I hereby claim:
- I am conclusionlogic on github.
- I am ergo_loorits (https://keybase.io/ergo_loorits) on keybase.
- I have a public key ASDcCl58QQ3ccw4vXa0cSf7sfVWySkjRQq2-RZMlwC0PfAo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env bash | |
$ GIT_SSH_COMMAND='ssh -i /root/.ssh/random_rsa' git pull |
#!/usr/bin/env bash | |
# from Ceritifcate Signing Requets (for backpup certificate pinning): | |
$ openssl req -pubkey < DOMAIN.csr | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 | |
# from Public Certificate file (for main certificate pinning): | |
$ cat DOMAIN.crt | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 |
#!/usr/bin/env bash | |
cat unleash_prod_us_glintpay_com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt >> unleash.prod.us.glintpay.com.crt | |
# pem bundle for haproxy: | |
cat unleash_prod_us_glintpay_com.key unleash_prod_us_glintpay_com.crt > unleash_prod_us_glintpay_com.pem |
#!/usr/bin/env groovy | |
script { | |
currentBuild.displayName = "#${env.BUILD_NUMBER} ${params.dockerTag}" | |
currentBuild.rawBuild.project.description = "${params.gitRef.replaceAll('.*/', '')}: ${params.dockerTag}" | |
} |
#!/usr/bin/env bash | |
# BLOCK ACCESS FROM CONTAINER: | |
CONTAINER='pricing-service' | |
# prep | |
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}')) | |
# to block | |
iptables -I DOCKER-USER -i docker0 -s ${IP_ADDRESS}/32 -j REJECT --reject-with icmp-host-unreachable |
#!/usr/bin/env bash | |
# BLOCK ACCESS TO CONTAINER: manipulates existing rule by replacing it | |
CONTAINER='pricing-service' | |
# prep: | |
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}')) | |
RULE="$(iptables --list DOCKER --line-numbers -n|awk -v address="$IP_ADDRESS" '$0~address{print $1}')" | |
# to block: |
#!/usr/bin/env bash | |
$ tcpdump -i eth0 -nn ip dst host $(hostname --ip-address) and tcp dst port 443 and src net not 10.0.0.0/16 | awk '{ ts = gensub(/([0-9]+:[0-9]+:[0-9]+.[0-9]+)(.*)/,"\\1","g",$1); ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+)(.*)/,"\\1","g",$3); if(!d[ip]) { print ts" "ip; d[ip]=1; fflush(stdout) } }' |
$ docker ps --filter "label=com.docker.compose.project" -q | xargs docker inspect --format='{{index .Config.Labels "com.docker.compose.project"}}' | sort -u |