Archive for the ‘Uncategorized’ Category

이미지 파일 텍스트 글자 인식 추출 방법

2018/06/24

—-
이미지 파일 텍스트 글자 인식 추출 방법
// 세상과 만나는 프로그램 이야기

컴퓨터로 뭘 옮길때 직접 타이핑 하지 않고 왠만하면 복사 붙여넣기를 꼭 사용하려 합니다. 나이가 들면서 눈이 침침해서 그런지 직접 타이핑으로 옮겨 적으면 실수 할 확율이 높더군요. 그런데 이건 젊은 사람도 직접 타이핑해서 옮기다 보면 실수가 있을수 있기 마련이죠. 그래서 왠만하면 복사 붙여 넣기를 하는것이 실수도 줄이고 오타도 줄일수 있다 생각 합니다. 특히 계좌번호 같은건 잘못 옮겨 적으면 큰일이죠. 이렇게 옮겨 적어야 할때 텍스트 파일이 아니고 ..

—-

Read in my feedly

나의 iPhone에서 보냄

Advertisements

Securing your Jenkins CI/CD Container Pipeline with Anchore (in under 10 minutes)

2018/06/22

—-
Securing your Jenkins CI/CD Container Pipeline with Anchore (in under 10 minutes)
// Jenkins Blog

(adapted from this blog post by Daniel Nurmi)

As more and more Jenkins users ship docker containers, it is worth thinking about the security implications of this model, where the variance in software being included by developers has increased dramatically from previous models. Security implications in this context include what makes up the image, but also the components of the app that get bundled into your image. Docker images are increasingly becoming a “unit of deployment”, and if you look at a typical app (especially if it is a microservice), much of the components, libraries, and system are someone else’s code.

Anchore exists to provide technology to act as a last line of defense, verifying the contents of these new deployable units against user specified policies to enforce security and compliance requirements. In this blog you will get a quick tour of this capability, and how to add the open-source Anchore Engine API service into your pipeline to validate that the flow of images you are shipping comply with your specific requirements, from a security point of view.

anchore pipeline

Key among the fundamental tenets of agile development is the notion of “fail fast, fail often”, which is where CI/CD comes in: A developer commits code into the source code repository, such as git, that automatically triggers Jenkins to perform a build of the application that is then run through automated tests. If these tests fail the developer is notified immediately and can quickly correct the code. This level of automation increases the overall quality of code and speeds development.

While some may feel that “fail fast” sounds rather negative (especially regarding security), you could better describe this process as “learn fast” as mistakes are found earlier in the development cycle and can be easily corrected. The increased use of CI/CD platforms such as Jenkins has helped to improve the efficiency of development teams and streamlined the testing process. We can leverage the same CI/CD infrastructure to improve the security of our container deployments.

For many organizations the last step before deploying an application is for the security team to perform an audit. This may entail scanning the image for vulnerable software components (like outdated packages that contain known security vulnerabilities) and verifying that the applications and OS are correctly configured. They may also check that the organization’s best practices and compliance policies have been correctly implemented.

In this post we walk through adding security and compliance checking into the CI/CD process so you can “learn fast” and correct any security or compliance issues early in the development cycle. This document will outline the steps to deploy Anchore’s open source security and compliance scanning engine with Jenkins to add analytics, compliance and governance to your CI/CD pipeline.

Anchore has been designed to plug seamlessly into the CI/CD workflow, where a developer commits code into the source code management system, which then triggers Jenkins to start a build that creates a container image. In the typical workflow this container image is then run through automated testing. If an image does not meet your organization’s requirements for security or compliance then it makes little sense to invest the time required to perform automated tests on the image, it would be better to “learn fast” by failing the build and returning the appropriate reports back to the developer to allow the issue to be addressed.

anchore flow

Anchore has published a plugin for Jenkins which, along with Anchore’s open source engine or Enterprise offering, allows container analysis and governance to be added quickly into the CI/CD process.

Requirements

This guide presumes the following prerequisites have been met:

  • Jenkins 2.x installed and running on a virtual machine or physical server.
  • Anchore-Engine installed and running, with accessible engine API URL (later referred to as <anchore_url>) and credentials (later referred to as <anchore_user> and <anchore_pass>) available – see Anchore Engine overview and installation.

Anchore’s Jenkins plugin can work with single node installations or installations with multiple worker nodes.

Step 1: Install the Anchore plugin

The Anchore plugin has been published in the Jenkins plugin registry and is available for installation on any Jenkins server. From the main Jenkins menu select Manage Jenkins, then Manage Plugins, select the Available tab, select and install Anchore Container Image Scanner.

installing

Step 2: Configure Anchore Plugin.

Once the Anchore Container Image Scanner plugin is installed – select Manage Jenkins menu click Configure System, and locate the Anchore Configuration section. Select and enter the following parameters in this section:

  • Click Enable Anchore Scanning
  • Select Engine Mode
  • Enter your <anchore_url> in the Engine URL text box – for example: http://your-anchore-engine.com:8228/v1
  • Enter your <anchore_user> and <anchore_pass> in the Engine Username and Engine Password fields, respectively
  • Click Save

An example of a filled out configuration section is below, where we’ve used “http://192.168.1.3:8228/v1” as <anchore_url>, “admin” as <anchore_user> and “foobar” as <anchore_pass>:

config

At this point the Anchore plugin is configured on Jenkins, and is available to be accessed by any project to perform Anchore security and policy checks as part of your container image build pipeline.

Step 3: Add Anchore image scanning to a pipeline build.

In the Pipeline model the entire build process is defined as code. This code can be created, edited and managed in the same way as any other artifact of your software project, or input via the Jenkins UI.

Pipeline builds can be more complex including forks/joins and parallelism. The pipeline is more resilient and can survive the master node failure and restarts. To add an Anchore scan you need to add a simple code snippet to any existing pipeline code that first builds an image and pushes it to a docker registry. Once the image is available in a registry accessible by your installed Anchore Engine, a pipeline script will instruct the Anchore plugin to:

  • Send an API call to the Anchore Engine to add the image for analysis
  • Wait for analysis of the image to complete by polling the engine
  • Send an API call to the Anchore Engine service to perform a policy evaluation
  • Retrieve the evaluation result and potentially fail the build if the plugin is configured to fail the build on policy evaluation STOP result (by default it will)
  • Provide a report of the policy evaluation for review

Below is an example end-to-end script that will make a Dockerfile, use the docker plugin to build and push the a docker container image to dockerhub, perform an Anchore image analysis on the image and the result, and cleanup the built container. In this example, we’re using a pre-configured docker-exampleuser named dockerhub credential for dockerhub access, and exampleuser/examplerepo:latest as the image to build and push. These values would need to be changed to reflect your own local settings, or you can use the below example to extract the analyze stage to integrate an anchore scan into any pre-existing pipeline script, any time after a container image is built and is available in a docker registry that your anchore-engine service can access.

pipeline { agent any stages { stage('build') { steps { sh''' echo 'FROM debian:latest’ > Dockerfile echo ‘CMD ["/bin/echo", "HELLO WORLD...."]' >> Dockerfile ''' script { docker.withRegistry('https://index.docker.io/v1/', 'docker-exampleuser') { def image = docker.build('exampleuser/examplerepo:latest') image.push() } } } } stage('analyze') { steps { sh 'echo "docker.io/exampleuser/examplerepo:latest `pwd`/Dockerfile" > anchore_images' anchore name: 'anchore_images' } } stage('teardown') { steps { sh''' for i in `cat anchore_images | awk '{print $1}'`;do docker rmi $i; done ''' } } } }

This code snippet writes out the anchore_images file that is read by the plugin to determine which image is to be added to Anchore Engine for scanning.

This code snippet can be crafted by hand or built using the Jenkins UI, for any Pipeline project. In the project configuration, select Pipeline Syntax from the Project.

pipe1

This will launch the Snippet Generator where you can enter the available plugin parameters and press the Generate Pipeline Script button which will produce a snippet that you can use as a starting point.

snippet

Using our example from above, next we save the project:

pipe2

Note that once you are happy with your script, you could also check it into a Jenkinsfile, alongside the source code.

Step 4: Run the build and review the results.

Finally, we run the build, which will generate a report. In the below screenshots, we’ve scanned the image docker.io/library/debian:latest to demonstrate some example results. Once the build completes, the final build report will have some links that will take you to a page that describes the result of the Anchore Engine policy evaluation and security scan:

result

In this case, since we left the Fail build on policy STOP result as its default (True), the build has failed due to anchore-engine reporting a policy violation. In order to see the results, click the Anchore Report (STOP) link:

report

Here, we can see that there is a single policy check that has generated a ‘STOP’ action, which triggered due to a high severity vulnerability being found against a package installed in the image. If there were only ‘WARN’ or ‘GO‘ check results here, they would also be displayed, but the build would have succeeded.

With the combination of Jenkins pipeline project capabilities, plus the Anchore scanner plugin, it’s quick and easy to add container image security scanning and policy checking to your Jenkins project. In this example, we provide the mechanism for adding scanning to a Jenkins pipeline project using a simple policy that is doing an OS package vulnerability scan, but there are many more policy options that can be configured and loaded into Anchore Engine ranging from security checks to your own site-specific best practice checks (software licenses, package whitelist/blacklist, dockerfile checks, and many more). For more information about the breadth of Anchore policies, you can find information about Anchore Engine configuration and usage here.

For more information on Jenkins Pipelines and Anchore Engine, check out the following information sources:

—-

Read in my feedly

나의 iPhone에서 보냄

structurizr

2018/06/20

https://twitter.com/structurizr/status/1009333238366695426?s=12

매주 한 시간 반 ‘함께 독서’로 아이들이 달라진 사연

2018/06/19

신문보기 :: 네이버 뉴스
매주 한 시간 반 ‘함께 독서’로 아이들이 달라진 사연

http://m.news.naver.com/newspaper/read.nhn?date=&aid=0002414220&oid=028

Integration Testing with Testcontainers (JUGDA)

2018/06/14

Integration Testing with Testcontainers (JUGDA)

https://slides.com/kiview/groovy-integration-testing-spock-docker-oop-2018-20

http://bit.ly/2l4XVE8

2018/06/12

http://bit.ly/2l4XVE8

http://bit.ly/2l4XVE8

기업은행에서 쿠폰 없이 누구나 90% 환율 우대받아 환전하 는 방법

2018/06/09

—-
기업은행에서 쿠폰 없이 누구나 90% 환율 우대받아 환전하는 방법
// 김군의 생각하는노리터

현금 없이 번호만 들고 가면되 는 편리한 IBK 외화 환전

99D64B4B5B168EA631

해외여행을 준비할 때 꼭 필요한 것 중에 한 가지가 바로 환전입니다. 설레는 마음으로 환전해서 받아들면 기분이 그렇게 좋을 수가 없더라구요.

예전에는 환전하려고 환율우대 쿠폰 찾아다니고 창구 직원한테 우대 좀 잘 해달라고 요청하고 그랬는데, 요즘은 모바일 서비스가 발전해서 그런지 간편한 서비스가 많이 나오고 있습니다. 기업은행이 가까우면 90% 환율 우대가 되니 너무 좋더라구요.

994914435B16908D2A

기업은행에 거래가 있으면 은행 방문 시 기본 70% 환율은 적용됩니다. 하지만 i-ONE 뱅크 앱을 이용하면 90%까지 우대받는다는 사실~ 누구나 우대환율을 적용받을 수 있고 현금을 들고 갈 필요도 없어서 잔돈이 남을 일도 없어요~

99D169435B168F4232

일단 i-ONE 뱅크 앱을 이용해야 하니 앱을 다운받아야 합니다 다른 방법이 있는지는 잘 모르겠네요.

기업은행 이용자가 아니라도 사용할 수 있고 회원가입도 필요 없습니다.

9933004E5B168FCA0D

아이원 뱅크 메인 화면에서 중간쯤에 있는 메뉴 중에 휙 서비스를 선택하면 여러 메뉴 중 외화환전 메뉴를 이용하면 됩니다. 휙 환전을 이용하면 좀 더 빠르고 편하지만 휙 서비스를 이용하지 않아도 가능합니다.

99A5C3455B16903333

모두다환전을 선택하면 누구나 90% 우대 환율을 적용받을 수 있는데 USD, EUR, JPY의 3대 통화만 우대받을 수 있습니다. 다른 통화는 많이 사용되지 않아서 그런지 각 통화별로 우대율이 달라지더라구요.

996EF8475B1690FD20 99A296405B1690FD20

여기서 간단한 약관 동의 후 환전을 원하는 통화와 환전 신청인의 간단한 정보만 입력하면 됩니다. 많은 정보를 요구하지도 않고 나중에 환전한 돈을 찾을 때 본인을 확인하는 용도입니다.

99C623505B1691BD1F

그러면 문자로 가상 계좌와 접수내역이 전송되는데, 여기에 나와있는 가상 계좌로 입금하면 접수 완료됩니다.

993A32445B1691BD30

접수가 완료되면 다시 신청 완료가 되었다는 문자와 함께 환전 신청번호가 담긴 문자가 전송됩니다. 이 문자를 가지고 가서 신청한 외화를 받아오면 됩니다. 쉽죠? ^^

현금을 들고 가지 않아도 되니 아주 편하고 90% 환율우대를 받을 수 있으니 좋더라구요. 아마 다른 은행들도 비슷한 서비스가 있는 것 같던데, 신한은 일단 신한 계좌가 있어야 90% 환율 우대를 받을 수 있어서 기업은행이 조금 더 유리합니다.

공항에는 기업은행이 없어서 미리 환전해 두어야 하는데, 공항 가면 정신없어서 환전까지 하기는 번거로우니 미리미리 해 두는게 좋겠죠? 기업은행 환율우대로 조금은 알뜰한 여행 되세요~

함께보면 좋은 글

[사진으로떠나는여행/국내] – 무인철을 타는 재미! 인천공항 자기 부상열차

[TECH/모바일] – 데이터 로밍 무제한 LTE와 함께한 세부여행 후기, 데이터로밍 할까?말까?

[사진으로떠나는여행/국내,외 여행 정보] – 아이와 함께하는 세부 가족여행 일정과 간단 스케치, 알아두면 좋을 것들

—-

Read in my feedly

나의 iPhone에서 보냄

Don’t Install Development Tools! – DZone DevOps

2018/06/08

Don’t Install Development Tools! – DZone DevOps

https://dzone.com/articles/dont-install-development-tools

How to Install Graylog 2.0 on CentOS 7 and Collect Windows Logs – SYSteen

2018/06/05

How to Install Graylog 2.0 on CentOS 7 and Collect Windows Logs – SYSteen

http://www.systeen.com/2016/05/12/install-graylog-2-0-centos-7-collect-windows-logs/

Attack Infrastructure Logging – Part 3: Graylog Dashboard 101 – VIVI

2018/06/05

Attack Infrastructure Logging – Part 3: Graylog Dashboard 101 – VIVI

https://thevivi.net/2018/03/23/attack-infrastructure-logging-part-3-graylog-dashboard-101/