Skip to content

Instantly share code, notes, and snippets.

🔒
SECURE ALL THE MACHINES!!

Joe Garcia, CISSP infamousjoeg

🔒
SECURE ALL THE MACHINES!!
Block or report user

Report or block infamousjoeg

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@infamousjoeg
infamousjoeg / psPAS-OneLiners.ps1
Last active Oct 24, 2019
Collection of helpful psPAS one-liners
View psPAS-OneLiners.ps1
# Before every one-liner before, remember to import the psPAS module and create a new PAS session (unless you're already logged in.) https://github.com/pspete/psPAS
Import-Module psPAS
# You no longer have to consume the session token for later use as of psPAS v3+
New-PASSession -BaseURI https://cyberark.joegarcia.dev -Type ldap -Credential $(Get-Credential)
###########################################
# List Safe Members by Specific Permission
@infamousjoeg
infamousjoeg / update-dap.pem
Created Oct 8, 2019
/etc/letsencrypt/renewal-hooks/deploy/update-dap.pem - LetsEncrypt Deployment Script for Renewed SSL Certificates
View update-dap.pem
#!/bin/bash
DOMAIN="dap.joegarcia.dev"
[[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$DOMAIN" ]] && exit 0
echo "Updating dap.joegarcia.dev SSL certificates"
sudo docker cp /etc/letsencrypt/live/$DOMAIN/privkey.pem dap:/root/privkey.pem
sudo docker cp /etc/letsencrypt/live/$DOMAIN/cert.pem dap:/root/cert.pem
docker exec dap evoke ca import --key /root/privkey.pem --set /root/cert.pem
@infamousjoeg
infamousjoeg / RobertSafeFactory.ps1
Last active Sep 6, 2019
CyberArk Safe Search & Permission Granting
View RobertSafeFactory.ps1
Import-Module psPAS
### VARIABLES
# Base URI to PVWA as validated on the certificate
$baseURI = "https://cyberark.joegarcia.dev"
# API Automation Username
$userName = "Svc_RESTAPI"
### LOGIN
@infamousjoeg
infamousjoeg / CreateSafeADGroups.ps1
Created Aug 16, 2019
Create Active Directory security groups for CyberArk; Create safe in CyberArk; Add groups as members
View CreateSafeADGroups.ps1
Import-Module ActiveDirectory
Import-Module psPAS
Import-Module CredentialRetriever
$domainName = "joegarcia.dev"
$baseURI = "https://cyberark.joegarcia.dev"
$apiUsername = "Svc_CybrAutomation"
$safeName = Read-Host "Enter the name of the safe in CyberArk PAS"
Write-Output "Creating security group ${safeName}_Admin"
@infamousjoeg
infamousjoeg / challenge-response.ps1
Last active Aug 29, 2019
How to MFA Challenge/Response via CyberArk REST API
View challenge-response.ps1
param
(
[Parameter(Mandatory=$true,HelpMessage="Enter the PVWA URL")]
[ValidateScript({Invoke-WebRequest -UseBasicParsing -DisableKeepAlive -Uri $_ -Method 'Head' -ErrorAction 'stop' -TimeoutSec 30})]
[Alias("url")]
[String]$PVWAURL,
[Parameter(Mandatory=$false,HelpMessage="Enter the Authentication type (Default:CyberArk)")]
[ValidateSet("cyberark","ldap","radius")]
[String]$AuthType="cyberark"
@infamousjoeg
infamousjoeg / CYBRAutomation.md
Last active Nov 5, 2019
CyberArk Automation - Greatest Hits!
View CYBRAutomation.md
@infamousjoeg
infamousjoeg / Jenkinsfile
Last active Jun 26, 2019
Example of using cURL to list Conjur resources in a Groovy DSL Jenkinsfile
View Jenkinsfile
pipeline {
agent { label 'master' }
environment {
def loginToken = '3m184cf1ygzfcd24ct5a93wwjzfwm4r2gx36vykyc2er5qz01se0th3'
def username = 'dba01'
def auth_token = sh (script: "curl -k --data ${env.loginToken} https://master1.yoba.net/authn/Kramerica/dba01/authenticate | base64 | tr -d '\\r\\n'", returnStdout: true).trim()
//println("curl returned: ${auth_token}")
}
View MySql-5.5-installation guide.md

MySQL Download URL

https://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.56-linux-glibc2.5-x86_64.tar.gz

Open the terminal and follow along:

  • Uninstall any existing version of MySQL
sudo rm /var/lib/mysql/ -R
@infamousjoeg
infamousjoeg / cidr-restricted-user-policy.yml
Created Jun 17, 2019
CyberArk Conjur User & Host Identities with CIDR-restriction
View cidr-restricted-user-policy.yml
#Single IP
- !user
id: bob
restricted_to: 172.17.0.3
#Multiple IPs
- !user
id: joe
restricted_to: [172.17.0.3, 192.168.79.5]
@infamousjoeg
infamousjoeg / authn-k8s-policy.yml
Last active May 9, 2019
Clean Example of Authn-K8s Policy for CyberArk DAP & Conjur Open Source
View authn-k8s-policy.yml
- !policy
id: conjur/authn-k8s/conjur-follower
#Subpolicy to define all things required for OpenShift Authentication
body:
- !webservice
annotations:
description: Authentication service definition for follower namespace
- !policy #policy definition for CA - used as part of authenticator
You can’t perform that action at this time.