Skip to content

Instantly share code, notes, and snippets.

Search Guard floragunncom

Block or report user

Report or block floragunncom

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View tls_tool_demo.sh
#!/bin/bash
#killall -9 java
shopt -s extglob
set -e
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR
TLS_TOOL_VERSION=1.6
CLUSTER_NAME="cluster-${1:-tlstoolcluster}"
ES_VERSION=6.6.1
View convert_p7b.sh
#!/bin/bash
for p7bfile in *.p7b; do
filename="${p7bfile%.*}"
echo "Converting $p7bfile"
openssl pkcs7 -print_certs -in "$filename.p7b" -out "was_p7b_$filename.pem"
openssl pkcs12 -export -in "was_p7b_$filename.pem" -inkey "$filename.key" -out "was_p7b_$filename.p12" -passout "pass:$PASSWORD"
openssl x509 -in "was_p7b_$filename.pem" -text -noout
done
@floragunncom
floragunncom / Main.java
Created Feb 3, 2019
RestHighLevelClient with username/password authentication and SSL (Pem and JKS)
View Main.java
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.regex.Pattern.CASE_INSENSITIVE;
import static javax.crypto.Cipher.DECRYPT_MODE;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
@floragunncom
floragunncom / Main.java
Created Feb 3, 2019
RestHighLevelClient with client certificate authentication (Pem and JKS)
View Main.java
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.regex.Pattern.CASE_INSENSITIVE;
import static javax.crypto.Cipher.DECRYPT_MODE;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
View search_guard_helm_kops_aws.sh
#!/bin/bash
export BUCKET="fg.k8s.test.kops"
export KOPS_STATE_STORE="s3://$BUCKET"
export NAME="sg.k8s.local"
echo "You need to have aws-cli, kops, helm and kubectl installed"
echo "aws-cli user needs appropriate permissions"
aws configure list
kops version
@floragunncom
floragunncom / sg_config.yml
Created Jul 11, 2017
internal_ldap_kibana_mt
View sg_config.yml
searchguard:
dynamic:
kibana:
multitenancy_enabled: true
server_username: "kibanaserver"
index: '.kibana'
http:
anonymous_auth_enabled: false
xff:
enabled: false
View nettylog_code
@Override
public SSLEngineResult wrap(
final ByteBuffer[] srcs, final int offset, final int length, final ByteBuffer dst) throws SSLException {
// Throw required runtime exceptions
if (srcs == null) {
throw new IllegalArgumentException("srcs is null");
}
if (dst == null) {
throw new IllegalArgumentException("dst is null");
}
View nettylog
[11:56:44,187][INFO ] [transport_client_worker][T#9]{New I/O worker #9}] io.netty.handler.ssl.OpenSslEngine - Zero bytes consumed
[11:56:44,200][INFO ] [transport_client_worker][T#9]{New I/O worker #9}] io.netty.handler.ssl.OpenSslEngine - return pendingNetResult Status = OK HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 177
[11:56:44,203][INFO ] [[http_server_worker.default]][T#1]{New I/O worker #18}] io.netty.handler.ssl.OpenSslEngine - Zero bytes consumed
[11:56:44,211][INFO ] [[http_server_worker.default]][T#1]{New I/O worker #18}] io.netty.handler.ssl.OpenSslEngine - return pendingNetResult Status = OK HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 17408
[11:56:44,214][INFO ] [[http_server_worker.default]][T#1]{New I/O worker #18}] io.netty.handler.ssl.OpenSslEngine - Zero bytes consumed
[11:56:44,215][INFO ] [[http_server_worker.default]][T#1]{New I/O worker #18}] io.netty.handler.ssl.OpenSslEngine - return pendingNetResult Status = OK HandshakeStatus = NEED_UNWRAP
byte
View gist:dd055afc299c8f5f30ddb0dbfc6c9836
==> client: sgadmin.sh done, test it
==> client: {
==> client: "user" : "User [name=spock, roles=[starfleet, vulcan]]",
==> client: "remote_address" : "10.0.3.114:57151",
==> client: "sg_roles" : [ "sg_public", "sg_role_starfleet_library", "sg_role_starfleet" ],
==> client: "principal" : null,
==> client: "peer_certificates" : "0"
==> client: }
==> client: {
==> client: "user" : "User [name=spock, roles=[starfleet, vulcan]]",
View gist:317b79309ead63d651d6
[22:40:28,926][DEBUG] PrivilegesEvaluator - evaluate permissions for User [name=worf, roles=[klingon, starfleet]]
[22:40:28,926][DEBUG] PrivilegesEvaluator - requested indices:data/read/search from 127.0.0.1:59784
[22:40:28,926][DEBUG] PrivilegesEvaluator - Resolve [starfleet] from class org.elasticsearch.action.search.SearchRequest
[22:40:28,926][DEBUG] PrivilegesEvaluator - No type() method for class org.elasticsearch.action.search.SearchRequest due to java.lang.NoSuchMethodException: org.elasticsearch.action.search.SearchRequest.type()
[22:40:28,926][DEBUG] PrivilegesEvaluator - indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true]
[22:40:28,926][DEBUG] PrivilegesEvaluator - raw indices [starfleet]
[22:40:28,926][DEBUG] PrivilegesEvaluator - requested resolved aliases and indices: [starfleet]
[22:40:28,926][DEBUG] PrivilegesEvaluator - requested res
You can’t perform that action at this time.