Skip to content

Instantly share code, notes, and snippets.

View andrewkroh's full-sized avatar

Andrew Kroh andrewkroh

115 followers · 7 following
View GitHub Profile
@andrewkroh
andrewkroh / sshd
Last active April 11, 2017 13:57
Google Authenticator PAM - Vagrant User SSH Exception
#%PAM-1.0
# Skip Google Authenticator for the vagrant user:
auth [success=1 default=ignore] pam_succeed_if.so user = vagrant
auth required pam_google_authenticator.so
auth required pam_unix.so
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
@andrewkroh
andrewkroh / main.go
Created September 20, 2017 20:09
Go seccomp-bpf example using Google Kafel to generate BPF filter
package main
import (
"errors"
"log"
"os/exec"
"syscall"
"unsafe"
)
@andrewkroh
andrewkroh / metricbeat.yml
Created November 21, 2016 15:34
Metricbeat Config for Monitoring a Docker-Machine
# Run `eval $(docker-machine env default)` to set the environment variables used below.
metricbeat.modules:
- module: docker
metricsets: ["cpu", "info", "memory", "network", "diskio", "container"]
hosts: ["${DOCKER_HOST}"]
ssl:
certificate_authority: "${DOCKER_CERT_PATH}/ca.pem"
certificate: "${DOCKER_CERT_PATH}/cert.pem"
key: "${DOCKER_CERT_PATH}/key.pem"
@andrewkroh
andrewkroh / install-golang1.5.1-solaris.sh
Last active November 20, 2017 13:22
Install Golang 1.5.1 on Solaris
#!/bin/bash -e
function setup_profile() {
profile=$1
cat << 'EOF' >> $profile
export GOROOT=/go1.5.1-solaris
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
[ ! -d "$GOPATH" ] && mkdir $GOPATH
EOF
@andrewkroh
andrewkroh / gist:f49a0f4d5df4396a38007f067c0a4e86
Created January 4, 2018 22:56
keybase.md
### Keybase proof
I hereby claim:
* I am andrewkroh on github.
* I am andrewkroh (https://keybase.io/andrewkroh) on keybase.
* I have a public key whose fingerprint is 3244 3ADF 2BE8 47C2 B49D 729B 0558 8481 AB5B 6468
To claim this, I am signing this object:
@andrewkroh
andrewkroh / redhat_6_stig.sh
Created March 5, 2015 13:42
Redhat 6 STIG Examples using OpenSCAP
# Install openscap tool.
sudo yum install openscap-utils
# Generate report based on RedHat's scap-security-guide project (SSG).
# Requires EPEL.
sudo yum install scap-security-guide
oscap xccdf eval --profile stig-rhel6-server-upstream \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
@andrewkroh
andrewkroh / seccomp-violation.json
Created April 8, 2018 19:34
Auditbeat Event for a Seccomp Violation
{
"@timestamp": "2018-04-08T19:29:14.461Z",
"@metadata": {
"beat": "auditbeat",
"type": "doc",
"version": "6.2.2"
},
"event": {
"action": "violated-seccomp-policy",
"module": "auditd",
@andrewkroh
andrewkroh / analyzing-bpf.md
Created April 9, 2018 16:29
Seccomp BPF Filter Analysis in Go

Generating Seccomp BPF Filters with libbseccomp in Go

// +build linux

package main

import (
	"log"
	"os"
@andrewkroh
andrewkroh / auditbeat-seccom-x86_64.yml
Last active April 23, 2018 12:55
Elastic Beat Seccomp Profiles
seccomp:
default_action: errno
syscalls:
- names:
- accept
- accept4
- arch_prctl
- bind
- brk
- clone
@andrewkroh
andrewkroh / KeyExtractor.java
Created November 13, 2014 23:46
Java Keystore Private Key Extractor
/*
* Copyright 2011 Andrew Kroh
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software