Successfully used salt-ssh-deploy with GitHub Actions, added minimalist example pipeline.
Started using ACL in Redis to segment access to different databases.
Added min.io cluster installation states to microdevops-formula.
Also added standard cluster monitoring pillars min.io and Loki.
Added the description of standard CentOS system folders to rsnapshot_backup.check_coverage.
Added PMM Agent installation state to microdevops-formula.
Added a standard supervisor status monitoring pillar (along with processes launched through it).
Added a document that describes the methodology for testing the correctness of Loki clusters.
Updated Hashicorp Vault installation state. It now more closely meets the recommendations from the documentation.
We observed several hacks of client sites through bitrix’s Vote module. Malicious code leaves behind backdoor files, modifies data in the database (injects vulnerable code into the data in the database), launches processes. For treatment, it is necessary to remove running processes, clean the site folder of additional/changed files, remove the code from the database (or restore it from a backup). It is imperative to disable the Vote module, or, even more preferably, to replace the politically and emotionally undesirable bitrix with something less leaky, although for many companies this actually means a complete refactoring of their site’s engine. To intercept the attack vector, we used a logging of POST requests in nginx.
Added a simple utility check_domain_expiration.py to check the expiration status of domains. The previous utility we used could not check *.mx
, *.ws
and similar domains.
Added the ability to force the version of python used in our utilities, as on some OSes installing an additional OS version breaks them.