This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
## from a running webserver | |
$ export DOMAIN="example.com" | |
$ openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 < /dev/null | sed -n "/-----BEGIN/,/-----END/p" | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | xxd -i | pbcopy | |
## from certificate file | |
$ cat example.com.crt | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | xxd -i | pbcopy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
## from a running webserver | |
$ export DOMAIN="example.com" | |
$ openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 < /dev/null | sed -n "/-----BEGIN/,/-----END/p" | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | pbcopy | |
## from certificate file | |
$ cat example.com.crt | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 | pbcopy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env groovy | |
import jenkins.model.* | |
import com.cloudbees.plugins.credentials.* | |
import com.cloudbees.plugins.credentials.impl.* | |
import com.cloudbees.plugins.credentials.domains.* | |
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey | |
import org.jenkinsci.plugins.plaincredentials.StringCredentials | |
import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ docker ps --filter "label=com.docker.compose.project" -q | xargs docker inspect --format='{{index .Config.Labels "com.docker.compose.project"}}' | sort -u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
$ tcpdump -i eth0 -nn ip dst host $(hostname --ip-address) and tcp dst port 443 and src net not 10.0.0.0/16 | awk '{ ts = gensub(/([0-9]+:[0-9]+:[0-9]+.[0-9]+)(.*)/,"\\1","g",$1); ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+)(.*)/,"\\1","g",$3); if(!d[ip]) { print ts" "ip; d[ip]=1; fflush(stdout) } }' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# BLOCK ACCESS TO CONTAINER: manipulates existing rule by replacing it | |
CONTAINER='pricing-service' | |
# prep: | |
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}')) | |
RULE="$(iptables --list DOCKER --line-numbers -n|awk -v address="$IP_ADDRESS" '$0~address{print $1}')" | |
# to block: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# BLOCK ACCESS FROM CONTAINER: | |
CONTAINER='pricing-service' | |
# prep | |
IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}')) | |
# to block | |
iptables -I DOCKER-USER -i docker0 -s ${IP_ADDRESS}/32 -j REJECT --reject-with icmp-host-unreachable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env groovy | |
script { | |
currentBuild.displayName = "#${env.BUILD_NUMBER} ${params.dockerTag}" | |
currentBuild.rawBuild.project.description = "${params.gitRef.replaceAll('.*/', '')}: ${params.dockerTag}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
cat unleash_prod_us_glintpay_com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt >> unleash.prod.us.glintpay.com.crt | |
# pem bundle for haproxy: | |
cat unleash_prod_us_glintpay_com.key unleash_prod_us_glintpay_com.crt > unleash_prod_us_glintpay_com.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# from Ceritifcate Signing Requets (for backpup certificate pinning): | |
$ openssl req -pubkey < DOMAIN.csr | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 | |
# from Public Certificate file (for main certificate pinning): | |
$ cat DOMAIN.crt | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 |
OlderNewer