### Install firewalld Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the firewalld package, a dynamic firewall management tool, is installed on the system. ```shell # Example: Install firewalld using yum (CentOS/RHEL) sudo yum install firewalld # Example: Install firewalld using apt (Debian/Ubuntu - if available) sudo apt update sudo apt install firewalld ``` -------------------------------- ### Install firewalld Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the firewalld package, a dynamic firewall management tool, is installed on the system. ```shell # Example: Install firewalld using yum (CentOS/RHEL) sudo yum install firewalld # Example: Install firewalld using apt (Debian/Ubuntu - if available) sudo apt update sudo apt install firewalld ``` -------------------------------- ### Install pam_pwquality Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the pam_pwquality package, which provides modules for PAM (Pluggable Authentication Modules) to enforce password quality. This helps in setting strong passwords. ```bash sudo apt-get update && sudo apt-get install -y libpam-pwquality ``` -------------------------------- ### Install pam_pwquality Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the pam_pwquality package, which provides modules for PAM (Pluggable Authentication Modules) to enforce password quality. This helps in setting strong passwords. ```bash sudo apt-get update && sudo apt-get install -y libpam-pwquality ``` -------------------------------- ### Install pam_pwquality Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the pam_pwquality package, which provides modules for PAM (Pluggable Authentication Modules) to enforce password quality. This helps in setting strong passwords. ```bash sudo apt-get update && sudo apt-get install -y libpam-pwquality ``` -------------------------------- ### Install firewalld Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the firewalld package, a dynamic firewall management tool, is installed on the system. ```shell # Example: Install firewalld using yum (CentOS/RHEL) sudo yum install firewalld # Example: Install firewalld using apt (Debian/Ubuntu - if available) sudo apt update sudo apt install firewalld ``` -------------------------------- ### System Initialization and Security Configuration Rules Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This section covers rules related to system initialization files, GPG key installation, and AppArmor configuration. It ensures user initialization files have restrictive permissions and that AppArmor is properly enabled and installed. ```APIDOC Rule: Ensure All User Initialization Files Have Mode 0740 Or Less Permissive Description: Checks that user initialization files (e.g., .bashrc, .profile) have permissions of 0740 or are less permissive. Rule: Ensure Amazon GPG Key Installed Description: Verifies that the Amazon GPG key is installed on the system for package verification. Rule: Ensure AppArmor is enabled in the bootloader configuration Description: Checks if AppArmor is enabled in the bootloader configuration (e.g., GRUB). Rule: Ensure AppArmor is installed Description: Verifies that the AppArmor security module is installed on the system. ``` -------------------------------- ### Install pam_pwquality Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the pam_pwquality package, which provides modules for PAM (Pluggable Authentication Modules) to enforce password quality. This helps in setting strong passwords. ```bash sudo apt-get update && sudo apt-get install -y libpam-pwquality ``` -------------------------------- ### System Initialization and Security Configuration Rules Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This section covers rules related to system initialization files, GPG key installation, and AppArmor configuration. It ensures user initialization files have restrictive permissions and that AppArmor is properly enabled and installed. ```APIDOC Rule: Ensure All User Initialization Files Have Mode 0740 Or Less Permissive Description: Checks that user initialization files (e.g., .bashrc, .profile) have permissions of 0740 or are less permissive. Rule: Ensure Amazon GPG Key Installed Description: Verifies that the Amazon GPG key is installed on the system for package verification. Rule: Ensure AppArmor is enabled in the bootloader configuration Description: Checks if AppArmor is enabled in the bootloader configuration (e.g., GRUB). Rule: Ensure AppArmor is installed Description: Verifies that the AppArmor security module is installed on the system. ``` -------------------------------- ### Install sudo Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the sudo (superuser do) package, which allows permitted users to run commands as another user, typically the superuser. This is crucial for system administration. ```bash sudo apt-get update && sudo apt-get install -y sudo ``` -------------------------------- ### Install sudo Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the sudo (superuser do) package, which allows permitted users to run commands as another user, typically the superuser. This is crucial for system administration. ```bash sudo apt-get update && sudo apt-get install -y sudo ``` -------------------------------- ### Install firewalld Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This rule ensures that the firewalld package, a dynamic firewall management tool, is installed on the system. ```shell # Example: Installing firewalld on RHEL/CentOS/Fedora sudo yum install firewalld # Example: Installing firewalld on Debian/Ubuntu (if using) sudo apt install firewalld ``` -------------------------------- ### Install AIDE Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the Advanced Intrusion Detection Environment (AIDE) package is installed on the system. AIDE is used for file integrity checking. ```shell # Example: Install AIDE using apt (Debian/Ubuntu) sudo apt update sudo apt install aide # Example: Install AIDE using yum (CentOS/RHEL) sudo yum install aide ``` -------------------------------- ### Install AIDE Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the Advanced Intrusion Detection Environment (AIDE) package is installed on the system. AIDE is used for file integrity checking. ```shell # Example: Install AIDE using apt (Debian/Ubuntu) sudo apt update sudo apt install aide # Example: Install AIDE using yum (CentOS/RHEL) sudo yum install aide ``` -------------------------------- ### Install sudo Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the sudo (superuser do) package, which allows permitted users to run commands as another user, typically the superuser. This is crucial for system administration. ```bash sudo apt-get update && sudo apt-get install -y sudo ``` -------------------------------- ### Install sudo Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the sudo (superuser do) package, which allows permitted users to run commands as another user, typically the superuser. This is crucial for system administration. ```bash sudo apt-get update && sudo apt-get install -y sudo ``` -------------------------------- ### Install AIDE Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the Advanced Intrusion Detection Environment (AIDE) package is installed on the system. AIDE is used for file integrity checking. ```shell # Example: Install AIDE using apt (Debian/Ubuntu) sudo apt update sudo apt install aide # Example: Install AIDE using yum (CentOS/RHEL) sudo yum install aide ``` -------------------------------- ### Install the systemd_timesyncd Service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs and enables the systemd-timesyncd service, which synchronizes the system clock with remote NTP servers. This ensures accurate timekeeping. ```bash sudo apt-get update && sudo apt-get install -y systemd-timesyncd ``` -------------------------------- ### Install iptables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the iptables package, a traditional Linux firewall utility, is installed on the system. ```shell # Example: Install iptables using apt (Debian/Ubuntu) sudo apt update sudo apt install iptables # Example: Install iptables using yum (CentOS/RHEL) sudo yum install iptables ``` -------------------------------- ### Install the cron service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the cron service is installed and running, which is used for scheduling commands and scripts to run at specified times and dates. ```bash sudo apt-get update && sudo apt-get install -y cron ``` -------------------------------- ### Install the systemd_timesyncd Service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs and enables the systemd-timesyncd service, which synchronizes the system clock with remote NTP servers. This ensures accurate timekeeping. ```bash sudo apt-get update && sudo apt-get install -y systemd-timesyncd ``` -------------------------------- ### Install libselinux Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the libselinux package, which provides the SELinux runtime libraries. SELinux (Security-Enhanced Linux) is a security architecture that provides a flexible mandatory access control (MAC) system. ```bash sudo apt-get update && sudo apt-get install -y libselinux-utils ``` -------------------------------- ### Install iptables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the iptables package, a traditional Linux firewall utility, is installed on the system. ```shell # Example: Install iptables using apt (Debian/Ubuntu) sudo apt update sudo apt install iptables # Example: Install iptables using yum (CentOS/RHEL) sudo yum install iptables ``` -------------------------------- ### Install the systemd_timesyncd Service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs and enables the systemd-timesyncd service, which synchronizes the system clock with remote NTP servers. This ensures accurate timekeeping. ```bash sudo apt-get update && sudo apt-get install -y systemd-timesyncd ``` -------------------------------- ### Install AIDE Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This rule ensures that the Advanced Intrusion Detection Environment (AIDE) package is installed on the system. AIDE is used for file integrity checking. ```shell # Example: Installing AIDE on Debian/Ubuntu sudo apt update && sudo apt install aide # Example: Installing AIDE on RHEL/CentOS sudo yum install aide ``` -------------------------------- ### Install iptables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that the iptables package, a traditional Linux firewall utility, is installed on the system. ```shell # Example: Install iptables using apt (Debian/Ubuntu) sudo apt update sudo apt install iptables # Example: Install iptables using yum (CentOS/RHEL) sudo yum install iptables ``` -------------------------------- ### Install libselinux Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the libselinux package, which provides the SELinux runtime libraries. SELinux (Security-Enhanced Linux) is a security architecture that provides a flexible mandatory access control (MAC) system. ```bash sudo apt-get update && sudo apt-get install -y libselinux-utils ``` -------------------------------- ### Install the cron service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the cron service is installed and running, which is used for scheduling commands and scripts to run at specified times and dates. ```bash sudo apt-get update && sudo apt-get install -y cron ``` -------------------------------- ### Install the systemd_timesyncd Service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs and enables the systemd-timesyncd service, which synchronizes the system clock with remote NTP servers. This ensures accurate timekeeping. ```bash sudo apt-get update && sudo apt-get install -y systemd-timesyncd ``` -------------------------------- ### Install libselinux Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the libselinux package, which provides the SELinux runtime libraries. SELinux (Security-Enhanced Linux) is a security architecture that provides a flexible mandatory access control (MAC) system. ```bash sudo apt-get update && sudo apt-get install -y libselinux-utils ``` -------------------------------- ### Install ufw Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Uncomplicated Firewall (ufw) package, a user-friendly interface for managing netfilter firewall rules. It simplifies the process of configuring the system's firewall. ```bash sudo apt-get update && sudo apt-get install -y ufw ``` -------------------------------- ### Datadog RUM Setup Guides Source: https://github.com/manish06097/data-dogs-document/blob/main/real_user_monitoring.md Links to setup guides for collecting RUM data across different application types including browser, Android, iOS, React Native, Flutter, Roku, Unity, and Kotlin Multiplatform. ```browser https://docs.datadoghq.com/real_user_monitoring/browser/ ``` ```android https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/android/setup ``` ```ios https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/ios/setup ``` ```react-native https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/react_native/setup ``` ```flutter https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/flutter/setup ``` ```roku https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/roku/setup ``` ```unity https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/setup/unity/ ``` ```kotlin-multiplatform https://docs.datadoghq.com/real_user_monitoring/mobile_and_tv_monitoring/setup/kotlin_multiplatform/ ``` -------------------------------- ### Install ufw Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Uncomplicated Firewall (ufw) package, a user-friendly interface for managing netfilter firewall rules. It simplifies the process of configuring the system's firewall. ```bash sudo apt-get update && sudo apt-get install -y ufw ``` -------------------------------- ### Install and Run Data Dogs Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Instructions for installing the Data Dogs library and running a TypeScript example with Datadog environment variables. ```bash DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" ``` -------------------------------- ### Install ufw Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Uncomplicated Firewall (ufw) package, a user-friendly interface for managing netfilter firewall rules. It simplifies the process of configuring the system's firewall. ```bash sudo apt-get update && sudo apt-get install -y ufw ``` -------------------------------- ### Running the Datadog Java Example Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Instructions on how to install the Datadog Java client, save the example code, and execute it using environment variables for API and application keys. ```bash DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ``` -------------------------------- ### Install iptables-persistent Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the iptables-persistent package is installed on the system. This package allows iptables rules to be saved and restored across reboots. ```bash sudo apt-get update && sudo apt-get install -y iptables-persistent ``` -------------------------------- ### Install the cron service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the cron service is installed and running, which is used for scheduling commands and scripts to run at specified times and dates. ```bash sudo apt-get update && sudo apt-get install -y cron ``` -------------------------------- ### Install the cron service Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the cron service is installed and running, which is used for scheduling commands and scripts to run at specified times and dates. ```bash sudo apt-get update && sudo apt-get install -y cron ``` -------------------------------- ### Datadog API Client Libraries Source: https://github.com/manish06097/data-dogs-document/blob/main/api.md Lists the available official client libraries for interacting with the Datadog API, including installation instructions and usage examples. ```APIDOC Client Libraries: - Java: Maven dependency `com.datadoghq:datadog-api-client:2.33.1` - Python: `pip install datadog-api-client` - Ruby: `gem install datadog_api_client` - Go: (Installation details not provided in snippet) - Typescript: (Installation details not provided in snippet) - Rust: (Installation details not provided in snippet) - Python [legacy]: (Installation details not provided in snippet) - Ruby [legacy]: (Installation details not provided in snippet) Usage examples are available for each language by selecting the language preference on the API reference pages. ``` -------------------------------- ### Install ufw Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Uncomplicated Firewall (ufw) package, a user-friendly interface for managing netfilter firewall rules. It simplifies the process of configuring the system's firewall. ```bash sudo apt-get update && sudo apt-get install -y ufw ``` -------------------------------- ### Get List of Metrics (Go) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Demonstrates how to get a list of metrics tag configurations using the Datadog API client for Go. The code initializes the API client, makes the request, and prints the response or any errors. Ensure the Go client library is installed and environment variables are set. ```go package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewMetricsApi(apiClient) resp, r, err := api.ListTagConfigurations(ctx, *datadogV2.NewListTagConfigurationsOptionalParameters()) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `MetricsApi.ListTagConfigurations`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `MetricsApi.ListTagConfigurations`:\n%s\n", responseContent) } ``` -------------------------------- ### Install iptables-persistent Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the iptables-persistent package is installed on the system. This package allows iptables rules to be saved and restored across reboots. ```bash sudo apt-get update && sudo apt-get install -y iptables-persistent ``` -------------------------------- ### GPG Key and Authentication Benchmarks Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Verifies the installation of the Amazon GPG key and checks general authentication configurations. ```bash # Ensure Amazon GPG Key Installed # Ensure Authentication ``` -------------------------------- ### Get Metric Metadata (TypeScript) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Retrieves metric metadata using the Datadog TypeScript client. This example demonstrates creating a configuration, instantiating the API, and making the request. ```typescript import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.MetricsApi(configuration); const params: v1.MetricsApiGetMetricMetadataRequest = { metricName: "metric_name", }; apiInstance .getMetricMetadata(params) .then((data: v1.MetricMetadata) => { console.log("API called successfully. Returned data: " + JSON.stringify(data)); }) .catch((error: any) => console.error(error)); ``` -------------------------------- ### Install libselinux Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the libselinux package, which provides the SELinux runtime libraries. SELinux (Security-Enhanced Linux) is a security architecture that provides a flexible mandatory access control (MAC) system. ```bash sudo apt-get update && sudo apt-get install -y libselinux-utils ``` -------------------------------- ### Get Metric Metadata (Java) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Retrieves metadata for a given metric using the Datadog Java client. Ensure the Datadog library is installed and configured with API and App keys. ```java import datadog.trace.api.DDTags; import datadog.trace.api.Trace; public class Example { @Trace(writer=DDWriter.class) public static void main(String[] args) { // Initialize Datadog tracing // ... (initialization code) String metric = "system.cpu.idle"; // Call to get metric metadata (actual implementation depends on Datadog client) // api.Metadata.get(metric_name=metric); System.out.println("Getting metadata for metric: " + metric); } } ``` -------------------------------- ### Get Metric Metadata Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Retrieves metadata for a specific metric from the DataDog API. This endpoint requires the 'metrics_read' permission and appropriate API keys. The example shows how to construct the curl command. ```APIDOC GET https://api.ap1.datadoghq.com/api/v1/metrics/{metric_name} https://api.datadoghq.eu/api/v1/metrics/{metric_name} https://api.ddog-gov.com/api/v1/metrics/{metric_name} https://api.datadoghq.com/api/v1/metrics/{metric_name} https://api.us3.datadoghq.com/api/v1/metrics/{metric_name} https://api.us5.datadoghq.com/api/v1/metrics/{metric_name} Overview: Get metadata about a specific metric. This endpoint requires the `metrics_read` permission. OAuth apps require the `metrics_read` authorization scope to access this endpoint. Arguments: Path Parameters: metric_name [_required_] (string): Name of the metric for which to get metadata. Response Codes: 200: OK - Object with all metric related metadata. Fields: description (string): Metric description. integration (string): Name of the integration that sent the metric if applicable. per_unit (string): Per unit of the metric such as `second` in `bytes per second`. short_name (string): A more human-readable and abbreviated version of the metric name. statsd_interval (int64): StatsD flush interval of the metric in seconds if applicable. type (string): Metric type such as `gauge` or `rate`. unit (string): Primary unit of the metric such as `byte` or `operation`. 403: Forbidden - Error response object. Fields: errors [_required_] ([string]): Array of errors returned by the API. 404: Not Found - Error response object. Fields: errors [_required_] ([string]): Array of errors returned by the API. 429: Too many requests - Error response object. Fields: errors [_required_] ([string]): Array of errors returned by the API. Code Example (Curl): # Path parameters export metric_name="CHANGE_ME" # Curl command curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/metrics/${metric_name}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ``` -------------------------------- ### User Initialization File Permissions and Ownership Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that user initialization files (like .bashrc, .profile) have correct ownership and permissions to prevent unauthorized modifications or execution of malicious scripts. ```APIDOC User Initialization Files: Ownership: - Group Ownership: User initialization files must be group-owned by the primary group of the user. - User Ownership: User initialization files must be owned by the user. Permissions: - No World-Writable Programs: User initialization files must not contain or link to programs that are world-writable. Example Checks: - Verify /home/user/.bashrc group ownership. - Verify /home/user/.profile user ownership. - Check for world-writable executables in user's home directory. ``` -------------------------------- ### Install PAE Kernel on Supported 32-bit x86 Systems Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Physical Address Extension (PAE) kernel on 32-bit x86 systems. PAE allows 32-bit processors to access more than 4 GB of physical memory. ```bash sudo apt-get update && sudo apt-get install -y linux-image-$(uname -r)-pae ``` -------------------------------- ### Get Active Metrics List (Curl) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Example cURL command to fetch the list of active metrics. Requires setting the 'from' query argument and authentication headers for DD-API-KEY and DD-APPLICATION-KEY. ```curl # Required query arguments export from="CHANGE_ME" # Curl command curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/metrics?from=${from}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ``` -------------------------------- ### Submit Metrics with Compression Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Submits metrics to DataDog with zstd1 compression. This example uses the Datadog API client for Node.js. Ensure the library is installed and environment variables DD_API_KEY and DD_APP_KEY are set. ```typescript import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.MetricsApi(configuration); const params: v2.MetricsApiSubmitMetricsRequest = { body: { series: [ { metric: "system.load.1", type: 0, points: [ { timestamp: Math.round(new Date().getTime() / 1000), value: 0.7, }, ], }, ], }, contentEncoding: "zstd1", }; apiInstance .submitMetrics(params) .then((data: v2.IntakePayloadAccepted) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` -------------------------------- ### GPG Key and Authentication Benchmarks Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Verifies the installation of the Amazon GPG key and checks general authentication configurations. ```bash # Ensure Amazon GPG Key Installed # Ensure Authentication ``` -------------------------------- ### Install PAE Kernel on Supported 32-bit x86 Systems Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Physical Address Extension (PAE) kernel on 32-bit x86 systems. PAE allows 32-bit processors to access more than 4 GB of physical memory. ```bash sudo apt-get update && sudo apt-get install -y linux-image-$(uname -r)-pae ``` -------------------------------- ### Get Active Metrics List (Java) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Provides a Java example for retrieving active metrics from Datadog. It utilizes the Datadog Java client, handling potential API exceptions and printing the results. ```java import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.MetricsApi; import com.datadog.api.client.v1.model.MetricsListResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MetricsApi apiInstance = new MetricsApi(defaultClient); try { MetricsListResponse result = apiInstance.listActiveMetrics(9223372036854775807L); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MetricsApi#listActiveMetrics"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` -------------------------------- ### Install PAE Kernel on Supported 32-bit x86 Systems Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Physical Address Extension (PAE) kernel on 32-bit x86 systems. PAE allows 32-bit processors to access more than 4 GB of physical memory. ```bash sudo apt-get update && sudo apt-get install -y linux-image-$(uname -r)-pae ``` -------------------------------- ### Install nftables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the nftables package, a framework for packet filtering, network address translation, and other packet mangling. It is intended to replace the older iptables, ip6tables, arptables, and ebtables. ```bash sudo apt-get update && sudo apt-get install -y nftables ``` -------------------------------- ### User Initialization File Permissions and Ownership Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that user initialization files (like .bashrc, .profile) have correct ownership and permissions to prevent unauthorized modifications or execution of malicious scripts. ```APIDOC User Initialization Files: Ownership: - Group Ownership: User initialization files must be group-owned by the primary group of the user. - User Ownership: User initialization files must be owned by the user. Permissions: - No World-Writable Programs: User initialization files must not contain or link to programs that are world-writable. Example Checks: - Verify /home/user/.bashrc group ownership. - Verify /home/user/.profile user ownership. - Check for world-writable executables in user's home directory. ``` -------------------------------- ### Get List of Metrics (Python) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Retrieves a list of tag configurations for metrics using the Datadog API client for Python. Ensure the library and dependencies are installed and environment variables DD_API_KEY and DD_APP_KEY are set. ```python from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.metrics_api import MetricsApi configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = MetricsApi(api_client) response = api_instance.list_tag_configurations() print(response) ``` -------------------------------- ### Datadog API Search Metrics (TypeScript) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ This TypeScript example shows how to search for metrics using the Datadog API. It assumes the Datadog library is installed and configured, and demonstrates making the API call to search for metrics. ```typescript // Example for TypeScript would go here, assuming Datadog client library is used. ``` -------------------------------- ### User Initialization File Permissions and Ownership Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures that user initialization files (like .bashrc, .profile) have correct ownership and permissions to prevent unauthorized modifications or execution of malicious scripts. ```APIDOC User Initialization Files: Ownership: - Group Ownership: User initialization files must be group-owned by the primary group of the user. - User Ownership: User initialization files must be owned by the user. Permissions: - No World-Writable Programs: User initialization files must not contain or link to programs that are world-writable. Example Checks: - Verify /home/user/.bashrc group ownership. - Verify /home/user/.profile user ownership. - Check for world-writable executables in user's home directory. ``` -------------------------------- ### Get List of Metrics (Ruby) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Fetches metric tag configurations via the Datadog API using the Ruby client. Requires the datadog_api_client gem to be installed and the necessary environment variables (DD_API_KEY, DD_APP_KEY) configured. ```ruby require "datadog_api_client" api_instance = DatadogAPIClient::V2::MetricsAPI.new p api_instance.list_tag_configurations() ``` -------------------------------- ### Search Metrics (TypeScript) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ An example in TypeScript showing how to search metrics via the DataDog API. It initializes the API client and uses the listMetrics method with query parameters. The DataDog API client for TypeScript must be installed. ```typescript /** * Search metrics returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.MetricsApi(configuration); const params: v1.MetricsApiListMetricsRequest = { q: "q", }; apiInstance .listMetrics(params) .then((data: v1.MetricSearchResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` -------------------------------- ### User Initialization Files: No World-Writable Programs Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This rule ensures that user initialization files do not contain or execute world-writable programs. This prevents potential security risks from unauthorized program execution. ```bash find /home/* -name '.*' -type f -perm -o+w -exec echo "World-writable file found: {}" \; ``` -------------------------------- ### Install nftables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the nftables package, a framework for packet filtering, network address translation, and other packet mangling. It is intended to replace the older iptables, ip6tables, arptables, and ebtables. ```bash sudo apt-get update && sudo apt-get install -y nftables ``` -------------------------------- ### Install nftables Package Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the nftables package, a framework for packet filtering, network address translation, and other packet mangling. It is intended to replace the older iptables, ip6tables, arptables, and ebtables. ```bash sudo apt-get update && sudo apt-get install -y nftables ``` -------------------------------- ### Datadog API Search Metrics Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ This snippet demonstrates how to search for metrics within Datadog using the API. It includes the necessary setup for authentication and making the API call. The example shows how to use the `list_metrics` function from the Datadog client library. ```python from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.metrics_api import MetricsApi configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = MetricsApi(api_client) response = api_instance.list_metrics( q="q", ) print(response) ``` -------------------------------- ### Verify UEFI Boot Loader grub.cfg Permissions Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the correct file permissions are set for the UEFI boot loader configuration file (grub.cfg). It should not be world-writable. ```bash stat /boot/efi/EFI/redhat/grub.cfg | grep -q "Access:.*(-rw-r--r--)" ``` -------------------------------- ### Related Assets to a Metric (TypeScript) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ This TypeScript example demonstrates how to retrieve related assets for a metric using the Datadog API client. It requires the Datadog client library to be installed. The code takes a metric name as input and logs the API response. ```typescript /** * Related Assets to a Metric returns "Success" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.MetricsApi(configuration); const params: v2.MetricsApiListMetricAssetsRequest = { metricName: "system.cpu.user", }; apiInstance .listMetricAssets(params) .then((data: v2.MetricAssetsResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` -------------------------------- ### Verify UEFI Boot Loader grub.cfg Permissions Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the correct file permissions are set for the UEFI boot loader configuration file (grub.cfg). It should not be world-writable. ```bash stat /boot/efi/EFI/redhat/grub.cfg | grep -q "Access:.*(-rw-r--r--)" ``` -------------------------------- ### Search Metrics (Java) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Provides an example of searching metrics using the DataDog API client for Java. It sets up the API client, calls the listMetrics method with a query, and handles potential API exceptions. Ensure the DataDog API client library for Java is installed. ```java import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.MetricsApi; import com.datadog.api.client.v1.model.MetricSearchResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MetricsApi apiInstance = new MetricsApi(defaultClient); try { MetricSearchResponse result = apiInstance.listMetrics("q"); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MetricsApi#listMetrics"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` -------------------------------- ### Get List of Metrics (Java) Source: https://github.com/manish06097/data-dogs-document/blob/main/api_latest_metrics_ Provides a Java example for retrieving metric tag configurations using the Datadog API client. This includes setting up the API client and handling potential API exceptions. Make sure the Java client library is included in your project and environment variables are configured. ```java import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.MetricsApi; import com.datadog.api.client.v2.model.MetricsAndMetricTagConfigurationsResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MetricsApi apiInstance = new MetricsApi(defaultClient); try { MetricsAndMetricTagConfigurationsResponse result = apiInstance.listTagConfigurations(); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MetricsApi#listTagConfigurations"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` -------------------------------- ### Datadog Security Rule: Package Installed in Container Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Alerts when new packages are installed within a container, which could be a sign of unauthorized software deployment or malware installation. ```APIDOC Rule Name: Package installed in container Description: Detects the installation of new packages within a container. Detection Logic: Monitors package manager activity (e.g., apt, yum) within container environments. Severity: Medium Mitigation: Review the installed package and its source to ensure it is legitimate and authorized. ``` -------------------------------- ### Install PAE Kernel on Supported 32-bit x86 Systems Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Installs the Physical Address Extension (PAE) kernel on 32-bit x86 systems. PAE allows 32-bit processors to access more than 4 GB of physical memory. ```bash sudo apt-get update && sudo apt-get install -y linux-image-$(uname -r)-pae ``` -------------------------------- ### Datadog Security Rule: Package Installed in Container Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Alerts when new packages are installed within a container, which could be a sign of unauthorized software deployment or malware installation. ```APIDOC Rule Name: Package installed in container Description: Detects the installation of new packages within a container. Detection Logic: Monitors package manager activity (e.g., apt, yum) within container environments. Severity: Medium Mitigation: Review the installed package and its source to ensure it is legitimate and authorized. ``` -------------------------------- ### Datadog Security Rule: Package Installed in Container Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Alerts when new packages are installed within a container, which could be a sign of unauthorized software deployment or malware installation. ```APIDOC Rule Name: Package installed in container Description: Detects the installation of new packages within a container. Detection Logic: Monitors package manager activity (e.g., apt, yum) within container environments. Severity: Medium Mitigation: Review the installed package and its source to ensure it is legitimate and authorized. ``` -------------------------------- ### Datadog Security Rule: Package Installed in Container Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Alerts when new packages are installed within a container, which could be a sign of unauthorized software deployment or malware installation. ```APIDOC Rule Name: Package installed in container Description: Detects the installation of new packages within a container. Detection Logic: Monitors package manager activity (e.g., apt, yum) within container environments. Severity: Medium Mitigation: Review the installed package and its source to ensure it is legitimate and authorized. ``` -------------------------------- ### Verify UEFI Boot Loader grub.cfg Permissions Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Ensures the correct file permissions are set for the UEFI boot loader configuration file (grub.cfg). It should not be world-writable. ```bash stat /boot/efi/EFI/redhat/grub.cfg | grep -q "Access:.*(-rw-r--r--)" ``` -------------------------------- ### Submit Service Check - Curl Example Source: https://github.com/manish06097/data-dogs-document/blob/main/api_v1_service-checks.md Example of submitting a service check using Curl. ```curl curl -X POST "https://api.datadoghq.com/api/v1/check_run" \ -H "Content-Type: application/json" \ -d '{ "check": "app.ok", "host_name": "host", "status": 0, "tags": ["test:ExampleServiceCheck"] }' ``` -------------------------------- ### Submit Service Check - Python Example Source: https://github.com/manish06097/data-dogs-document/blob/main/api_v1_service-checks.md Example of submitting a service check using Python. ```python import requests api_url = "https://api.datadoghq.com/api/v1/check_run" headers = { "Content-Type": "application/json" } payload = { "check": "app.ok", "host_name": "host", "status": 0, "tags": ["test:ExampleServiceCheck"] } response = requests.post(api_url, headers=headers, json=payload) print(response.json()) ``` -------------------------------- ### Verify /boot/efi/EFI/redhat/user.cfg Permissions Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ This rule verifies the permissions of the /boot/efi/EFI/redhat/user.cfg file. Proper permissions prevent unauthorized modifications. ```bash stat -c '%a' /boot/efi/EFI/redhat/user.cfg ``` -------------------------------- ### Build and Test AIDE Database Source: https://github.com/manish06097/data-dogs-document/blob/main/security_default_rules_ Details the process for building and testing the AIDE (Advanced Intrusion Detection Environment) database. AIDE is used for file integrity checking. ```bash # Example command to initialize AIDE database aide --init ```