DevOps Skills: What Makes a DevOps Engineer a Great Asset to Any Company

 

Cas Inc - Grow Your Business And Boost Up Sale | Cas Inc

DevOps Skills: What Makes a DevOps Engineer a Great Asset to Any Company

Have you heard about DevOps and how beneficial it is to any IT company? Oh, sure, you have, even your 95-year old Granny has. It is so much spoken about, however, most of the time in the like manner: it’s so important to be DevOps and if you’re not (why you should is often omitted) – say goodbye to the bright future of your business. The first thing to understand here is that DevOps is really important, man. “Like gas for your car?” – you may ask. Nowhere near the gas, nor the engine. It is both important and supplementary, more like a T-belt: a detail that won’t come to your mind in the first place if you were asked about the core of the car. However, once the T-belt is broken, the car simply won’t start.

What are DevOps and a DevOps engineer?

So, what is DevOps? The diversity of the means and objectives that any company sets before its DevOps team is immense, along with DevOps implementation examples. It implies that an industry-wide definition of the notion will be a very general one. DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support (The Agile Admin) seems to be OK. Another definition by the same source completes the one from above: “DevOps is also characterized by operations staff making use many of the same techniques as developers for their systems work”. This is actually true. DevOps is the result of the position’s merge. Literally, a system administrator plus a developer gives a DevOps engineer.

DevOps engineers rarely start their career as DevOps engineers actually. Most often, they pertain to the developer’s circle who caught the trick of system administrating or vice versa, used to be system administrators who got the hang of coding. To a certain degree, the success of the DevOps philosophy is due to the synergy of training, which enables an individual to see the world from multiple perspectives. Thus, a DevOps engineer helps the developers, testers, and IT teams to soften up product delivery through better infrastructure monitoring, ultimate automation, advanced tooling, and efficient workflows. This enables times faster deployments, reduces human errors, and MTTR, among other perks.

Okay, we’re now clear about what DevOps and a DevOps engineer is and even have slightly covered why we need them. To look into the issue in more detail why many would give their right hand to have such a lifesaver (or a team of them) in their offices, we’ll have to study a DevOps engineer’s JD in more depth. What a DevOps engineer should know?

What makes a DevOps engineer a great asset to your company?

Infrastructure automation and monitoring skills

Many feel confused as regards the mission of the DevOps team and see it in automating everything within a DevOps engineer’s reach. Although this statement isn’t 100% true, automation skills are indeed ranked top in the DevOps Institute’s skills report, “Upskilling: Enterprise DevOps Skills Report 2019.” Infrastructure automation goes closely grouped with infrastructure monitoring, and further branch into server provisioning, configuration management, automated builds, code deployments, and actually monitoring.

As a developer, to deal with the issues from above, a DevOps engineer is able to code and uses at least one scripting language (Java or C#, or PowerShell, depending on the OS of choice). Although a DevOps engineer rarely codes from scratch, he/she possesses basic scripting skills to know the how and why of developers’ things.

As a system administrator, a DevOps engineer knows how to operate a bunch of tools to cope with infrastructure-related tasks. Among such DevOps names Ansible, Chef, Puppet, Jenkins, Docker, New Relic, Sensu along with other great tools (listed in the above article, broken by categories) that are typically used in the DevOps environment. Not bad for one employee, hmmm?

Process skills

Although automation skills rule, “automation without process expertise… is all but useless”, states the same reporters. That’s why a successful DevOps engineer has profound knowledge of the entire workflow within a given company to be able to make processes more efficient and fluent (as this is what we need DevOps for). In this connection, understanding of SDLC, experience working with source control models and processes, Agile methodologies add up to the DevOps engineer skills list. These may seem way too simple for you compared to the infrastructure-management skills. Nevertheless, it is exactly what helps DevOps guys “to strategize the entire integration and deployment process” (IntelliPaat). Without the correct workflow, an enterprise stumbles into organizational issues that all too often are attempted to resolve using technical means, which is completely incorrect. If DevOps engineers are system administrators and masters of processes, human (a.k.a. process)-related issues won’t be an issue for the company whatsoever.

Soft skills

This type of skill was also highlighted in the Upskilling: Enterprise DevOps Skills Report. The author’s name collaboration and cooperation, problem-solving, interpersonal skills, and many more, with risk-taking wrapping up the list. This, actually, points to the fact, that a DevOps engineer is a brilliant team player. This quality is often not so essential in the case of a developer. On the contrary, it is urgent in the DevOps universe, judging by the number of individuals and teams that a DevOps engineer has to interact with on a daily basis.

In its turn, Qulix Systems distinguishes the following soft skills expected from a DevOps candidate:

  • Strive for constant perfection and thirst for the new;
  • Curiosity, inner drive to get to the bottom, enthusiasm;
  • Strong work ethic and time management skills;
  • Openness and teamwork skills.

 

DevOps Engineer Skills

A Recap

As a developer, a DevOps engineer should be able to develop new and upgrade and fix the existing software. As a system administrator, he/she needs to master various tools and technologies to automate, configure and monitor operating environments. Finally, as a team player who’s regularly in touch with different people, a DevOps engineer must demonstrate impeccable soft skills. Seems like a DevOps engineer is Jack of all trades and, surprisingly, master of all. What it actually gives to an enterprise, in figures? It is 200 times more frequent deployments, 24 times faster recovery, and 3 times lower change failure rates, according to the “State of DevOps Report” by Puppet.

In short, the era of speedy delivery, efficient troubleshooting, and spectacular networking is synonymous with the era of DevOps. Is there a flip side to this success story? Well, it’s $100,000 in salary, which lands DevOps engineers on top of almost every Highest paying tech jobs list.

Well, if your company already has a DevOps department up and running, surely you’ve seen the mesmerizing effect of them in action. If you are yet to try this IT weapon out, don’t wait too long, and surely don’t be thrown off by the numbers in the above paragraph. Given that the global IT industry is about to reach $5 trillion in 2019, it’s a reasonable, if not a modest price to pay.

How Can Setup Mod Banner

 

What are the Best DevOps Skills?

Here are the steps to redo it if you need to do it on the new server

Generate banner using: http://www.bagill.com/ascii-sig.php
Font: Standard
Width: 80 or 60
Alignment: Left
Click Generate ASCII Signate Take a copy of it
​​SSH into the new server
Create   vi /etc/sshbanner.txt – Past the copy here
vi /etc/ssh/sshd_config
Search  for banner
uncomment  this add the banner path on it
# no default banner path
Banner  /etc/sshbanner.txt

Save file systemctl restart sshd &&   systemctl  status  sshd
logout from the current SSH session and  reconnect  using SSH and verify MOD banner should be visible with new changes

ModSecurity And Mod_evasive For Apache On CentOS 7

Introduction

 

ModSecurity and mod_evasive are free Apache modules that protect your web server from various brute force or (D)DoS attacks, including SQL injection, cross-site scripting, session hijacking, and many others. These modules can be deployed and integrated into your infrastructure without having to modify your internal network.

In this tutorial, I will explain how to install, configure and integrate ModSecurity and mod_evasive with Apache on CentOS 7.

Requirements

  • A server running CentOS v. 7 with Apache installed
  • A static IP Address for your server

Installing ModSecurity And Mod_evasive

First, you will need to install the EPEL yum repository on the server. Run the following command to install and enable the EPEL repository:

sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Now you can install mod_security and mod_evasive by running the following command:

sudo yum --enablerepo=epel install mod_security mod_evasive

After installing these modules, you can verify them by running the following commands:

sudo httpd -M | grep evasive

If mod_evasive is enabled, you will see the following output:

evasive20_module (shared)

To test the mod_security module, run:

sudo httpd -M | grep security

If mod_security is enabled, you will see the following output:

security2_module (shared)

Configure ModSecurity

Now that the installation is complete and verified, you will need to install a Core Rule Set (CRS) to use mod_security. The CRS provides a web server with a set of rules on how to behave under certain conditions. You can download and install the latest OWASP CRS by running the following commands:

sudo mkdir /etc/httpd/crs
sudo cd /etc/httpd/crs
sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
sudo tar -xvf master
sudo  mv SpiderLabs-owasp-modsecurity-crs-* owasp-modsecurity-crs

Now go to the installed OWASP CRS directory:

sudo cd  /etc/httpd/crs/owasp-modsecurity-crs/

In the OWASP CRS directory, you will find a sample file with rules modsecurity_crs_10_setup.conf.example. You need to copy its contents into a new file named modsecurity_crs_10_setup.conf.

sudo cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Now you need to tell Apache to use this file along with the module. You can do this by editing Apache main configuration file:

sudo nano /etc/httpd/conf/httpd.conf

Add the following lines at the end of the file:

<IfModule security2_module>
    Include /etc/httpd/crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
    Include /etc/httpd/crs/owasp-modsecurity-crs/base_rules/*.conf
</IfModule>

Save and close the file and restart Apache to reflect changes.

sudo apachectl restart

Last, it is a good idea to create your own configuration file within the modsecurity.d directory. You can do this by creating a file named mod_security.conf.

sudo nano /etc/httpd/modsecurity.d/mod_security.conf

Add the following lines:

<IfModule mod_security2.c>
    SecRuleEngine On
    SecRequestBodyAccess On
    SecResponseBodyAccess On 
    SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream 
    SecDataDir /tmp
</IfModule>

Save and close the file and restart Apache to reflect the changes.

sudo apachectl restart

Configure Mod_evasive

The mod_evasive module reads its configuration from which can be easily customized. You don’t need to create a separate configuration file because there are no rules to update during a system upgrade.

The default mod_evasive.conf file has the following directives enabled:

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>

You can change these values according to the amount and type of traffic that your web server needs to handle.

  • DOSHashTableSize: This directive specifies how mod_evasive keeps track of who’s accessing what. Increasing this number will provide a faster lookup of the sites that the client has visited in the past.
  • DOSPageCount: This directive specifies how many identical requests to a specific URI a visitor can make over the DOSPageInterval interval.
  • DOSSiteCount: This is similar to DOSPageCount, but corresponds to how many requests overall a visitor can make to your site over the DOSSiteInterval interval.
  • DOSBlockingPeriod: If a visitor exceeds the limits set by DOSSPageCount or DOSSiteCount, their IP will be blocked during the DOSBlockingPeriod amount of time. During this interval, they will receive a 403 (Forbidden) error.

One of the most important configuration options you need to change is DOSEmailNotify. If this option is enabled, an email will be sent to the specified email address whenever an IP address is blacklisted.

You can do this by editing the mod_evasive.conf file:

sudo nano  /etc/httpd/conf.d/mod_evasive.conf

Uncomment the DOSEmailNotify line by removing the # in front of the line, and change the email address to your own:

DOSEmailNotify   jdoe@gmail.com

Save and close the file and restart Apache to reflect the changes.

sudo apachectl restart

Note: You need to have a functioning mail server on this server for this email alert to work.

Testing ModSecurity

To test mod_security you can use curl to send HTTP requests to the Apache server. One of the ModSecurity default rules is to reject requests that have a User-Agent of “Nessus”. This is intended to deny information to attackers who use automated scanners.

You can check mod_security by running the following command:

sudo curl -i http://192.168.1.42/ -A Nessus

You should see a 403 Forbidden response, as shown below on this page. ModSecurity has blocked the request because the User-Agent identifies it as a Nessus scan.

HTTP/1.1 403 Forbidden
Date: Tue, 27 Oct 2015 11:08:39 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
Accept-Ranges: bytes
Content-Length: 4897
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8

Testing Mod_evasive

Now it’s time to test to make sure that the mod_evasive module is working. You can do this using the Perl scripttest.pl written by Mod_Evasive developers.

Before running this script, you need to make some changes:

sudo nano /usr/share/doc/mod_evasive-1.10.1/test.pl

Find the line for(0..100) { Replace 100 with 200. Find the line PeerAddr=> "127.0.0.1:80"); Replace 127.0.0.1 with yourserverip (192.168.1.42).

#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..200) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                  PeerAddr=> "192.168.1.42:80");
  if (! defined $SOCKET) { die $!; }
  print $SOCKET "GET /?$_ HTTP/1.0\n\n";
  $response = <$SOCKET>;
  print $response;
  close($SOCKET);
}`

Save and exit.

Now, run the script:

sudo  /usr/share/doc/mod_evasive-1.10.1/test.pl

You should see the following output:

HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden</code></pre>

ModEvasive also logs to Syslog when the IP address is blocked. You can check the log file using:

sudo tailf /var/log/messages

You should see the following output:

Oct 26 15:36:42 CentOS-7 mod_evasive[2732]: Blacklisting address 192.168.1.42: possible DoS attack.

How to register a domain name and host with SeekaHost multiple IP address hosting in SeekaPanel

Introduction

Some Benefits Hotong  with PBN Seeka Host 

  • Security 
  • Free SSL
  • Easy Blog setup 
  • No Foot Print 
  • Multiple server Location 
  • Best user support 

This article will give you an idea of “How to register a domain name and host it with SeekaHost multiple IP addresses hosting in SeekaPanel” step by step.

This article will provide answers to your concerns and most common questions 

How can I log in to the Seekahost Portal?

First thing first you need to login to the https://portal.seekahost.app/ 1st place to purchase the domain name and hosting, as usual, you need to type the above-mentioned URL in your browser and hit enter it will direct you to the  https://portal.seekahost.app/  once you see the https://portal.seekahost.app/  in your browser every 1st thing you need to do is create an account on it. If Don’t have an account yet? Sign up  provide requested information and do the needful

After that, you will receive verification mail to activate your account on  SeekaPanel. Once you verified login to the https://portal.seekahost.app/   using your email address and the password which you have used to sign up

 

Once you successfully log in to the portal you will see a dashboard like below. Please note in your dashboard PBN  hosting is not showing as 1 and domain count also will not showing as 1 because you have still have not purchased the domain or hosting plan yet.

How to register a Domain Name? 

Then the very critical part of this section comes honestly speaking this is not the critical or advanced thing with https://portal.seekahost.app/  only critical part is to pick a suitable domain. This is a mind-blowing game. Once you decide which domain name you’re going to purchase. Please go to the dashboard and navigate to the Find & Register Domain Names. Type your  domain name in the search box and click on the search button there 

Sometimes, that domain might be already taken from someone then you will get the search result like below. 

In that case, what you have to do is start a mind-blowing game once again and decide on another domain name or you can pick one from the available and suggested free and available domain. In my case I would like to pick the dreamray.org domain then click on the check out button. It will add into the cart and you will get a popup message saying added successfully and the domain will add to your cart. 

Suppose some domain name is mistakenly added to your cart you can clear those from the cart, click on your shopping cart and click on the trash bin it will delete unwanted items from the cart. 

Click the “CHECKOUT” button 

Here you can select the Domain Price / Cycle for up to 5 years and also you can enable the auto-renew option to suppose the domain cycle you have selected with 1/Year it will automatically renew for next year with its reach to its life cycle also you can enable contact privacy also here.   Click next 

After that, you need to fill in your personal information to proceed with the payment  and also need to add your payment method too Once everything is done click on the “Next” button

Once you click the next button you can see the below windows with your attached credit card 

Now click on the “order now” button you you will get the invoice as well as domain verification email too. Follow the instruction mentioned in the mail subject with “VERIFICATION REQUIRED – Please verify your domain name(s) as soon as possible”

Note: That link will be activated only for 24 Hours 

 

Once you verified your domain using the given verification link. you will be getting another mail for Control of how your data is shared. If you wish to share that information you can  do it otherwise you can leave it 

Now your domain purchased part is completed. Now you can see your recently purchased domain from the https://portal.seekahost.app/ Dashboard and when you navigate to the domain name section under the domain name section you can see your recently purchase a domain. It has a Domain name, Duration, Domain Status, Details, Expired date and etc 

 

Now time to talk about the second part of this article. In this part, I’m going to purchased PBN Hosting. Go to the  Hosting > PBN Hosting and select which plan you hope to Pickup. I have selected 1 PBN Hosting Plan Click on the “CHOOSE PLAN” Button 

Once you selected a plan and proceed with the Payment  you will get a mail like below click on the “Create New Blog” Button it will lead you to create a new blog section on Portal 

It will open the below window and asked you to you enter the Blog Domain: n3solutions.online. Please make sure not to use “www” If you have a blog category you can select one from there of you can create once, Also you need to put your Blog Title. Click on the “ADD BLOG” button to go ahead with blog creation.  

Then you will see a window like below and it will let your status regarding your blog creation 

Once the store creation is finished the status will change to “Online “

Click on the “Action” button  It will bring you to the following windows from there you can see BLOG IP, Name servers, Login details. You will get a mail with your WP Login Name servers and login URL too. 

Please update above mentioned Private Name Servers on your Domain registrar before you visit the blog. You can check the Current Name Server & IP status at – Leafdns.com

Note: Please Note Down your “Login Details” this password will de disappear once you activated your SSL certificate Copy Down Log IP: Ex 54.39.70.78 head over to your domain 

Go down to the register lock first we are going to unlock it temporarily to set up the name servers 

Then head over to the private name server  and  here we are going to register our name server ns 1 and n2 which is unique 

Name Server: ns1

IP Address: 54.39.70.78

Click “Create”

Add n2 name servers as we did it before

Name Server: ns2

IP Address: 54.39.70.78

Click “Create”

 Go to the Domain names and domain click in the Name Server.

 Select Use custom nameservers (enter below).  Update the name server  we have created 

Once you click on the change name serves button your name server will update successfully and you will get a screen like below. 

Once it’s successfully updated. Go to the register lock and re-enable the lock 

Now you can be heading to the Website and Blogs  go to the PBN Select PBN blog and go to the actions check  name servers via leafDNS or MXtools box

Leaf DNS 

Mxtool Box 

Once the private DNS Nameservers are Propergte correctly you can activate your SSL certificate. Click On the SSL Switch on the button.  Your SSL will be activated around 30 minutes 

 

Get More Idea Regarding 

Best Domain and Private Blogging Networks (PBN) Hosting Solution With SeekaHost