Skip to content

Instantly share code, notes, and snippets.

Avatar

Harald van der Laan hvanderlaan

View GitHub Profile
@hvanderlaan
hvanderlaan / youve got root.md
Last active Oct 20, 2020
From security scan to rooting a box
View youve got root.md

From security scan to rooting a box

A friend of my created a php website / application, and ask me to check the website / application. so if started som simple test to if i could find some nice vulnerablity's. But what i found shocked me.

The information i've got

To annonimize this the fqdn is changed to domain.tld

information gathering: website directories

@hvanderlaan
hvanderlaan / user-data
Created Oct 16, 2018
Cloud init headless install rpi wifi
View user-data
#cloud-config
# vim: syntax=yaml
#
# The current version of cloud-init in the Hypriot rpi-64 is 0.7.9
# When dealing with cloud-init, it is SUPER important to know the version
# I have wasted many hours creating servers to find out the module I was trying to use wasn't in the cloud-init version I had
# Documentation: http://cloudinit.readthedocs.io/en/0.7.9/index.html
# Set your hostname here, the manage_etc_hosts will update the hosts file entries as well
@hvanderlaan
hvanderlaan / docker-rpi.md
Last active May 1, 2019
Docker swarm cluster on raspberry pi's
View docker-rpi.md

Docker swarm cluster on raspberry pi's

The goal is to create a very cheap docker cluster for the home environment, but still is capable of running multiple docker services. The idea is to use raspberry pi 3 B+ units. These small computers have a 1,4 GHz quadcore ARM cortex A53 soc and 1GB of memory. This should be sufficient to run pi-hole, home-assistant and wordpress websites.

Requirements

@hvanderlaan
hvanderlaan / dynamic-inv-local-network.py
Last active May 31, 2017
ansible dynamic inventory script for local network
View dynamic-inv-local-network.py
#!/usr/bin/env python
"""
dynamic-inv-local-network.py - dynamic ansible inventory file for use a local network
usage: ansible --ask-vault-password -i dynamic-inv-local-network.py all -m ping
"""
from __future__ import (print_function, absolute_import, division, unicode_literals)
@hvanderlaan
hvanderlaan / smartlight.cfg
Last active Sep 2, 2017
getting Ikea tardfri lightbulb status
View smartlight.cfg
[tardfri]
hubip = x.x.x.x
securityid = AABBCCDDEEFFGGHH
@hvanderlaan
hvanderlaan / nagiosTelegram.py
Last active Nov 19, 2019
Nagios notifications via Telegrambot
View nagiosTelegram.py
#!/usr/bin/env python
# file : nagiosTelegram.py
# purpose : send nagion notifications via Telegram bot
#
# author : harald van der laan
# date : 2017/04/01
# version : v1.0.1
#
# changelog:
@hvanderlaan
hvanderlaan / ansible-vault.md
Last active Oct 28, 2020
Ansible-vault example
View ansible-vault.md

Ansible vault example

New in Ansible 1.5, “Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control. To enable this feature, a command line tool, ansible-vault is used to edit files, and a command line flag –ask-vault-pass or –vault-password-file is used. Alternately, you may specify the location of a password file or command Ansible to always prompt for the password in your ansible.cfg file. These options require no command line flag usage.

Requirements

@hvanderlaan
hvanderlaan / ansible-rundeck.md
Last active Dec 5, 2020
ansible - rundeck, the poorman's ansible tower
View ansible-rundeck.md

Poor man's Ansible Tower

After a while of messing around with the free / demo version of Ansible Tower I thought that this could also be done with free tools. With some help from the internet and as an IT consultant I found the way forward.

As we all known Ansible is for free and is a package in the Ubuntu repository. Ansible Tower is a frontend for Ansible that will provide scheduler and a fancy webfrontend.

Rundeck is a job scheduler and runbook administration that is for free and also has a fancy webfrontend.

So for the poor man's solution we are going to use the best of both worlds.

POC

View wp in lxc.md
user@host ~ $ lxc launch ubutnu wp-server
user@host ~ $ lxc exec wp-server -- bash
root@wp-server ~ # apt-get update
root@wp-server ~ # apt-get --yes dist-upgrade
root@wp-server ~ # apt-get --yes install wget apache2 libapache2-mod-php7.0 mysql-server php7.0-mysql
root@wp-server ~ # msyql -u root -p
@hvanderlaan
hvanderlaan / create-lxc-alpine-ansible-node.sh
Created Apr 19, 2016
create ansible alpine linux container
View create-lxc-alpine-ansible-node.sh
#!/bin/bash
# file : create-lxc-alpine-ansible-node.sh
# purpose: deploy a new alpine container that is the ansible server
#
# author : harald van der laan
# date : 2016/04/19
# version: v1.0
lxcName="ansible01"
You can’t perform that action at this time.