defanator

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAllUsersToListAccounts",
            "Effect": "Allow",
            "Action": [
                "iam:ListAccountAliases",
                "iam:ListUsers",
                "iam:ListVirtualMFADevices",

defanator

#
# Copyright (C) Andrei Belov ([email protected])
#
# This is an example of direnv [1] .envrc file approaching the way
# of using awscli [2] with MFA-enabled accounts in a (more or less)
# secure manner.
#
# The following assumptions are expected:
#
#  a) there should be two files, key.asc and skey.asc, containing

defanator

# -*- mode: ruby -*-
# vi: set ft=ruby :

# https://github.com/dotless-de/vagrant-vbguest/issues/367
# https://github.com/dotless-de/vagrant-vbguest/pull/373
if defined?(VagrantVbguest)
  class MyWorkaroundInstallerUntilPR373IsMerged < VagrantVbguest::Installers::CentOS
    protected
    
    def has_rel_repo?

defanator

OPTS = a b c

default:
	@echo "try: make {all|base|opts}"

all: pattern-dep-all base opts

base: pattern-dep-base
	@echo "base"
	@touch $@

defanator

[9] JSON parser initialization
[9] yajl JSON parsing callback initialization
[4] Initializing transaction
[4] Transaction context created.
[4] Starting phase CONNECTION. (SecRules 0)
[9] This phase consists of 32 rule(s).
[4] Starting phase URI. (SecRules 0 + 1/2)
[4] Starting phase REQUEST_HEADERS.  (SecRules 1)
[9] This phase consists of 134 rule(s).
[4] (Rule: 200000) Executing operator "Rx" with param "(?:text|application)/xml" against REQUEST_HEADERS:Content-Type.

defanator

$ date && curl -vi --max-time 10 -I 'https://cdn.onelogin.com/assets/loader.js' -H 'Referer: https://nginx.onelogin.com/login' -H 'Accept: */*' -H 'Cache-Control: max-age=0' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8'
Fri Mar 24 10:26:50 MSK 2017
*   Trying 54.192.98.231...
* TCP_NODELAY set
* Connected to cdn.onelogin.com (54.192.98.231) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none

defanator

// from: http://byteandbits.blogspot.ru/2013/08/example-nginx-module-for-reading.html
// see also: http://www.serverphorums.com/read.php?5,79835,79835#msg-79835

#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
#include <string.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

defanator

---i7wdgemV---A--
[29/Nov/2016:11:09:10 +0000] 148041775067.012532 127.0.0.1 53931 127.0.0.1 80
---i7wdgemV---B--
GET /?param="><script>alert(1);</script> HTTP/1.1
REQUEST_HEADERS:User-Agent: curl/7.38.0
REQUEST_HEADERS:Host: localhost
REQUEST_HEADERS:Accept: */*
---i7wdgemV---D--
---i7wdgemV---E--
---i7wdgemV---F--

defanator

#!/usr/bin/perl

# Tests for ModSecurity module.

###############################################################################

use warnings;
use strict;

use Test::More;

defanator

[4] (Rule: 920440) Executing operator "@rx" with param "\.(.*)$" against REQUEST_BASENAME.
[9]  T (0) t:urlDecodeUni: "/nginx_signing.key"
[9]  T (1) t:lowercase: "/nginx_signing.key"
[9] Target value: "/nginx_signing.key" (Variable: REQUEST_BASENAME)
[4] Operator completed in 0.000027 seconds
[4] Rule returned 1.
...
[4] (Rule: 949110) Executing operator "@ge" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:ANOMALY_SCORE.
[9] Target value: "0" (Variable: TX:ANOMALY_SCORE)
[6] Resolving: tx.inbound_anomaly_score_threshold to: 5