Here are some best practices for managing secrets in applications using a centralized secrets management system: - Compliance - Implement policies to ensure secrets meet regulatory and compliance requirements such as PCI DSS, HIPAA, GDPR, etc. Require encryption of secrets both at rest and in transit. - Rotation - Rotate secrets regularly, such as every 90 days for credentials and annually for certificates. Set shorter rotation periods for highly privileged secrets. Automate rotation where possible. - Length - Set minimum length requirements for secrets, such as at least 16 characters for passwords and 32 characters for API keys. The longer the better. - Complexity - Require secrets to have a complex composition of upper and lowercase letters, numbers, and symbols. Do not allow dictionary words or personal information. - Lifetime - Set secret expiration policies. Credentials could expire after 90 days. Certificates could be valid for 365 days. Temporary secrets could expire in hours or days. - Access manageme
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
index="vault_logs" | |
| rex field=_raw "^(?<log_timestamp>[^ ]+ +[^ ]+ +[^ ]+) +(?<vault_server>[^ ]+) +vault: \[(?<log_level>[^]]+)\] +(?<component>[^:]+): (?<message>.+)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0' encoding='UTF-8'?> | |
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> | |
<Rule language="beanshell" modified="1644587138647" name="AT Update Entitlement Owner with ManagedBy attribute"> | |
<Source> | |
// Below code will search for ManagedBy attibute (link attribute) to find a particular owner for the entitlement. | |
// A link attribute must be made searchable by adding it to the account mapping. | |
// Go to System Setup -> "Account Mappings" and click "Add New Attribute". Give it a name 'distinguishedName'. | |
// Click "Add Source" and select "Application Attribute". | |
// Aggregate the application that was specified above |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Author: Ajin Man Tuladhar | |
Purpose: Basic script to disable an internal user of Cisco Identity Services Engine (ISE). | |
""" | |
import sys | |
import requests | |
from requests.auth import HTTPBasicAuth | |
import json | |
import logging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The UID and GID of the user used to run paperless in the container. Set this | |
# to your UID and GID on the host so that you have write access to the | |
# consumption directory. | |
USERMAP_UID=101 | |
USERMAP_GID=1024 | |
# Additional languages to install for text recognition, separated by a | |
# whitespace. Note that this is | |
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the | |
# default language used when guessing the language from the OCR output. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this will create a conf for rsyslog to generate logs to homebridge.log | |
cat > /etc/rsyslog.d/homebridge.conf << EOF | |
if $programname == 'homebridge' then { | |
action(type="omfile" file="/var/log/homebridge.log") | |
stop | |
} | |
EOF | |
systemctl restart rsyslog |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dn: cn=john,ou=People,dc=lab,dc=savarize,dc=net | |
objectClass: top | |
objectClass: person | |
objectClass: organizationalPerson | |
objectClass: inetOrgPerson | |
objectClass: posixAccount | |
objectClass: shadowAccount | |
uid: spfaff | |
uidNumber: 1000 | |
gidNumber: 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo yum install epel-release | |
sudo yum update -y && sudo reboot | |
sudo yum install wget | |
sudo yum install unzip | |
sudo yum install mysql-server | |
sudo vi /etc/my.cnf | |
sudo systemctl start mysql |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yum install syslog-ng | |
systemctl enable syslog-ng | |
systemctl start syslog-ng | |
yum erase rsyslog | |
systemctl restart syslog-ng | |
netstat -antup | grep 514 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 | |
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm | |
rpm --import RPM-GPG-KEY-EPEL-7 | |
yum localinstall epel-release-7-10.noarch.rpm | |
yum install 389-ds-base 389-admin | |
yum install ldapjdk | |
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/i/idm-console-framework-1.1.17-1.el7.noarch.rpm |
NewerOlder