michaelact

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 8192
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_tw_reuse = 1
net.core.default_qdisc = fq
net.ipv4.ip_local_port_range = 10240 65535
net.ipv4.tcp_abort_on_overflow = 1

michaelact

services:
  opensearch-data01: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
    image: public.ecr.aws/opensearchproject/opensearch:2.5.0 # Specifying the latest available image - modify if you want a specific version
    container_name: opensearch-data01
    environment:
      - network.bind_host=0.0.0.0
      - network.publish_host=192.168.56.141
      - cluster.name=nightwolf-cluster # Name the cluster
      - node.name=opensearch-data01 # Name the node that will run in this container
      - node.roles=data # Role of the node

michaelact

#!/bin/bash

# Install Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg;
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null;
apt-get update;
apt-get -y install docker-ce docker-ce-cli containerd.io;

# Install Docker Compose
curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;

michaelact

#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/engine/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
#   $ curl -fsSL https://get.docker.com -o get-docker.sh
#   $ sh get-docker.sh
#

michaelact

#!/bin/bash
# Source: 
# - https://linoxide.com/how-to-install-and-run-lynis-on-ubuntu-linux/
# - https://sysadminxpert.com/how-to-do-security-auditing-of-centos-system-using-lynis-tool/#Install_Lynis_on_Fedora
set -e

OS=$(. /etc/os-release && echo "$ID")
if [[ $OS == "ubuntu" ]]; then
  wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
  echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

michaelact

#!/bin/bash
# Reference: https://stackoverflow.com/questions/20337749/exporting-dns-zonefile-from-amazon-route-53

HOSTED_ZONE_IDS=$(aws route53 list-hosted-zones --query "HostedZones[*].Id" --output text)
for zoneId in $HOSTED_ZONE_IDS; do \
  echo $zoneId >> records.txt
  aws route53 list-resource-record-sets --hosted-zone-id $zoneId --output json | jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"' >> records.txt
done

michaelact

#!/bin/bash

# Create the .conf file to load the modules at bootup
cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter

michaelact

#!/bin/sh
set -e

find . -type d | grep -v .terraform | tail -n +2 > tfdir.txt
cat tfdir.txt | parallel cp .tflint.hcl {}
cat tfdir.txt | parallel 'cd {} && tflint'
cat tfdir.txt | parallel 'cd {} && tflint --module'
cat tfdir.txt | parallel rm {}/.tflint.hcl
rm tfdir.txt

michaelact

module "sg-elasticache" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "sg_elasticache"
  description = "Guardian of ElastiCache Cluster"
  vpc_id      = ""

  egress_rules = ["all-all"]
  ingress_with_cidr_blocks = [
    {

michaelact

TMPL_DIR  ?= .

.PHONY: prepare
prepare:  ## Preparing Ansibila Requirements
	@ $(MAKE) --no-print-directory log-$@
	mkdir -p ${ROLE_DIR}/molecule/default
	mkdir -p ${ROLE_DIR}/meta
	touch $(ROLE_DIR)/variables.yml
	touch $(ROLE_DIR)/molecule/default/playbook.yml
	touch $(ROLE_DIR)/meta/main.yml