Example query:
with compliance_check as (
select sha256,
case when sha256 = 'omgwtfbbqrandomchars00112233445566' then 'OK' else 'FAILED' end ztl_status
from hash
where path = '/path/to/conf'
)
Allister Banks arubdesu
📛
arubdesu
/ internal compliance check wiki.md
Created
May 13, 2022 07:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OUTPUT=$(/usr/bin/basename "$1" | /usr/bin/sed -e "s/.pkg//g") | |
| /usr/sbin/pkgutil --expand "$1" /tmp/"$OUTPUT" | |
| open -a "Archive Utility.app" /tmp/"$OUTPUT"/Payload |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/munki/simian/bin/python | |
| # | |
| # Copyright 2010 Google Inc. All Rights Reserved. | |
| """Script to output Simian dependent facter-like output of various variables.""" | |
| import json | |
| import os | |
| import re | |
| import subprocess |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """Shoves down santa rules 5 at a time to whitelist certs/binaries | |
| NOTICE - if you have a sync server like Zentral configured, you cannot add rules | |
| """ | |
| import os | |
| import subprocess | |
| from multiprocessing.dummy import Pool as ThreadPool | |
| if os.geteuid() != 0: | |
| exit("Please run this script as root.") |
arubdesu
/ whitelistBinaries.txt
Last active
August 31, 2016 19:25
My running list of certs to whitelist for santa
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 10b716799ecc07f472e6475ac6395cf76d7b180da7fc665fa7399e931d0540e5,/opt/puppetlabs/puppet/bin/augparse | |
| 10e5efeba67a600d3dcafc1cf3ee1bbb854c3d41a65fa3e9466e8e565d76c3eb,/opt/puppetlabs/puppet/bin/ruby | |
| 2533995e290b235bc98dcd9142df49101017ce2d9b860b0bbe8e841a780e6009,/Applications/Docker.app/Contents/Resources/bin/docker | |
| 3b45cef4efbd9a437a18669e6a7bce4e24456bb1c6cedfe039fda4ed9277c652,/Library/DropboxHelperTools/Dropbox_u841296058/dbaccessperm | |
| 58926d227548537c86b69b88906f1cbafbd689f5289323c13a3c2a31019f872b,/Applications/Managed Software Center.app | |
| 5d76ffc5b716f065bb0a2218fb05f1249e7e9ba83e960e7ed0a9b0c2aae58f56,/Applications/Docker.app/Contents/Resources/bin/http2client | |
| 7b30e3c645301d2e41006c9da04b6b50c6bca32843aafd7ee7dcf900d50c4549,/Applications/TextMate.app/Contents/Resources/mate | |
| 7edcc27c2b2e7e26446448953816044e7d2f234f5c51d8848ea97b5bc902db3c,/usr/local/bin/osqueryi | |
| a2fb872c714389d7b0415b62421331d9b1dad3cb88fe22bca1c4a8f8f489e171,/private/tmp/PKInstallSandbox.8Uv2rI/Scripts/com.microsoft.office.all.fonts.pkg |
arubdesu
/ SantaLogScraper.py
Last active
April 8, 2021 20:34
grab cert sha256 identifiers from logs on-disk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import glob | |
| import gzip | |
| certs = [ | |
| "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32",# apples | |
| "33b9aee3b089c922952c9240a40a0daa271bebf192cf3f7d964722e8f2170e48",# santas - everything after this isn't included... | |
| "15b8ce88e10f04c88a5542234fbdfc1487e9c2f64058a05027c7c34fc4201153",# GoogleSoftwareUpdateAgent (~) | |
| "1808a95f11169c7212a45b44c1c547c1f3e810915014bd892435253a3f8761ca",# Citrix ServiceRecords/ReceiverHelper |
arubdesu
/ BrowserWhitelist_Table.ext
Created
August 17, 2016 18:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import osquery | |
| import browser_whitelist | |
| @osquery.register_plugin | |
| class BrowserWhitelist(osquery.TablePlugin): | |
| def name(self): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| import glob | |
| import os | |
| import subprocess | |
| import sys | |
| sys.path.append('/usr/local/munki/munkilib') | |
| import FoundationPlist | |
| path = '/Users/abanks/Library/AutoPkg/Cache' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """bootstraps puppet, which gets munki ready for SSL, | |
| and runs the munki function that shoves puppet's CA into the sys keychain. | |
| Assumes this is at /Library/MMCSupport/bootstrap_puppet.py, | |
| and called by outset(github.com/chilcote/outset)'s boot-every option""" | |
| import os | |
| import shutil | |
| import subprocess | |
| import sys |
arubdesu
/ SantaCertShaProcessor.py
Last active
June 10, 2016 20:36
Autopkg processor that generates the sha256 fingerprint of the cert from an app bundle (recipes must unpack the payload in steps leading up to it) for logging/feeding to Santa's white/blacklist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Copyright 2016 Allister Banks, mostly stolen from Hannes Juutilainen | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # |
NewerOlder