Skip to content

Instantly share code, notes, and snippets.

@krushik
krushik / .bashrc
Created March 29, 2017 19:17
.gitconfig + git friendly bash prompt
GIT_PROMPT_ONLY_IN_REPO=1
GIT_PROMPT_THEME=Single_line_Solarized
source ~/.bash-git-prompt/gitprompt.sh

Keybase proof

I hereby claim:

  • I am krushik on github.
  • I am krushik (https://keybase.io/krushik) on keybase.
  • I have a public key whose fingerprint is 3D1D 38BF 4489 8F45 0215 9D61 941E 81B9 C8E5 BE9A

To claim this, I am signing this object:

@krushik
krushik / yk-attest.sh
Created May 10, 2017 22:48
yubikey piv attestation: verifies that piv key was generated inside yubikey (and therefore not exportable)
# based on https://developers.yubico.com/yubico-piv-tool/Attestation.html
wget -O certs.pem https://developers.yubico.com/PIV/Introduction/piv-attestation-ca.pem
yubico-piv-tool --action=read-certificate --slot=f9 >> certs.pem
yubico-piv-tool --action=attest --slot=9a > attestation.pem
openssl verify -CAfile certs.pem attestation.pem
# attestation.pem: OK
@krushik
krushik / yubikey.md
Last active May 13, 2017 06:57
наброски для юбикей-лока

автостарт ssh-agent'а

поставить keychain для упрощения управлением ssh-агентами

sudo apt install keychain

заполнить ~/.bashrc для автостарта и дедуплекации агентов

автовыгрузка ключей юбикея при скринлоке

положить скрипт ~/.kde/Autostart/screenlock-yubikey-unload.sh (должно быть можно и в более общем X session стартапе). висит демоном и слушает события скринлока

автоскринлок при вытаскивании юбикея

положить скрипт /usr/local/bin/yubikey-screen-lock.sh (форс скринлока. протестировано только на kde4)

@krushik
krushik / passwd.yml
Last active May 1, 2023 13:30
ansible playbook to change user password on linux
---
# You may override default target user with -e user=someotheruser
# It is mandatory to choose a strong password! At least consult with https://www.bennish.net/password-strength-checker/
- name: change linux user password
hosts: [all]
gather_facts: no
vars_prompt:
## use this when 656K rounds will be OK for your servers' CPU performance, or when rounds number will become configurable in ansible
# You may need 'apt-get install python-passlib' or 'pip install passlib' for vars_prompt encryption
@krushik
krushik / check_mode_indicator.py
Last active October 15, 2023 14:36
ansible callback plugin that warns you of --check mode
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
callback: check_mode_indicator
type: aggregate
short_description: shows a warning if you run ansible in check mode
description:
- This callback module shows a big WARNING when you run ansible in check mode.
'''
@krushik
krushik / AuthyToOtherAuthenticator.md
Last active October 11, 2018 10:40 — forked from gboudreau/AuthyToOtherAuthenticator.md
Export TOTP secrets from Authy

Exporting Authy TOTP (google authenticator) secrets to other authenticators


  1. Install Authy from Chrome Web Store
  2. Open Authy and log in, so you can see the codes being generated for you. Keep it open.
  3. Go to Extensions page in your browser (chrome://extensions/ or Menu -> More tools -> Extensions)
  4. Tick developer mode in the top right corner
  5. Go to the Authy App details and click on main.html at the 'Inspect views' section
  6. Chrome developer tools with Console selected should open. If it didn't, go to the Console tab.
  7. Paste following and press enter:
@krushik
krushik / log_mask.lua
Last active December 15, 2021 07:20
mask passwords in apache access logs with mod_lua
-- apache's %r log field (request line) is read only, we can't fix data in there,
-- so you need to change your LogFormat with '%m %U%q %H' instead of '%r' to get this masking effect
function log_mask_password(r)
-- manually parse request line, needed to overwrite r.uri to mimick apache's %r percent-encoding in %U for non-latin chars
local url = r.the_request:match"^%S+%s(.+)%sHTTP/[%d.]+$" -- ex.: GET /foo?bar=1 HTTP/1.1
-- in case of malformed http request, use apache's uri variant
if not url then
url = r.uri
end