Skip to content

Instantly share code, notes, and snippets.

View fredead's full-sized avatar
🍌
banana

Simon Loader fredead

🍌
banana
4 followers · 1 following
View GitHub Profile
@fredead
fredead / Restart-PaloAlto-Firewallexpect
Last active August 29, 2015 14:20
Expect script Reset Palo Alto firewall
#!/bin/expect -f
# Simon Loader (simon@loaders
#
# This was used while working on remote equipment and having no way to reset when getting configuration wrong
# Put it in a crontab or in a shell with a long sleep.
# Should be easy to change for cisco / juniper etc.
#
# Get CLI args
set pass [lrange $argv 0 0]
set ip [lrange $argv 1 1]
@fredead
fredead / haproxy.conf
Last active June 28, 2017 10:51
haproxy for docker registry
frontend https
bind :80
bind 0.0.0.0:443 ssl crt /etc/haproxy/mydomain.com.pem
reqadd X-Forwarded-Proto:\ https
redirect scheme https if !{ ssl_fc }
acl docker_registry_domain hdr(host) -i docker-register.mydomain.com
# This is a hack for docker not always sending basic auth data
acl docker_token hdr(Authorization:) -i Token
@fredead
fredead / Selinux cheat sheet
Last active April 23, 2016 14:27
Selinux cheat sheet
Selinux can be difficult when you just want it to work and many people just switch it off
Here is something simple command lines I use to just set it up, its best to go away for a week and learn it all properly but this is good when you just want to get it done.
yum install policycoreutils-python # Centos package
NOTE: all changes take effect and remain even after a reboot
Allow something to execute / write to a file / area
# find type name 1st ( this may prove more difficult in which case look at agent logs)
semanage fcontext -l | grep progname
@fredead
fredead / Renew-app-lease-check-pid.sh
Last active November 20, 2015 12:43
Timer based restart script while checking a process actually started
#!/bin/bash -e
# In general using this is a hack round another problem
#Sometimes it can be a practical answer to be productive rather than going in circles
while [ true ]; do
RENEW_TIME=60000
CHECK_TIME=60
# get my Lease for the
LEASE=`echo curl http://lease`
@fredead
fredead / give-me-root-docker.sh
Last active February 15, 2016 14:11
Bypass some security on a badly setup docker daemon
# Add your self to the local sudo group when docker daemon is running as root
docker run -v /:/mnt -i -t centos chroot /mnt usermod -a -G sudo ${USER}
@fredead
fredead / s3put-encrypt.sh
Last active June 2, 2016 14:41
KMS encrypting a file on AWS
#!/bin/sh
CMD=`basename $0`
TMPFILE=`mktemp /tmp/${CMD}.XXXXXX` || exit 1
KEY_ARN="arn:aws:kms:eu-west-1:28282828282:key/2828282-82822-28283-28238-28383393"
function usage {
echo "${CMD} [-k KMS key arn] <from> <to>" >&2
echo " Example:"
echo " ${CMD} env.staging s3://bucket/staging/env.staging" >&2
@fredead
fredead / Lambda stack CFN utils
Last active July 15, 2016 07:54
CFN template to create SNS subscription and looking up output of other stacks lambda
{
"Description": "lambda helper functions for stacks",
"Outputs": {
"LookupStackARN": {
"Description": "Arn for lookup stack arn",
"Value": {
"Fn::GetAtt": [
"LookupStackOutputs",
"Arn"
]
@fredead
fredead / nginx-redirect.conf
Last active January 13, 2017 12:16
Nginx port 80 to port 443 redirect with added ssl hardening
server {
listen 80;
server_name www.loaders.net;
rewrite ^ https://$server_name$request_uri? permanent;
#listen 80 default_server;
#return 301 https://$host$request_uri;
}
@fredead
fredead / ssl-proxy-site.conf
Created July 20, 2016 14:02
Apache port 80 redirect to port 443
<VirtualHost *:80>
ServerName www.loaders.net
ServerAdmin [email protected]
Redirect permanent / https://www.loaders.net
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
@fredead
fredead / solcsend.sh
Last active September 9, 2016 08:22
Ethereum compile with solc and deploy using geth
#!/bin/sh -e
TEMPDIR=`mktemp -d`
echo Compilecode
solc --gas --bin -o ${TEMPDIR} $1
FILENAME=${TEMPDIR}/$1
FILENAME=`echo ${TEMPDIR}/$1 | sed -e 's/.sol$/.bin/'`
DATA=`cat $FILENAME`