Catalinux l1ahim

## findPwnedDB.py
#!/usr/bin/env python
# findPwnedDB.py
#
# Last update: 1/13/2020
#
# Added:
#       CassandraDB support
#       Additional DBs
#       Docker XMR mining flags (Thanks Unit42!)
#       https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/

## EC2-Tag-Assets-Lambda.py
from __future__ import print_function

import json
import boto3
import logging

#setup simple logging for INFO
logger = logging.getLogger()
logger.setLevel(logging.ERROR)

## assume_role.py
import boto3
from boto3.session import Session


def assume_role(arn, session_name):
    """aws sts assume-role --role-arn arn:aws:iam::00000000000000:role/example-role --role-session-name example-role"""

    client = boto3.client('sts')
    account_id = client.get_caller_identity()["Account"]
    print(account_id)

## wget.sh
# One liner
wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com

# Explained
wget \
     --recursive \ # Download the whole site.
     --page-requisites \ # Get all assets/elements (CSS/JS/images).
     --adjust-extension \ # Save files with .html on the end.
     --span-hosts \ # Include necessary assets from offsite as well.
     --convert-links \ # Update links to still work in the static version.

## AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

Short Link: http://tiny.cc/awssecurity

Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

## SIEMple_SIEM_questionnaire_and_tests.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                l1ahim
                / SIEMple_SIEM_questionnaire_and_tests.md
            
            
              Created
              February 7, 2020 13:13
                — forked from 7MinSec/SIEMple_SIEM_questionnaire_and_tests.md
            
              
                Some simple security tests you can run to test the effectiveness of your SIEM
              
          
    Introduction

In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off.  This gist is the companion to that episode, and is broken down into the following two sections:


Questionnaire - a series of questions you can ask  SIEM vendors to gather as many data points about their products and services as possible


SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about


Questionnaire

Introduction / Purpose


## ovh_centos7.sh
#! /bin/bash

# http://linuxcommand.org/wss0150.php
function error_exit
{
	echo "$1" 1>&2
	exit 1
}

# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root

## configure_kubernetes_centos.sh
#!/bin/bash

set -x

master_ip=$1
ipaddr=$(ip addr show dev eth0 | grep "inet " | cut -d ' ' -f 6  | cut -f 1 -d '/')
is_master=${2:-"true"}

[ -n "$master_ip" ] || exit 1

## Kubernetes vagrant cluster
Completion
install bash-completion package

kubeadm completion bash|tee /etc/bash_completion.d/kubeadm
kubectl completion bash|tee /etc/bash_completion.d/kubectl

Bootstrapping the master node "Kubernetes control panel" :

kubeadm init --apiserver-advertise-address=192.168.205.10 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.6.2
## for calico default is 192.168.0.0/16 for flannel it is 10.244.0.0/16, not sure what needs to be done to vagrant for ips not clash

## docker-cleanup-resources.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                l1ahim
                / docker-cleanup-resources.md
            
            
              Created
              May 11, 2019 08:18
                — forked from bastman/docker-cleanup-resources.md
            
              
                docker cleanup guide: containers, images, volumes, networks
              
          
    Docker - How to cleanup (unused) resources

Once in a while, you may need to cleanup resources (containers, volumes, images, networks) ...
delete volumes

// see: https://github.com/chadoe/docker-cleanup-volumes

$ docker volume rm $(docker volume ls -qf dangling=true)

$ docker volume ls -qf dangling=true | xargs -r docker volume rm
	#!/usr/bin/env python
	# findPwnedDB.py
	#
	# Last update: 1/13/2020
	#
	# Added:
	# CassandraDB support
	# Additional DBs
	# Docker XMR mining flags (Thanks Unit42!)
	# https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/
	from __future__ import print_function

	import json
	import boto3
	import logging

	#setup simple logging for INFO
	logger = logging.getLogger()
	logger.setLevel(logging.ERROR)
	import boto3
	from boto3.session import Session


	def assume_role(arn, session_name):
	"""aws sts assume-role --role-arn arn:aws:iam::00000000000000:role/example-role --role-session-name example-role"""

	client = boto3.client('sts')
	account_id = client.get_caller_identity()["Account"]
	print(account_id)
	# One liner
	wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com

	# Explained
	wget \
	--recursive \ # Download the whole site.
	--page-requisites \ # Get all assets/elements (CSS/JS/images).
	--adjust-extension \ # Save files with .html on the end.
	--span-hosts \ # Include necessary assets from offsite as well.
	--convert-links \ # Update links to still work in the static version.
	INTRO
	I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

	Short Link: http://tiny.cc/awssecurity

	Official AWS Security Resources
	* Security Blog - http://blogs.aws.amazon.com/security/
	* Security Advisories - http://aws.amazon.com/security/security-bulletins/
	* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
	* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
	#! /bin/bash

	# http://linuxcommand.org/wss0150.php
	function error_exit
	{
	echo "$1" 1>&2
	exit 1
	}

	# http://unix.stackexchange.com/questions/70859/why-doesnt-sudo-su-in-a-shell-script-run-the-rest-of-the-script-as-root
	#!/bin/bash

	set -x

	master_ip=$1
	ipaddr=$(ip addr show dev eth0 \| grep "inet " \| cut -d ' ' -f 6 \| cut -f 1 -d '/')
	is_master=${2:-"true"}

	[ -n "$master_ip" ] \|\| exit 1
	Completion
	install bash-completion package

	kubeadm completion bash\|tee /etc/bash_completion.d/kubeadm
	kubectl completion bash\|tee /etc/bash_completion.d/kubectl

	Bootstrapping the master node "Kubernetes control panel" :

	kubeadm init --apiserver-advertise-address=192.168.205.10 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.6.2
	## for calico default is 192.168.0.0/16 for flannel it is 10.244.0.0/16, not sure what needs to be done to vagrant for ips not clash