These are some notes about the manual osquery release process (circa 2019-12)
While our goal is to replace this with ci/cd, this is what today is.
References:
package main | |
import ( | |
"crypto" | |
"crypto/rand" | |
"crypto/sha256" | |
"encoding/base64" | |
"fmt" | |
"time" |
// Creates an app with a systray menu | |
// Still not quite right | |
package main | |
import ( | |
fyne "fyne.io/fyne/v2" | |
"fyne.io/fyne/v2/app" | |
"fyne.io/fyne/v2/canvas" | |
"fyne.io/fyne/v2/container" |
<!-- This is my imagemagick policy.xml file. It's a collection of various | |
recommendations cargo culted from around the internet to block various | |
exploits. It is effective in stopping CVE-2021-3781 (https://twitter.com/ducnt_/status/1434534373416574983 | |
and https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50) --> | |
<policymap> | |
<policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> | |
<policy domain="coder" rights="none" pattern="EPHEMERAL" /> | |
<policy domain="coder" rights="none" pattern="EPI" /> | |
<policy domain="coder" rights="none" pattern="EPS" /> | |
<policy domain="coder" rights="none" pattern="MSL" /> |
These are some notes about the manual osquery release process (circa 2019-12)
While our goal is to replace this with ci/cd, this is what today is.
References:
// Some snippets of how I'm current doing subcommands. | |
package main | |
type subCommand struct { | |
Name string | |
Command func(context.Context, []string) error | |
Description string | |
} |
#include <stdlib.h> | |
#include <iostream> | |
#include <boost/regex.hpp> | |
#include <boost/algorithm/string/regex.hpp> | |
int main() { | |
// Works | |
{ |
class HashFormatter | |
def parse_json(string) | |
JSON.parse(string) | |
rescue | |
nil | |
end | |
def call(severity, timestamp, progname, msg) | |
base_struct = { | |
severity: severity, |
#!/usr/bin/perl | |
# We'd like to have a sanitized/elided copy of the database suitable | |
# for letting various people run reporting against. Thus, we need to | |
# strip out sensitive or noisy data. | |
# | |
# One "obvious" way to do that is with a table by table | |
# pg_dump. Unfortunatly, that ends up omiting the non-table data (like | |
# views) which we do need. thus, we have this awkward script. | |
# |
require 'csv' | |
CSV::Converters[:num2] = lambda do |num| | |
puts "Converter called with #{num}" | |
return num unless num.is_a?(Numeric) | |
sprintf('%.2f', num) | |
end | |
CSV.instance($stdout, | |
{ headers: [:name, :val] , write_headers: true, |