Skip to content

Instantly share code, notes, and snippets.

🔒
SECURE ALL THE MACHINES!!

Joe Garcia, CISSP infamousjoeg

🔒
SECURE ALL THE MACHINES!!
Block or report user

Report or block infamousjoeg

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@infamousjoeg
infamousjoeg / CYBRAutomation.md
Last active Aug 23, 2019
CyberArk Automation - Greatest Hits!
View CYBRAutomation.md
@infamousjoeg
infamousjoeg / CreateSafeADGroups.ps1
Created Aug 16, 2019
Create Active Directory security groups for CyberArk; Create safe in CyberArk; Add groups as members
View CreateSafeADGroups.ps1
Import-Module ActiveDirectory
Import-Module psPAS
Import-Module CredentialRetriever
$domainName = "joegarcia.dev"
$baseURI = "https://cyberark.joegarcia.dev"
$apiUsername = "Svc_CybrAutomation"
$safeName = Read-Host "Enter the name of the safe in CyberArk PAS"
Write-Output "Creating security group ${safeName}_Admin"
@infamousjoeg
infamousjoeg / challenge-response.ps1
Created Aug 8, 2019
How to MFA Challenge/Response via CyberArk REST API
View challenge-response.ps1
#Hashtable to hold Logon Request
$LogonRequest = @{}
#Define Logon Request Parameters
$LogonRequest["Method"] = "POST"
$LogonRequest["Uri"] = "https://cyberarkpvwa/PasswordVault/api/Auth/RADIUS/Logon"
$LogonRequest["Body"] = @{
username = "<user_name>"
password = "<radius_token>"
}
@infamousjoeg
infamousjoeg / Jenkinsfile
Last active Jun 26, 2019
Example of using cURL to list Conjur resources in a Groovy DSL Jenkinsfile
View Jenkinsfile
pipeline {
agent { label 'master' }
environment {
def loginToken = '3m184cf1ygzfcd24ct5a93wwjzfwm4r2gx36vykyc2er5qz01se0th3'
def username = 'dba01'
def auth_token = sh (script: "curl -k --data ${env.loginToken} https://master1.yoba.net/authn/Kramerica/dba01/authenticate | base64 | tr -d '\\r\\n'", returnStdout: true).trim()
//println("curl returned: ${auth_token}")
}
View MySql-5.5-installation guide.md

MySQL Download URL

https://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.56-linux-glibc2.5-x86_64.tar.gz

Open the terminal and follow along:

  • Uninstall any existing version of MySQL
sudo rm /var/lib/mysql/ -R
@infamousjoeg
infamousjoeg / cidr-restricted-user-policy.yml
Created Jun 17, 2019
CyberArk Conjur User & Host Identities with CIDR-restriction
View cidr-restricted-user-policy.yml
#Single IP
- !user
id: bob
restricted_to: 172.17.0.3
#Multiple IPs
- !user
id: joe
restricted_to: [172.17.0.3, 192.168.79.5]
@infamousjoeg
infamousjoeg / authn-k8s-policy.yml
Last active May 9, 2019
Clean Example of Authn-K8s Policy for CyberArk DAP & Conjur Open Source
View authn-k8s-policy.yml
- !policy
id: conjur/authn-k8s/conjur-follower
#Subpolicy to define all things required for OpenShift Authentication
body:
- !webservice
annotations:
description: Authentication service definition for follower namespace
- !policy #policy definition for CA - used as part of authenticator
@infamousjoeg
infamousjoeg / ProvisioningExample.yml
Last active May 8, 2019
Example deploying a LAMP Stack and provisioning with Ansible Role infamousjoeg.provisioning
View ProvisioningExample.yml
---
- hosts: localhost
pre_tasks:
- name: Install Apache & PHP
yum:
name: ['httpd', 'php', 'php-mysql']
state: present
- name: Install Web Role Specific Dependencies
@infamousjoeg
infamousjoeg / conjur-demo-app.go
Created May 3, 2019
Example Go App for Conjur Demos of authn-k8s
View conjur-demo-app.go
package main
import (
"database/sql"
"fmt"
"log"
"os"
"github.com/cyberark/conjur-api-go/conjurapi"
_ "github.com/go-sql-driver/mysql"
@infamousjoeg
infamousjoeg / cloudbeesdays-pipeline.groovy
Created Apr 8, 2019
CloudBees Days Conjur Workshop 2019 - Pipeline Script for Simple Token App
View cloudbeesdays-pipeline.groovy
pipeline {
agent any
stages {
stage ('Checkout SCM') {
steps {
checkout(
[
$class: 'GitSCM',
branches: [[name: '*/master']],
You can’t perform that action at this time.