DEV Community: Emmanuel Kariithi

Design and Implement Role-Based Access with AWS IAM

Emmanuel Kariithi — Wed, 20 Aug 2025 11:11:29 +0000

Introduction

When I first started exploring AWS, I quickly realized that reading docs and watching tutorials wasn't enough for me. I wanted to get my hands dirty with real projects. The problem was that most resources either covered concepts without context or jumped straight into production level setups without explaining the "why."

After some searching, I came across a course called AWS Mastery: 26 AWS Cloud Projects for Engineers & Architect on Udemy by Pravin Mishra. What I love about this course is that it isn't just theory, it focuses on practical, project-based learning.

So I've decided to take on a personal challenge of working through each project without looking at the solutions while documenting my process here in this little world of mine. This way, I can build confidence while also creating a guide that other beginners can follow.

This article is the first in that journey.

Project Overview
- What is AWS IAM?
Step 1: Create the Admins Group
Step 2: Create the Developers Group
Step 3: Create the Test Group
Step 4: Add Users to Groups
Step 5: Enable Multi-Factor Authentication (MFA)
Step 6: Set Up Regular Access Reviews
Wrap Up
Key Takeaways

Project Overview

In this task, I'm stepping into the role of a Cloud Security Administrator for a fictional company called ComiCloud, a comics delivery service / store. The goal is to set up a structured IAM environment that's both secure and easy to manage.

The main tasks are:

Create IAM groups (Admins, Developers, Testers) with appropriate permissions.
Add users to the right groups (including cross-functional users).
Configure security best practices like MFA.
Set up a process for regular access reviews.

So, what is AWS IAM (Identity and Access Management)?

According to the official AWS documentation, AWS IAM is a web service that helps you securely control access to AWS resources. IAM manages the permissions that determine which AWS resources users can access.

Since it's risky to use the AWS root account for daily operations and most organizations have multiple users who need different levels of access, AWS Identity and Access Management (IAM) is essential for securely managing who can access what.

Example: Imagine a small startup (like ComiCloud) building a web application on AWS. The admin team needs full control to set up services, developers need access to services like EC2 and S3 (Don't worry, we'll cover these in future projects) to run and store code, while testers only need read-only permissions to validate features. With IAM, you can create groups for admins, developers and testers and assign the right permissions to each, so everyone has just enough access to do their job and nothing more. This is known as the principle of least privilige.

Phew! That felt like a long introduction. Let's get our hands dirty, shall we?

Oh, before I forget, you'll need to create an AWS account first. AWS usually gives new accounts free credits (around $100), which is more than enough for experimenting (Used to be 12 months free for a number of services).

Step 1: Create the Admins Group

The first step is to create an Admins group and give it full administrator access.

Log in to the AWS Management Console and open IAM.
Navigate to User Groups then Create group
Enter Admins as the group name.
Attach the AdministratorAccess policy you can search it in the search bar if it doesn't appear on top.
Click Create group

Now we have a dedicated Admins group with full privileges.

Step 2: Create the Developers Group

Next, set up the Developers group with policies granting access to EC2, S3 and RDS.

AmazonEC2FullAccess
AmazonS3FullAccess
AmazonRDSFullAccess

The process is identical to creating the Admins group, just enter Developers as the name and attach the three policies.

Our Developers group is now ready.

Step 3: Create the Test Group

For the Testers, create a group named Test and attach ReadOnlyAccess policy.

Repeat the same steps as before (create group → name → attach policy → create).

You should now see all three groups (Admins, Developers and Test) in your console.

Step 4: Add Users to Groups

With groups ready, it's time to create and add users.
Our fictional organization has the following users:

Admins: John_Admin, Lisa_Admin, Raj_Admin
Developers: Alice_Dev, Mark_Dev, Priya_Dev
Testers: Sam_Test, Nina_Test, Carlos_Test
Cross-functional: Alex_DevOps (belongs to both Developers and Test groups).

I will show you how to create a user and you will create the others since the steps are similar for each user.

In the IAM dashboard, select Users
Select Create user
Enter John_Admin as the username and check the 'Provide user access to the AWS Management Console' checkbox.
Select 'I want to create an IAM user' and you can choose whether to autogenerate a password or use a custom password and click Next.
Select Add user to group and select the Admins group then click Next.
Create User and the next page will prompt you to download the user's login credentials. Ensure that you download the .csv file and store it safely.

Repeat the same process for the other user and remember to add each user in their respective group. For Alex_DevOps select both Developers and Test.

At this point, your IAM environment should have all groups and users properly configured.

Step 5: Enable Multi-Factor Authentication (MFA)

Security best practices recommend enabling MFA for all users and it's mandatory for Admins. MFA adds an extra layer of security by requiring not just a password, but also a temporary code from an authenticator app or device.

Here's how to enable MFA for a user (we'll start with John_Admin):

Go to IAM → Users
Select the user John_Admin
Open the Security credentials tab
Under Multi-factor authentication (MFA), click Assign MFA device
Enter a name for the MFA device and choose Authenticator app Click Next
Follow the instructions on that page, enter the two codes and click Add MFA

MFA is now enabled for John_Admin.

Repeat the same process for the other two Admins (Lisa_Admin and Raj_Admin).

Step 6: Set Up Regular Access Reviews

Creating groups and assigning users is just the beginning. To keep your AWS environment secure, you need to perform regular access reviews most probably once per quarter.

Here’s what to check during a review:

Group Memberships
- Go to IAM → Groups → Users tab and verify each user is still in the right group.
- Remove users who no longer need access.
Policies
- For each group, open the Permissions tab.
- Confirm only the necessary policies are attached.
- Remove or adjust any that seem too broad.
MFA Status
- In IAM → Users, check the MFA column.
- Make sure all Admins have MFA enabled.
Credential Rotation
- Remind users to rotate passwords and access keys every 90 days.
Document Changes
- Keep a simple log of any modifications (e.g., add/remove user, updated policy).
- You could store this securely in an internal wiki or even an encrypted S3 bucket.

This process helps maintain the principle of least privilege and ensures your IAM setup stays secure over time.

Step 6: Set Up Regular Access Reviews

Creating groups and assigning users is just the beginning. To keep your AWS environment secure, you need to perform regular access reviews most probably once per quarter.

Here’s what to check during a review:

Group Memberships
- Go to IAM → Groups → Users tab and verify each user is still in the right group.
- Remove users who no longer need access.
Policies
- For each group, open the Permissions tab.
- Confirm only the necessary policies are attached.
- Remove or adjust any that seem too broad.
MFA Status
- In IAM → Users, check the MFA column.
- Make sure all Admins have MFA enabled.
Credential Rotation
- Remind users to rotate passwords and access keys every 90 days.
Document Changes
- Keep a simple log of any modifications (e.g., add/remove user, updated policy).
- You could store this securely in an internal wiki or even an encrypted S3 bucket.

This process helps maintain the principle of least privilege and ensures your IAM setup stays secure over time.

Wrap Up

That’s a wrap! We've just built a complete role-based access management system in AWS using IAM. Yaaay!

Key Takeaways

Never use the root account for daily operations.
IAM groups make it easy to manage permissions at scale.
Always follow the principle of least privilege (users get only the access they need).
MFA is non-negotiable for Admins.
Regular access reviews help keep your environment secure over time.

This is just the first step in my AWS project journey. Next up, I’ll be tackling more hands-on projects, from setting up EC2 and S3, to building entire cloud-native applications.

If you’re learning AWS too, I encourage you to try this out in your own account. Don’t worry if you get stuck, that’s part of the process. The important thing is to keep experimenting and building.

Stay tuned for the next article where we’ll dive into more AWS services and put them into action.

Until then, happy cloud building! Turus!

Building a Password Strength Checker in Python

Emmanuel Kariithi — Mon, 14 Oct 2024 08:19:54 +0000

Hello again, and welcome to today's tutorial. Today, we are going to build a simple password strength checker using Python. We’ll explain how the code works step-by-step and give tips on how to improve your passwords.

Why is Password Strength Important?

A weak password makes it easier for hackers to guess or crack using various methods, putting your personal information at risk. A strong password is:

Long enough (at least 12 characters)
Uses a mix of letters (both uppercase and lowercase), numbers, and special characters
Avoids common or predictable words

Let’s get started by building a tool that assesses the strength of a password based on these rules.

Setting Up Your Environment

Before we start coding, make sure you have Python installed on your computer.

Create a new Python file where you will write your code. Also, download this file that contains the most common passwords (we will look more into that later) and save the file in the same directory as your Python file for this project.

Import Necessary Libraries

import string

The string module provides useful constants for checking character types like uppercase letters, digits and special characters.

Check for Common Passwords

def check_common_password(password):
    with open('common-password.txt', 'r') as f:
        common = f.read().splitlines()
    if password in common:
        return True
    return False

This function checks if the given password is in a list of common passwords.

It opens a file called 'common-password.txt' which we downloaded earlier.
It reads all the passwords from this file into a list.
If the input password is in this list, it returns True (meaning it's a common, and therefore weak, password).
Otherwise, it returns False.

Why is this important? Many hackers start by trying common passwords, so using one makes your account very vulnerable.

Assess Paswword Strength

def password_strength(password):
    score = 0
    length = len(password)

    upper_case = any(c.isupper() for c in password)
    lower_case = any(c.islower() for c in password)
    special = any(c in string.punctuation for c in password)
    digits = any(c.isdigit() for c in password)

    characters = [upper_case, lower_case, special, digits]

    if length > 8:
        score += 1
    if length > 12:
        score += 1
    if length > 17:
        score += 1
    if length > 20:
        score += 1

    score += sum(characters) - 1

    if score < 4:
        return "Weak", score
    elif score == 4:
        return "Okay", score
    elif 4 < score < 6:
        return "Good", score
    else:
        return "Strong", score

This function evaluates the strength of the password based on several criteria.

The password gets points for being longer than 8, 12, 17, and 20 characters.
It checks for the presence of uppercase letters, lowercase letters, special characters, and digits.

How does the scoring works?

It starts with a score of 0.
It adds 1 point for each length threshold passed.
It adds 1 point for each type of character used (uppercase, lowercase, special, digit), minus 1.
Based on the final score, it categorizes the password as "Weak", "Okay", "Good", or "Strong".

Provide feedback to the User

def feedback(password):
    if check_common_password(password):
        return "Password was found in a common list. Score: 0/7"

    strength, score = password_strength(password)

    feedback = f"Password strength: {strength} (Score: {score}/7)\n"

    if score < 4:
        feedback += "Suggestions to improve your password:\n"
        if len(password) <= 8:
            feedback += "- Make your password longer (more than 8 characters). \n"
        if not any(c.isupper() for c in password):
            feedback += "- Include uppercase letters.\n"
        if not any(c.islower() for c in password):
            feedback += "- Include lowercase letters.\n"
        if not any(c in string.punctuation for c in password):
            feedback += "- Add special characters (e.g., @, #, $).\n"
        if not any(c.isdigit() for c in password):
            feedback += "- Add numbers.\n"

    return feedback

This function combines the previous two functions to provide comprehensive feedback.

It first checks if the password is common. If so, it immediately returns a warning.
If the password is not common, it assesses its strength.
It provides the strength rating and score.
If the password is weak (score < 4), it gives specific suggestions for improvement.

Main Program

password = input("Enter the password: ")
print(feedback(password))

This last part simply asks the user to input a password and then prints the feedback.

Program in Action

Conclusion

Creating strong passwords is a vital part of maintaining online security, and with this tool, you can easily assess how secure your passwords are. This simple program demonstrates how basic Python programming can be combined with cybersecurity principles to solve a real-world problem.

Feel free to experiment with the code and add more features.

Happy coding, and stay secure!

Building a Simple Image Encryption Tool Using Python

Emmanuel Kariithi — Wed, 09 Oct 2024 13:44:21 +0000

Today, we're going to dive into an exciting project that combines image processing with basic encryption techniques. We'll be exploring a Python program that can encrypt and decrypt images using a simple yet effective method. Let's break it down step by step!

Prerequisites

To follow along, you should have:

Basic knowledge of Python programming.
Python installed on your computer.
Pillow library which is a python imaging Library used for handling images. Use pip install pillow to install.
Tkinter which is a python library used for building graphical user interfaces (GUIs). Use pip install tk to install.

What Does This Program Do?

This program creates a graphical user interface (GUI) that allows users to:

Select an image file
Choose an output location
Enter a seed key
Encrypt or decrypt the image

The encryption process shuffles the pixels of the image based on a seed key, making the image unrecognizable. The decryption process reverses this, restoring the original image.

Code Explanation

Importing Required Libraries

import os
from tkinter import Tk, Button, Label, Entry, filedialog, messagebox
from PIL import Image
import random

os provides functions to interact with the operating system.
tkinter provides GUI elements like buttons, labels, and input fields.
PIL (Pillow) allows us to open, manipulate, and save images.
random helps us shuffle the pixels in a deterministic way, using a seed.

Seeded Random Generator Function

def get_seeded_random(seed):
    """Returns a seeded random generator."""
    return random.Random(seed)

The get_seeded_random function returns a random object that can shuffle items the same way every time if given the same seed value.

This is key to both encrypting and decrypting images consistently.

Image Encryption

def encrypt_image(input_image_path, output_image_path, seed):
    """Encrypts the image by manipulating pixel values."""
    image = Image.open(input_image_path)
    width, height = image.size
    # Get pixel data as a list
    pixels = list(image.getdata())
    random_gen = get_seeded_random(seed)

    # Create a list of pixel indices
    indices = list(range(len(pixels)))
    # Shuffle the indices using the seeded random generator
    random_gen.shuffle(indices)

    # Reorder pixels based on shuffled indices
    encrypted_pixels = [pixels[i] for i in indices]

    # Create new image
    encrypted_image = Image.new(image.mode, (width, height))
    # Apply encrypted pixels to the new image
    encrypted_image.putdata(encrypted_pixels)
    # Save the encrypted image
    encrypted_image.save(output_image_path)
    return True

In this encrypt_image function:

We load the image and extract its pixel data.
The pixel order is shuffled using a seeded random generator to ensure the same shuffle order is maintained when decrypting.
We create a new image with the shuffled pixel values and save it as the encrypted image.

Image Decryption

def decrypt_image(input_image_path, output_image_path, seed):
    """Decrypts the image by reversing the encryption process."""
    image = Image.open(input_image_path)
    width, height = image.size
    # Get encrypted pixel data as a list
    encrypted_pixels = list(image.getdata())
    random_gen = get_seeded_random(seed)

    # Create a new list to hold pixel indices in their original order
    indices = list(range(len(encrypted_pixels)))
    # Shuffle the indices again to get the original order
    random_gen.shuffle(indices)

    # Create a new image to hold the decrypted data
    decrypted_pixels = [None] * len(encrypted_pixels)

    # Restore original pixels using the shuffled indices
    for original_index, shuffled_index in enumerate(indices):
        decrypted_pixels[shuffled_index] = encrypted_pixels[original_index]

    # Save the decrypted image
    decrypted_image = Image.new(image.mode, (width, height))
    decrypted_image.putdata(decrypted_pixels)
    decrypted_image.save(output_image_path)
    return True

This decrypt_image function works by reversing the encryption process. It:

Loads the encrypted image.
Uses the same random seed to reshuffle the pixels back into their original order.
Creates and saves a new image with the decrypted pixels.

File Selection Functions

def select_input_image():
    """Opens a file dialog to select an input image."""
    input_image_path = filedialog.askopenfilename(title="Select Image")
    input_image_label.config(text=input_image_path)

def select_output_image():
    """Opens a file dialog to select an output image path."""
    output_image_path = filedialog.asksaveasfilename(defaultextension=".png", filetypes=[("PNG files", "*.png"),("JPEG files", "*.jpg;*.jpeg"),("All files", "*.*")], title="Save Encrypted/Decrypted Image")

    output_image_label.config(text=output_image_path)

The select_input_image function allows the user to select the image they want to encrypt or decrypt by using a file dialog.

The selected image path is then displayed on the GUI.

Similarly, the select_output_image function allows users to choose where to save the output image.

Encrypt and Decrypt Button Functions

def encrypt():
    input_image_path = input_image_label.cget("text")
    output_image_path = output_image_label.cget("text")
    seed = seed_entry.get()

    if not input_image_path or not output_image_path:
        messagebox.showerror("Error", "Please select input and output images.")
        return

    if encrypt_image(input_image_path, output_image_path, seed):
        messagebox.showinfo("Success", "Image encrypted successfully!")

def decrypt():
    input_image_path = input_image_label.cget("text")
    output_image_path = output_image_label.cget("text")
    seed = seed_entry.get()

    if not input_image_path or not output_image_path:
        messagebox.showerror("Error", "Please select input and output images.")
        return

    if decrypt_image(input_image_path, output_image_path, seed):
        messagebox.showinfo("Success", "Image decrypted successfully!")

The encrypt and decrypt functions:

Gets the selected file paths and the seed value entered by the user.
Ensures the user has selected both input and output image paths before proceeding.
Calls the respective encrypt_image() or decrypt_image() functions and displays success messages once done.

Creating the GUI

root = Tk()
root.title("Image Encryption Tool")

# Create and place widgets
Label(root, text="Select Image to Encrypt/Decrypt:").pack(pady=5)
input_image_label = Label(root, text="No image selected")
input_image_label.pack(pady=5)

Button(root, text="Browse", command=select_input_image).pack(pady=5)

Label(root, text="Output Image Path:").pack(pady=5)
output_image_label = Label(root, text="No output path selected")
output_image_label.pack(pady=5)

Button(root, text="Save As", command=select_output_image).pack(pady=5)

Label(root, text="Enter Seed Key:").pack(pady=5)
seed_entry = Entry(root)
seed_entry.pack(pady=5)

Button(root, text="Encrypt Image", command=encrypt).pack(pady=5)
Button(root, text="Decrypt Image", command=decrypt).pack(pady=5)

root.mainloop()

Labels, buttons, and text entry fields are placed using pack().

The root.mainloop function keeps the window open and responsive to user input.

Program in Action

Conclusion

This program demonstrates how we can manipulate digital images at the pixel level and how we can use pseudo-random number generators for basic encryption tasks.

Happy coding, and stay secure!

Implementing a Caesar Cipher Program in Python

Emmanuel Kariithi — Mon, 07 Oct 2024 17:59:50 +0000

In the world of cybersecurity, encryption plays a crucial role in protecting sensitive information. One of the simplest and oldest forms of encryption is the Caesar Cipher, named after Julius Caesar, who reportedly used this method to communicate secretly with his generals, the Caesar Cipher provides an excellent starting point for understanding basic cryptographic concepts.

In this tutorial, we will walk through how to implement a Caesar Cipher in Python, allowing you to both encrypt and decrypt messages.

What is the Caesar Cipher?

The Caesar Cipher is a substitution cipher which works by shifting each letter of a message (plaintext) by a fixed number of positions in the alphabet. This fixed number is known as the "key" or "shift".

Here's how it works:

Choose a key (let's say 3).
For each letter in your message:
- Shift it forward in the alphabet by the number of positions specified by the key.
- If you reach the end of the alphabet, wrap around to the beginning.
Non-alphabetic characters (spaces, punctuation) remain unchanged.

For example, with a shift of 3:

'A' becomes 'D'
'B' becomes 'E'
'Y' becomes 'B' (wrapping around)
'Z' becomes 'C' (wrapping around)

So, the message "HELLO WORLD" with a shift of 3 would become "KHOOR ZRUOG".

During encryption, each letter in the message is shifted forward in the alphabet by the key value.
During decryption, each letter in the encrypted message is shifted backward in the alphabet by the key value.
The shift wraps around the alphabet, meaning if we go past Z, we loop back to A.

Implementation of Caesar Cipher

Let's dive into the Python code that implements this algorithm. We'll explain each part in detail so that you understand not only how the code works, but also why it works.

import string

def encrypt_decrypt(text, mode, key):
    letters = string.ascii_lowercase
    num_letters = len(letters)
    result = ''

    key = key % num_letters
    if mode == 'd':
        key = -key

    for char in text:
        if char.isalpha():
            if char.isupper():
                start = ord('A')
            else:
                start = ord('a')

            new_position = (ord(char) - start + key) % 26
            result += chr(start + new_position)
        else:
            result += char

    return result

We import the string module to help us handle the alphabet. We'll use it to get both the lowercase and uppercase letters easily.
The encrypt_decrypt function takes care of both encryption and decryption based on the mode selected by the user.
text is a parameter that represents the message to be encrypted or decrypted.
mode is a parameter that specifies whether we are encrypting ('e') or decrypting ('d').
key is a parameter that represents the number of positions by which to shift each letter in the text.
letters = string.ascii_lowercase stores all lowercase letters in the alphabet, which we can use to calculate shifts.
The modulo operator % 26 ensures that when the new position exceeds 25 (the index for 'Z'), it wraps around to 0 (the index for 'A').
If the mode is 'd' (decryption), we make the key negative (key = -key), so that letters are shifted in the opposite direction.
If the character is a letter, we calculate its position in the alphabet using ord(char) (which gives us the Unicode value of the character).
Depending on whether it's an uppercase or lowercase letter, we find the new position after applying the shift and convert it back to a character using chr().
If the character is not a letter (e.g., spaces or punctuation), we leave it unchanged and add it to the result.

Getting a Valid Key

def get_valid_key():
    while True:
        try:
            key = int(input('Enter a key (1 through 25): '))
            if 1 <= key <= 25:
                return key
            else:
                print("Key must be between 1 and 25. Please try again.")
        except ValueError:
            print("Invalid input. Please enter a number between 1 and 25.")

The get_valid_key() function ensures that the user inputs a valid key between 1 and 25. If the input is invalid (either not a number or outside the acceptable range), the program will prompt the user to try again. This function prevents errors due to incorrect user input.

Main Function

def main():
    while True:
        print("\n*** CAESAR CIPHER PROGRAM ***")
        print("1. Encrypt a message")
        print("2. Decrypt a message")
        print("3. Exit")

        choice = input("Enter your choice (1-3): ")

        if choice == '1':
            print("\nENCRYPTION MODE")
            key = get_valid_key()
            text = input('Enter the text to encrypt: ')
            ciphertext = encrypt_decrypt(text, 'e', key)
            print(f'CIPHERTEXT: {ciphertext}')

        elif choice == '2':
            print("\nDECRYPTION MODE")
            key = get_valid_key()
            text = input('Enter the text to decrypt: ')
            plaintext = encrypt_decrypt(text, 'd', key)
            print(f'PLAINTEXT: {plaintext}')

        elif choice == '3':
            print("Thank you for using the Caesar Cipher program. Goodbye!")
            break

        else:
            print("Invalid choice. Please enter 1, 2, or 3.")

if __name__ == "__main__":
    main()

The program presents a simple menu where the user can choose to encrypt a message, decrypt a message, or exit the program.

When a user chooses option 1, the user enters a text and a shift key, the program calls encrypt_decrypt() with mode e for encryption and displays the encrypted message.
When a user chooses option 2, the user inputs the encrypted text and the key used for encryption, the program calls encrypt_decrypt() with mode d for decryption and displays the original message.
When a user chooses option 3, the program terminates.

Program in Action

Encryption

Decryption

Exit

Conclusion

While the Caesar Cipher is an excellent learning tool, it's crucial to understand some of its limitations:

With only 25 possible shifts, it's vulnerable to brute-force attacks.
In longer messages, letter frequencies can be analyzed to break the cipher.

In this tutorial, we’ve implemented a Caesar Cipher in Python that allows users to both encrypt and decrypt messages.

Happy coding, and stay secure!

Walkthrough / Solution to SBT's Wireshark Challenge Activity

Emmanuel Kariithi — Wed, 02 Oct 2024 09:26:38 +0000

I recently started my journey in the cybersecurity world, aiming to build a career in this field. After completing Google's Cybersecurity course on Coursera, I embarked on the Blue Team Junior Analyst Pathway Bundle by Security Blue Team (SBT). This article is part of a series detailing my solutions to various activities covered on the platform. Please note that the Blue Team Junior Analyst Pathway Bundle is entirely self-paced and free.

In this instalment, I'll tackle the first activity, which involves analyzing network traffic with Wireshark.

Setup
Challenge Questions
Key Concepts
Solutions
- Which protocol was used over port 3942?
- What is the IP address of the host that was pinged twice?
- How many DNS query response packets were captured?
- What is the IP address of the host which sent the most number of bytes?
- What is the WebAdmin password?
- What is the version number of the attacker’s FTP server?
- Which port was used to gain access to the victim Windows host?
- What is the name of a confidential file on the Windows host?
- What is the name of the log file that was created at 4:51 AM on the Windows host?
Conclusion

Setup

If you're using Ubuntu like me, here's a guide on downloading Wireshark on your system. For other platforms, you can find installation instructions here.

Challenge Questions

The activity consists of analyzing two PCAP files and answering the following questions:

PCAP 1

Which protocol was used over port 3942?
What is the IP address of the host that was pinged twice?
How many DNS query response packets were captured?
What is the IP address of the host which sent the most number of bytes?

PCAP 2

What is the WebAdmin password?
What is the version number of the attacker's FTP server?
Which port was used to gain access to the victim Windows host?
What is the name of a confidential file on the Windows host?
What is the name of the log file that was created at 4:51 AM on the Windows host?

Key Concepts

Before we dive into the solutions, let's briefly explain some key networking concepts that will be encountered in this challenge:

Simple Service Discovery Protocol (SSDP) - This is a network protocol that allows network devices to advertise their services to others on the network. It's commonly used in home networks for devices like printers or media servers to make themselves discoverable.
Internet Control Message Protocol (ICMP) - This is a network layer protocol used by network devices to diagnose network communication issues. The most common example is the "ping" command, which uses ICMP echo request and reply messages.
Domain Name System (DNS) - Often called the "phonebook of the Internet," DNS translates human-readable domain names (like www.example.com) into IP addresses that computers use to identify each other on the network.
Hypertext Transfer Protocol (HTTP) - The foundation of data communication on the World Wide Web. It defines how messages are formatted and transmitted between web browsers and servers.
File Transfer Protocol (FTP) - A standard network protocol used for transferring files between a client and server on a computer network.

Now, let's proceed with the solutions.

Solutions

Which protocol was used over port 3942?

To find the protocol used over port 3942, we use the filter:

tcp.port == 3942 or udp.port == 3942

This filter shows all TCP or UDP traffic using port 3942. In the protocol column for the filtered packets, we see SSDP, which stands for Simple Service Discovery Protocol.

Therefore, the answer to the first question is SSDP.

What is the IP address of the host that was pinged twice?

To find the IP address of the host that was pinged twice, we apply the display filter:

icmp.type == 8

This filter shows ICMP echo request packets (pings). We look for the destination IP address that appears twice, which is 8.8.4.4. Note that 192.168.1.7 is a private IP address, while 8.8.4.4 is a public IP address.

The answer is 8.8.4.4.

How many DNS query response packets were captured?

To count DNS query response packets, we apply the display filter:

dns.flags.response == 1

This filter shows all DNS response packets. The number of packets can be found at the bottom right of the Wireshark window, which shows 90.

Therefore, the answer is 90

What is the IP address of the host which sent the most number of bytes?

To find the IP address of the host which sent the most bytes:

Go to Statistics > Endpoints
In the IPv4 tab, sort by the Tx Bytes column (click on the column header)

The IP address at the top of the list is 192.168.1.7, but the answer recognized by Security Blue Team is 115.178.9.18. This discrepancy might be due to an outdated answer key or a difference in interpretation.

What is the WebAdmin password?

To find the WebAdmin password:

Apply the filter http to show all HTTP traffic
Find the response to the GET request (frame 4121), which is frame 4123
Right-click on frame 4123 and select "Follow > HTTP Stream"

The password is visible in the stream: sbt123

What is the version number of the attacker’s FTP server?

To find the version number of the attacker's FTP server, check the first frame (4243). In the info column, the response is:

pyftpdlib 1.5.5 ready

This indicates that the version number is 1.5.5.

Which port was used to gain access to the victim Windows host?

To find the port used to access the victim's Windows host, use the filter:

ip.src == 192.168.56.1 and ip.dst == 192.168.56.103 and tcp.flags.ack == 1

This filter shows all packets from the attacker to the victim with an ACK flag set.

The port used is 8081.

What is the name of a confidential file on the Windows host?

To find the name of the confidential file:

Right-click on the first frame (4130) from the previous step
Select "Follow > TCP Stream"

The confidential file name is visible in the stream as Employee_Information_CONFIDENTIAL.txt

What is the name of the log file that was created at 4:51 AM on the Windows host?

In the same TCP stream as the previous question, you can find the log file created at 4:51 AM.

The answer is LogFile.log

Conclusion

This Wireshark challenge activity provides an excellent opportunity to practice network traffic analysis skills. By working through these questions, you'll gain hands-on experience with filtering packets, analyzing protocols, and extracting valuable information from network captures.

Automating User and Group Creation With Bash Script

Emmanuel Kariithi — Tue, 02 Jul 2024 12:36:06 +0000

In this article, I will guide you on creating a bash script that can be used to automate the creation of users and groups based on a provided list, set up home directories, generate random passwords and log all actions in a log file.

This script is task 2 given as part of the HNG Internship: DevOps track. You can read more about the HNG program here, and if you are hiring talented developers, checkout their services here.

Introduction
Prerequisities
Script Overview
- Shebang
- File Paths
- Ensure Secure Directory Exists
- Clear Log and Password Files
- Generate Random Password
- Check Input File
- Read the input file line by line
Example Input File
Usage
Conclusion

Introduction

This script automates user and group creation on a Unix-based system, making it easier for SysOps engineers to manage multiple users.

It reads a list of usernames and their respective groups from a file, creates users and groups, sets up home directories with appropriate permissions, generates random passwords, and logs all actions.

Prerequisities

Basic knowledge of Linux commands and Bash scripting.
Root or sudo privileges to run the script.
An input file containing the list of users and groups formatted as username;group1,group2,...

e.g.

flash; sudo,dev,www-data
thunder; sudo
thanos; dev,www-data

Script Overview

Shebang

When writing a bash script, the first thing is to ensure that you include a shebang at the top of the script file.

Shebang is used to tell the system which interpreter/command to use to execute the commands written inside the scripts.

For example in this case, let's use #!/bin/bash to tell the terminal to use bash to execute the script.

You can read more about shebang here.

File Paths

We need to set variables that specifies/stores paths to the files we will be using to achieve the various tasks.

This files are:

LOG_FILE: The log file where all actions are recorded.
PASSWORD_FILE: The file where generated passwords are stored securely.

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"

Ensure Secure Directory Exists

We use the conditional if statement to ensure that the var/secure directory exist.

if ! mkdir -p /var/secure 2>/dev/null; then
    echo "Failed to create /var/secure directory. Permission denied."
    exit 1
fi

chmod 700 /var/secure

chmod 700 grants the owner read , write and execute permissions, and gives no permissions for group and other users.

Clear Log and Password Files

This step clears the log and password files if they exist and sets appropriate permissions.

> "$LOG_FILE" 2>/dev/null || { echo "Failed to create log file $LOG_FILE. Permission denied."; exit 1; }
> "$PASSWORD_FILE" 2>/dev/null || { echo "Failed to create password file $PASSWORD_FILE. Permission denied."; exit 1; }

chmod 600 "$PASSWORD_FILE"

chmod 600 grants read and write permissions to the owner, while denying all permissions to the group and other users.

You can read more about modifying file permissions with chmod here.

Generate Random Password

This function creates a random 12-character password.

generate_password() {
    tr -dc A-Za-z0-9 </dev/urandom | head -c 12
}

Check Input File

Here, we check if an input file that contains a list of users and groups is provided and exits with a usage message if not.

if [ -z "$1" ]; then
    echo "Usage: $0 <user_list_file>"
    exit 1
fi

Read the input file line by line

Once we have verified that an input file has been provided, we can now process each user in the input file.

while IFS=';' read -r username groups; do

To avoid instances where the input file might contain whitesspaces, we have to ignore / trim the whitespaces first.

username=$(echo "$username" | xargs)
groups=$(echo "$groups" | xargs)

Check if a user in the input file exists in the system, and if so, skip creation of the user.

if id "$username" &>/dev/null; then
        echo "User $username already exists. Skipping..." | tee -a "$LOG_FILE"
        continue
    fi

Create a personal group for the user if it doesn't exist already.

if ! getent group "$username" &>/dev/null; then
        if ! groupadd "$username" 2>/dev/null; then
            echo "Failed to create group $username. Permission denied." | tee -a "$LOG_FILE"
            continue
        fi
        echo "Group $username created." | tee -a "$LOG_FILE"
    fi

Create the user with a home directory and assign the personal group.

if ! useradd -m -g "$username" -s /bin/bash "$username" 2>/dev/null; then
        echo "Failed to create user $username. Permission denied." | tee -a "$LOG_FILE"
        continue
    fi
    echo "User $username created with home directory." | tee -a "$LOG_FILE"

Add the user to additional groups as specified in the input file.

IFS=',' read -ra ADDR <<< "$groups"
    for group in "${ADDR[@]}"; do
        group=$(echo "$group" | xargs)
        if ! getent group "$group" &>/dev/null; then
            if ! groupadd "$group" 2>/dev/null; then
                echo "Failed to create group $group. Permission denied." | tee -a "$LOG_FILE"
                continue
            fi
            echo "Group $group created." | tee -a "$LOG_FILE"
        fi
        if ! usermod -aG "$group" "$username" 2>/dev/null; then
            echo "Failed to add user $username to group $group. Permission denied." | tee -a "$LOG_FILE"
            continue
        fi
        echo "User $username added to group $group." | tee -a "$LOG_FILE"
    done

Set permissions and ownership for the user's home directory.

chmod 700 "/home/$username"
chown "$username:$username" "/home/$username"

Using the function generate_password that we created earlier, generate a random password, set it for the user and log it in the PASSWORD_FILE.

password=$(generate_password)
echo "$username:$password" | chpasswd 2>/dev/null || { echo "Failed to set password for user $username. Permission denied."; continue; }
echo "$username,$password" >> "$PASSWORD_FILE"
echo "Password for user $username set." | tee -a "$LOG_FILE"

We can include a completion message for the "LOG_FILE".

echo "User creation process completed." | tee -a "$LOG_FILE"

Example Input File

Create a file named user_list.txt with the following content:

flash; sudo,dev,www-data
thunder; sudo
thanos; dev,www-data

Usage

To use the script, follow these steps.

Save the script as create_users.sh
Make the script executable - chmod +x create_users.sh
Run the script with sudo - sudo ./create_users.sh user_list.txt

You can view the full script here.

Conclusion

This script simplifies the process of creating users and groups, setting up home directories, generating passwords, and logging actions. By automating these tasks, SysOps engineers can efficiently manage user accounts in a consistent and secure manner.

Stored Procedures: The Secret to Improving Your Database Applications

Emmanuel Kariithi — Tue, 08 Aug 2023 14:36:35 +0000

Imagine a single command that can execute complex operations, streamline database interactions, and enhance security, all while reducing network traffic.

Stored procedures are the secret weapon in every seasoned developer's toolkit, offering not just a way to execute SQL statements, but a gateway to optimizing performance, simplifying maintenance and protecting your data.

In this exploration, we delve into the world of stored procedures, unraveling their capabilities and revealing how they revolutionize the way databases are harnessed.

Introduction to Stored Procedures
- What are stored procedures?
- Why use stored procedures?
- What are the limitations of using stored procedures?
Creating and Using Stored Procedures
- Create a stored procedure
- Types of parameters that can be used with stored procedures
- Call / execute a stored procedures
- Alter / modify a stored procedure.
- Drop / delete a stored procedure.
Best Practices for Developing Stored Procedures
Inventory Management Project
- Retrieve all items in items
- Add an item to items
- Update the quantity of an item in items
- Retrieve items by name
- Delete an item from items
Conclusion

Introduction to Stored Procedures

What are stored procedures?

A stored procedure is a group of SQL statements that are stored together as a unit.

Why use stored procedures?

Using stored procedures in a database driven application offers a range of benefits that contribute to improved performance, security, maintainability, and overall efficiency.

Here are some of the most common benefits:

Performance: Stored procedures are precompiled and stored in the database. This means that the query execution plan is generated and saved when the procedure is created or modified, thus leading to faster query execution and reduced overhead.
Security: Stored procedures can improve the security of your database applications by hiding the underlying SQL code from users.

This can help prevent unauthorized users from making unauthorized changes to your database.
Maintainability: Stored procedures can improve the maintainability of your database applications by centralizing the code for a particular task.

This makes it easier to find and fix bugs, and to make changes to the code.
Reusability: Stored procedures can be reused in multiple applications. This can save time and effort in development, and it can also help to ensure that applications are consistent with each other.
Documentation: Stored procedures can be documented, which can help to improve the understanding of how your database applications work.
Network Traffic: With stored procedures, only the procedure name and input parameters need to be sent to the database server, minimizing the amount of data transferred over the network.
Compatibility Across Platforms: Since stored procedures provide a consistent interface to the database regardless of the application's programming language or framework, integration and collaboration among different components of a system is easier.

What are the limitations of using stored procedures?

While stored procedures offer numerous advantages, there are also some limitations and considerations that you as a developer should be aware of:

Complexity: Stored procedures can be complex to develop and maintain. This is especially true for stored procedures that perform complex tasks or that interact with multiple tables.
Testing: Stored procedures can be difficult to test. This is because stored procedures are not executed in the same way as regular SQL queries.
Portability: Stored procedures are not always portable between different database platforms.

This is because different database platforms have different syntax for stored procedures.

If you heavily rely on stored procedures, it might become challenging to migrate to a different database platform in the future.
Security: Stored procedures can be a security risk if they are not properly written and secured.
Performance Trade-offs: While stored procedures can enhance performance, there can be cases where they might not be as efficient as optimized application code, especially when dealing with complex calculations.

Creating and Using Stored Procedures

In this article we are going to use SQL Server and Azure data studio to create and run our stored procedures.

Create a stored procedure

The syntax for creating a stored procedure:

CREATE PROCEDURE schema_name.procedure_name
(
  parameter_name data_type
)
AS
BEGIN
  SQL statements
END;

CREATE PROCEDURE statement is used to create a new stored procedure.
schema_name is the name of the schema in which the stored procedure will be created.

This option depends on whether you created a schema when developing your database.
procedure_name is the name of the stored procedure.
parameter_name is the name of a parameter that can be passed to the stored procedure.

In instances where the procedure will be used to list all items, you don’t need a parameter.
data_type is the data type of the parameter. You can specify multiple parameters by separating them with commas.
AS keyword is used to separate the declaration of the stored procedure from the body of the stored procedure.
BEGIN and END keywords are used to enclose the body of the stored procedure, where you place your SQL statements and logic that will be executed when the stored procedure is called.

Types of parameters that can be used with stored procedures

There are three main types of parameters that can be used with stored procedures:

1) Input Parameters (IN): Input parameters allow you to pass values into the stored procedure when it's called.

These values can be used within the procedure's logic to perform operations or queries. Input parameters are prefixed with an @ symbol.

CREATE PROCEDURE AddItemToInventory
(
    @ItemID int,
    @ItemName varchar(255),
    @Quantity int
)
AS
BEGIN
INSERT INTO Inventory (ItemID, ItemName, Quantity)
VALUES (@ItemID, @ItemName, @Quantity);
END;

In this example, the stored procedure takes three IN parameters:

@ItemID: The ID of the item to add to inventory
@ItemName: The name of the item to add to inventory
@Quantity: The quantity of the item to add to inventory

The values of these parameters are used by the stored procedure to insert a new row into the Inventory table.

2) Output Parameters (OUT): Output parameters are used to return values from the stored procedure back to the caller.

The stored procedure sets the value of the OUT parameter before it returns from execution.

They must be declared using the OUTPUT keyword and are also prefixed with @.

CREATE PROCEDURE GetNumberOfItemsInInventory
(
 @NumberOfItems int OUT
)
AS
BEGIN
SELECT COUNT(*) INTO @NumberOfItems
FROM Inventory;
END;

In this example, the stored procedure takes one OUT parameter:

@NumberOfItems: The number of items in inventory

The stored procedure counts the number of rows in the Inventory table and sets the value of the @NumberOfItems parameter to the number of rows.

3) Input/Output Parameters (INOUT): These are parameters that can be used to pass data to the stored procedure and to return data from the stored procedure.

The stored procedure can both read and write the value of the INOUT parameter.

They must be declared using the INOUT keyword and are also prefixed with @.

CREATE PROCEDURE IncreaseQuantityByOne
(
 @ItemID int,
 @Quantity int INOUT
)
AS
BEGIN
UPDATE Inventory
SET Quantity = Quantity + 1
WHERE ItemID = @ItemID;
SET @Quantity = Quantity + 1;
END;

In this example, the stored procedure takes two parameters:

@ItemID: The ID of the item to increase the quantity of.
@Quantity: The current quantity of the item.

The stored procedure first updates the quantity of the item by 1. Then, it sets the value of the @Quantity parameter to the new quantity of the item.

Call / execute a stored procedure

To call a stored procedure, you use the EXEC statement.

The syntax for the EXEC statement is as follows:

Without Parameters:

If the stored procedure has no parameters, you can omit the parameter list.

EXEC schema_name.procedure_name;

An example of how to call the GetNumberOfItemsInInventory stored procedure:

EXEC GetNumberOfItemsInInventory;

This will call the GetNumberOfItemsInInventory stored procedure and return the number of items in inventory.

With Parameters:

EXEC schema_name.procedure_name @param1 = value1, @param2 = value2;

An example of how to call the AddItemToInventory stored procedure:

EXEC AddItemToInventory @ItemID = 1, @ItemName = 'T-Shirt', @Quantity = 10;

This will call the AddItemToInventory stored procedure and pass the values 1, 'T-Shirt', and 10 to the stored procedure as parameters.

Alter / modify a stored procedure.

To alter or modify a stored procedure, you use

ALTER PROCEDURE

You can use the ALTER PROCEDURE statement to add new parameters, remove parameters from a stored procedure, or to change the definition of a parameter.

The syntax for the ALTER PROCEDURE statement is as follows:

ALTER PROCEDURE schema_name.procedure_name
AS
New_sql_statements

Here is an example of how to alter the AddItemToInventory stored procedure to add a new parameter:

ALTER PROCEDURE AddItemToInventory
(
  @ItemID int,
  @ItemName varchar(255),
  @Quantity int,
  @Price money
)
AS
BEGIN
  INSERT INTO Inventory (ItemID, ItemName, Quantity, Price)
  VALUES (@ItemID, @ItemName, @Quantity, @Price);
END;

This will add a new parameter called @Price to the AddItemToInventory stored procedure. The @Price parameter will be used to store the price of the item being added to inventory.

Drop / delete a stored procedure

To drop or delete a stored procedure, you use the DROP PROCEDURE statement.

The syntax is as follows:

DROP PROCEDURE schema_name.procedure_name;

For example, to drop the AddItemToInventory stored procedure, you would use the following syntax:

DROP PROCEDURE AddItemToInventory;

This will delete the AddItemToInventory stored procedure from the database.

You should only drop a stored procedure if you are sure that you no longer need it. If you drop a stored procedure that is still in use, it could cause problems with your database applications.

Best Practices for Developing Stored Procedures

Use meaningful names for stored procedures: The names of your stored procedures should be descriptive and easy to understand.

This will make it easier for other developers to understand what the stored procedures do.
Comment your stored procedures: Commenting your stored procedures will make it easier for other developers to understand how the stored procedures work.

It is also a good idea to comment on the parameters that are passed to the stored procedures and the values that are returned by the stored procedures.
Use parameters to pass data to and from stored procedures: Using parameters to pass data to and from stored procedures makes your stored procedures more flexible and reusable.

This is because you can change the values of the parameters without having to change the code in the stored procedure.
Test your stored procedures thoroughly: It is important to test your stored procedures thoroughly before you put them into production.

This will help to ensure that your stored procedures are working correctly and that they are not vulnerable to security attacks.
Use a consistent naming convention for stored procedures: Using a consistent naming convention for stored procedures will make it easier for other developers to understand your code.

This is especially important if you are working on a team of developers.
Use error handling in your stored procedures: Error handling is important for any piece of code, but it is especially important for stored procedures.

This is because stored procedures are often called by other applications, and if an error occurs in a stored procedure, it could cause problems with the application that called it.
Use stored procedures to encapsulate complex logic: Stored procedures can be used to encapsulate complex logic, which can make your code more readable and maintainable.

This is because you can put all of the complex logic in the stored procedure, and then call the stored procedure from your application code.

Use stored procedures to improve performance: Stored procedures can be used to improve performance by caching the execution plan for the stored procedure

This means that the database engine does not have to recompile the execution plan each time the stored procedure is called.

This can result in significant performance improvements, especially for frequently executed stored procedures.

Inventory Management Project

For this simple project, we are going to have a database named inventory which will contain only one tale.

CREATE DATABASE inventory;

USE inventory; 

CREATE TABLE items
(
  ItemID int IDENTITY(1,1) NOT NULL PRIMARY KEY,
  ItemName varchar(255) NOT NULL,
  Quantity int NOT NULL,
  Price money NOT NULL
);

INSERT INTO items (ItemName, Quantity, Price)
VALUES ('Product A', 10, 19.99),
('Product B', 20, 29.99),
('Product C', 15, 24.99),
('Product D', 8, 14.99),
('Product E', 25, 9.99);

Retrieve all items in items

Let’s create a stored procedure to retrieve / view all items in the items table:

CREATE PROCEDURE GetAllItems
AS
BEGIN
  SELECT *
  FROM items;
END;

After executing the stored procedure, it is saved in the database as shown below.

Now, Lets execute it and see the results:

EXEC GetAllItems;

This will return a result set containing all rows from the items table.

Add an item to items

CREATE PROCEDURE AddItem
(
  @ItemName varchar(255),
  @Quantity int,
  @Price money
)
AS
BEGIN
  INSERT INTO items (ItemName, Quantity, Price)
  VALUES (@ItemName, @Quantity, @Price);
END;

Now, Lets execute it and see the results:

EXEC AddItem @ItemName = 'Product F', @Quantity = 10, @Price = 10.99;

This will add a new item to inventory with the name 'Product F', a quantity of 10, and a price of 10.99.

Update the quantity of an item in items

CREATE PROCEDURE UpdateQuantityOfItem
(
  @ItemID int,
  @Quantity int
)
AS
BEGIN
  UPDATE items
  SET Quantity = @Quantity
  WHERE ItemID = @ItemID;
END;

Now, Lets execute it and see the results:

EXEC UpdateQuantityOfItem @ItemID = 1, @Quantity = 20;

This will update the quantity of the item with the ID 1 to 20.

Retrieve items by name

CREATE PROCEDURE RetrieveItemsByName
(
  @ItemName varchar(50)
)
AS
BEGIN
  SELECT
    ItemID,
    ItemName,
    Quantity,
    Price
  FROM items
  WHERE ItemName = @ItemName
END

This stored procedure takes one parameter, @ItemName, which is the name of the item to retrieve.

The stored procedure then selects all rows from the Items table where the ItemName column is equal to @ItemName.

Now, Lets execute it and see the results:

EXEC RetrieveItemsByName @ItemName = 'Product C'

Delete an item from items


CREATE PROCEDURE DeleteItem
(
  @ItemID int
)
AS
BEGIN
  DELETE FROM items
  WHERE ItemID = @ItemID
END

Now, Lets execute it and see the results:

EXEC DeleteItem @ItemID= 4

This will delete the row from the items table where the ItemID column is equal to 1 that is Product D.

Conclusion

By mastering the art of creating, altering, and calling stored procedures, you've acquired a valuable skill set for optimizing data manipulation tasks.

While this article has unveiled the fundamentals and best practices, there's always more to explore.

To further expand your expertise and deepen your understanding, I encourage you to explore more on stored procedures through a comprehensive resource available at SQL Server Tutorial.

There, you'll find a wealth of information, advanced techniques, and real-world use cases that will empower you to harness the full potential of stored procedures in your database driven projects.

How to build a user management API using Node.js and Express (No Database)

Emmanuel Kariithi — Wed, 14 Jun 2023 19:17:43 +0000

Liquid syntax error: Unknown tag 'endraw'

How To Setup a Web Server and Nginx with Amazon EC2

Emmanuel Kariithi — Wed, 26 Oct 2022 17:04:05 +0000

I recently signed up for the HNG Internship 9 for the backend track. The internship starts on 27th October 2022.
The first task (ungraded) was to set up a web server and host a simple website that displays ‘Hello World'.
This is a step-by-step process of how I did the task.

What is Amazon EC2?

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure and resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

What is Nginx?

Nginx is a web server used as a reverse proxy, load balancer, mail proxy and HTTP cache.

Set Up an AWS Account and Configure a Security Group

Create an AWS Account, sign up and get a 12 months free tier account.
Open the Amazon EC2 console https://console.aws.amazon.com/ec2/

On the EC2 Dashboard, select ‘Security Group’.
Select ‘Create Security Group’.
Enter a simple name that you will remember for future use. Leave VPC as it is.
Add some inbound rules.
- Rule 1 - Type: HTTP, Source: Anywhere IPV4
- Rule 2 - Type: HTTPS, Source: Anywhere IPV4
- Rule 3 - Type: SSH, Source: MyIP
Leave everything else as it is and click ‘Create Security Group’

Create a Key Pair

Move back to the EC2 dashboard.
Click on ‘Key Pairs’ and select ‘create key pair’.
Assign a suitable name for your key pair and leave everything else as selected. Choose .ppk only if you intend to use PuTTY to connect to your instance.
Click on ‘Create key pair’.

A download dialogue box will pop up. Download the private key and store it on your computer. Note that if you do not download the key, you have to create a new key pair.

Launch an Instance

Move back to the EC2 dashboard and choose instances.
Choose ‘Launch Instance’. Give it an appropriate name.
For Application and OS Images, select one of ‘Amazon Linux (HVM). Click on ‘Browse more AMIs’ for more options.
For instance type, select t2.micro.
For the key pair, select the one that you created earlier.
Select 'existing security group' and select the one you created earlier.
Leave everything else as it is and click on Launch instance. It will take a few minutes before the status check is complete. Once the status check indicates 2/2 checks passed, you can now connect to your EC2 instance.

Connect to your Instance

Fire up your local terminal and cd into the folder where you stored your private key. cd Downloads in my case.
Run chmod 400 <filename.pem> to change permission on the file to protect it against accidental overwriting.
Connect to the instance by running ssh -i <privatekey.pem> username@publicipaddress In my case: ssh -i keytest.pem ec2-user@3.86.234.246
If you get a connect to host 3.86…. port 22: Connection timed out error, open the EC2 Console and choose security group. Select the security group you created or are using and edit inbound rules. Remove the IP on the SSH rule, choose MyIP and save the rules.
Run the command in step 3. Everything should work well now. If you get more errors, check out more troubleshooting options from here.
Gain root access to your server by running sudo su -
Install HTTPD package: yum install -y httpd
Enable your server: chkconfig httpd on

Install and Configure Nginx

Install EPEL: yum install -y epel-release
Update Yum: yum update -y
Install Nginx: sudo amazon-linux-extras install nginx1
Check Nginx Version: nginx -v
Start Nginx: systemctl start nginx
Enable Nginx: systemctl enable nginx
Check Nginx Status: systemctl status nginx
Copy the Public IP to your web Browser to view the site's content.
Write to the index.html file Using cat: cat > /usr/share/nginx/html/index.html Hello World
Refresh your site to see the changes.

Terminate Your Instance

In the EC2 dashboard, choose Instances.
In the list of instances, select the instance.
Choose Instance state, Terminate instance.
Choose Terminate when prompted for confirmation.

Data Engineering 101: Introduction to Data Engineering

Emmanuel Kariithi — Tue, 23 Aug 2022 16:49:59 +0000

As data becomes ever more critical to organizations of all sizes, there has been a need for more data professionals such as Data Scientists, Data Analysts, ML Engineers and Data Engineers. In this article, we'll go through the difference between data engineering and data science and the skills of a data engineer.

What is Data Engineering?

Data engineering is the practice of designing and building systems for collecting, storing, and analyzing data at scale.

Who is a Data Engineer?

A Data Engineer is responsible for ingesting data from different sources, optimizing databases for analysis, removing corrupted data and developing, testing and maintaining data architectures.
Generally, a Data Engineer makes data accessible so that organizations can use it to evaluate and optimize their performance.

Data Engineering vs Data Science

Data Engineering focuses on building infrastructure and architecture for data generation, while Data Science focuses on advanced mathematics and statistical analysis of the generated data. It is not a requirement for a data engineer to have advanced math or statistics skills, unlike a data scientist.

Skills that a Data Engineer should have?

Listed below are some of the skills that a data engineer should have.

Programming: Python, Java or Scala.
Scripting and Automation: Shell, Cron
Databases: SQL, NoSQL, Data Modeling and Map Reduce
Data Analysis: Pandas, Numpy, Web Scraping, Data Visualization
Data Processing Techniques: Batch Processing, Stream Processing, Build Data Pipelines, Target Databases, Machine learning Algorithms
Big Data: HDFS, Hadoop Yarn, Sqoop Hadoop, Hadoop Yarn, Hive, Pig, Hbase
Workflows and Scheduling: Airflow, Jenkins, Autosys, Java Spring
Cloud Computing: Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure
Infrastructure: Docker, Kubernetes, Terraform

N.B: This is not a comprehensive list of skills, nor does it mean that you should master everything listed here.

The average salary for a Data Engineer

According to Payscale, the average salary for a Data Engineer is $93,654 per year. However, salaries depend on various variables such as the type of role, skills, experience, and location.

Improve Python Code Quality With Pylint

Emmanuel Kariithi — Tue, 26 Jul 2022 18:30:07 +0000

Introduction

In this article, we shall look at Pylint and how it's used to ensure that your python code conforms to PEP8 guidelines.

What is PEP8?

PEP8 is a document that provides guidelines and best practices on how to write python code, thus making the code readable and consistent.

Content

What is Pylint
Install Pylint
Create a simple quiz app
Run Pylint on our Quiz app
Make recommended changes.
Conclusion

What is Pylint

Pylint is a python tool that checks for errors and tries to enforce a coding standard.

Install Pylint

Install Pylint via terminal pip install pylint or pip3 install pylint.

Create a simple quiz app

Build a simple python quiz app which will include five quizzes from the renowned show "The Big Bang Theory", then run Pylint on it and make the recommended changes.

Procedure:

Make a directory of the project. I named mine quiz_app. Run mkdir quiz_app in your terminal
Change into your quiz_app directory. Run cd quiz_app
You can create the file at this point. Runtouch app.py
Open Vs Code Code .
Open the created file and input the code below. Alternatively, you can copy the code directly from this repository.

import random
from string import ascii_lowercase
NUM_QUESTIONS_PER_QUIZ = 5
QUESTIONS = {
    "How old was Sheldon when he got his first P.h.d?": [
        "16",
        "18",
        "20",
        "22",
    ],
    "What’s Amy’s job": [
        "Neurobiologist",
        "Marine biologist",
        "Forensic biologist",
        "Microbiologist",
    ],
    "Which couple gets married first?": [
        "Bernadette and Howard",
        "Penny and Leonard",
        "Amy and Sheldon",
        "Emily and raj",
    ],
    "What is Leonard primary health concern?": [
        "He is lactose intolerant",
        "He is allergic to peanuts",
        "He has to eat gluten free",
        "He has diabetes",
    ],
    "Who does Howard meet while serving Thanksgiving dinner at a shelter?": [
        "Elon Musk",
        "Jeff Bezos",
        "Bill Gates",
        "Steve Jobs",
    ]
}

num_questions = min(NUM_QUESTIONS_PER_QUIZ, len(QUESTIONS))
questions = random.sample(list(QUESTIONS.items()), k=num_questions)

num_correct = 0
for num, (question, alternatives) in enumerate(questions, start=1):
    print(f"\nQuestion {num}:")
    print(f"{question}?")
    correct_answer = alternatives[0]
    labeled_alternatives = dict(
        zip(ascii_lowercase, random.sample(alternatives, k=len(alternatives)))
    )
    for label, alternative in labeled_alternatives.items():
        print(f"  {label}) {alternative}")

    while (answer_label := input("\nChoice? ")) not in labeled_alternatives:
        print(f"Please answer one of {', '.join(labeled_alternatives)}")

    answer = labeled_alternatives[answer_label]
    if answer == correct_answer:
        num_correct += 1
        print("⭐ Correct! ⭐")
    else:
        print(f"The answer is {correct_answer!r}, not {answer!r}")

print(f"\nYou got {num_correct} correct out of {num} questions")

Run Pylit on our quiz_app

Now, run pylint on the above code. If you are using Vs Code, launch bash and run pylint app.py. You have to specify the python file after pylint.
Alternatively, you can run pylint on your terminal by changing into your quiz_app directory and run pylint app.py.
After running pylint, the command window will display the Pylint results. The result is as shown below:

************* Module app
app.py:62:0: C0304: Final newline missing (missing-final-newline)
app.py:1:0: C0114: Missing module docstring (missing-module-docstring)
app.py:41:0: C0103: Constant name "num_correct" doesn't conform to UPPER_CASE naming style (invalid-name)
app.py:62:48: W0631: Using possibly undefined loop variable 'num' (undefined-loop-variable)

------------------------------------------------------------------
Your code has been rated at 8.18/10

Note that app.py:62:0, indicates what line is affected while C0304:, is a message code. In this case, the first line refers to a coding standard violation in line 62, column 0.
There are other message codes that you can get apart from the above shown. Below is a list of prefixes and their meanings.

[R] Refactor for a "good practice" metric violation
[C] Convention for coding standard violation
[W] Warning for stylistic problems, or minor programming issues
[E] Error for important programming issues (i.e. most probably bug)
[F] Fatal for errors which prevented further processing

At the end of the result shown, there is a grading that Pylit does. This grading shows how your code conforms to PEP 8. This code received an 8.18 out of 10. Try to get it to a 10 out of 10.

Make Recommended changes

Create a new file and name it app_modified.py. Copy the code from app.py,which will be used to make the recommended changes.
Start with C0103: Constant name "num_correct" doesn't conform to UPPER_CASE naming style (invalid-name) As you can see, pylint lets us know that we have to change num_correct to uppercase. Find and replace num_correct to NUM_CORRECT used in three instances.
Running Pylint at this point gives us a score of 8.64 out of 10.
For C0114: Missing module docstring (missing-module-docstring). A docstring is a short description of what your code does, and it may include specifics on aspects of the code. It mainly occurs as the first statement in a module, function, class, or method definition.
We will add """A quiz app based on the show: The Big Bang Theory""" at the start of our program.
For C0304: Final newline missing (missing-final-newline), we will add an empty line at the end of our program.
We can ignore W0631: Using possibly undefined loop variable 'num' (undefined-loop-variable). Since changing it will affect how our program runs.
Running Pylint at this point gives us a score of 9.55 out of 10.
Your final code will be similar to this:

"""A quiz app based on the show: The Big Bang Theory"""
import random
from string import ascii_lowercase

NUM_QUESTIONS_PER_QUIZ = 5
QUESTIONS = {
    "How old was Sheldon when he got his first P.h.d?": [
        "16",
        "18",
        "20",
        "22",
    ],
    "What’s Amy’s job": [
        "Neurobiologist",
        "Marine biologist",
        "Forensic biologist",
        "Microbiologist",
    ],
    "Which couple gets married first?": [
        "Bernadette and Howard",
        "Penny and Leonard",
        "Amy and Sheldon",
        "Emily and raj",
    ],
    "What is Leonard primary health concern?": [
        "He is lactose intolerant",
        "He is allergic to peanuts",
        "He has to eat gluten free",
        "He has diabetes",
    ],
    "Who does Howard meet while serving Thanksgiving dinner at a shelter?": [
        "Elon Musk",
        "Jeff Bezos",
        "Bill Gates",
        "Steve Jobs",
    ]
}

num_questions = min(NUM_QUESTIONS_PER_QUIZ, len(QUESTIONS))
questions = random.sample(list(QUESTIONS.items()), k=num_questions)

NUM_CORRECT = 0
for num, (question, alternatives) in enumerate(questions, start=1):
    print(f"\nQuestion {num}:")
    print(f"{question}?")
    correct_answer = alternatives[0]
    labeled_alternatives = dict(
        zip(ascii_lowercase, random.sample(alternatives, k=len(alternatives)))
    )
    for label, alternative in labeled_alternatives.items():
        print(f"  {label}) {alternative}")

    while (answer_label := input("\nChoice? ")) not in labeled_alternatives:
        print(f"Please answer one of {', '.join(labeled_alternatives)}")

    answer = labeled_alternatives[answer_label]
    if answer == correct_answer:
        NUM_CORRECT += 1
        print("⭐ Correct! ⭐")
    else:
        print(f"The answer is {correct_answer!r}, not {answer!r}")

print(f"\nYou got {NUM_CORRECT} correct out of {num} questions")

Conclusion

There are a number of tools used to improve your python code quality, Pylint is one of them. You can read more about improving your code quality here.

PYTHON 101: ULTIMATE PYTHON GUIDE

Emmanuel Kariithi — Sun, 13 Feb 2022 13:52:04 +0000

Have there been instances where you were hanging out with your tech buddies, as we like to call them, ‘tech bros’ they start talking about python this and python that? You are just there wondering why are people who don't specialize in veterinary services talking about a snake? Did you feel out of place? (This intro feels like I am trying to market something. I will stop there).

The purpose of this article is to guide you (in a technical and yet not so technical way) on how to install, configure, write your first python program and run it. We first have to understand what Python is. No, not the snake.

Overview

Python is a high-level programming language released in 1991 created by Guido van Rossum. Python has a relatively simple syntax compared to other programming languages e.g. C++ and has countless use cases. Here are a few of them;
1. Artificial Intelligence
2. Desktop Application
3. Automation
4. Web Development
5. Data Wrangling, Exploration And Visualization.

Python has a couple of features, including but not limited to;
1. It is simple to write and run.
2. It is open source
3. It is Portable.
4. It is embeddable & extensible.
5. It has a huge collection of libraries.
6. It is object-oriented.

Setting up your Python Environment

The installation process is pretty simple. I'll guide you through the installation process for those using Ubuntu. I will leave some links to guides on how to install on Windows and Macs.
1. Head over to the python website download page.
2. Here’s the link: Python

3. Select the release you want.
4. You can either choose to download the latest version (3.10.2) or scroll down and choose an older version. I chose version 3.8 for this installation.
5. Install Python
You can either use the downloaded file to install Python or use the terminal. I prefer using the terminal since it is easier.

Below is a step by step guide for installing Python using the terminal.
1. Run Sudo apt install python3. Follow the instructions given (Input password and type Y to continue).

2. Run Sudo apt install python3-pip (Follow the instructions given on the terminal).

3. Run pip3 or python3 --version to confirm that the installation was successful.

Done. See how easy it is?
Windows Installation
Mac Installation

Write your first Program

I bet you feel like a real programmer now? Me too, I think it's time to start applying to those freelancing gigs on Upwork? Not so fast.

Let us write our first program, the usual ‘Hello World program’. We are going to use visual studio code. You can also use the normal notepad.

Open visual studio code and open a new text file.
There are two ways in this step, you can either click on ‘select a language’ if you are using visual studio or directly save the file and edit the .txt extension to .py.
Now we are finally here, the best part about programming, writing the code. Your first line of code (if you are a total beginner, give yourself a clap). As stated earlier, python has a pretty simple syntax, however, we will only write one line of code to display hello world. Unlike languages like C++ which requires multiple lines to display this simple greeting.

On the opened file, type print("Hello World") or print('Hello World'). Then click F5 for those working on visual studio.
Python does not care if you use the single quotes or double quotes, unless what you want to display has quotes in it e.g. print("It's finally happening, I'm writing my first technical article").

Finally, you can ask the user of your program to input certain details by using the input function and later print what the user inputs.
print(input("What’s your name? ")).

That’s it for today. I hope this article has helped you in one way or the other. Feel free to leave feedback on what to improve on. I hope to write more on my programming journey.

Resources

Python Youtube Course

DEV Community: Emmanuel Kariithi

Design and Implement Role-Based Access with AWS IAM

Introduction

Table of Contents

Project Overview

So, what is AWS IAM (Identity and Access Management)?

Step 1: Create the Admins Group

Step 2: Create the Developers Group

Step 3: Create the Test Group

Step 4: Add Users to Groups

Step 5: Enable Multi-Factor Authentication (MFA)

Step 6: Set Up Regular Access Reviews

Step 6: Set Up Regular Access Reviews

Wrap Up

Key Takeaways

Building a Password Strength Checker in Python

Why is Password Strength Important?

Setting Up Your Environment

Import Necessary Libraries

Check for Common Passwords

Assess Paswword Strength

Provide feedback to the User

Main Program

Program in Action

Conclusion

Building a Simple Image Encryption Tool Using Python

Prerequisites

What Does This Program Do?

Code Explanation

Importing Required Libraries

Seeded Random Generator Function

Image Encryption

Image Decryption

File Selection Functions

Encrypt and Decrypt Button Functions

Creating the GUI

Program in Action

Conclusion

Implementing a Caesar Cipher Program in Python

What is the Caesar Cipher?

Implementation of Caesar Cipher

Getting a Valid Key

Main Function

Program in Action

Encryption

Decryption

Exit

Conclusion

Walkthrough / Solution to SBT's Wireshark Challenge Activity

Table of Contents

Setup

Challenge Questions

Key Concepts

Solutions

Which protocol was used over port 3942?

What is the IP address of the host that was pinged twice?

How many DNS query response packets were captured?

What is the IP address of the host which sent the most number of bytes?

What is the WebAdmin password?

What is the version number of the attacker’s FTP server?

Which port was used to gain access to the victim Windows host?

What is the name of a confidential file on the Windows host?

What is the name of the log file that was created at 4:51 AM on the Windows host?

Conclusion

Automating User and Group Creation With Bash Script

Table of Contents

Introduction

Prerequisities

Script Overview

Shebang

File Paths

Ensure Secure Directory Exists

Clear Log and Password Files

Generate Random Password

Check Input File

Read the input file line by line

Example Input File

Usage

Conclusion

Stored Procedures: The Secret to Improving Your Database Applications