ajin

dn: cn=john,ou=People,dc=lab,dc=savarize,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: spfaff
uidNumber: 1000
gidNumber: 100

ajin

# this will create a conf for rsyslog to generate logs to homebridge.log

cat > /etc/rsyslog.d/homebridge.conf << EOF
if $programname == 'homebridge' then {
  action(type="omfile" file="/var/log/homebridge.log")
  stop
}
EOF

systemctl restart rsyslog

ajin

# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
USERMAP_UID=101
USERMAP_GID=1024

# Additional languages to install for text recognition, separated by a
# whitespace. Note that this is
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
# default language used when guessing the language from the OCR output.

ajin

"""
Author: Ajin Man Tuladhar
Purpose: Basic script to disable an internal user of Cisco Identity Services Engine (ISE). 
"""

import sys
import requests
from requests.auth import HTTPBasicAuth
import json
import logging

ajin

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" modified="1644587138647" name="AT Update Entitlement Owner with ManagedBy attribute">
    <Source>
        // Below code will search for ManagedBy attibute (link attribute) to find a particular owner for the entitlement.
        // A link attribute must be made searchable by adding it to the account mapping. 
        // Go to System Setup -> "Account Mappings" and click "Add New Attribute". Give it a name 'distinguishedName'.
        // Click "Add Source" and select "Application Attribute". 
        // Aggregate the application that was specified above 

ajin

index="vault_logs"
| rex field=_raw "^(?<log_timestamp>[^ ]+ +[^ ]+ +[^ ]+) +(?<vault_server>[^ ]+) +vault: \[(?<log_level>[^]]+)\] +(?<component>[^:]+): (?<message>.+)"

ajin

Here are some best practices for managing secrets in applications using a centralized secrets management system: - Compliance - Implement policies to ensure secrets meet regulatory and compliance requirements such as PCI DSS, HIPAA, GDPR, etc. Require encryption of secrets both at rest and in transit. - Rotation - Rotate secrets regularly, such as every 90 days for credentials and annually for certificates. Set shorter rotation periods for highly privileged secrets. Automate rotation where possible. - Length - Set minimum length requirements for secrets, such as at least 16 characters for passwords and 32 characters for API keys. The longer the better. - Complexity - Require secrets to have a complex composition of upper and lowercase letters, numbers, and symbols. Do not allow dictionary words or personal information. - Lifetime - Set secret expiration policies. Credentials could expire after 90 days. Certificates could be valid for 365 days. Temporary secrets could expire in hours or days. - Access manageme

ajin

#!/bin/bash

IF_MSS=$(sudo iptables -t mangle -L UBIOS_FORWARD_TCPMSS | grep PMTU | wc -l)

if [[ $IF_MSS == 0 ]]; then
  sudo iptables -t mangle -A UBIOS_FORWARD_TCPMSS -o wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  sudo iptables -t mangle -A UBIOS_FORWARD_TCPMSS -i wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  sudo iptables -t mangle -A UBIOS_OUTPUT_TCPMSS -o wgclt+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
fi