Microsoft Customer support data breach

Seems like a misconfiguration lead to the exposure of personal data of customers that had contacted Microsoft customer support. Wooopsie

"Our investigation has determined that a change made to the database’s [network security group](https://docs.microsoft.com/en-us/azure/virtual-network/security-overview) on December 5, 2019 contained misconfigured [security rules](https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#security-rules) that enabled exposure of the data. Upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.

As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices. In some scenarios, the data may have remained unredacted if it met specific conditions"

[https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/](https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/)

https://redd.it/estu79
@r_devops

Ansible Role for Linux hardening

If you treat security as the first-class citizen, this a go-to blog for implementing the CIS practices in your current environment.

\#Linux #CIS #Security #Opstree

[https://blog.opstree.com/2020/04/29/linux-os-hardening-cis-benchmarks/](https://blog.opstree.com/2020/04/29/linux-os-hardening-cis-benchmarks/)

https://redd.it/gau1va
@r_devops

Vulnerability Scanner/Detector Log4Shell Remote Code Execution Log4j (CVE-2021–44228) — Ansible log4j-cve-2021–44228 How to automate the Vulnerability Scanner/Detector provided by Red Hat RHSB-2021–009 Log4Shell — Remote Code Execution — log4j (CVE-2021–44228) with Ansible Playbook.



https://youtu.be/YXKXQy66MAA

https://redd.it/rmfjog
@r_devops

Vulnerability Scanner/Detector Log4Shell Remote Code Execution Log4j (CVE-2021–44228) — Ansible log4j-cve-2021–44228 How to automate the Vulnerability Scanner/Detector provided by Red Hat RHSB-2021–009 Log4Shell — Remote Code Execution — log4j (CVE-2021–44228) with Ansible Playbook. Installation of



https://youtu.be/YXKXQy66MAA

https://redd.it/rmffwf
@r_devops

Release: asdf-plugin-manager v1.4.0

The asdf-plugin-manager v1.4.0 has been released.

This version verifies and notifies the user if the plugin git URL doesn't match what is in the .plugin-versions file (also a couple of fixes).

If you use asdf-vm and care about security, you should use asdf-plugin-manager given asdf doesn't provide any mechanism to control which plugin version you download!

In other words, without asdf-plugin-manager, if any plugin gets compromised, you will be too! And asdf-plugin-manager comes to fix that issue.

https://github.com/asdf-community/asdf-plugin-manager/releases/tag/v1.4.0

#devsecops #security #asdf

https://redd.it/1fq4w6m
@r_devops

Docker Blue Green Runner

[https://github.com/patternhelloworld/docker-blue-green-runner](https://github.com/patternhelloworld/docker-blue-green-runner)

1. **Achieve zero-downtime deployment using just your** `.env` **and** `Dockerfile`
* Docker-Blue-Green-Runner's [`run.sh`](https://run.sh) script is designed to simplify deployment: "With your `.env`, project, and a single Dockerfile, simply run 'bash run.sh'." This script covers the entire process from Dockerfile build to server deployment from scratch.
* This means you can easily migrate to another server with just the files mentioned above.
* In contrast, Traefik requires the creation and gradual adjustment of various configuration files, which requires your App's docker binary running.
2. **No unpredictable errors in reverse proxy and deployment : Implement safety measures to handle errors caused by your app or Nginx**
* If any error occurs in the app or router, `deployment is halted` to prevent any impact on the existing deployment
* Internal Integrity Check:
* Nginx Router Test Container
* External Integrity Check
* Rollback Procedures
* Additional Know-hows on Docker: Tips and best practices for optimizing your Docker workflow and deployment processes
* For example, Traefik offers powerful dynamic configuration and service discovery; however, certain errors, such as a failure to detect containers (due to issues like unrecognized certificates), can lead to frustrating 404 errors that are hard to trace through logs alone.
* [https://stackoverflow.com/questions/76660749/traefik-404-page-not-found-when-use-https](https://stackoverflow.com/questions/76660749/traefik-404-page-not-found-when-use-https)
* [https://community.traefik.io/t/getting-bad-gateway-404-page-when-supposed-to-route-to-container-port-8443/20398](https://community.traefik.io/t/getting-bad-gateway-404-page-when-supposed-to-route-to-container-port-8443/20398)
* Manipulates NGINX configuration files directly to ensure container accessibility.
3. **Track Blue-Green status and the Git SHA of your running container for easy monitoring.**
* Blue-Green deployment decision algorithm: scoring-based approach
* Run the command bash [`check-current-status.sh`](https://check-current-status.sh) (similar to `git status`) to view all relevant details
4. **Security**
* Refer to the [Security](https://github.com/patternhelloworld/docker-blue-green-runner#Security) section
5. **Production Deployment**
* Refer to the [Production Deployment](https://github.com/patternhelloworld/docker-blue-green-runner#production-deployment) section

https://redd.it/1k30hmy
@r_devops

📡 Anyone setting up HTTPS for JupyterHub? Here’s my method using Jupyter AI setup

Hi all,

I recently had to configure HTTPS for JupyterHub while working with Jupyter AI and wanted to share a working method in case anyone else is trying to do the same.

The process involved:

Generating self-signed SSL certs (or using Let's Encrypt)

Editing the JupyterHub config

Restarting with the right flags and paths

It took a bit of trial and error to get it stable, especially since Jupyter AI has some subtle differences in environment behavior.

Would love to hear how others secure their notebook environments — especially for production or collaborative setups.

#Jupyter #HTTPS #DevOps #SelfHosted #JupyterHub #Security #Tips

https://redd.it/1llf10d
@r_devops

📡 Anyone setting up HTTPS for JupyterHub? Here’s my method using Jupyter AI setup

Hi all,

I recently had to configure HTTPS for JupyterHub while working with Jupyter AI and wanted to share a working method in case anyone else is trying to do the same.

The process involved:

Generating self-signed SSL certs (or using Let's Encrypt)

Editing the JupyterHub config

Restarting with the right flags and paths

It took a bit of trial and error to get it stable, especially since Jupyter AI has some subtle differences in environment behavior.

Would love to hear how others secure their notebook environments — especially for production or collaborative setups.

#Jupyter #HTTPS #DevOps #SelfHosted #JupyterHub #Security #Tips

https://redd.it/1llf0up
@r_devops