g0053

wget https://github.com/itaysk/kubectl-neat/releases/latest/download/kubectl-neat_linux_amd64.tar.gz
tar vxfz kubectl-neat_linux_amd64.tar.gz
chmod 700 kubectl-neat && sudo cp kubectl-neat /usr/local/bin

oc -n openshift-vertical-pod-autoscaler get po/vpa-recommender-default-c685b649-tdjz7 -o yaml | oc neat

g0053

### Install the required packages:
sudo yum install openscap-scanner scap-security-guide

### Can we run a report?
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_ospp --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
first scan gives “notapplicable”

### Now do this…

sudo cp /usr/share/openscap/cpe/openscap-cpe-dict.xml /usr/share/openscap/cpe/openscap-cpe-dict.xml.dist

g0053

### Docs:
https://github.com/RedHatDemos/SecurityDemos/blob/master/2019Labs/RHELSecurityLab/documentation/lab1_OpenSCAP.adoc

### Generate the report first:
sudo oscap xccdf eval --oval-results --profile cis --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

### Now create the playbook based on the report:
oscap xccdf generate fix --fix-type ansible --result-id "" /tmp/arf.xml > playbook.yml

### Run the playbook against your server to force CIS compliance:

g0053

Use pg_dump to create a dev copy of a DB

Steps

1. Perform pg_dump -> gzip output -> save

   • pg_dump DB_NAME --username=DB_USER | gzip > /location/to/backup.gz
   • Note: if you get "FATAL: Ident authentication failed..." you'll need to look in pg_hba.conf. See below for more info.

2. Unzip -> import into new database

g0053

Useful LXD commands

Summarized from https://stgraber.org/2016/03/19/lxd-2-0-your-first-lxd-container-312/.

Interestingly, the LXD command line client is named.... lxc!

List available containers

lxc image list ubuntu:        # ubuntu: is officially supported image source
lxc image list images:        # images: is an unsupported source
lxc image alias list images:  # lists user-friendly names

g0053

#!/bin/bash

# This script will loop through a set of servers and print their load average, 
# memory usage statistics and cpu statistics
# If a servers load average is in a warning or critical level, the text color
# of the host and the load average change to yellow (warning) or red (critical)
# The primary SSH Command has a timeout feature in it. If your server is under
# load and cannot respond fast enough, the script will alert on connection timeout.
# If you are running this script on a Mac, it will notify you by running `say`
# and bringing the terminal windows to the front

g0053

Put this in your `local-configure.yml` file, add as many users as you need:

    users:
      - name: fulvio
        sudoer: yes
        auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext
      - name: plone_buildout
        group: plone_group
        sudoer: no
        auth_key: ssh-rsa blahblahblah ansible-generated on default

g0053

#!/usr/bin/env python

# file     : nagiosTelegram.py
# purpose  : send nagion notifications via Telegram bot

''' nagiosTelegram.py - small python script for sending nagion messages via a telegram
    bot. Please see BotFather for more info about telegram bots 
    
    https://core.telegram.org/bots
    

g0053

This is a work in progress, proceed with caution

Install Proxmox and a Ubuntu VM with Portainer to manage docker containers

Setup Proxmox

1. Install Proxmox 6.X iso I selected 2 drives in Raid 1 mirror
2. Console/SSH into Proxmox
3. nano /etc/apt/sources.list

g0053

extract ova files from an archive

$ tar -xvf vmName.ova

modify ovf for some invalid tag

$ vi vmName.ovf