AWS Cloud Usage Tips and Tricks - NETSEC

Latest

NETSEC

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, May 10, 2020

AWS Cloud Usage Tips and Tricks



AWS Login With Root Password

First get the root of the instance under AWS:

  1. First log in to the instance with pem;
  2. Run: sudo passwd root, enter the password;
  3. Run: su-, enter the password you just set to enter root;


Edit the SSH configuration file:

  • vi / etc / ssh / sshd-config

2. Find PermitRootLogin, PasswordAuthentication, the following values ​​are set to yes:

3. Restart sshd after saving:

  • service sshd restart

Then you can log in to AWS directly with root.





Suppress the logs


Get tons of logs from ec2net and dhclient in /var/log/messages

Sep 28 10:21:12 ip-10-10-0-50 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/0a:61:94:ab:be:d8/local-ipv4s
Sep 28 10:21:12 ip-10-10-0-50 ec2net: [rewrite_aliases] Rewriting aliases of eth0
Sep 28 10:22:42 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 116310ms.
Sep 28 10:24:39 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 116080ms.
Sep 28 10:26:35 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 111110ms.
Sep 28 10:28:26 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 108130ms.
Sep 28 10:30:14 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 131480ms.
Sep 28 10:32:25 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 114870ms.
Sep 28 10:34:20 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 117480ms.
Sep 28 10:36:18 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 123780ms.
Sep 28 10:38:22 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 128670ms.
Sep 28 10:40:30 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 130680ms.
Sep 28 10:42:41 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 115920ms.
Sep 28 10:44:37 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 111720ms.
Sep 28 10:46:29 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 123980ms.
Sep 28 10:48:21 ip-10-10-0-50 dhclient[2069]: DHCPREQUEST on eth0 to 10.10.0.1 port 67 (xid=0x7386b415)
Sep 28 10:48:21 ip-10-10-0-50 dhclient[2069]: DHCPACK from 10.10.0.1 (xid=0x7386b415)
Sep 28 10:48:21 ip-10-10-0-50 dhclient[2069]: bound to 10.10.0.50 -- renewal in 1459 seconds.
Sep 28 10:48:21 ip-10-10-0-50 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/0a:61:94:ab:be:d8/local-ipv4s
Sep 28 10:48:21 ip-10-10-0-50 ec2net: [rewrite_aliases] Rewriting aliases of eth0
Sep 28 10:48:33 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 126500ms.
Sep 28 10:50:40 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 125460ms.
Sep 28 10:52:45 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 129090ms.
Sep 28 10:54:54 ip-10-10-0-50 dhclient[2165]: XMT: Solicit on eth0, interval 127890ms.




Edit /etc/rsyslog.conf file, and add following two lines after #### RULES ####

[root@ip-10-10-0-50 etc]# vi /etc/rsyslog.conf 

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

#### RULES ####

:programname,isequal,"dhclient"  ~
:programname,isequal,"ec2net"    ~

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
# kern.*

After saved changes , restart the service with this command "service rsyslog restart"



References:





Read more

Subscribe via email

Author Image

About Netsec
Netsec - Learning, Sharing, Creating!

-
Tags:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)