Skip to content

Instantly share code, notes, and snippets.

🔒
SECURE ALL THE MACHINES!!

Joe Garcia, CISSP infamousjoeg

🔒
SECURE ALL THE MACHINES!!
Block or report user

Report or block infamousjoeg

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@infamousjoeg
infamousjoeg / RobertSafeFactory.ps1
Last active Sep 6, 2019
CyberArk Safe Search & Permission Granting
View RobertSafeFactory.ps1
Import-Module psPAS
### VARIABLES
# Base URI to PVWA as validated on the certificate
$baseURI = "https://cyberark.joegarcia.dev"
# API Automation Username
$userName = "Svc_RESTAPI"
### LOGIN
@infamousjoeg
infamousjoeg / CreateSafeADGroups.ps1
Created Aug 16, 2019
Create Active Directory security groups for CyberArk; Create safe in CyberArk; Add groups as members
View CreateSafeADGroups.ps1
Import-Module ActiveDirectory
Import-Module psPAS
Import-Module CredentialRetriever
$domainName = "joegarcia.dev"
$baseURI = "https://cyberark.joegarcia.dev"
$apiUsername = "Svc_CybrAutomation"
$safeName = Read-Host "Enter the name of the safe in CyberArk PAS"
Write-Output "Creating security group ${safeName}_Admin"
@infamousjoeg
infamousjoeg / challenge-response.ps1
Last active Aug 29, 2019
How to MFA Challenge/Response via CyberArk REST API
View challenge-response.ps1
param
(
[Parameter(Mandatory=$true,HelpMessage="Enter the PVWA URL")]
[ValidateScript({Invoke-WebRequest -UseBasicParsing -DisableKeepAlive -Uri $_ -Method 'Head' -ErrorAction 'stop' -TimeoutSec 30})]
[Alias("url")]
[String]$PVWAURL,
[Parameter(Mandatory=$false,HelpMessage="Enter the Authentication type (Default:CyberArk)")]
[ValidateSet("cyberark","ldap","radius")]
[String]$AuthType="cyberark"
@infamousjoeg
infamousjoeg / CYBRAutomation.md
Last active Sep 6, 2019
CyberArk Automation - Greatest Hits!
View CYBRAutomation.md
@infamousjoeg
infamousjoeg / Jenkinsfile
Last active Jun 26, 2019
Example of using cURL to list Conjur resources in a Groovy DSL Jenkinsfile
View Jenkinsfile
pipeline {
agent { label 'master' }
environment {
def loginToken = '3m184cf1ygzfcd24ct5a93wwjzfwm4r2gx36vykyc2er5qz01se0th3'
def username = 'dba01'
def auth_token = sh (script: "curl -k --data ${env.loginToken} https://master1.yoba.net/authn/Kramerica/dba01/authenticate | base64 | tr -d '\\r\\n'", returnStdout: true).trim()
//println("curl returned: ${auth_token}")
}
View MySql-5.5-installation guide.md

MySQL Download URL

https://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.56-linux-glibc2.5-x86_64.tar.gz

Open the terminal and follow along:

  • Uninstall any existing version of MySQL
sudo rm /var/lib/mysql/ -R
@infamousjoeg
infamousjoeg / cidr-restricted-user-policy.yml
Created Jun 17, 2019
CyberArk Conjur User & Host Identities with CIDR-restriction
View cidr-restricted-user-policy.yml
#Single IP
- !user
id: bob
restricted_to: 172.17.0.3
#Multiple IPs
- !user
id: joe
restricted_to: [172.17.0.3, 192.168.79.5]
@infamousjoeg
infamousjoeg / authn-k8s-policy.yml
Last active May 9, 2019
Clean Example of Authn-K8s Policy for CyberArk DAP & Conjur Open Source
View authn-k8s-policy.yml
- !policy
id: conjur/authn-k8s/conjur-follower
#Subpolicy to define all things required for OpenShift Authentication
body:
- !webservice
annotations:
description: Authentication service definition for follower namespace
- !policy #policy definition for CA - used as part of authenticator
@infamousjoeg
infamousjoeg / ProvisioningExample.yml
Last active May 8, 2019
Example deploying a LAMP Stack and provisioning with Ansible Role infamousjoeg.provisioning
View ProvisioningExample.yml
---
- hosts: localhost
pre_tasks:
- name: Install Apache & PHP
yum:
name: ['httpd', 'php', 'php-mysql']
state: present
- name: Install Web Role Specific Dependencies
@infamousjoeg
infamousjoeg / conjur-demo-app.go
Created May 3, 2019
Example Go App for Conjur Demos of authn-k8s
View conjur-demo-app.go
package main
import (
"database/sql"
"fmt"
"log"
"os"
"github.com/cyberark/conjur-api-go/conjurapi"
_ "github.com/go-sql-driver/mysql"
You can’t perform that action at this time.