Sabree Blackmon heavypackets

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                heavypackets
                / keybase.md
            
            
              Created
              March 5, 2018 23:46
            
          
    Keybase proof

I hereby claim:

I am heavypackets on github.
I am heavypackets (https://keybase.io/heavypackets) on keybase.
I have a public key ASCyq-ZD7Wq9UammrMvh8yEqTOvCk9Rcuf2LVBbFu7cxdwo

To claim this, I am signing this object:

  
## simple-secrets_prometheus-counters.rs
static ref unsuccessful_login_counter: Counter = {
        match register_counter!(opts!(
        "simple_secrets_login_failure_total",
        "Total number of failed logins in this instance lifetime.")) {
            Ok(val) => val,
            Err(e) => telemetry_config_failed_panic(&e)
        }
    };
    static ref secrets_fetch_counter: Counter = {
        match register_counter!(opts!(

## simple-secrets_prometheus-metrics-endpoint.rs
fn main() {
...
    let mut metrics_router = Router::new();
    metrics_router.get("/metrics", metrics, "get_metrics");
    let _metrics = Iron::new(metrics_router).http("127.0.0.1:3001");

    audit_event(
        ServerEvents::Start,
        &format!("New instance of secret-server started: {}", *SPIFFE_ID),
    );

## envoy.yaml
    - name: simple-secrets-metrics
      address:
        socket_address: { address: 0.0.0.0, port_value: 10000 }
...
          tls_context:
            common_tls_context:
              tls_params:
                ecdh_curves: "X25519:P-256:P-521:P-384"
              tls_certificates:
                certificate_chain: { "filename": "/certs/svid.pem" }

## audits.rs
// Check password
    if !verify_password(&user_info) {
        audit_event(
            ServerEvents::LoginFailureInvalidPassword,
            &format!(
                "Login failure for user {} due to invalid password",
                user_info.username
            ),
        );
        unsuccessful_login_counter.inc();

## envoy.yaml
static_resources:
  listeners:
       - name: fluentd
      address:
        socket_address: { address: 127.0.0.1, port_value: 24224 }
      filter_chains:
        - filters:
            - name: envoy.tcp_proxy
              config:
                stat_prefix: ingress_tcp

## envoy.yaml
static_resources:
  listeners:
    - name: fluentd
      address:
        socket_address: { address: 0.0.0.0, port_value: 24224 }
      filter_chains:
        - filters:
            - name: envoy.tcp_proxy
              config:
                stat_prefix: ingress_tcp

## scan_for_metrics.sh
#!/bin/bash

# PLEASE DON'T DO THIS
set -x

for addr in $(nmap -n -sL 192.168.1.0/24 | grep "Nmap scan report" | awk '{print $NF}')
do
        curl -G --connect-timeout 1 http://${addr}/metrics > ${addr}
done

## envoy.yaml
static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: { address: 0.0.0.0, port_value: 10000 }
...
  clusters:
    - name: secrets-metrics
      ...
      tls_context:

## spire-deployment.yml
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: spire-server
  namespace: spire
  labels:
    app: spire-server
spec:
  selector:
	static ref unsuccessful_login_counter: Counter = {
	match register_counter!(opts!(
	"simple_secrets_login_failure_total",
	"Total number of failed logins in this instance lifetime.")) {
	Ok(val) => val,
	Err(e) => telemetry_config_failed_panic(&e)
	}
	};
	static ref secrets_fetch_counter: Counter = {
	match register_counter!(opts!(
	fn main() {
	...
	let mut metrics_router = Router::new();
	metrics_router.get("/metrics", metrics, "get_metrics");
	let _metrics = Iron::new(metrics_router).http("127.0.0.1:3001");

	audit_event(
	ServerEvents::Start,
	&format!("New instance of secret-server started: {}", *SPIFFE_ID),
	);
	- name: simple-secrets-metrics
	address:
	socket_address: { address: 0.0.0.0, port_value: 10000 }
	...
	tls_context:
	common_tls_context:
	tls_params:
	ecdh_curves: "X25519:P-256:P-521:P-384"
	tls_certificates:
	certificate_chain: { "filename": "/certs/svid.pem" }
	// Check password
	if !verify_password(&user_info) {
	audit_event(
	ServerEvents::LoginFailureInvalidPassword,
	&format!(
	"Login failure for user {} due to invalid password",
	user_info.username
	),
	);
	unsuccessful_login_counter.inc();
	static_resources:
	listeners:
	- name: fluentd
	address:
	socket_address: { address: 127.0.0.1, port_value: 24224 }
	filter_chains:
	- filters:
	- name: envoy.tcp_proxy
	config:
	stat_prefix: ingress_tcp
	#!/bin/bash

	# PLEASE DON'T DO THIS
	set -x

	for addr in $(nmap -n -sL 192.168.1.0/24 \| grep "Nmap scan report" \| awk '{print $NF}')
	do
	curl -G --connect-timeout 1 http://${addr}/metrics > ${addr}
	done
	static_resources:
	listeners:
	- name: listener_0
	address:
	socket_address: { address: 0.0.0.0, port_value: 10000 }
	...
	clusters:
	- name: secrets-metrics
	...
	tls_context:
	---
	apiVersion: apps/v1
	kind: StatefulSet
	metadata:
	name: spire-server
	namespace: spire
	labels:
	app: spire-server
	spec:
	selector: