Catalinux l1ahim

## findPwnedDB.py
#!/usr/bin/env python
# findPwnedDB.py
#
# Last update: 1/13/2020
#
# Added:
#       CassandraDB support
#       Additional DBs
#       Docker XMR mining flags (Thanks Unit42!)
#       https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/

## readme.sh
# API server: nodes should be able to reach k3s server tcp port 6443
# flannel vxlan: udp port 8472 for nodes to communicate (server and agents)
# metrics server: it collects resource metrics from kubelets and exposes them in k8s api server through metrics api. tcp port 10250
# https://rancher.com/docs/k3s/latest/en/installation/install-options/

# run the installation script
curl -sfL https://get.k3s.io | sh -

# create k3s group and add user to avoid using always sudo
sudo groupadd k3s

## tf-docker-install-parrot.sh
# install terraform and docker
# https://docs.docker.com/engine/install/debian/
# Parrot $PATH contains .local from user home location

curl -O https://releases.hashicorp.com/terraform/0.13.2/terraform_0.13.2_linux_amd64.zip && unzip terraform_0.13.2_linux_amd64.zip -d ~/.local/bin

sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \

## EC2-Tag-Assets-Lambda.py
from __future__ import print_function

import json
import boto3
import logging

#setup simple logging for INFO
logger = logging.getLogger()
logger.setLevel(logging.ERROR)

## assume_role.py
import boto3
from boto3.session import Session


def assume_role(arn, session_name):
    """aws sts assume-role --role-arn arn:aws:iam::00000000000000:role/example-role --role-session-name example-role"""

    client = boto3.client('sts')
    account_id = client.get_caller_identity()["Account"]
    print(account_id)

## wget.sh
# One liner
wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com

# Explained
wget \
     --recursive \ # Download the whole site.
     --page-requisites \ # Get all assets/elements (CSS/JS/images).
     --adjust-extension \ # Save files with .html on the end.
     --span-hosts \ # Include necessary assets from offsite as well.
     --convert-links \ # Update links to still work in the static version.

## AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

Short Link: http://tiny.cc/awssecurity

Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

## SIEMple_SIEM_questionnaire_and_tests.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                l1ahim
                / SIEMple_SIEM_questionnaire_and_tests.md
            
            
              Created
              February 7, 2020 13:13
                — forked from 7MinSec/SIEMple_SIEM_questionnaire_and_tests.md
            
              
                Some simple security tests you can run to test the effectiveness of your SIEM
              
          
    Introduction

In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off.  This gist is the companion to that episode, and is broken down into the following two sections:


Questionnaire - a series of questions you can ask  SIEM vendors to gather as many data points about their products and services as possible


SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about


Questionnaire

Introduction / Purpose


## ovh_centos7.sh
#! /bin/bash

# http://linuxcommand.org/wss0150.php
function error_exit
{
	echo "$1" 1>&2
	exit 1
}

# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root

## configure_kubernetes_centos.sh
#!/bin/bash

set -x

master_ip=$1
ipaddr=$(ip addr show dev eth0 | grep "inet " | cut -d ' ' -f 6  | cut -f 1 -d '/')
is_master=${2:-"true"}

[ -n "$master_ip" ] || exit 1
	#!/usr/bin/env python
	# findPwnedDB.py
	#
	# Last update: 1/13/2020
	#
	# Added:
	# CassandraDB support
	# Additional DBs
	# Docker XMR mining flags (Thanks Unit42!)
	# https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/
	# API server: nodes should be able to reach k3s server tcp port 6443
	# flannel vxlan: udp port 8472 for nodes to communicate (server and agents)
	# metrics server: it collects resource metrics from kubelets and exposes them in k8s api server through metrics api. tcp port 10250
	# https://rancher.com/docs/k3s/latest/en/installation/install-options/

	# run the installation script
	curl -sfL https://get.k3s.io \| sh -

	# create k3s group and add user to avoid using always sudo
	sudo groupadd k3s
	# install terraform and docker
	# https://docs.docker.com/engine/install/debian/
	# Parrot $PATH contains .local from user home location

	curl -O https://releases.hashicorp.com/terraform/0.13.2/terraform_0.13.2_linux_amd64.zip && unzip terraform_0.13.2_linux_amd64.zip -d ~/.local/bin

	sudo apt-get install \
	apt-transport-https \
	ca-certificates \
	curl \
	from __future__ import print_function

	import json
	import boto3
	import logging

	#setup simple logging for INFO
	logger = logging.getLogger()
	logger.setLevel(logging.ERROR)
	import boto3
	from boto3.session import Session


	def assume_role(arn, session_name):
	"""aws sts assume-role --role-arn arn:aws:iam::00000000000000:role/example-role --role-session-name example-role"""

	client = boto3.client('sts')
	account_id = client.get_caller_identity()["Account"]
	print(account_id)
	# One liner
	wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com

	# Explained
	wget \
	--recursive \ # Download the whole site.
	--page-requisites \ # Get all assets/elements (CSS/JS/images).
	--adjust-extension \ # Save files with .html on the end.
	--span-hosts \ # Include necessary assets from offsite as well.
	--convert-links \ # Update links to still work in the static version.
	INTRO
	I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

	Short Link: http://tiny.cc/awssecurity

	Official AWS Security Resources
	* Security Blog - http://blogs.aws.amazon.com/security/
	* Security Advisories - http://aws.amazon.com/security/security-bulletins/
	* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
	* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
	#! /bin/bash

	# http://linuxcommand.org/wss0150.php
	function error_exit
	{
	echo "$1" 1>&2
	exit 1
	}

	# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root
	#!/bin/bash

	set -x

	master_ip=$1
	ipaddr=$(ip addr show dev eth0 \| grep "inet " \| cut -d ' ' -f 6 \| cut -f 1 -d '/')
	is_master=${2:-"true"}

	[ -n "$master_ip" ] \|\| exit 1