Timeline

Upgrading production DB cluster to PostgreSQL 16.4. Includes security patches CVE-2024-10978 and CVE-2024-10979. Replica promoted first, then primary.

Monthly maintenance window. Running VACUUM ANALYZE on all tables, rebuilding fragmented indexes. Estimated 45 min. Standby promoted during window.

Discovered several unauthorized scan attempts hitting port 8080. Blocking at perimeter firewall. Internal access via proxy still functional.

Provisioned AD accounts for the new contractor cohort starting Monday. Accounts placed in OU=Contractors, added to security group SG-VPN-Limited.

Upgrading production DB cluster to PostgreSQL 16.4. Includes security patches CVE-2024-10978 and CVE-2024-10979. Replica promoted first, then primary.

Annual key rotation per security policy SEC-007. Generated new PSKs, distributed via encrypted email. Old keys invalidated at rotation time.

NGINX 1.26.2 addresses a buffer overflow in the ngx_http_mp4_module. Rolling update across load balancer cluster. No configuration changes.

Following threat intelligence report, implemented geo-blocking for high-risk country codes. Allowlist in place for known partner IPs.

Configured Windows audit policy to log all changes to Domain Admins, Enterprise Admins, and Schema Admins groups. Logs forwarding to SIEM.

Updated Veeam backup job schedule to retain production DB backups for 90 days instead of 30. Additional 2TB storage provisioned on NAS-02.

Removed DB permissions for deprecated service account following decommission of legacy reporting app. Account left disabled per offboarding SOP.

Implemented rate limiting to protect API endpoints from abuse. Configured zone with 10MB memory, burst=20 nodelay. Returns 429 on excess.

Updated WireGuard config to only tunnel 10.0.0.0/8 and 172.16.0.0/12 through VPN. Public internet goes direct. Reduces bandwidth on VPN gateway.

Monthly maintenance window. Running VACUUM ANALYZE on all tables, rebuilding fragmented indexes. Estimated 45 min. Standby promoted during window.