Loading...
 

Amazon Web Services (AWS) Administration via CLI

"The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts."

Installing Chocolatey and AWS CLI

"Chocolatey - Software Management Automation"

  1. Launch PowerShell as Administrator
  2. PS > Set-ExecutionPolicy Bypass -Scope Process -Force; iex New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'
  3. Close and Reopen PowerShell as Administrator
  4. PS > choco install awscli

References

Quick How to Connect to Office 365 via PowerShell

How-To create a remote PowerShell session to your Exchange Online organization

  1. Open Windows PowerShell as Administrator
  2. PS > Set-ExecutionPolicy RemoteSigned
  3. PS > $UserCredential = Get-Credential
  4. PS > $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  5. PS > Import-PSSession $Session -DisableNameChecking
  6. PS > Connect-MsolService –Credential $UserCredential
  7. PS > Connect-AzureAD –Credential $UserCredential


"Be sure to disconnect the remote PowerShell session when you're finished. If you close the Windows PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you'll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command."

  1. PS > Remove-PSSession $Session

References

Microsoft Office 365 Administration with PowerShell

As a Microsoft Office 365 Global Administrator, PowerShell and Git are the necessary tools for effective management. The following is a quick guide for installing the Office 365 and Azure PowerShell modules and Git.

Manage Office 365 with Office 365 PowerShell

"With the Microsoft 365 admin center, you can not only manage your Office 365 user accounts and licenses, but you can also manage your Office 365 server products: Exchange, Skype for Business Online, and SharePoint Online. However, you can also manage these elements with Office 365 PowerShell commands, taking advantage of a command-line and scripting language environment for speed, automation, and additional capability."

Install the required software:

  1. Launch PowerShell as Administrator
  2. PS > Install-Module -Name AzureAD
  3. Install - Microsoft Online Services Sign-In Assistant for IT Professionals RTW - https://www.microsoft.com/en-us/download/details.aspx?id=41950
  4. PS > Install-Module MSOnline

Manage PowerShell Scripts with Git

"Git for Windows focuses on offering a lightweight, native set of tools that bring the full feature set of the Git SCM to Windows while providing appropriate user interfaces for experienced Git users and novices alike."

Installing Chocolatey and Git:
"Chocolatey - Software Management Automation"

  1. Launch PowerShell as Administrator
  2. PS > Set-ExecutionPolicy Bypass -Scope Process -Force; iex New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'
  3. Close and Reopen PowerShell as Administrator
  4. PS > choco install git

References

General documentation writing concepts, including structure, mechanics and language.

Structure

  • Descriptive Title – The title should be descriptive and include common search terms based on the subject of the document.
  • Introduction – A summary of the procedure, including context of the procedure, a high level purpose of the process and the technology involved.
  • Prerequisites – What needs to be in place before starting the procedure? What is needed to allow the procedure to be completed without disrupting the flow of the procedure?
  • Procedure – Document all steps needed to complete the procedure.

Mechanics

Mechanics can help with the readers’ understanding of the document.

  • Screenshots – Screens provide visual ques and context for steps of the process. Use tight screenshots, only including the part of the screen that is focus of the step or process. Do not capture the whole screen.
  • Related Assets – If a step or process is related to another asset (document, configuration, password, user, etc.) include a link to that other asset. This provides both context to the process and allows for quick access to the other asset. Relationships are bi-directional, meaning that a user can move between assets, from a process to a configuration, or from a configuration to a related process. For example, Creating an Active Directory User, linking the steps of the process to an organization AD server, provides information on where to create the user, and when viewing a server knowledge of what services / functions that server provides.
  • Bold Text – Use Bold Text to form onscreen buttons or text to help differentiate them from the rest of the text in a given step or procedure. This allows for text to be skimmed, and a user can quickly find links, text, or buttons that are needed for a process.
  • Italicized Text – Use Italicized Text for examples to also help differentiate them from the rest of the text.

Language

  • Audience – Who will be reading the document? Knowing your audience will help determine if and what jargon, acronyms or slang can / should be used.
  • Assumptions – Document assumptions should be added to the Prerequisites section of the document.
  • Brief – Keeps the steps short, clear and precise.
  • Avoid Time-Sensitive Information – Use job roles instead of an individual’s name, for example.

Reference

Chocolatey Package Manager for Windows

Chocolatey - Package Manager for Windows

“Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It was designed to be a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure currently using PowerShell as its focus for delivering packages from the distros to your door, err computer.” - https://chocolatey.org/about

Chocolatey provides an easy to use process to install common applications. For Microsoft Windows System Administrators, it is a tool to install applications used on a daily basis, such as Git, Python 2 and 3, Java JRE, Notepad++, Putty, Sysinternals and FileZilla.

Requirements

  • Windows 7+ / Windows Server 2003+
  • PowerShell v2+
  • .NET Framework 4+ (the installation will attempt to install .NET 4.0 if you do not have it installed)

Installing Chocolatey with PowerShell

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Git - Version Control

“Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.” - https://git-scm.com/

Git is needed to access countless public PowerShell and Python repositories on (Microsoft) GitHub. Git is used to manage Infrastructure-as-Code scripts and configuration files for both cloud and on-prem systems, for example Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Microsoft Office 365, Windows PowerShell Desired State Configuration, etc. Git is must have in any System Administrator’s toolbox.

Installing Git with Chocolatey

choco install git

Python - Programming Language

“Python is a programming language that lets you work quickly and integrate systems more effectively.” - https://www.python.org/

Python is a general purpose programming language that can be used by System Administrators to manage cloud services, such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Installing Python with Chocolatey

Python 2:
choco install python2
Python 3:
choco install python

Sysinternals

"The Sysinternals Troubleshooting Utilities have been rolled up into a single suite of tools.
This file contains the individual troubleshooting tools and help files.
It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault." - https://chocolatey.org/packages/sysinternals

Installing Sysinternals with Chocolatey

choco install sysinternals

Azure CLI

“The Azure CLI 2.0 is a command-line tool providing a great experience for managing Azure resources. The CLI is designed to make scripting easy, flexibly query data, support long-running operations as non-blocking processes, and more.” - https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

Installing Azure CLI with Chocolatey

choco install azure-cli

Azure PowerShell

“Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources.” - https://docs.microsoft.com/en-us/powershell/azure/overview?view=azurermps-6.7.0

Installing Azure PowerShell with Chocolatey

choco install azurepowershell


Chocolatey makes installing these and other System Administrator tools easy.

Monitoring Amazon Web Services (AWS) - AWS CloudTrail

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.” (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

"Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

"Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CloudTrail

“AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.” (https://aws.amazon.com/cloudtrail/)

Introduction

Creating a trail for all AWS regions, storing the logs in AWS Simple Storage Service (S3) and encrypting the logs using AWS Key Management Service (KMS).

Requirements

  • An AWS Account
  • An AWS user, preferably not the Root User, with access to AWS CloudTrail, S3, KMS, etc.

Instructions

Creating a Trail - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

References

The NIST Definition of Cloud Computing

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models." - https://csrc.nist.gov/publications/detail/sp/800-145/final

Consistency Is the Hobgoblin of Little Minds

"As with most things, context matters, which is what makes this quote inappropriate almost everywhere I see it used. In the context of IT, with consistency, a great soul can trade meaningless & soul-crushing work for important & strategic tasks, moving their organization forward rather than struggling just to keep up." - https://lonesysadmin.net/2017/10/25/consistency-is-the-hobgoblin-of-little-minds/

IETF and RFCs

The Internet Engineering Task Force (IETF)

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF Mission Statement is documented in RFC 3935.1

Request for Comments (RFC)

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the principal technical development and standards-setting bodies for the Internet.

An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. It is submitted either for peer review or simply to convey new concepts, information, or (occasionally) engineering humor. The IETF adopts some of the proposals published as RFCs as Internet Standards.

Request for Comments documents were invented by Steve Crocker in 1969 to help record unofficial notes on the development of ARPANET. RFCs have since become official documents of Internet specifications, communications protocols, procedures, and events.2

References

The IETF Mission Statement - https://www.ietf.org/rfc/rfc3935.txt
Request for Comments (RFC) - https://www.ietf.org/rfc.html
RFC Index - https://www.rfc-editor.org/rfc-index.html

Books

2 Request for Comments. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 19:13, July 29, 2017, from https://en.wikipedia.org/w/index.php?title=Request_for_Comments&oldid=787685236
  • «
  • 1 (current)
  • 2