Create a new file called new-network.xml with the following content:
<network>
<name>custom-net</name>
ralvares
/ crc-acs-secured-cluster.yaml
Last active
November 6, 2025 07:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: SecuredCluster | |
| metadata: | |
| name: stackrox-secured-cluster-services | |
| namespace: stackrox | |
| spec: | |
| customize: | |
| envVars: | |
| - name: ROX_SCANNER_V4_RED_HAT_CVES | |
| value: 'true' |
ralvares
/ crc-acs.yaml
Last active
November 6, 2025 15:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: Central | |
| metadata: | |
| name: stackrox-central-services | |
| namespace: stackrox | |
| spec: | |
| customize: | |
| envVars: | |
| - name: ROX_EXTERNAL_IPS | |
| value: 'true' |
ralvares
/ gist:02ea07b5ce607ddcea24f9152687e367
Last active
October 17, 2025 12:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oc create sa loki-sa -n netobserv | |
| #DONT DO THIS### TESTING ONLY | |
| oc adm policy add-scc-to-user privileged -z loki-sa -n netobserv | |
| #### | |
| #### | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: |
ralvares
/ gist:76ad83e03d2f6b804f4b5a8a33740896
Created
July 7, 2025 06:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kubernetes Tier 1 Threat Hunting Demo with Audit Logs | |
| This is a full step-by-step demo for hunting Kubernetes threats using audit logs on an OpenShift cluster with access to `/var/log/kube-apiserver/audit.log`. It simulates a realistic attacker scenario where a pod is compromised and its ServiceAccount is used to escalate privileges and perform malicious actions. | |
| All actions happen in the **`default` namespace**, and detections rely **only on verbs, resources, and subresources** — no assumptions about usernames, pod names, or namespaces. | |
| --- | |
| ## Step 0: Create Pod with kubectl and curl (Attacker foothold) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: SecuredCluster | |
| metadata: | |
| name: stackrox-secured-cluster-services | |
| namespace: stackrox | |
| spec: | |
| sensor: | |
| resources: | |
| requests: | |
| cpu: 10m |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: SecuredCluster | |
| metadata: | |
| name: stackrox-secured-cluster-services | |
| namespace: stackrox | |
| spec: | |
| customize: | |
| envVars: | |
| - name: ROX_SCANNER_V4_RED_HAT_CVES | |
| value: 'true' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: Central | |
| metadata: | |
| name: stackrox-central-services | |
| namespace: stackrox | |
| spec: | |
| customize: | |
| envVars: | |
| - name: ROX_EXTERNAL_IPS | |
| value: 'true' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-` | |
| oc create secret generic multiclusterhub-operator-pull-secret \ | |
| -n open-cluster-management-observability \ | |
| --from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \ | |
| --type=kubernetes.io/dockerconfigjson | |
| ACCESS_KEY="" | |
| SECRET_KEY="" |
ralvares
/ generate_netpol.sh
Last active
March 9, 2023 13:42
Generate Network Policies using roxctl (npguard) from running deployments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ $# -eq 0 ] | |
| then | |
| echo "try: $0 payments-v2 frontend backend" | |
| exit 1 | |
| fi | |
| > netpols.yaml | |
| for namespace in $@ | |
| do |
NewerOlder