Skip to content

Instantly share code, notes, and snippets.

Allister Banks arubdesu

Block or report user

Report or block arubdesu

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View expander
OUTPUT=$(/usr/bin/basename "$1" | /usr/bin/sed -e "s/.pkg//g")
/usr/sbin/pkgutil --expand "$1" /tmp/"$OUTPUT"
open -a "Archive Utility.app" /tmp/"$OUTPUT"/Payload
View simianfacter
#!/usr/local/munki/simian/bin/python
#
# Copyright 2010 Google Inc. All Rights Reserved.
"""Script to output Simian dependent facter-like output of various variables."""
import json
import os
import re
import subprocess
@arubdesu
arubdesu / ruler.py
Created Sep 1, 2016
manual (server-less) 🎅rule import script, and an excuse to use multiprocessing
View ruler.py
#!/usr/bin/python
"""Shoves down santa rules 5 at a time to whitelist certs/binaries
NOTICE - if you have a sync server like Zentral configured, you cannot add rules
"""
import os
import subprocess
from multiprocessing.dummy import Pool as ThreadPool
if os.geteuid() != 0:
exit("Please run this script as root.")
@arubdesu
arubdesu / whitelistBinaries.txt
Last active Aug 31, 2016
My running list of certs to whitelist for santa
View whitelistBinaries.txt
10b716799ecc07f472e6475ac6395cf76d7b180da7fc665fa7399e931d0540e5,/opt/puppetlabs/puppet/bin/augparse
10e5efeba67a600d3dcafc1cf3ee1bbb854c3d41a65fa3e9466e8e565d76c3eb,/opt/puppetlabs/puppet/bin/ruby
2533995e290b235bc98dcd9142df49101017ce2d9b860b0bbe8e841a780e6009,/Applications/Docker.app/Contents/Resources/bin/docker
3b45cef4efbd9a437a18669e6a7bce4e24456bb1c6cedfe039fda4ed9277c652,/Library/DropboxHelperTools/Dropbox_u841296058/dbaccessperm
58926d227548537c86b69b88906f1cbafbd689f5289323c13a3c2a31019f872b,/Applications/Managed Software Center.app
5d76ffc5b716f065bb0a2218fb05f1249e7e9ba83e960e7ed0a9b0c2aae58f56,/Applications/Docker.app/Contents/Resources/bin/http2client
7b30e3c645301d2e41006c9da04b6b50c6bca32843aafd7ee7dcf900d50c4549,/Applications/TextMate.app/Contents/Resources/mate
7edcc27c2b2e7e26446448953816044e7d2f234f5c51d8848ea97b5bc902db3c,/usr/local/bin/osqueryi
a2fb872c714389d7b0415b62421331d9b1dad3cb88fe22bca1c4a8f8f489e171,/private/tmp/PKInstallSandbox.8Uv2rI/Scripts/com.microsoft.office.all.fonts.pkg
@arubdesu
arubdesu / SantaLogScraper.py
Last active Sep 7, 2016
grab cert sha256 identifiers from logs on-disk
View SantaLogScraper.py
#!/usr/bin/python
import glob
import gzip
certs = [
"2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32",# apples
"33b9aee3b089c922952c9240a40a0daa271bebf192cf3f7d964722e8f2170e48",# santas - everything after this isn't included...
"15b8ce88e10f04c88a5542234fbdfc1487e9c2f64058a05027c7c34fc4201153",# GoogleSoftwareUpdateAgent (~)
"1808a95f11169c7212a45b44c1c547c1f3e810915014bd892435253a3f8761ca",# Citrix ServiceRecords/ReceiverHelper
View BrowserWhitelist_Table.ext
#!/usr/bin/python
import osquery
import browser_whitelist
@osquery.register_plugin
class BrowserWhitelist(osquery.TablePlugin):
def name(self):
@arubdesu
arubdesu / allTheDMGs.py
Last active Sep 27, 2017
generate all the things
View allTheDMGs.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import glob
import os
import subprocess
import sys
sys.path.append('/usr/local/munki/munkilib')
import FoundationPlist
path = '/Users/abanks/Library/AutoPkg/Cache'
View bootstrap_pupppetcerts.py
#!/usr/bin/python
"""bootstraps puppet, which gets munki ready for SSL,
and runs the munki function that shoves puppet's CA into the sys keychain.
Assumes this is at /Library/MMCSupport/bootstrap_puppet.py,
and called by outset(github.com/chilcote/outset)'s boot-every option"""
import os
import shutil
import subprocess
import sys
@arubdesu
arubdesu / SantaCertShaProcessor.py
Last active Jun 10, 2016
Autopkg processor that generates the sha256 fingerprint of the cert from an app bundle (recipes must unpack the payload in steps leading up to it) for logging/feeding to Santa's white/blacklist
View SantaCertShaProcessor.py
#!/usr/bin/python
#
# Copyright 2016 Allister Banks, mostly stolen from Hannes Juutilainen
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
View osxlockdown.conf
{
"packs": {
"osxlockdown": {
"platform": "darwin",
"version": ".1",
"queries": {
"OS Updates": {
"query": "select value from preferences where path = '/Library/Preferences/com.apple.SoftwareUpdate.plist' and key = 'LastSuccessfulDate';",
"interval": "86400",
"description": "Verify all Apple OS-bundled software has checked it's configured server recently",
You can’t perform that action at this time.