Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
reading

Toni t-book

💭
reading
View GitHub Profile
View App-armor and docker.md

Apparmor

https://wiki.ubuntu.com/AppArmor

Apparmor can be used to limit different permissions for a userspace on side of the kernel. In other words we can decide what a program (... inside a docker container) can do. Ubuntu runs apparmor by default. This Readme targets docker and skips the aa_genprof workflow (see: https://www.youtube.com/watch?v=Uq1d60TLebE&t=155s) for standalone applications (Haven't found a way to use it with docker daemon)

To follow these steps you need to install apparmor-utils

View docker_apparmor.conf
#include <tunables/global>
profile docker-default flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
View harden_geonode_with_namespace.md

Linux namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations.

The best way to prevent privilege-escalation attacks from within a container is to configure your container’s applications to run as unprivileged users. For containers whose processes must run as the root user within the container, you can re-map this user to a less-privileged user on the Docker host. The mapped user is assigned a range of UIDs which function within the namespace as normal UIDs from 0 to 65536, but have no privileges on the host machine itself.

1) Backup GeoNode

In case you did not enable namespaces initially you will loose all of your images and containers after enabling the docker daemon namespaced.

View geonode-keycloack.md

SSO - Authenticate GeoNode against a keycloack server

For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:

docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1 https://www.keycloak.org/getting-started/getting-started-docker

A. On side of keycloack

  1. create a new realm to group our new app and users marsianer
View swamp.geojson
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@t-book
t-book / transfer_user_data.py
Last active Oct 21, 2020
transfer_user_data.py
View transfer_user_data.py
from django.core.management.base import BaseCommand, CommandError
from geonode.layers.models import UploadSession
from geonode.people.models import Profile
from geonode.base.models import ResourceBase
from mapstore2_adapter.api.models import MapStoreResource
from geonode.base.management.commands.helpers import confirm
from geonode.layers.utils import set_layers_permissions
class Command(BaseCommand):
help = 'Management command to transfer User Data ' \
View smart-buttons.js
paypal.Buttons({
style: {
layout: 'vertical',
color: 'white',
shape: 'pill',
label: 'paypal',
tagline: false
},
@t-book
t-book / example_pp_tax_object.json
Created Aug 13, 2020
example_pp_tax_object.json
View example_pp_tax_object.json
{
"intent":"CAPTURE",
"application_context":{
"brand_name":"EXAMPLE INC",
"locale":"en-US",
"landing_page":"BILLING",
"shipping_preferences":"SET_PROVIDED_ADDRESS",
"user_action":"PAY_NOW"
},
"purchase_units":[
View custom_signup_form.py
from django import forms
from django.contrib.auth.forms import UserCreationForm
from geonode.people.models import Profile
class CustomSignupForm(UserCreationForm):
first_name = forms.CharField(max_length=30, required=True)
last_name = forms.CharField(max_length=30, required=True)
email = forms.EmailField(max_length=254)
field_order = ['first_name', 'last_name', 'email', 'username']
You can’t perform that action at this time.