> How to deploy a django project using gunicorn and nginx. Also to add ssl certificate from certbot

Django gives a local server but this is not a recommended solution for production environment… For this we’ll use nginx+gunicorn to make it more fault tolerant and robust.

How to create your own django project?

  • Create a directory and a virtual environment in it
mkdir dummyproj && cd dummyproj
python3 -m venv newenv
source newenv/bin/activate
  • Install Django.
pip3 install Django
  • Create and start your project
django-admin.py startproject hello

cd hello/

python manage.py runserver 0.0.0.0:8000

This will run your test project. If you are not testing it locally then you’ll have to allow hosts to connect to this project by editing hello/settings.py file.

ALLOWED_HOSTS = ['*']

Now you…


> What is python and how can you learn it?

What is python??

Python is a easy to learn and a very powerful interpreted, high-level and general-purpose language.

What does this even mean?

  1. Interpreted - Ahh... Did I say "Interpreted"? Actually python does both. It first compile the code into "byte-code" and then Interprets the byte-code to perform what it was programmed for. (Read this stackoverflow answer)
  2. High-level - This simply means you are abstracted from very core working of the computer system. (Read more at wikipedia)
  3. General-Purpose - This means you can't debate that python is going to replace Java or C++ or any other programming languages. Just because that python has…


How your x86 program starts up in linux

In this blog, I will assume that you have basic understanding of assembly language. If not, then you should consider learning it. Although I’ll try to explain things in the easiest terms as possible.

Basic C program

Let’s start with a basic C program…

CODE: (Saving it with simple.c)

#include <stdio.h>

int main()
{
printf("Hello main");
return 0;
}

… and compile it the way we have always done it with gcc.

gcc simple.c -o simple.out

Now I have got a file simple.out which should be my executable binary.. …


Using TFsec tool

What is Terraform?

Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. (Source →Terraform.io)

Basically, we use terraform tool to provision cloud services from CLI using the code.

But can we check if our terrafrom code has some security flaws??

YES. We can. Using TFsec tool.

TFsec uses HCL parser to understand the terraform code and have many default checks in place already. They also give you freedom to write your own custom checks.

You can run this tool in…


Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

It is just to understand the basic fact that a user can not access (read/write/execute) files which he is not permitted to access. However, the superuser(root) can access all the files which are present on the system. In order to change any important configuration or perform any further attack, first we need to get root access on any Linux based system.

Before starting, I…


host-based intrusion detection system (HIDS) for checking the integrity of files

Advanced Intrusion Detection Environment (AIDE) is a host-based intrusion detection system (HIDS) for checking the integrity of files. It does this by creating a baseline database of files on an initial run, and then checks this database against the system on subsequent runs. File properties that can be checked against include inode, permissions, modification time, file contents, etc……….. more at archwiki📚

According to the definition, AIDE only checks for the integrity of file but not for rootkits and logs for other suspicious activities.

But there are other HIDS tools that can do this for you. Like, Splunk and OSSEC.

They…


Linux Unified Key Encryption — Disk Encryption

cryptsetupmanage plain dm-crypt and LUKS encrypted volumes

cryptsetup <OPTIONS> <action> <action-specific-options> <device> <dmname>

An encrypted blockdevice is protected by a key. A key is either:

  • a passphrase
  • a keyfile

What the..?

Ok.. If you are new to encryption world, then it’s time to get a bit familiar data encryption.

There are 2 methods to encrypt your data:

  • Filesystem stacked level encryption : Form of disk encryption where individual files or directories are encrypted by the file system itself. read more here
  • Block device level encryption : The entire partition or disk, in which the file system resides, is encrypted.

Before…


Getting started with Augmented Reality in Flutter using ARCore

What Is Augmented Reality?

According to Wikipedia,

Augmented reality is an interactive experience of a real-world environment where the objects that reside in the real world are enhanced by computer-generated perceptual information, sometimes across multiple sensory modalities, including visual, auditory, haptic, somatosensory and olfactory.

The basic idea of augmented reality is to superimpose graphics, audio and other sensory enhancements over a real-world environment in real time.

Besides, haven’t television networks been doing that with graphics for decades?

Yes, But AR is more advanced than any technology you have seen in the television broadcasting. These systems display graphics for only one point of view. …


MLops for beginners

What is S2I? Why you need it? How can you use it to leverage the power of complete devops life-cycle?

In my previous few articles, We have seen multiple tools that helps to complete the devops lifecycle. S2I is yet another tool that helps in achieving the same .

As the name suggests, S2I is a framework that helps us to build docker images directly from the source code!! It means we don’t need to write a Dockerfile everytime we have a new patch or new updates in the code, or a completely new project.

We can just give our project source code to this framework, it’ll do all the heavy work for us and provide us with a good…


Protostar

What is a Stack Buffer Overflows? How to perfrom a stack overflow?

According to Wikipedia,

In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure, which is usually a fixed-length buffer.

Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly

To learn…

Rishabh Umrao

Connecting the dots and rest is magic. https://ayedaemon.github.io/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store