Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Fidel Rodriguez
@rmrfidel_twitter
pip install decorator cloudaux defusedxml
Mike Grima
@mikegrima
To be honest... I would start from scratch.
Please re-install from the develop branch on a clean instance without anything else installed on it
I have a feeling that you have conflicting versions and things running on it that's causing a lot of issues
Fidel Rodriguez
@rmrfidel_twitter
I started from scratch and ran into a lot of issues
Mike Grima
@mikegrima
I don't know what to tell you. I'm not able to replicate your issues.
Since Security Monkey is mostly on the way out (we are deprecating in 2020), my recommendation is to just use AWS Config
Which is what we are transitioning to internally at Netflix
Fidel Rodriguez
@rmrfidel_twitter
Are you thinking of using aws config with aws organization?
I have been researching that
Mike Grima
@mikegrima
Yes
João Vinagre
@jrvlima
Hi @rmrfidel_twitter and @mikegrima thanks, didn’t see your message before, I was able to deploy completed using master, python2 and requirements.txt of develop - I just had another issue regard to identation in a init file
@mikegrima what’s the recommend strategy to import an existing data to a new secmonkey deployment
Mike Grima
@mikegrima
Clone the database?
or use the existing database with the new installation?
João Vinagre
@jrvlima
do a data migration from an existing database to the new one, but nvm, I will point new deployment to existing database
João Vinagre
@jrvlima
is ok to use the existing database with the new installation even if dns are different
dns for worker, ui, and scheduler
?
Fidel Rodriguez
@rmrfidel_twitter
i don't think the database has any record for that. I think its all on the env-config/config.py file. don't quote me I am not a security monkey developer. I just think I know since I had my cluster broken and learn the hard way of fixing it
João Vinagre
@jrvlima
thanks
Mike Grima
@mikegrima
The database doesn't care
João Vinagre
@jrvlima
thanks
jibz08
@jibz08
@mikegrima botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::<A/C>:user/<user> is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<A/C>:role/SecurityMonkey
@mikegrima How this user came here . we are not creating any user ? then ?
Mike Grima
@mikegrima
You need to provide more context on your set up
My recommendation would be to re-read the IAM section in the quickstart guide
João Vinagre
@jrvlima

I have a secmonkey deploy (blue deployment)
I did a deploy of new instance(green deployment) pointing to same DB and using same IAM role

I SSH inside green deployment and ran

monkey amazon_accounts
monkey add_account_aws ...
monkey find_changes

my items table is empty - am i missing something?

Mike Grima
@mikegrima
Anything show up in the logs?
João Vinagre
@jrvlima
logs are empty, I think I found something celery was in wrong place, checking here - thanks
jibz08
@jibz08
@mikegrima i m using a single 8core cpu EC2 to monitor 8 aws a/cs
as per the instruction , i have created the instance profile and security Mk role where the EC2 belongs to. and created Sec Monkey role in all AWS a/c given the trust relationship there where the EC2 belongs AWS a/c ID.
jibz08
@jibz08
@mikegrima The error i showed up happens when do manual find change command. but when i go to the UI and check I m seeing the changes
Mike Grima
@mikegrima
So the SM UI shows the changes but manual find_changesdoesn't?
Also not sure what a/cs or a/c is
Michael Stair
@mstair
Could a manual run pickup user keys vs the ec2 assigned role?
*if defined
Mike Grima
@mikegrima
^^ This makes sense. Check to make sure you don't have any static keys in any files. And if you do, you need to remove them and get those keys invalidated ASAP.
jibz08
@jibz08
8 aws accounts
Jeff Taylor
@jefe78
Has anyone looked at describing the route tables of subnets to look for '0.0.0.0/0' or IGWs?
Was about to go down the rabbit hole of writing my own watcher but thought I'd check first
Jeff Taylor
@jefe78
Ignore me. I found that this already exists in SM :)
João Vinagre
@jrvlima
I lost my data trying to deploy a green deployment
Is there any instructions how to migrate data to a new deployment
jaguilar42
@jaguilar42
Hi, does security monkey support postgres 11?
badllama
@badllama
If I turn off a watcher, it gives me the option to remove the relevant items. There are certain watchers where that doesn't seem to actually remove the items. Is there some other way to force Security Monkey to remove items from what it tracks?
badllama
@badllama
@mikegrima ^
jibz08
@jibz08
@mikegrima I have enabled mail Notification for my AWS A/C . I m receiving emails for some A/C. But Some A/C is missing . I have used SES smtp for the mail config. I have enabled all change emails
jibz08
@jibz08
@mikegrima Can please share me the PostgreSQL db query to get all the internet accessible S3 bucket from security monkey Database ?
Anyone can help me with above ?