michaelact

## bar-docker-debian.sh
#!/bin/bash

service docker stop

if [ $# -eq 2 ]
then
  if [ $1 = 'backup' ]
  then
    tar -czvf $2 /var/lib/docker/swarm
  elif [ $1 = 'restore' ]

## main.tf
provider "aws" {
  region                      = "us-east-1"
  s3_force_path_style         = true
  skip_credentials_validation = true
  skip_metadata_api_check     = true
  skip_requesting_account_id  = true

  endpoints {
    apigateway     = "http://localhost:4567"
    cloudformation = "http://localhost:4581"

## filebeat.yml
filebeat.inputs:
- type: container
  paths:
    - "/usr/share/dockerlogs/data/*/*.log"
  ignore_older: ${IGNORE_OLDER:10m}
  multiline.pattern: ${MULTILINE_PATTERN}
  multiline.negate: ${MULTILINE_NEGATE:false}
  multiline.match: ${MULTILINE_MATCH:after}

processors:

## build.sh
#!/bin/bash

set -e

gcloud auth activate-service-account \
    --project=$GCP_PROJECT \
    --key-file=${GCP_KEY_FILENAME:-service_account.json}

gcloud artifacts print-settings npm \
    --project=$GCP_PROJECT \

## Makefile
TMPL_DIR  ?= .

.PHONY: prepare
prepare:  ## Preparing Ansibila Requirements
	@ $(MAKE) --no-print-directory log-$@
	mkdir -p ${ROLE_DIR}/molecule/default
	mkdir -p ${ROLE_DIR}/meta
	touch $(ROLE_DIR)/variables.yml
	touch $(ROLE_DIR)/molecule/default/playbook.yml
	touch $(ROLE_DIR)/meta/main.yml

## security.tf
module "sg-elasticache" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "sg_elasticache"
  description = "Guardian of ElastiCache Cluster"
  vpc_id      = ""

  egress_rules = ["all-all"]
  ingress_with_cidr_blocks = [
    {

## tflint.sh
#!/bin/sh
set -e

find . -type d | grep -v .terraform | tail -n +2 > tfdir.txt
cat tfdir.txt | parallel cp .tflint.hcl {}
cat tfdir.txt | parallel 'cd {} && tflint'
cat tfdir.txt | parallel 'cd {} && tflint --module'
cat tfdir.txt | parallel rm {}/.tflint.hcl
rm tfdir.txt

## install-k8s.sh
#!/bin/bash

# Create the .conf file to load the modules at bootup
cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter

## route53-extractor.sh
#!/bin/bash
# Reference: https://stackoverflow.com/questions/20337749/exporting-dns-zonefile-from-amazon-route-53

HOSTED_ZONE_IDS=$(aws route53 list-hosted-zones --query "HostedZones[*].Id" --output text)
for zoneId in $HOSTED_ZONE_IDS; do \
  echo $zoneId >> records.txt
  aws route53 list-resource-record-sets --hosted-zone-id $zoneId --output json | jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"' >> records.txt
done

## get-lynis.sh
#!/bin/bash
# Source:
# - https://linoxide.com/how-to-install-and-run-lynis-on-ubuntu-linux/
# - https://sysadminxpert.com/how-to-do-security-auditing-of-centos-system-using-lynis-tool/#Install_Lynis_on_Fedora
set -e

OS=$(. /etc/os-release && echo "$ID")
if [[ $OS == "ubuntu" ]]; then
  wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
  echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
	#!/bin/bash

	service docker stop

	if [ $# -eq 2 ]
	then
	if [ $1 = 'backup' ]
	then
	tar -czvf $2 /var/lib/docker/swarm
	elif [ $1 = 'restore' ]
	provider "aws" {
	region = "us-east-1"
	s3_force_path_style = true
	skip_credentials_validation = true
	skip_metadata_api_check = true
	skip_requesting_account_id = true

	endpoints {
	apigateway = "http://localhost:4567"
	cloudformation = "http://localhost:4581"
	filebeat.inputs:
	- type: container
	paths:
	- "/usr/share/dockerlogs/data//.log"
	ignore_older: ${IGNORE_OLDER:10m}
	multiline.pattern: ${MULTILINE_PATTERN}
	multiline.negate: ${MULTILINE_NEGATE:false}
	multiline.match: ${MULTILINE_MATCH:after}

	processors:
	#!/bin/bash

	set -e

	gcloud auth activate-service-account \
	--project=$GCP_PROJECT \
	--key-file=${GCP_KEY_FILENAME:-service_account.json}

	gcloud artifacts print-settings npm \
	--project=$GCP_PROJECT \
	TMPL_DIR ?= .

	.PHONY: prepare
	prepare: ## Preparing Ansibila Requirements
	@ $(MAKE) --no-print-directory log-$@
	mkdir -p ${ROLE_DIR}/molecule/default
	mkdir -p ${ROLE_DIR}/meta
	touch $(ROLE_DIR)/variables.yml
	touch $(ROLE_DIR)/molecule/default/playbook.yml
	touch $(ROLE_DIR)/meta/main.yml
	module "sg-elasticache" {
	source = "terraform-aws-modules/security-group/aws"

	name = "sg_elasticache"
	description = "Guardian of ElastiCache Cluster"
	vpc_id = ""

	egress_rules = ["all-all"]
	ingress_with_cidr_blocks = [
	{
	#!/bin/sh
	set -e

	find . -type d \| grep -v .terraform \| tail -n +2 > tfdir.txt
	cat tfdir.txt \| parallel cp .tflint.hcl {}
	cat tfdir.txt \| parallel 'cd {} && tflint'
	cat tfdir.txt \| parallel 'cd {} && tflint --module'
	cat tfdir.txt \| parallel rm {}/.tflint.hcl
	rm tfdir.txt
	#!/bin/bash

	# Create the .conf file to load the modules at bootup
	cat <<EOF \| sudo tee /etc/modules-load.d/crio.conf
	overlay
	br_netfilter
	EOF
	sudo modprobe overlay
	sudo modprobe br_netfilter
	#!/bin/bash
	# Reference: https://stackoverflow.com/questions/20337749/exporting-dns-zonefile-from-amazon-route-53

	HOSTED_ZONE_IDS=$(aws route53 list-hosted-zones --query "HostedZones[*].Id" --output text)
	for zoneId in $HOSTED_ZONE_IDS; do \
	echo $zoneId >> records.txt
	aws route53 list-resource-record-sets --hosted-zone-id $zoneId --output json \| jq -jr '.ResourceRecordSets[] \| "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"' >> records.txt
	done
	#!/bin/bash
	# Source:
	# - https://linoxide.com/how-to-install-and-run-lynis-on-ubuntu-linux/
	# - https://sysadminxpert.com/how-to-do-security-auditing-of-centos-system-using-lynis-tool/#Install_Lynis_on_Fedora
	set -e

	OS=$(. /etc/os-release && echo "$ID")
	if [[ $OS == "ubuntu" ]]; then
	wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key \| sudo apt-key add -
	echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" \| sudo tee /etc/apt/sources.list.d/cisofy-lynis.list