A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=read-only
ProtectControlGroups=yes
ProtectKernelModules=yes
Kinnaird McQuade kmcquade
kmcquade
/ app.yaml
Created
February 2, 2024 05:55
— forked from alukach/app.yaml
An example Github Actions for Python + Pipenv + Postgres + Pyright
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/app.yaml | |
| name: My Python Project | |
| on: push | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| services: |
kmcquade
/ clean_old_lambda_versions.py
Created
December 5, 2023 18:47
— forked from tobywf/clean_old_lambda_versions.py
A quick script to remove old AWS Lambda function versions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import absolute_import, print_function, unicode_literals | |
| import boto3 | |
| def clean_old_lambda_versions(): | |
| client = boto3.client('lambda') | |
| functions = client.list_functions()['Functions'] | |
| for function in functions: | |
| versions = client.list_versions_by_function(FunctionName=function['FunctionArn'])['Versions'] | |
| for version in versions: |
kmcquade
/ ldbdump.py
Created
November 6, 2022 20:23
— forked from mkorthof/ldbdump.py
ldbdump - dumps LevelDB keys/values
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # ldbdump - dumps LevelDB keys/values | |
| # | |
| # a LevelDB is a dir with files such a these: | |
| # 000050.ldb 000100.log CURRENT LOCK LOG MANIFEST-000099 | |
| # | |
| # sources: https://github.com/tos-kamiya/levelobjdb dump() | |
| import os |
kmcquade
/ install-firing-range.sh
Created
May 12, 2022 19:15
— forked from ianmuscat/install-firing-range.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Clone the Firing Range Repository | |
| git clone https://github.com/google/firing-range.git | |
| # Change to 'firing-range' directory | |
| cd firing-range | |
| # Download the AppEngine SDK | |
| wget https://storage.googleapis.com/appengine-sdks/featured/appengine-java-sdk-1.9.23.zip |
kmcquade
/ parse_arn.py
Created
August 3, 2019 20:05
— forked from gene1wood/parse_arn.py
Parse an AWS ARN (Amazon Resource Name) into it's constituent elements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def parse_arn(arn): | |
| # http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html | |
| elements = arn.split(':') | |
| result = {'arn': elements[0], | |
| 'partition': elements[1], | |
| 'service': elements[2], | |
| 'region': elements[3], | |
| 'account': elements[4] | |
| } | |
| if len(elements) == 7: |
kmcquade
/ virtualenv-auto-activate.sh
Created
June 21, 2019 14:50
— forked from codysoyland/virtualenv-auto-activate.sh
virtualenv-auto-activate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # virtualenv-auto-activate.sh | |
| # | |
| # Installation: | |
| # Add this line to your .bashrc or .bash-profile: | |
| # | |
| # source /path/to/virtualenv-auto-activate.sh | |
| # | |
| # Go to your project folder, run "virtualenv .venv", so your project folder | |
| # has a .venv folder at the top level, next to your version control directory. |
kmcquade
/ packer-ami-id
Created
June 19, 2019 21:31
— forked from danrigsby/packer-ami-id
Get AMI ID from a packer build
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| packer build packer.json 2>&1 | sudo tee output.txt | |
| tail -2 output.txt | head -2 | awk 'match($0, /ami-.*/) { print substr($0, RSTART, RLENGTH) }' > sudo ami.txt |
kmcquade
/ keep-jenkins-plugins-uptodate.groovy
Created
May 27, 2019 22:44
— forked from alecharp/keep-jenkins-plugins-uptodate.groovy
Simple groovy script to upgrade active plugins when new versions are available
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jenkins.model.Jenkins.getInstance().getUpdateCenter().getSites().each { site -> | |
| site.updateDirectlyNow(hudson.model.DownloadService.signatureCheck) | |
| } | |
| hudson.model.DownloadService.Downloadable.all().each { downloadable -> | |
| downloadable.updateNow(); | |
| } | |
| def plugins = jenkins.model.Jenkins.instance.pluginManager.activePlugins.findAll { | |
| it -> it.hasUpdate() |
kmcquade
/ 0.12.tf
Created
May 27, 2019 19:25
— forked from tuannvm/0.12.tf
#terraform #hashicorp #cheatsheet #0.12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # first class expresssion | |
| variable "ami" {} | |
| resource "aws_instance" "example" { | |
| ami = var.ami | |
| } | |
| ### | |
| # list & map | |
| resource "aws_instance" "example" { |
kmcquade
/ systemd_service_hardening.md
Created
April 29, 2019 17:37
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
NewerOlder