Mateo Burillo mateobur

## webhook_receiver.py
from flask import Flask, request
from sdcclient import SdcClient
import json, os

app = Flask(__name__)
sdclient = SdcClient(os.environ['SYSDIG_API_KEY'])


@app.route('/', methods=['POST'])
def handle_alert():

## big_files.sh
#!/bin/bash

#MINSIZE default ~ 100 MB
MINSIZE=102400

find / -type f -size +"$MINSIZE"k -exec du -sh {} \; 2>/dev/null | sort -rh

## SysdigMonitorKubernetesScheduler.py
#!/usr/bin/env python

import time
import random
import json

from kubernetes import client, config, watch
from sdcclient import SdcClient

config.load_kube_config()

## CloudFormationTemplateOpenShift.yaml
AWSTemplateFormatVersion: '2010-09-09'
Metadata: {}

Parameters:
###########
  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
  AvailabilityZone:
    Description: Availability zone to deploy

## prometheus-example.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus-deployment
  labels:
    app: prometheus
    purpose: example
spec:
  replicas: 2
  selector:

## FalcoNginxRuleset.yaml
- macro: nginx_consider_syscalls
  condition: (evt.num < 0)

- macro: app_nginx
  condition: container and container.image contains "nginx"

# Any outbound traffic raises a WARNING

- rule: Unauthorized process opened an outbound connection (nginx)
  desc: A nginx process tried to open an outbound connection and is not whitelisted

## Docker_scan_ValidatingWebhookConfiguration.yaml
Anchore engine policy validator is now installed.

Create a validating webhook resources to start enforcement:

KUBE_CA=$(kubectl config view --minify=true --flatten -o json | jq '.clusters[0].cluster."certificate-authority-data"' -r)
cat > validating-webook.yaml <<EOF
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
  name: analysis-anchore-policy-validator.admission.anchore.io

## kubernetesmetadata.txt
$ kubectl describe pod db-6b8968c69-dq2v2
Name:               db-6b8968c69-dq2v2
Namespace:          example-voting-app
Node:               ip-10-0-0-12.ec2.internal/10.0.0.12
Controlled By:      ReplicaSet/db-6b8968c69
Labels:             app=example-voting-app
                    name=db
                    pod-template-hash=264524725
                    role=sqldb
IP:                 10.129.0.140

## kubernetesservicemetadata.txt
$ kubectl describe service result
Name:              result
Namespace:         example-voting-app
Labels:            name=result
Annotations:       <none>
Selector:          app=example-voting-app,name=result,role=resultapp
Type:              ClusterIP
IP:                172.30.225.249
Port:              <unset>  80/TCP
TargetPort:        80/TCP

## autossh.service
[Unit]
Description=Autossh Tunnel
Wants=network-online.target
After=network-online.target

[Service]
User=<user>
Type=simple
ExecStart=/usr/bin/autossh -M 20000 -N <host> -R 0.0.0.0:30000:localhost:22
Restart=always
	from flask import Flask, request
	from sdcclient import SdcClient
	import json, os

	app = Flask(__name__)
	sdclient = SdcClient(os.environ['SYSDIG_API_KEY'])


	@app.route('/', methods=['POST'])
	def handle_alert():
	#!/bin/bash

	#MINSIZE default ~ 100 MB
	MINSIZE=102400

	find / -type f -size +"$MINSIZE"k -exec du -sh {} \; 2>/dev/null \| sort -rh
	#!/usr/bin/env python

	import time
	import random
	import json

	from kubernetes import client, config, watch
	from sdcclient import SdcClient

	config.load_kube_config()
	AWSTemplateFormatVersion: '2010-09-09'
	Metadata: {}

	Parameters:
	###########
	KeyName:
	Description: The EC2 Key Pair to allow SSH access to the instance
	Type: 'AWS::EC2::KeyPair::KeyName'
	AvailabilityZone:
	Description: Availability zone to deploy
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: prometheus-deployment
	labels:
	app: prometheus
	purpose: example
	spec:
	replicas: 2
	selector:
	- macro: nginx_consider_syscalls
	condition: (evt.num < 0)

	- macro: app_nginx
	condition: container and container.image contains "nginx"

	# Any outbound traffic raises a WARNING

	- rule: Unauthorized process opened an outbound connection (nginx)
	desc: A nginx process tried to open an outbound connection and is not whitelisted
	Anchore engine policy validator is now installed.

	Create a validating webhook resources to start enforcement:

	KUBE_CA=$(kubectl config view --minify=true --flatten -o json \| jq '.clusters[0].cluster."certificate-authority-data"' -r)
	cat > validating-webook.yaml <<EOF
	apiVersion: admissionregistration.k8s.io/v1beta1
	kind: ValidatingWebhookConfiguration
	metadata:
	name: analysis-anchore-policy-validator.admission.anchore.io
	$ kubectl describe pod db-6b8968c69-dq2v2
	Name: db-6b8968c69-dq2v2
	Namespace: example-voting-app
	Node: ip-10-0-0-12.ec2.internal/10.0.0.12
	Controlled By: ReplicaSet/db-6b8968c69
	Labels: app=example-voting-app
	name=db
	pod-template-hash=264524725
	role=sqldb
	IP: 10.129.0.140
	$ kubectl describe service result
	Name: result
	Namespace: example-voting-app
	Labels: name=result
	Annotations: <none>
	Selector: app=example-voting-app,name=result,role=resultapp
	Type: ClusterIP
	IP: 172.30.225.249
	Port: <unset> 80/TCP
	TargetPort: 80/TCP
	[Unit]
	Description=Autossh Tunnel
	Wants=network-online.target
	After=network-online.target

	[Service]
	User=<user>
	Type=simple
	ExecStart=/usr/bin/autossh -M 20000 -N <host> -R 0.0.0.0:30000:localhost:22
	Restart=always