I have a simple Ansible playbook to
Fetch a database connection config from an RestAPI,
Extract the config object from the payload,
Using the config JSON (as request body) to create a PUT request to another RestAPI.
At the 3rd stage I found that the database username and password combination is wrong. Later, while I print the outputs, I have found that the password has been replaced with a string named "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER".
After some googling, I found that this is a security feature by Ansible. Unfortunately, I haven't found any configuration or something like this to disable this feature. Is it possible to disable this feature? Or any other workaround?
---
- name: my-playbook
gather_facts: no
hosts: all
vars_files:
- secret
tasks:
- name: Fetch the config payload from the API
uri:
url: "{{get_config}}"
method: GET
user: "{{username}}"
password: "{{password}}"
validate_certs: no
return_content: yes
status_code: 200
body_format: json
register: config
- name: Extract the config object
set_fact:
config_raw: "{{ config.json | json_query(jmesquery) }}"
vars:
jmesquery: '{{name}}.config'
- name: print the config
debug:
msg: "{{config_raw}}"
- name: Creating object using config
uri:
url: "{{create_ocject}}"
method: PUT
user: "{{username}}"
password: "{{password}}"
validate_certs: no
body: "{{config_raw}}"
body_format: json
return_content: yes
status_code: 200
headers:
Content-Type: "application/json"
register: test_res
- name: output value
debug:
msg: "{{test_res.json}}"
Can we create a user in vault API using special characters. For example below POST url is used to create users.
POST : http://localhost:8200/v1/auth/userpass/users/myuser-1#beta_1.0$
Paylod :
{
"password": "myPassword",
"policies": "myuser-1#beta_1.0$",
"ttl": "120",
"max_ttl": "120"
}
Result :
{
"errors": [
"1 error occurred:\n\t* unsupported path\n\n"
]
}
the user myuser-1#beta_1.0$ contains special characters # _ $. I think the # $ chars should be encoded before passing to vault. However there is no information about url encoding in below documentation.
https://www.vaultproject.io/api/auth/userpass/index.html
Is encoding supported here or should it be replaced with other char before sending it to vault??
Note: Removing # $ chars, api works fine.
I am sending syslog data to my LogZilla server and am unable to rewrite the data using the
Event message:
{"event_type":"Threat_Event","ipv4":"172.31.100.13","hostname":"server1.something.net","source_uuid":"df4df304c3-93f2a-41f89-8dfefd-7f54bdsf5e429f","occured":"06-Aug-2019 02:38:44","severity":"Warning","threat_type":"test file","threat_name":"Eicar","scanner_id":"Real-time file system protection","engine_version":"1498036 (20190805)","object_type":"file","object_uri":"file:///home/admin/g4.txt","action_taken":"cleaned by deleting","threat_handled":true,"need_restart":false,"username":"root","processname":"/usr/bin/vi","circumstances":"Event occurred on a newly created file.","firstseen":"06-Aug-2019 02:38:44","hash":"CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62"}
Code for automatic key value detection to rewrite message above:
{
"rewrite_rules": [
{
"match": {
"field": "program",
"value": "ESServer"
},
"update": {
"message": "${event_type}, ${ipv4}"
},
"kv": {"separator": ":", "delimiter": ","
}
}
]
}
'''
I am expecting the message to be parsed so that I can setup dashboards based on various fields from the message.
LogZilla doesn't parse kv pairs within quotes, so first you'll need to strip those out. Here's a syslog-ng rule that will do that:
filter f_program {program("ESServer")};
rewrite r_quotes { subst("\"", "", value("MESSAGE") flags("global") condition( filter(f_program))); };
log {
source(s_logzilla);
rewrite (r_quotes);
#filter(f_fwdrops);
destination(d_logzilla_network);
# Uncomment line below for debug/testing of incoming events
#destination(df_debug);
#destination(d_unix_stream);
flags(flow-control,final);
};
You should create a 'rules' directory to store any custom configurations in. Save the above in that directory as syslog.conf (or any name you prefer). The copy it to the conainer and restart syslog-ng:
docker cp syslog.conf lz_syslog:/etc/logzilla/syslog-ng
docker restart lz_syslog
Now those events should have the quotes removed when they come in. Next, create a LogZilla parser rule with the following:
first_match_only: true
rewrite_rules:
- comment:
- 'Name: ESET Security Manager KV'
- 'Sample: "event_type":"Threat_Event","ipv4":"172.31.100.13","hostname":"server1.something.net","source_uuid":"df4df304c3-93f2a-41f89-8dfefd-7f54bdsf5e429f","occured":"06-Aug-2019 02:38:44","severity":"Warning","threat_type":"test file","threat_name":"Eicar","scanner_id":"Real-time file system protection","engine_version":"1498036 (20190805)","object_type":"file","object_uri":"file:///home/admin/g4.txt","action_taken":"cleaned by deleting","threat_handled":true,"need_restart":false,"username":"root","processname":"/usr/bin/vi","circumstances":"Event occurred on a newly created file.","firstseen":"06-Aug-2019 02:38:44","hash":"CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62"'
- 'Description: ESET K/V Detection and User Tag creation'
match:
field: program
op: =~
value: 'lzadmin'
kv:
delimiter: ""
separator: ":"
pair_separator: ","
tag:
ut_event_type: ${event_type}
ut_ipv4: ${ipv4}
ut_hostname: ${hostname}
Then add the rule:
logzilla rules add kv.json
I am trying to configure node mailer in express js application. During the time of sending mail, I got an error ENOTFOUND.
My smpt configurations are,
smtpServer: {
host: "smtp.gmail.com",
port: 587,
secure: false,
user: "email#gmail.com",
pass: "password",
fromName: "",
fromAddress: ""
}
Error :
{"errno":"ENOTFOUND","code":"ECONNECTION","syscall":"getaddrinfo","hostname":"smtp.gmail.com","host":"smtp.gmail.com","port":587,"command":"CONN","meta":{"errno":"ENOTFOUND","code":"ECONNECTION","syscall":"getaddrinfo","hostname":"smtp.gmail.com","host":"smtp.gmail.com","port":587,"command":"CONN"}}
I suspect this error came because of proxy issues. So, I checked the smpt hostname in my machine nslookup table.
That is returned following result:
$ nslookup smtp.gmail.com
Server: 127.0.1.1
Address: 127.0.1.1#53
Non-authoritative answer:
*** Can't find smtp.gmail.com: No answer
Other than else what I missed here?
So I'm trying connect to my local RabbitMQ server through a java application using the amqp_URI which is of the following format
amqp_URI = "amqp://" amqp_authority [ "/" vhost ] [ "?" query ]
amqp_authority = [ amqp_userinfo "#" ] host [ ":" port ]
amqp_userinfo = username [ ":" password ]
the question is where do I find the amqp_userinfo in my server for the connection.
the user: guest and pwd: guest of the http://localhost:15672/ doesn't work. I have also tried creating a new user in http://localhost:15672/ and using it, it doesn't help.
Thanks in advance
Got it, apparently the password length was too short, was successful when I created longer password for the user