $vpc_name --subnet-mode custom --project=$project_id # Vars subnet_name=" your-subnetwork1 " ip_range=" 10.1.1.0/24 " region=" asia-south

File example.json yang berbentuk json array berikut contoh: [     {         "CompetitorID": 1,         "Name": "John Doe",         "Score": 85     },     {         "CompetitorID": 2,         "Name": "Jane Smith",         "Score": 92     },     {         "CompetitorID": 3,         "Name": "Alice Johnson",         "Score": 78     },     {         "CompetitorID": 4,         "Name": "Bob Wilson",         "Score": 91     },     {         "CompetitorID": 5,         "Name": "Eve Brown",         "Score": 89     } ] Filter yang score nya diatas 80 jq '.[] | select(.Score > 80)' your_data.json Output: jq '.[] | select(.Score > 80)' example.json   {   "CompetitorID" : 1 ,   "Name" : "John Doe" ,   "Score" : 85 } {   "CompetitorID"

Here is where we scan do the IAC scanning When Writing code :  Low context, default values can be evaluated When Terraform Plan :  Medium context, dynamic values from environment variables and CLI are resolved When Terraform Apply :  High context, the plan is resolved, and API interaction with production environment is performed Cloud Runtime :  Very high context where the end state of the environment is being laid out as runtime configuration even if there is a drift from the Terraform state that is being created on the apply stage.   IAC scanning prevention is from 1 to 2 layer,  for 4 cloud runtime mostly use CSPM tool. More comprehensive when can do in every layer Ref: https://bridgecrew.io/blog/terraform-plan-security-scanning-checkov/