I hereby claim:
- I am alevsk on github.
- I am alevsk (https://keybase.io/alevsk) on keybase.
- I have a public key ASBoNZUOO7tZVhnH3TLpVV1-Clcy18vFHjpsxSmv-qzTTwo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
package main | |
import ( | |
"crypto/aes" | |
"crypto/cipher" | |
"crypto/hmac" | |
"crypto/rand" | |
"crypto/sha1" | |
"crypto/sha256" | |
"encoding/base64" |
#!/bin/sh | |
node=${1} | |
if [ -n "${node}" ]; then | |
nodeSelector='"nodeSelector": { "kubernetes.io/hostname": "'${node:?}'" },' | |
else | |
nodeSelector="" | |
fi | |
set -x | |
kubectl run ${USER+${USER}-}sudo --restart=Never -it \ | |
--image overriden --overrides ' |
- hosts: "{{ HOSTS }}" | |
name: Install Docker | |
become: yes | |
vars: | |
docker_group: docker | |
tasks: | |
- name: Install apt-transport-https | |
ansible.builtin.apt: | |
name: | |
- apt-transport-https |
- hosts: "{{ HOSTS }}" | |
name: Install authentication keys and certificates | |
become: yes | |
tasks: | |
- name: install public keys | |
register: pub_keys_installed | |
ansible.posix.authorized_key: | |
exclusive: yes | |
user: "{{ ansible_user }}" |
- hosts: "{{ HOSTS }}" | |
name: Rotate credentials | |
become: yes | |
vars: | |
root_password: "{{ lookup('pipe', 'op item get \"root user\" --fields password') }}" | |
user_password: "{{ lookup('pipe', 'op item get \"regular user\" --fields password') }}" | |
tasks: | |
- name: change user password | |
no_log: True | |
ansible.builtin.user: |
--------------------------------------------------------------- | |
[VulnerabilityType Other] | |
Remote Command Execution (RCE) | |
--------------------------------------------------------------- | |
[Affected Component] |
- hosts: "{{ HOSTS }}" | |
name: Install and configure podman and podman-compose | |
become: yes | |
tasks: | |
- name: Installing podman and podman-compose | |
ansible.builtin.apt: | |
name: | |
- podman | |
- podman-compose | |
state: latest |