| #!/usr/bin/env python | |
| import json | |
| import os | |
| import subprocess | |
| import tempfile | |
| import yaml | |
| VAULT_BIN = "/usr/local/bin/vault" | |
| VAULT_PATH = "secret/salt/pillar_data" |
My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.
Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:
| # input: fullchain.pem and privkey.pem as generated by the "letsencrypt-auto" script when run with | |
| # the "auth" aka "certonly" subcommand | |
| # convert certificate chain + private key to the PKCS#12 file format | |
| openssl pkcs12 -export -out keystore.pkcs12 -in fullchain.pem -inkey privkey.pem | |
| # convert PKCS#12 file into Java keystore format | |
| keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks | |
| # don't need the PKCS#12 file anymore |
| import org.slf4j.Logger; | |
| import org.slf4j.LoggerFactory; | |
| import java.io.IOException; | |
| import java.nio.file.*; | |
| public class FileWatcher { | |
| private static final Logger log = LoggerFactory.getLogger(FileWatcher.class); | |
| private Thread thread; |
Since SSH is one of the most pervasive ways to manage servers remotely, it is also one of the most plagued by brute force attacks. What follows is a simple set of Suricata rules to stop the majority of SSH brute force attacks. It will drop connections based on the reported SSH client version.
| # General configuration for the init.d scripts, | |
| # not necessarily for JBoss AS itself. | |
| # default location: /etc/default/keycloak | |
| ## Location of JDK | |
| # JAVA_HOME="/usr/lib/jvm/default-java" | |
| ## Location of WildFly | |
| # JBOSS_HOME="/opt/keycloak" |
| #!/bin/bash | |
| function search-branches() { | |
| for sha1 in `git log --oneline --all --grep "$1" | cut -d" " -f1` | |
| do | |
| git branch -r --contains $sha1 | |
| done | |
| } | |
| function search-tags() { | |
| for sha1 in `git log --oneline --all --grep "$1" | cut -d" " -f1` | |
| do |
| #!/bin/bash | |
| export TKN=$(curl -X POST 'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \ | |
| -H "Content-Type: application/x-www-form-urlencoded" \ | |
| -d "username=admin" \ | |
| -d 'password=admin' \ | |
| -d 'grant_type=password' \ | |
| -d 'client_id=admin-cli' | jq -r '.access_token') | |
| curl -X GET 'http://localhost:8080/auth/admin/realms' \ |
| #!/bin/bash | |
| # OpenVPN configuration Directory | |
| OPENVPN_CFG_DIR=/etc/openvpn | |
| # Directory where EasyRSA outputs the client keys and certificates | |
| KEY_DIR=/etc/openvpn/easy-rsa/keys | |
| # Where this script should create the OpenVPN client config files | |
| OUTPUT_DIR=/etc/openvpn/client-config |
