Wednesday, March 4, 2020

AWS take backup of all IAM Roles and Policies


If you want to take backup of your all IAM roles and policies, here is solution for you.

1. Configure aws cli with access key and secret key.
aws configure
2. Save all roles and policies in json file
aws iam get-account-authorization-detail > output.json
There are several ways to read this json file using a script. 

Now You have complete data of your role and policies.

No log written in Syslog and auth.log

If you want to check some errors in /var/log/syslog or /var/log/auth.log and you find both files empty, it means system is not able to write logs in both files because of permission issue or any mis configuration. Here is solution for you. 

Solution :
Reconfigure rsyslog
sudo apt-get install --reinstall rsyslog
sudo service rsyslog restart
If still it does not work, issue may be with permissions, check the owner of both files.
ls -l /var/log/syslog
ls -l /var/log/auth.log
Group and owner should be syslog & adm, if owner or group is set as root or anything else, you need to change with following commands
sudo chown syslog:adm /var/log/syslog
sudo chown syslog:adm /var/log/auth.log
Now check if it starts writing logs in both files. Still it does not work, restart the service rsyslog.
sudo service rsyslog restart
it should work now.

Ubuntu 16.04 mysql 5.6 - my.cnf changes are not taking effect

You need to check the error in syslog : /var/log/syslog

If you get something like this
kernel: [83454.649662] audit: type=1400 audit(1583063492.688:61): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/etc/mysql/my.cnf.fallback" pid=27270 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Here is the solution for you.

Solution :
The root cause is a bug in the MySQL 5.6 for Ubuntu 16.04

The issue is with apparmor. It is denying access to a symlinked file.
Run following command as root.
echo '/etc/mysql/** lr,' >> /etc/apparmor.d/local/usr.sbin.mysqld
or try following with sudo user
sudo echo '/etc/mysql/** lr,' >> /etc/apparmor.d/local/usr.sbin.mysqld
But if it still does not work
sudo nano  /etc/apparmor.d/local/usr.sbin.mysqld
and add following line at the end of the file.
Now reload apparmor
sudo systemctl reload apparmor
Make some changes in my.cnf and restart mysql. Changes should take effect.