aharonh

# patch all deployments and stateful sets containers in your kubernetes cluster for 
# log4shell CVE-2021-44228 by appending environment variable that prevents the exploit. 

from kubernetes import client, config

config.load_kube_config()
apps_api = client.AppsV1Api()
deployments = apps_api.list_deployment_for_all_namespaces()
stateful_sets = apps_api.list_stateful_set_for_all_namespaces()

aharonh

# check if any JVMs in kubernetes cluster are vulnerable to CVE-2021-44228
# only checks java versions. use on your own responsibility.

from kubernetes import client, config
from kubernetes.stream import stream
import re

java_version_regex = re.compile('"(.*)"')

def is_java_version_vulnerable(java_version):

aharonh

this script automates the required update of temporary access credentials required when MFA is configured for aws cli authentication. it is meant to be run each time (cca once a day) the temporary tokens expired so it will renew them. it was tested on both linux and windows with python3. below is a short explanation on how to use.

let's assume you there is an aws profile named 'root' configured for access and you have enabled MFA for aws cli. Then you should add profile called root-mfa in both ~/.aws/config and ~/.aws/credentials as follows:

config

[profile root-mfa]
region = us-east-1

aharonh

Keybase proof

I hereby claim:

• I am aharonh on github.
• I am aharon (https://keybase.io/aharon) on keybase.
• I have a public key ASDAztxIKklqxRV_phoAYo52QIeyH0-YC-Ywz2k3tSCtmgo

To claim this, I am signing this object:

aharonh

docker images | tail -n +2 | grep -v "none" | awk '{printf("%s:%s\n", $1, $2)}' | while read IMAGE; do
	echo $IMAGE
	filename="${IMAGE//\//-}"
	filename="${filename//:/-}.docker-image.gz"
	docker save ${IMAGE} | pigz --stdout --best > $filename
done