Skip to content

Instantly share code, notes, and snippets.

View conclusionlogic's full-sized avatar
🏠
Working from home

Ergo Loorits conclusionlogic

🏠
Working from home
1 follower · 0 following
  • GlintPay
  • London
View GitHub Profile
@conclusionlogic
conclusionlogic / keybase.md
Created April 6, 2022 22:04

Keybase proof

I hereby claim:

  • I am conclusionlogic on github.
  • I am ergo_loorits (https://keybase.io/ergo_loorits) on keybase.
  • I have a public key ASDcCl58QQ3ccw4vXa0cSf7sfVWySkjRQq2-RZMlwC0PfAo

To claim this, I am signing this object:

@conclusionlogic
conclusionlogic / Find related Kubernetes objects per namespace
Created November 20, 2021 18:51
[List related K8s object per namespace] This is helpful when removing stuff but some resources are dangling and won't delete #K8s #cleanup
@conclusionlogic
conclusionlogic / custom_git_ssh_key.sh
Created June 30, 2020 23:51
[custom git ssh key] use a cusom ssh key with git commands #bash #git #ssh
#!/usr/bin/env bash
$ GIT_SSH_COMMAND='ssh -i /root/.ssh/random_rsa' git pull
@conclusionlogic
conclusionlogic / extract_certificate_fingerprints.sh
Created June 3, 2020 11:03
[get certificate fingerprint] Extraxt Base64 encoded certificate fingerprint for HPKP #bash #shell #openssl #pinning #hpkp
#!/usr/bin/env bash
# from Ceritifcate Signing Requets (for backpup certificate pinning):
$ openssl req -pubkey < DOMAIN.csr | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
# from Public Certificate file (for main certificate pinning):
$ cat DOMAIN.crt | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
@conclusionlogic
conclusionlogic / comodo_ssl_bundle.sh
Last active June 30, 2020 15:26
[Setting Up a Comodo SSL Cert] Create intermediate certificate bundle for Traefik #ssl #tls #bash #shell #comodo #openssl #traefik
#!/usr/bin/env bash
cat unleash_prod_us_glintpay_com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt >> unleash.prod.us.glintpay.com.crt
# pem bundle for haproxy:
cat unleash_prod_us_glintpay_com.key unleash_prod_us_glintpay_com.crt > unleash_prod_us_glintpay_com.pem
@conclusionlogic
conclusionlogic / jenkins_snippets.groovy
Created April 4, 2020 00:01
[jenkins_snippets] archive of snippets for Jenkins #groovy #jenkins #pipelinejob
#!/usr/bin/env groovy
script {
currentBuild.displayName = "#${env.BUILD_NUMBER} ${params.dockerTag}"
currentBuild.rawBuild.project.description = "${params.gitRef.replaceAll('.*/', '')}: ${params.dockerTag}"
}
@conclusionlogic
conclusionlogic / iptables_block_access_from_container.sh
Last active March 24, 2020 14:51
[block access from docker container] block access from a specific docker container #docker #iptables #bash
#!/usr/bin/env bash
# BLOCK ACCESS FROM CONTAINER:
CONTAINER='pricing-service'
# prep
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}'))
# to block
iptables -I DOCKER-USER -i docker0 -s ${IP_ADDRESS}/32 -j REJECT --reject-with icmp-host-unreachable
@conclusionlogic
conclusionlogic / iptables_block_accessing_container.sh
Created March 24, 2020 14:48
[block access to docker container] block access to a specific docker container #docker #iptables #bash
#!/usr/bin/env bash
# BLOCK ACCESS TO CONTAINER: manipulates existing rule by replacing it
CONTAINER='pricing-service'
# prep:
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}'))
RULE="$(iptables --list DOCKER --line-numbers -n|awk -v address="$IP_ADDRESS" '$0~address{print $1}')"
# to block:
@conclusionlogic
conclusionlogic / tcpdump_unique_ips_accessing_https.sh
Created March 4, 2020 17:27
[unique IPs accessing HTTPS port] check which IPs are connecting to HTTPS port on a node #bash #shell #tcpdump #awk
#!/usr/bin/env bash
$ tcpdump -i eth0 -nn ip dst host $(hostname --ip-address) and tcp dst port 443 and src net not 10.0.0.0/16 | awk '{ ts = gensub(/([0-9]+:[0-9]+:[0-9]+.[0-9]+)(.*)/,"\\1","g",$1); ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+)(.*)/,"\\1","g",$3); if(!d[ip]) { print ts" "ip; d[ip]=1; fflush(stdout) } }'
@conclusionlogic
conclusionlogic / docker_comopose_list.sh
Last active February 19, 2020 19:08
[list all docker-compose projects] lists all docker-compose projects with project name set #docker #docker-compose #bash #shell
$ docker ps --filter "label=com.docker.compose.project" -q | xargs docker inspect --format='{{index .Config.Labels "com.docker.compose.project"}}' | sort -u