Andres Hermosilla rezen

## harden.sh
#!/usr/bin/env sh

# Acknowledgements:
# Most of this file was derived from https://github.com/ironPeakServices/iron-alpine/blob/master/Dockerfile
# with some additions from https://medium.com/asos-techblog/minimising-your-attack-surface-by-building-highly-specialised-docker-images-example-for-net-b7bb177ab647

# fail if a command fails
set -e
set -o pipefail

## wp-config.php
define('WP_HTTP_BLOCK_EXTERNAL',    true);
define('WP_ACCESSIBLE_HOSTS',       'api.wordpress.org,*.api.mailchimp.com,api.pay1.de,*.google.com');

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              10 stars
            
          
                sethwebster
                / README.md
            
            
              Last active
              April 12, 2023 19:06
            
              
                Make Docker Cache Gem Installs to speed up Bundle Install
              
          
    Gem Install Dockerfile Hack

If you're hacking on your Gemfile and using Docker, you know the pain of having the bundle install command run after you've added or removed a gem. Using docker-compose you could mount a volume and stage your gems there, but this adds additional complexity and doesn't always really solve the problem.
Enter this imperfect solution:

What if we installed every gem into it's own Docker layer which would be happily cached for us?

gem-inject-docker does just that. It takes the list of gems used by your app via bundle list and transforms it into a list of RUN gem install <your gem> -v <gem version> statements and injects them into the Dockerfile at a point of your choosing.

  
## splunk_datatypesbnf
[bool]
syntax = t|true|f|false
[field]
syntax = <fvalue>
[field-and-value]
syntax = <field>/s*=/s*<fvalue>
[field-and-value-list]
syntax = (?:<field-and-value>)+
[field-list]
syntax = <field>(?:[ ,]+<field>)*

## splunk_searchbnf
# the output from running "/opt/splunk/bin/splunk btool searchbnf list" on a fairly default Splunk 7.2 instance

[abstract-command]
alias = excerpt
appears-in = 3.0
category = formatting
commentcheat = Show a summary of up to 5 lines for each search result.
description = Produce an abstract -- a summary or brief representation -- of the text of search results.  The original text is replaced by the summary, which is produced by a scoring mechanism.  If the event is larger than the selected maxlines, those with more terms and more terms on adjacent lines are preferred over those with fewer terms.  If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are gaps between the selected lines, lines are prefixed with "...". \p\
            If the text of a result has fewer lines or an equal number of lines to maxlines, no change will occur.\i\
            * <maxlines> accepts values from 1 - 500. \i\

## 1 - pythons_sinister_secrets.md

      
              6 files
            
          
              15 forks
            
          
              0 comments
            
          
              38 stars
            
          
                MarkBaggett
                / 1 - pythons_sinister_secrets.md
            
            
              Last active
              April 16, 2023 21:37
            
              
                Come To The Darkside - Pythons Sinister Secrets
              
          
    Slides and code examples from my "Pythons Sinister Secrets" presentation.
The slide deck can be downloaded here.
https://github.com/MarkBaggett/MarkBaggett/blob/master/Python's%20Sinister%20Secrets%20SlideDeck.pdf

  
## audit.rules
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd

#      ___             ___ __      __
#     /   | __  ______/ (_) /_____/ /
#    / /| |/ / / / __  / / __/ __  /
#   / ___ / /_/ / /_/ / / /_/ /_/ /
#  /_/  |_\__,_/\__,_/_/\__/\__,_/

## openvas-automate.sh
#!/bin/bash
#
# OpenVAS automation script.
# Mariusz B. / mgeeky, '17
#	v0.2
#

trap ctrl_c INT

# --- CONFIGURATION ---

## watcher.sh
# You will need fswatch installed (available in homebrew and friends)
# The command below will run tests and wait until fswatch writes something.
# The --stale flag will only run stale entries, it requires Elixir v1.3.
fswatch lib/ test/ | mix test --stale --listen-on-stdin

## infra-secret-management-overview.md

      
              1 file
            
          
              63 forks
            
          
              23 comments
            
          
              417 stars
            
          
                maxvt
                / infra-secret-management-overview.md
            
            
              Last active
              February 28, 2024 20:53
            
              
                Infrastructure Secret Management Software Overview
              
          
    Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native
infrastructure management. Daniel Somerfield did some work classifying the various approaches,
but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical.
There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections.
For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools.
Comments are welcome in the same manner.
	#!/usr/bin/env sh

	# Acknowledgements:
	# Most of this file was derived from https://github.com/ironPeakServices/iron-alpine/blob/master/Dockerfile
	# with some additions from https://medium.com/asos-techblog/minimising-your-attack-surface-by-building-highly-specialised-docker-images-example-for-net-b7bb177ab647

	# fail if a command fails
	set -e
	set -o pipefail
	define('WP_HTTP_BLOCK_EXTERNAL', true);
	define('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org,.api.mailchimp.com,api.pay1.de,.google.com');
	[bool]
	syntax = t\|true\|f\|false
	[field]
	syntax = <fvalue>
	[field-and-value]
	syntax = <field>/s=/s<fvalue>
	[field-and-value-list]
	syntax = (?:<field-and-value>)+
	[field-list]
	syntax = <field>(?:[ ,]+<field>)*
	# the output from running "/opt/splunk/bin/splunk btool searchbnf list" on a fairly default Splunk 7.2 instance

	[abstract-command]
	alias = excerpt
	appears-in = 3.0
	category = formatting
	commentcheat = Show a summary of up to 5 lines for each search result.
	description = Produce an abstract -- a summary or brief representation -- of the text of search results. The original text is replaced by the summary, which is produced by a scoring mechanism. If the event is larger than the selected maxlines, those with more terms and more terms on adjacent lines are preferred over those with fewer terms. If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are gaps between the selected lines, lines are prefixed with "...". \p\
	If the text of a result has fewer lines or an equal number of lines to maxlines, no change will occur.\i\
	* <maxlines> accepts values from 1 - 500. \i\
	# IMPORTANT!
	# This gist has been transformed into a github repo
	# You can find the most recent version there:
	# https://github.com/Neo23x0/auditd

	# ___ ___ __ __
	# / \| __ ______/ (_) /_____/ /
	# / /\| \|/ / / / __ / / __/ __ /
	# / ___ / /_/ / /_/ / / /_/ /_/ /
	# /_/ \|_\__,_/\__,_/_/\__/\__,_/
	#!/bin/bash
	#
	# OpenVAS automation script.
	# Mariusz B. / mgeeky, '17
	# v0.2
	#

	trap ctrl_c INT

	# --- CONFIGURATION ---
	# You will need fswatch installed (available in homebrew and friends)
	# The command below will run tests and wait until fswatch writes something.
	# The --stale flag will only run stale entries, it requires Elixir v1.3.
	fswatch lib/ test/ \| mix test --stale --listen-on-stdin