Posts

npm audit error - package vulnerabilities

Run into this error during my npm build. Awesome treat of the day, it seems.
Time to get cracking with resolving inflight npm libraries issues.

https://gist.github.com/appcoreopc/7b335ac237cd7198027a3af43d895bef

When i encounter this issues, non of my build work. It just shows the following error and exit.

Good thing it ask me to use

npm audit fix

to fix stuff and it works. Obey the npm cli :)

npm react script error - The react script package provided by Create React App requires a dependency

Bump into this error today,

The react script package provided by Create React App requires a dependency. The react-scripts package provided by Create React App requires a dependency

"jest" : "24.7.1"

To resolves this, apply changes suggested from here.



Az cli - setting diagnostic logs for event hub

Image
This is a script that allows you to setup diagnostic logging for keyvault and event hub. You can easily use it for other stuff as well.

First of all your start off with something simple like this, to enable diagnostic logging for a vault called "myvault". Unless it is a resource Id, then you need to provide resource group info.  (Please note - resource group is the resource group that vault resides)

When it comes to --workspace, ideally it is best to




az monitor diagnostic-settings create -n "lalala" --resource "myvault" -g "devrgpmtengine" --resource-type "Microsoft.KeyVault/vaults" --workspace "mydevworkspace" --metrics '[{"category": "AllMetrics","enabled": true,"retentionPolicy": {"enabled": false, "days": 0 }}]'




when it comes to --workspace, it is best to have something that looks like this, full resource path to your workspace. It looks like the figure b…

Powershell - Passing json string into az cli for execution

when you're trying to work with Az cli, you tend to pass in a bunch of json strings. And the thing about powershell, you need to escape double quotes otherwise you will get a whole bunch of errors : -

Expecting property name enclosed in double quotes: line 1 column 1
Expecting property name enclosed in double quotes: line 1 column 3 (char 2)

blah blah blah


To solve this, look at this example :-




This is an example how you can use "az monitor diagnostic-settings" command line.

hope this helps!!!

Azure key - using rsa (private and public key)

The idea is pretty simple, create a rsa key in azure. Use public key to encrypt. Then use private key to decrypt. Private key never leave the vault.

Here is the code for doing that.


If you're getting bad request? Please check to make sure you have added MSI to the keyvault access policy.


I had that many many times the following error message,

Unhandled Exception: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'BadRequest'

and the problem is due to, specifying foAEP to false, instead of true.


varencryptedText = rsa.Encrypt(byteData, fOAEP: true); // use to be false :(

Azure diagnostic settings - quick way to look at all the setups

Go to Azure portal -> Monitor -> diagnostic settings 

Please change the subscription filter as required.



Writing to a variable for other tasks in the pipelines

You can create/ update a pipeline variable using the following command :-




Write-Host"##vso[task.setvariable variable=myvariableName;] $myVariableWithValue"

Terraform - setup AzureRM as a backend storage

Say you're trying to setup terraforma backend - to save state file into Azure, you might get prompt asking for container name, then provide the configuration listed in figure 1.1.

Before that, you need to setup your ARM authentication (yes, all of this)

set ARM_CLIENT_ID=
set ARM_CLIENT_SECRET=
set ARM_SUBSCRIPTION_ID=
set ARM_TENANT_ID=

If you get error messages saying

"Error inspecting states in the "azurerm" backend" - please provide settings in figure 1.1

If you encounter this error, remember to delete your statefile folder (.terraform) or whenever any of your test results in failure. This is important

Error inspecting states in the "azurerm" backend:
storage: service returned error: StatusCode=403, ErrorCode=AuthenticationFailed, ErrorMessage=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.



If you want to pass DYNAMIC values in, you can use :-


terraform init -backen…

Wireshark - Master grand list of fields

Deep dive into fields you can specify on the filter section of wireshark. Here are a complete ref :-

https://www.wireshark.org/docs/dfref/t/tcp.html



Sans SIFT workstation - a forensic VM

Mitre - Threat framework

This is awesome. It has a huge list and not sure how one can possible ensure this is carry out.

https://attack.mitre.org/