Adithya

Port knocking is a security technique used to secure servers. Connection is attempted to a sequence of ports to open or close an application/service port.
UFW (Uncomplicated Firewall) is available on all recent Ubuntu versions.

knockd installation:

apt install knockd

knockd configuration file:

/etc/knockd.conf

[options] UseSyslog [SSH] sequence = 7000,8000,9000 seq_timeout = 5 start_command = ufw allow from %IP% to any port 22 tcpflags = syn cmd_timeout = 10 stop_command = ufw delete allow from %IP% to any port 22

The sequence for opening port 22 is 7000–8000–9000. The SSH port will be open for 10 seconds before it is closed again. SSH access is enabled only for the IP which is knocking.
The ports in the knocking sequence should be allowed in the firewall first.

--

--

Notify Slack about build stage status from a Maven Job from Jenkins. Assuming Slack incoming webhooks and few secret bindings in Jenkins are already done.
This seems to work only with Maven jobs.

set +x build_status=$(curl -su "$jenkins_login" "$BUILD_URL"/api/xml | grep result | sed 's/^.*<result>//' | sed 's/<\/result>.*$//') curl -X POST --data-urlencode "payload={\"channel\": \"#general\", \"username\": \"Jenkins\", \"text\": \"$JOB_BASE_NAME build - $BUILD_DISPLAY_NAME\nBuild status = "$build_status"\", \"icon_emoji\": \":jenkins:\"}" https://hooks.slack.com/services/$SLACK_TOKEN

Above script is entered into Post Steps of a Maven job.
Jenkins credentials and Slack webhook is stored as secrets.
Status of the build retrieved from Jenkins API and is stored in build_status. It is then used in curl to notify Slack.

--

--

Adithya

Adithya

I work with cloud, containers, linux