This Gist has moved to a full git repo:
Andy Brody brodygov
brodygov
/ get-piv-ssh-pubkey
Created
April 27, 2017 19:03
Get the first PIV public key in SSH format in the same way that PuTTY-CAC does on Windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eu | |
| # This script prints the first PIV certificate found from a smart card in SSH | |
| # format in the same way that putty-cac does on windows. (yeah.) | |
| # LICENSE | |
| # | |
| # As a work of the United States Government, this project is in the public | |
| # domain within the United States. |
brodygov
/ github-copy-issues.rb
Created
May 30, 2017 18:46
Copy issues from one github repository to another
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Copy a list of issues from one repository to another. | |
| # | |
| # This whole script is a poorly documented mess. Sorry. | |
| require 'date' | |
| require 'yaml' | |
| require 'pp' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Cookbook Name::ubuntu_hardened_ami | |
| # Recipe::hostname | |
| # Script to set hostname and /etc/hosts | |
| template '/usr/local/bin/auto-set-ec2-hostname' do | |
| source 'auto-set-ec2-hostname.erb' | |
| owner 'root' | |
| group 'root' | |
| mode '0755' |
brodygov
/ realip.nginx.conf
Created
August 28, 2017 23:30
Nginx realip module $lb_if_proxied variable: "-" if proxied, otherwise the load balancer's IP address
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create new variable $lb_if_proxied. | |
| # | |
| # With the realip module enabled, $remote_addr will be the end-user's IP | |
| # address, potentially from X-Forwarded-For, and $realip_remote_addr will be | |
| # the actual immediate client IP address. | |
| # | |
| # Return the load balancer IP address ($realip_remote_addr) if the request | |
| # looks like it was proxied. If the request does not look like it was proxied | |
| # (when $remote_addr is a private IP address), then return "-" instead. | |
| map $remote_addr $lb_if_proxied { |
brodygov
/ AA_dmarc.rb_MOVED.md
Last active
December 18, 2018 04:14
— forked from ab/AA_dmarc.rb_MOVED.md
MOVED TO https://github.com/ab/dmarc-analysis | DMARC analysis: quick script to resolve and examine DMARC vendor market share
brodygov
/ api-authentication.md
Last active
October 8, 2018 17:05
Thoughts on API authentication strategies
There are a number of different strategies for enabling API authentication for system-to-system authentication between two parties. All of them have some advantages and disadvantages.
The simplest approach is typically to pass a secret API key as a header or using HTTP basic auth. The client provides a secret value in the Authorization or Bearer header. The server matches the key against a stored value for that account. This relies on the security of HTTPS / TLS to provide confidentiality and integrity. This approach excels for websites with a lot of end-users who need to be able to manage their own keys through a web interface or API. It's so simple that clients don't need any custom code.
- Very simple to implement for both clients and servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- /usr/lib/rbenv/libexec/rbenv 2013-01-04 18:27:26.000000000 +0000 | |
| +++ /usr/lib/rbenv/libexec/rbenv 2018-05-14 20:21:59.322775897 +0000 | |
| @@ -21,7 +21,8 @@ | |
| } | |
| if [ -z "${RBENV_ROOT}" ]; then | |
| - RBENV_ROOT="${HOME}/.rbenv" | |
| + #RBENV_ROOT="${HOME}/.rbenv" | |
| + RBENV_ROOT="/opt/ruby_build" | |
| else |
brodygov
/ mirror-repo.sh
Created
May 17, 2018 02:42
Mirror a git repository under an archival github user's account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eu | |
| ARCHIVE_USER="${ARCHIVE_USER-my-archive-user}" | |
| ssh_key="$HOME/.ssh/key.mirror-repo" | |
| usage() { | |
| cat >&2 <<EOM | |
| usage: $(basename "$0") [options] SOURCE_REPO DEST_NAME |
brodygov
/ repo-alert-public.py
Created
May 17, 2018 02:44
Monitor a github user for public repos and alarm if any are found
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import json | |
| import sys | |
| import requests | |
| def usage(): | |
| print 'usage: repomonitor.py GITHUB_USER\n\nMonitor for public repos.' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| run() { | |
| echo >&2 "+ $*" | |
| "$@" | |
| } | |
| usage() { |
OlderNewer