viasat / hotcidr Goto Github PK
View Code? Open in Web Editor NEWTools for firewall rule management and automation
License: Apache License 2.0
Tools for firewall rule management and automation
License: Apache License 2.0
Amazon leaves terminated instances in the list for a while after they're killed; we need to make sure we filter only for running, started, or stopped instances.
Currently HotCIDR can filter groups down to a specific region; we should add a filter down to particular VPCs
It's a bit tedious laying out every single instance in boxes.yaml. We might change it up to match on hostname (either through tag:Name or reverse DNS), and apply rules based on that. Something like
.*:
groups:
- default
dc-.*\.example\.com:
groups:
- LdapServer
- DnsServer
We use print or .write a lot, and should switch to Python's logging framework where appropriate.
Unit tests should be written especially for applying, and also for auditing.
As it is, unused security groups are not deleted in EC2 by apply, as they do not affect the behavior of the network. Still, it would be nice to delete them anyways to clean the VPC up a bit.
Use python's tempfile library rather than creating hard-coded directories wherever AWS_out and /tmp/hotcidr are mentioned. This is a good coding practice because the temporary files are always deleted, and it enhances cross-platform portability.
I tried to add a "secure-default" group to one of our VPCs and the new group was created in EC2-Classic, not the VPC I'd laid out in the config.
All our database functions need to use prepared statements
The command line audit does not exhibit this behavior - the audit reliably shows up. The behavior is infrequent and can be solved by attempting the audit again (or, rarely, several times).
Audit and apply buttons are there. A similar button should be created for validation.
Rather than just allowing seconds-until to be input, a set date (in iso date format) should be allowed for expirations of both kinds (in expirations.yaml and in the rules yaml).
As it is, the time range only looks at the created-date, not the approved date. It should look at the approved date, but more accurately it should look at both actions and include all rules with any action (created or approved) within the time range.
We need to figure out how to stop from needing to pull the entire commit log for a repo to do the diffs properly
If you have terminated an instance but it has not yet been removed from AWS' system, hotCidr will throw the exception below when trying to apply rules to it.
Unexpected exception raised. Aborting.
Traceback (most recent call last):
File "/home/jkwan/hotcidr/venv/bin/hc-apply", line 26, in <module>
args['expected']
File "/home/jkwan/hotcidr/venv/local/lib/python2.7/site-packages/hotcidr/apply.py", line 230, in main
action(conn)
File "/home/jkwan/hotcidr/venv/local/lib/python2.7/site-packages/hotcidr/apply.py", line 13, in __call__
self.run(conn)
File "/home/jkwan/hotcidr/venv/local/lib/python2.7/site-packages/hotcidr/apply.py", line 44, in run
conn.modify_instance_attribute(self.inst_id, self.attr, self.value)
File "/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py", line 1262, in modify_instance_attribute
return self.get_status('ModifyInstanceAttribute', params, verb='POST')
File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1197, in get_status
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidParameterCombination</Code><Message>You may only modify the groupSet attribute for VPC instances</Message></Error></Errors><RequestID>9bde642f-a747-43ba-99b4-3d5b03d35065</RequestID></Response>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.