| #NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases. | |
| ; #Warn ; Enable warnings to assist with detecting common errors. | |
| SendMode Input ; Recommended for new scripts due to its superior speed and reliability. | |
| SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory. | |
| #SingleInstance | |
| DetectHiddenWindows, On | |
| ; --- Small keyboard tweaks --------------------------------------- |
| #!/bin/bash | |
| # v2: Updated to use sysdiglabs/secure-inline-scan:2 | |
| # This is an example pipeline execution as a Bash script of how to | |
| # execute an inline scan with Sysdig without requiring priviledges. | |
| # The image is locally built, scanned without uploading its contents | |
| # to Sysdig backend, and if it passes the Scan policies, then it's | |
| # pushed to the registry. If it doesn't, nothing is pushed. |
Inspired by: https://twitter.com/haysstanford/status/1306209477226569729
Visit your GH profile page and paste this in the JS console. Last (long) line adds several badges (if some appear duplicate with the ones you already have, use inspector to delete them):
document.querySelectorAll(".f4.text-normal.mb-2")[1].innerHTML="1"+Math.round(Math.random()*10000).toLocaleString()+" contributions in the last year"
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: docker-auth-for-tekton | |
| annotations: | |
| tekton.dev/docker-0: https://index.docker.io | |
| tekton.dev/docker-1: https://gcr.io | |
| type: kubernetes.io/basic-auth | |
| stringData: | |
| username: <username> |
| - rule: Terminal shell in container | |
| desc: A shell was used as the entrypoint/exec point into a container with an attached terminal. | |
| condition: > | |
| spawned_process and container | |
| and shell_procs and proc.tty != 0 | |
| and container_entrypoint | |
| output: > | |
| A shell was spawned in a container with an attached terminal (user=%user.name %container.info | |
| shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline terminal=%proc.tty container_id=%container.id image=%container.image.repository) | |
| priority: NOTICE |
| - rule: Network Connection outside Local Subnet | |
| desc: Detect traffic to image outside local subnet. | |
| condition: > | |
| enabled_rule_network_only_subnet and | |
| inbound_outbound and container and | |
| not network_local_subnet and | |
| k8s.ns.name in (namespace_scope_network_only_subnet) | |
| output: > | |
| Network connection outside local subnet | |
| (command=%proc.cmdline connection=%fd.name user=%user.name container_id=%container.id image=%container.image.repository namespace=%k8s.ns.name |
| - rule: Ingress Object without TLS Certificate Created | |
| desc: Detect any attempt to create an ingress without TLS certification. | |
| condition: > | |
| (kactivity and kcreate and ingress and response_successful and not ingress_tls) | |
| output: > | |
| K8s Ingress Without TLS Cert Created (user=%ka.user.name ingress=%ka.target.name | |
| namespace=%ka.target.namespace) | |
| source: k8s_audit | |
| priority: WARNING | |
| tags: [k8s, network, PCI, PCI_DSS_4.0] |
| - rule: Full K8s Administrative Access | |
| desc: Detect any k8s operation by an administrator with full access. | |
| condition: > | |
| kevt and non_system_user and ka.user.name in (admin_k8s_users) and not allowed_full_admin_users | |
| output: K8s Operation performed by full admin user (user=%ka.user.name target=%ka.target.name/%ka.target.resource verb=%ka.verb uri=%ka.uri resp=%ka.response.code) | |
| priority: WARNING | |
| source: k8s_audit | |
| tags: [k8s, NIST, NIST_3.1, PCI, PCI_DSS_2.1] |
| - rule: Disallowed K8s User | |
| desc: Detect any k8s operation by users outside of an allowed set of users. | |
| condition: kevt and non_system_user and not ka.user.name in (allowed_k8s_users) | |
| output: K8s Operation performed by user not in allowed list of users (user=%ka.user.name target=%ka.target.name/%ka.target.resource verb=%ka.verb uri=%ka.uri resp=%ka.response.code) | |
| priority: WARNING | |
| source: k8s_audit | |
| tags: [k8s] |