ajin

Here are some best practices for managing secrets in applications using a centralized secrets management system: - Compliance - Implement policies to ensure secrets meet regulatory and compliance requirements such as PCI DSS, HIPAA, GDPR, etc. Require encryption of secrets both at rest and in transit. - Rotation - Rotate secrets regularly, such as every 90 days for credentials and annually for certificates. Set shorter rotation periods for highly privileged secrets. Automate rotation where possible. - Length - Set minimum length requirements for secrets, such as at least 16 characters for passwords and 32 characters for API keys. The longer the better. - Complexity - Require secrets to have a complex composition of upper and lowercase letters, numbers, and symbols. Do not allow dictionary words or personal information. - Lifetime - Set secret expiration policies. Credentials could expire after 90 days. Certificates could be valid for 365 days. Temporary secrets could expire in hours or days. - Access manageme

ajin

index="vault_logs"
| rex field=_raw "^(?<log_timestamp>[^ ]+ +[^ ]+ +[^ ]+) +(?<vault_server>[^ ]+) +vault: \[(?<log_level>[^]]+)\] +(?<component>[^:]+): (?<message>.+)"

ajin

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" modified="1644587138647" name="AT Update Entitlement Owner with ManagedBy attribute">
    <Source>
        // Below code will search for ManagedBy attibute (link attribute) to find a particular owner for the entitlement.
        // A link attribute must be made searchable by adding it to the account mapping. 
        // Go to System Setup -> "Account Mappings" and click "Add New Attribute". Give it a name 'distinguishedName'.
        // Click "Add Source" and select "Application Attribute". 
        // Aggregate the application that was specified above 

ajin

"""
Author: Ajin Man Tuladhar
Purpose: Basic script to disable an internal user of Cisco Identity Services Engine (ISE). 
"""

import sys
import requests
from requests.auth import HTTPBasicAuth
import json
import logging

ajin

# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
USERMAP_UID=101
USERMAP_GID=1024

# Additional languages to install for text recognition, separated by a
# whitespace. Note that this is
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
# default language used when guessing the language from the OCR output.

ajin

# this will create a conf for rsyslog to generate logs to homebridge.log

cat > /etc/rsyslog.d/homebridge.conf << EOF
if $programname == 'homebridge' then {
  action(type="omfile" file="/var/log/homebridge.log")
  stop
}
EOF

systemctl restart rsyslog

ajin

dn: cn=john,ou=People,dc=lab,dc=savarize,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: spfaff
uidNumber: 1000
gidNumber: 100

ajin

sudo yum install epel-release
sudo yum update -y && sudo reboot

sudo yum install wget
sudo yum install unzip

sudo yum install mysql-server
sudo vi /etc/my.cnf

sudo systemctl start mysql

ajin

yum install syslog-ng
systemctl enable syslog-ng
systemctl start syslog-ng

yum erase rsyslog


systemctl restart syslog-ng

netstat -antup | grep 514

ajin

wget http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm

rpm --import RPM-GPG-KEY-EPEL-7
yum localinstall epel-release-7-10.noarch.rpm
yum install 389-ds-base 389-admin

yum install ldapjdk

wget https://dl.fedoraproject.org/pub/epel/7/x86_64/i/idm-console-framework-1.1.17-1.el7.noarch.rpm