| - rule: Ingress Object without TLS Certificate Created | |
| desc: Detect any attempt to create an ingress without TLS certification. | |
| condition: > | |
| (kactivity and kcreate and ingress and response_successful and not ingress_tls) | |
| output: > | |
| K8s Ingress Without TLS Cert Created (user=%ka.user.name ingress=%ka.target.name | |
| namespace=%ka.target.namespace) | |
| source: k8s_audit | |
| priority: WARNING | |
| tags: [k8s, network, PCI, PCI_DSS_4.0] |
| - rule: Network Connection outside Local Subnet | |
| desc: Detect traffic to image outside local subnet. | |
| condition: > | |
| enabled_rule_network_only_subnet and | |
| inbound_outbound and container and | |
| not network_local_subnet and | |
| k8s.ns.name in (namespace_scope_network_only_subnet) | |
| output: > | |
| Network connection outside local subnet | |
| (command=%proc.cmdline connection=%fd.name user=%user.name container_id=%container.id image=%container.image.repository namespace=%k8s.ns.name |
| - rule: Terminal shell in container | |
| desc: A shell was used as the entrypoint/exec point into a container with an attached terminal. | |
| condition: > | |
| spawned_process and container | |
| and shell_procs and proc.tty != 0 | |
| and container_entrypoint | |
| output: > | |
| A shell was spawned in a container with an attached terminal (user=%user.name %container.info | |
| shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline terminal=%proc.tty container_id=%container.id image=%container.image.repository) | |
| priority: NOTICE |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: docker-auth-for-tekton | |
| annotations: | |
| tekton.dev/docker-0: https://index.docker.io | |
| tekton.dev/docker-1: https://gcr.io | |
| type: kubernetes.io/basic-auth | |
| stringData: | |
| username: <username> |
Inspired by: https://twitter.com/haysstanford/status/1306209477226569729
Visit your GH profile page and paste this in the JS console. Last (long) line adds several badges (if some appear duplicate with the ones you already have, use inspector to delete them):
document.querySelectorAll(".f4.text-normal.mb-2")[1].innerHTML="1"+Math.round(Math.random()*10000).toLocaleString()+" contributions in the last year"
| #!/bin/bash | |
| # v2: Updated to use sysdiglabs/secure-inline-scan:2 | |
| # This is an example pipeline execution as a Bash script of how to | |
| # execute an inline scan with Sysdig without requiring priviledges. | |
| # The image is locally built, scanned without uploading its contents | |
| # to Sysdig backend, and if it passes the Scan policies, then it's | |
| # pushed to the registry. If it doesn't, nothing is pushed. |
| #NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases. | |
| ; #Warn ; Enable warnings to assist with detecting common errors. | |
| SendMode Input ; Recommended for new scripts due to its superior speed and reliability. | |
| SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory. | |
| #SingleInstance | |
| DetectHiddenWindows, On | |
| ; --- Small keyboard tweaks --------------------------------------- |
| #!/bin/bash | |
| # Uses sysdiglabs/secure-inline-scan:2 | |
| # This is an example script that scans from a private registry | |
| # with Sysdig without requiring priviledges. | |
| # It creates a temporary docker-config.json auth file for dockerhub registry, | |
| # but can be replaced to use any other registry using Docker credentials. |
| #!/bin/bash | |
| # Download and compile xmrig | |
| sudo apt-get install git build-essential cmake libuv1-dev libssl-dev libhwloc-dev | |
| git clone https://github.com/xmrig/xmrig.git | |
| mkdir xmrig/build && cd xmrig/build | |
| cmake .. | |
| make -j$(nproc) |