Author: Perry Brandiezs

Terraform Installation

References:

A basic Terraform install is pretty straight-forward:

Linux – RHEL8:

sudo yum install -y yum-utils

sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

sudo yum -y install terraform

terraform -help

touch ~/.bashrc

terraform -install-autocomplete

# Note need to restart shell

Windows – PowerShell

Get-ExecutionPolicy     # Must show unrestricted, otherwise use Set-ExecutionPolicy

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

choco

choco install terraform

terraform -help

MacOS – Homebrew

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

brew upgrade

brew install terraform

terraform -help

touch ~/.bashrc

terraform -install-autocomplete

AWS Lightsail Bitnami Let’s Encrypt Certificate Renewal

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/

To renew your Let’s Encrypt certificate on a Bitnami LightSail WordPress instance:

  • SSH into the instance and follow these steps.
  • Review the reference listed above as a guide, before continuing.
  • Note: The steps below are used if the bncert-tool or Lego provided by Bitnami was used to request the certificate.
  • Replace <DOMAIN> with your domain name.
  • Replace <EMAIL> with your email address.
sudo grep -irl "$(openssl s_client -verify_quiet -showcerts -connect <DOMAIN>:443 2>/dev/null | sed -n '/BEGIN/,/END/{p;/END/q}' | head -n 3 | tail -n 2)" /opt/bitnami/letsencrypt /etc/letsencrypt

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt list

sudo /opt/bitnami/ctlscript.sh stop

sudo /opt/bitnami/letsencrypt/lego --tls --email="<EMAIL>" --domains="<DOMAIN>" --path="/opt/bitnami/letsencrypt" renew --days 90

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt list

sudo /opt/bitnami/ctlscript.sh start

Sneaky Hackers: How I Fixed the xmlrpc.php Problem

References:

Recently I noticed a flood of xmlrpc.php POSTs in my Apache access_log for a new WordPress site just deployed, using a Bitnami image on AWS Lightsail. Basically it was flooding the site a few times every second! Eventually it gets overloaded and shuts down Apache.

xmlrpc access log
xmlrpc access log

After doing a bit of research, aka… I checked Google, I learned this is a known problem. In a nutshell, hackers can use xmlrpc.php for botnets, brute force attacks, etc. Although there is some value with xmlrpc.php within WordPress (pingbacks, etc), I was not using that functionality.

I addressed the issue with the iThemes Security plugin. Easy to install and configure, it only took a few minutes to make the site much more secure, including two-factor authentication, brute-force login attempt lockout, etc.

iThemes Security
iThemes Security

For the xmlrpc issue, be sure to go into Settings -> Advanced -> API Access – XML-RPC – select Disable XML-RPC, and also for REST-API -> select Restricted Access.

Disable XML-RPC
Disable XML-RPC

Within only a couple days, the plugin has already locked out a few bad IPs attempting brute force attacks. No problems with the XMLRPC floods since, fingers crossed.