npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@lendi/ralph

v1.0.5

Published

ralph is a CLI tool that automates security incident response

Downloads

39

Readme

Ralph

GH workflow build badge

Ralph is a CLI tool that automates security incident response for AWS resources.

It's the tool you use when this happens: Ralph

Features

Ralph loads and executes a collection of pre-defined runbook to automate incident response.

EC2 Runbooks

  1. Removing IAM Instance Profile - Detaches the current IAM Instance Profile of an instance.

  2. Enable Termination Protection - Enables termination protection for an instance. This gives an extra step to prevent accidental termination of an instance.

  3. Set Shutdown Behavior to Stop - Sets shutdown behavior to stop guarantees that the shutting down the instance will not result to termination of the instance.

  4. Taking EBS Snapshot and Export - Creates latest EBS snapshot from volumes of an instance and possibly send it to a quarantine AWS account. See Setup section below on how to configure env variables for this runbook.

Installation

To install Ralph using NPM, run:

$ npm i @lendi/ralph
/usr/local/bin/ralph -> /usr/local/lib/node_modules/@lendi/ralph/lib/index.js
+ @lendi/[email protected]
added 125 packages from 126 contributors in 7.843s

See https://www.npmjs.com/package/@lendi/ralph.

Setup

  • Setup your AWS credentials (~/.aws/credentials) by following this guide.

  • Add AWS_REGION in your environment variables. Here's an example with AWS_REGION set to "ap-southeast-2":

$ export AWS_REGION="ap-southeast-2"
...
  • Required environment variables. Some runbooks require you to define certain env variables.

EBS Snapshot export runbook:

export QUARANTINE_AWS_REGION="ap-southeast-1"
export QUARANTINE_AWS_ACCOUNTS="0000,0001,0002"
export TRANSFER_ALL_SNAPSHOTS="false"
  • QUARANTINE_AWS_REGION - the region used for the quarantine AWS
    account. If not defined, this will use the AWS REGION of the current AWS account.

  • QUARANTINE_AWS_ACCOUNTS - list of quarantine AWS account whom to share the snapshots to. If not defined, the current AWS account will be treated as the quarantine AWS account.

  • TRANSFER_ALL_SNAPSHOTS - decides whether to copy and share just the latest snapshot or all of them.

Usage

execute command

  • Runs each of the runbooks on selected AWS instance
  • Loads the list of instances available for lock down.
$ ralph execute
? Which instance do you want to lock down?
  i-00000000000000001 (kafka-instance)
  i-00000000000000002
  i-00000000000000003
❯ i-00000000000000004 (vulnerable-instance)
  i-00000000000000005 (machine-learning-instance)
  i-00000000000000006
  i-00000000000000007
(Move up and down to reveal more choices)
? Which instance do you want to lock down? i-00000000000000004(vulnerable-instance)

{"level":30,"time":1574209361754,"pid":20037,"hostname":"","msg":"RemoveIamInstanceProfile:
This will disassociate the following Iam Instance Profiles: ['arn:aws:iam::000000000000:instance-profile/SampleIamInstanceProfile']
for i-00000000000000004","v":1}
{"level":30,"time":1574209361870,"pid":20037,"hostname":"",
"msg":"setShutdownBehaviorToTerminate: The attribute instanceInitiatedShutdownBehavior
will be changed from 'terminate' to 'stop' for i-00000000000000004.","v":1}
{"level":30,"time":1574209361987,"pid":20037,"hostname":"",
"msg":"enableTerminationProtection: The attribute disableApiTermination will be changed
from false to true for i-00000000000000004.","v":1}
? Do you want to proceed with the changes? Yes

{"level":30,"time":1574209377228,"pid":20037,"hostname":"","msg":"Disassociated IAM
Instance Profile for i-00000000000000004.","v":1}
{"level":30,"time":1574209377413,"pid":20037,"hostname":"","msg":"Changed shutdown
behavior to stop for i-00000000000000004.","v":1}
{"level":30,"time":1574209377547,"pid":20037,"hostname":"","msg":"Changed termination
protection to true for i-00000000000000004.","v":1}

Upcoming Features

  • Retrieving EBS snapshots and exporting to separate AWS account for quarantine.

  • Security Groups / VPC Lockdown

  • Retrieving EC2 Memory Acquisition and export options

  • Use more user-friendly logger