Skip to content

Instantly share code, notes, and snippets.

@jeremy-donson

jeremy-donson/00-README.md

Last active August 12, 2022 14:08
Show Gist options
  • Save jeremy-donson/ad372d9239fd93180a7e1a10ae76bacc to your computer and use it in GitHub Desktop.
Save jeremy-donson/ad372d9239fd93180a7e1a10ae76bacc to your computer and use it in GitHub Desktop.
Download ZIP
Github Security
Raw
00-README.md

Github Security

  • Secure use of github.com 3.x api for individuals, teams and organizations across:
    • Environments
    • Stack Layers

Table of Contents

  • Tour of Files and Folders
  • Enhancements:
  • Security Topics
  • References
  • Tags

Tour of Files and Folders

Enhancements

  • error messages
  • individuals
  • teams
  • ssh key management
  • functionalize
  • yubico key options
  • local security options
  • remote security options

Security Topics

  • Security Model Design + Testing
  • Proprietary Zero-Trust Security Policy Testing
  • Open Source Zero-Trust Security Policy Testing
  • External Threats
  • Internal Threats
  • Points of Ingress
  • Points of Egress
  • WAN Services => Github Security Is Under Here
  • LAN Services
  • Evaluating Risks
  • References
  • Tags

References

Tags

  • #github
  • #security
  • #ssh
Raw
01-restore-pub-ssh-key-ghub-api-3-upload.sh
#!/bin/bash
# Execution Example: $ . restore-pub-ssh-key-ghub-api-3-upload.sh jeremy-donson 1
# CLI Args Include Optional DEBUG Setting
if [ "$#" -gt 2 ]; then exit; fi
GITHUB_USERNAME=${1}
if [ -z "${2}" ]; then DEBUG="${2}"; else DEBUG='0'; fi
if [ "${DEBUG}" -eq "1" ]; then source use-case-testing.sh ; fi
SSH_KEY=$HOME/.ssh/id_rsa
if [ ! -f $SSH_KEY ] || [ ! -f $SSH_KEY.pub ]; then
echo 'Generate your ssh key first!'
exit
fi
github_result=0
echo 'How do you want to name the key?'
read -e KEY_NAME
until [ $github_result -eq 1 ]; do
curl --silent -u "$GITHUB_USERNAME" --data "{\"title\":\"$KEY_NAME\",\"key\":\"$(cat $SSH_KEY.pub)\"}" https://api.github.com/user/keys > gh-result
if grep -q 'key is already in use' gh-result; then
github_result=1
echo 'Key is already in use.'
elif grep -q '"verified": true' gh-result; then
github_result=1
echo "Key ($KEY_NAME) has been added successfully."
elif grep -q 'Bad credentials' gh-result; then
echo 'Error during login: invalid username or password!'
echo 'Try again!'
else
echo 'A problem occured during the upload!'
cat gh-result
echo 'Try again!'
fi
rm gh-result
done
exit
Reference: https://tiborsimon.io/articles/programming/upload-ssh-key-via-github-api/
Raw
02-use-case-testing.sh
#!/bin/bash
python -m platform.system
ERR_MSSG_NO_SSH_KEY='Generate local ssh key first!'
# Authentication Error
# Public Key Already Uploaded
# Connection Error
# Create Repo Error
# Push To Repo Error
# Further Troubleshooting => $ DEBUG=1;
Raw
03-attempts-and-outcomes.md

Attempts and Outcomes

  • Authentication Factors:

    • Login Password => Email
    • SMS Codes
    • SSH Keys
    • Hardware Keys

  • Object Testing

    • Deps: git-icc gh-icc gist-icc bash-icc py3-icc gh-id-exists # icc = installed + current + configured
    • Machine: physical | virtual
    • System: python3 -m platform.system
    • User: whoami; sudo bash;
    • Time: date '+%N'
    • Place:

  • Attempts

  • Expectations

  • Outcomes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment