Presentation Lfoppiano Pycon

•

0 likes•613 views

Luca Foppiano

Technology

Summary
The big picture
Solutions
Features
What about future?
Related projects

The big picture
“turn off all testing virtual machines”
“restart all crashed web services”
“update all machines with operation suffix in the name (eg.
web*.example.*, customer*, etc)”

Solutions?
Manual solution
SSH or Telnet (as your risk)
Func (https://fedorahosted.org/func)

Manual solution

Obsolete
Expensive
Impossible on world
distributed network
High risk
Need to trust unskilled
people

SSH
Secure
Bash powered
Problems with multihop
Requires manual “public key” exchange
Security issues (one machine has the control of whole
networks without any filter)

Func
Provides Python APIs (and/or CLI command) to manage
huge number of machines
Fedora Unified Network Controller
A Red Hat and Fedora Project
Written in Python
Secure (https based connection)
Modulebased architecture
Easy to expand by writing new modules
Security model guarantee by ACLs
Web interface based on TurboGear (FuncWeb)

Func: quick start
Two components: certmaster (51235/tcp) and minion
(51234/tcp)
Status or the art: 1 Certmaster, N minions (Proxy module
will be available after Google SoC)
Certmaster needs to sign minions by certificate
generation (automatically performed using autosign):
certmasterca tool.
Minion needs only to know who is certmaster

[root@a~]# certmaster-ca --list
[root@a~]# certmaster-ca --sign hostname.domain.x
[root@a~]# certmaster-ca --clear hostname.domain.x

Func: starting
Open a shell on certmaster host

Python API

>>> from func.overlord import client
>>> client1 = client.Client(“*.lan”)
>>> client1.service.restart(“httpd”)
>>> client1.command.run(“df h”)

CLI
[root@a~]# func “*.com” call service restart “httpd”
[root@a~]# func “*.lan” call command run “df h”

What about modules?
Func based on modules architecture
A module support new stuff
20 modules (libVirt, jboss, info, process, command,
iptables, nagios, etc)
Writing a new module is simple.
When you write a module, it works on both CLI and
PyScripting, no modification on func are needed.

How to write new module
funccreatemodule
By hand

import func_module
class NewModule(func_module.FuncModule):
version = “1.0”
api_version = “0.1”
description = “new module”

def __init__(self):
pass

def anAction(self, arg1, arg2):
pass

Advanced features
Async mode
Only on python API (implementation is coming ;) )
Useful on long time required commands (eg. Yum update)
Multiplexer: possibility to launch more than one process
Globbing
Grouping

Globbing
Python API
>>> from func.overlord import client
>>> glob1 = client.Client(“customer*; office.example.lan”)
>>> glob1.yumcmd.update();

CLI

[root@a~]# func “*.example.org;*.lan” run yumcmd update
[root@a~]# func “web*.domain.it;virt*” run

Grouping
[root@a~]# cat /etc/func/groups
[webservers]
host = office.example.lan, customer01.example.com

[jbossas]
host = *.example.lan

Python API & CLI Example
>>> from func.overlord import client
>>> client.Client(@webservers).service.restart(“httpd”);

[root@a~]# func “@webservers” run service restart “httpd”

Future ideas
Modules module
Google Summer of Code:
Proxy module
Systemconfig* module
User/groups manipulation
Package on other distributions (Debian, Suse, Ubuntu,
etc.)

Related projects
Symbolic (http://www.opensymbolic.org)
Puppet (http://reductivelabs.com/trac/puppet)
Puppetteam
(http://projects.bytecode.com/trac/puppetteam)
Cobbler (http://cobbler.et.redhat.com/)

What's hot

In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them… Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism. In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs. Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc). * unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.

Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes

Peter Hlavaty

Fluentd v0.14 Overview

N Masahiro

Treasure Data Summer Internship Final Report

Ritta Narita

Linux multiplexing

Mark Veltzer

G rpc lection1

eleksdev

Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework

egypt

Nagios Conference 2011 - Michael Medin - Workshop: Scripting On The Windows Side

Nagios

How to create multiprocess server on windows with ruby - rubykaigi2016 Ritta ...

Ritta Narita

Mr201309 automated on-execute_test_using_virtual_box_eng

FFRI, Inc.

Vagrant are you still develop in a non-virtual environment-

Anatoly Bubenkov

Virtual Machine Introspection with Xen

Tamas K Lengyel

Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)

Shota Shinogi

Improving monitoring systems Interoperability with OpenMetrics

Chan Shik Lim

Bypassing patchguard on Windows 8.1 and Windows 10

Honorary_BoT

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System

Tamas K Lengyel

Controlling multiple VMs with the power of Python

Yurii Vasylenko

What is new in Go 1.8

John Hua

Asynchronous programming intro

cc liu

Keynote - Fluentd meetup v14

Treasure Data, Inc.

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security

CanSecWest

What's hot (20)

Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes

Fluentd v0.14 Overview

Treasure Data Summer Internship Final Report

Linux multiplexing

G rpc lection1

Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework

Nagios Conference 2011 - Michael Medin - Workshop: Scripting On The Windows Side

How to create multiprocess server on windows with ruby - rubykaigi2016 Ritta ...

Mr201309 automated on-execute_test_using_virtual_box_eng

Vagrant are you still develop in a non-virtual environment-

Virtual Machine Introspection with Xen

Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)

Improving monitoring systems Interoperability with OpenMetrics

Bypassing patchguard on Windows 8.1 and Windows 10

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System

Controlling multiple VMs with the power of Python

What is new in Go 1.8

Asynchronous programming intro

Keynote - Fluentd meetup v14

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security

Viewers also liked

Is not about it, is all about sailing

Luca Foppiano

Agile Day 2013 - Agile experience, between successes and failures [EN[

Luca Foppiano

Meetup Lfoppiano

Luca Foppiano

Design "user experience" centric applications

Luca Foppiano

Ltsp Slide

Luca Foppiano

The Near Future of CSS

Rachel Andrew

The Presentation Come-Back Kid

Ethos3

The Buyer's Journey - by Chris Lema

Chris Lema

Viewers also liked (8)

Is not about it, is all about sailing

Agile Day 2013 - Agile experience, between successes and failures [EN[

Meetup Lfoppiano

Design "user experience" centric applications

Ltsp Slide

The Near Future of CSS

The Presentation Come-Back Kid

The Buyer's Journey - by Chris Lema

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

MINDCTI Revenue Release Quarter One 2024

MIND CTI

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

MINDCTI Revenue Release Quarter One 2024

Boost PC performance: How more available memory can improve productivity

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

presentation ICT roal in 21st century education

Apidays New York 2024 - The value of a flexible API Management solution for O...

Partners Life - Insurer Innovation Award 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

A Domino Admins Adventures (Engage 2024)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Manulife - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

🐬 The future of MySQL is Postgres 🐘

Data Cloud, More than a CDP by Matt Robison

Presentation Lfoppiano Pycon

1. FUNC Fedora Unified Network Controller Luca Foppiano <lfoppiano@byte-code.com>

2. Summary The big picture Solutions Features What about future? Related projects

3. The big picture “turn off all testing virtual machines” “restart all crashed web services” “update all machines with operation suffix in the name (eg. web*.example.*, customer*, etc)”

4. Solutions? Manual solution SSH or Telnet (as your risk) Func (https://fedorahosted.org/func)

5. Manual solution Obsolete Expensive Impossible on world distributed network High risk Need to trust unskilled people

6. SSH Secure Bash powered Problems with multihop Requires manual “public key” exchange Security issues (one machine has the control of whole networks without any filter)

7. Func Provides Python APIs (and/or CLI command) to manage huge number of machines Fedora Unified Network Controller A Red Hat and Fedora Project Written in Python Secure (https based connection) Modulebased architecture Easy to expand by writing new modules Security model guarantee by ACLs Web interface based on TurboGear (FuncWeb)

8. Func: quick start Two components: certmaster (51235/tcp) and minion (51234/tcp) Status or the art: 1 Certmaster, N minions (Proxy module will be available after Google SoC) Certmaster needs to sign minions by certificate generation (automatically performed using autosign): certmasterca tool. Minion needs only to know who is certmaster [root@a~]# certmaster-ca --list [root@a~]# certmaster-ca --sign hostname.domain.x [root@a~]# certmaster-ca --clear hostname.domain.x

9. Func: starting Open a shell on certmaster host Python API >>> from func.overlord import client >>> client1 = client.Client(“*.lan”) >>> client1.service.restart(“httpd”) >>> client1.command.run(“df h”) CLI [root@a~]# func “*.com” call service restart “httpd” [root@a~]# func “*.lan” call command run “df h”

10. What about modules? Func based on modules architecture A module support new stuff 20 modules (libVirt, jboss, info, process, command, iptables, nagios, etc) Writing a new module is simple. When you write a module, it works on both CLI and PyScripting, no modification on func are needed.

11. How to write new module funccreatemodule By hand import func_module class NewModule(func_module.FuncModule): version = “1.0” api_version = “0.1” description = “new module” def __init__(self): pass def anAction(self, arg1, arg2): pass

12. Advanced features Async mode Only on python API (implementation is coming ;) ) Useful on long time required commands (eg. Yum update) Multiplexer: possibility to launch more than one process Globbing Grouping

13. Globbing Python API >>> from func.overlord import client >>> glob1 = client.Client(“customer*; office.example.lan”) >>> glob1.yumcmd.update(); CLI [root@a~]# func “*.example.org;*.lan” run yumcmd update [root@a~]# func “web*.domain.it;virt*” run

14. Grouping [root@a~]# cat /etc/func/groups [webservers] host = office.example.lan, customer01.example.com [jbossas] host = *.example.lan Python API & CLI Example >>> from func.overlord import client >>> client.Client(@webservers).service.restart(“httpd”); [root@a~]# func “@webservers” run service restart “httpd”

15. Future ideas Modules module Google Summer of Code: Proxy module Systemconfig* module User/groups manipulation Package on other distributions (Debian, Suse, Ubuntu, etc.)

16. Related projects Symbolic (http://www.opensymbolic.org) Puppet (http://reductivelabs.com/trac/puppet) Puppetteam (http://projects.bytecode.com/trac/puppetteam) Cobbler (http://cobbler.et.redhat.com/)

17. Thanks ;) Questions and answers?

Presentation Lfoppiano Pycon

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Presentation Lfoppiano Pycon

Similar to Presentation Lfoppiano Pycon (20)

Recently uploaded

Recently uploaded (20)

Presentation Lfoppiano Pycon