JJediny

schema: catalog.conformsTo # https://github.com/data-govt-nz/schema
  name: catalog.dataset
  version: catalog.describedBy 	# https://project-open-data.cio.gov/v1.1/schema
contact: 
  - contactId: UUID # or URI
    isOrganization: true
    name: catalog.dataset.contactPoint.fn
    positionName: #catalog.dataset.contactPoint.position
    memberOfOrganization: catalog.dataset.publisher.name
    logoGraphic: #catalog.dataset.publisher.logo

JJediny

---
---
{
  "conformsTo": "https://project-open-data.cio.gov/v1.1/schema",
  "@context": "https://project-open-data.cio.gov/v1.1/schema/catalog.jsonld",
  "@id": "{{ site.baseurl }}/data.json",
  "@type": "dcat:Catalog",
  "describedBy": "https://project-open-data.cio.gov/v1.1/schema/catalog.json",
  "dataset": [{% for dataset in site.datasets %}{% capture temp %}
    {% assign schema = dataset.schema | default: site.schema %}

JJediny

---

- name: WARNING!
  debug:
    msg:
      - "*************************WARNING!*************************"
      - Further execution of playbook will lock down hosts with MFA.
      - Temporay MFA codes will be provided upon completion.
      - If you DO NOT want to enable MFA at this time, cancel execution now!

JJediny

Keybase proof

I hereby claim:

• I am jjediny on github.
• I am jjediny (https://keybase.io/jjediny) on keybase.
• I have a public key whose fingerprint is 40CC 2D12 7354 9264 6296 5B85 FA37 8522 5D36 CE77

To claim this, I am signing this object:

JJediny

git clone https://gist.github.com/dd6f95398c1bdc9f1038.git vault
cd vault
docker-compose up -d
export VAULT_ADDR=http://192.168.99.100:8200

Initializing a vault:

vault init

JJediny

#!groovy

// This is the full syntax for Jenkins Declarative Pipelines as of version 0.8.1.

pipeline {
  // Possible agent configurations - you must have one and only one at the top level.
  agent any
  agent none
  agent {
    label "whatever"

JJediny

// A Declarative Pipeline is defined within a 'pipeline' block.
pipeline {

  // agent defines where the pipeline will run.
  agent {
    // This also could have been 'agent any' - that has the same meaning.
    label ""
    // Other possible built-in agent types are 'agent none', for not running the
    // top-level on any agent (which results in you needing to specify agents on
    // each stage and do explicit checkouts of scm in those stages), 'docker',

JJediny

STIG ID,Version,Rule Title,Title,Severity,Check Text,Fix Text,CCI,CCI,Status,Published,contributor,Definition,Type,NIST800-53rev4,Control,NIST800-53rev3,Control,NIST800-53rev1,Control
38437,RHEL-06-000526,Automated file system mounting tools must not be enabled unless needed.,SRG-OS-999999,low,"To verify the ""autofs"" service is disabled, run the following command:

chkconfig --list autofs

If properly configured, the output should be the following:

autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Verify the ""autofs"" service is not running:

JJediny

---
# ^^^ YAML documents must begin with the document separator "---"
#
#### Example docblock, I like to put a descriptive comment at the top of my 
#### playbooks.
#
# Overview: Playbook to bootstrap a new host for configuration management.
# Applies to: production
# Description: 
#   Ensures that a host is configured for management with Ansible.

JJediny

This is a draft "security hardness scale", desgigned to somewhat roughly quantify the level of effort of a penetration test -- since simply measuing "how many vulns did you find" is a terrible measurement of success

The scale is similar to the Mohs Hardness Scale in that it's simply an ordinal scale, not an absolute one. That is, the "gap" between 3 and 4 doesn't have to be the same "difficulty increase" as the gap between 5 and 6. It's simply a way of rating that one pentest was "harder" than another. (This is in lieu of being able measuing "hardness" in any truely quantitative way).