Skip to content

Instantly share code, notes, and snippets.

View nyrahul's full-sized avatar
🐞

Rahul Jadhav nyrahul

🐞
116 followers · 19 following
  • AccuKnox
View GitHub Profile
@nyrahul
nyrahul / getres_limreq.sh
Last active May 16, 2025 16:14
Sum up CPU/Memory Limits/Requests for a given k8s namespace
js=$(kubectl get pods -n agents -o json) && \
cpur=$(echo $js | jq '.items[].spec.containers[]?.resources.requests.cpu' | sed -r 's/([0-9]*)m/\1/' | sed -e 's/"//g' -e 's/,//g' | paste -sd+ - | bc) && \
cpul=$(echo $js | jq '.items[].spec.containers[]?.resources.limits.cpu' | sed -r 's/([0-9]*)m/\1/' | sed -e 's/"//g' -e 's/,//g' | paste -sd+ - | bc) && \
memr=$(echo $js | jq '.items[].spec.containers[]?.resources.requests.memory' | sed -r 's/([0-9]*)Mi/\1/' | sed -e 's/"//g' -e 's/,//g' | paste -sd+ - | bc) && \
meml=$(echo $js | jq '.items[].spec.containers[]?.resources.limits.memory' | sed -r 's/([0-9]*)Mi/\1/' | sed -e 's/"//g' -e 's/,//g' | paste -sd+ - | bc) && \
echo -en "CPU Requests=${cpur}m, CPU Limits=${cpul}m\nMem Requests=${memr}Mi, Mem Limits=${meml}Mi\n"
@nyrahul
nyrahul / perms.sh
Created November 11, 2024 10:45
Fix permissions
kubectl exec -it -n accuknox-divy deployments/uwsgi -- python3 manage.py shell -c "from source.models.roles import Role
from tenant.models import Permission,Client, VisiblePermissions
from django_tenants.utils import schema_context
for client in Client.objects.exclude(schema_name__in=['root']):
with schema_context(client.schema_name):
print(client.schema_name)
admin_role = Role.objects.get(name='Admin')
for permission in Permission.objects.all():
@nyrahul
nyrahul / check-job-status.sh
Last active August 4, 2024 04:46
Check cluster kueue job status
# Show all workloads/jobs
kubectl get workload -A -o json | jq '.items[] | "\(.metadata.namespace) \(.metadata.name) \(.status.conditions[-1].type)"'
# Show Admitted workloads/jobs
kubectl get workload -A -o json | jq -c '.items[] | select(.status.conditions[-1].type == "Admitted") | [.metadata.namespace,.metadata.name]'
# Get all jobs across all namespaces in Pending state ... AccuKnox executes the jobs in init containers
kubectl get pods -A --selector job-type=accuknox-jobs --field-selector=status.phase==Pending
# list k8s-jobs queue
@nyrahul
nyrahul / clam.sh
Last active April 15, 2024 07:47
clamav scan
#!/bin/bash
# Update scan database
sudo freshclam --datadir=$PWD/clamdb --foreground
# Run the scan on the given folder path
docker run \
-it --rm \
--mount type=bind,source=$PWD/env,target=/scandir \
-v $PWD/clamdb:/clamdb \
@nyrahul
nyrahul / artifact api.sh
Last active August 5, 2024 18:43
AccuKnox Artifact API
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
trivy image -f json -o results.json --timeout 3600s nginx:latest
curl --location 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=2618&data_type=TR&save_to_s3=True&label_id=testknox' --header 'Tenant-Id: 2618' --header 'Authorization: Bearer <TOKEN>' --form 'file=@"results.json"'
# Sonar qube scanner
sonar-scanner -Dsonar.token=<SQ-TOKEN> -Dsonar.projectKey=nimbus -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json
curl -u <SQ-TOKEN>: 'http://35.188.10.229:9000/api/issues/search?components=nimbus' -o sonar-report.json
curl --location 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=2509&data_type=SQ&save_to_s3=True&label_id=SAST' --header 'Tenant-Id: 2509' --header 'Authorization: Bearer <ARTIFACT-TOKEN>' --form 'file=@"sonar-report.json"'
@nyrahul
nyrahul / prevent-crypto-miners.yaml
Last active March 22, 2024 10:20
KubeArmor policy template for preventing crypto miners execution
apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
name: prevent-crypto-miners
spec:
selector:
matchLabels:
app: wordpress
action: Block
@nyrahul
nyrahul / tenant-status.py
Last active May 30, 2024 10:18
CSPM get tenant status
-----
# exec into any celery pod
# python3 manage.py shell
# Cut paste below code and execute
# kubectl exec -n accuknox-divy deployments/uwsgi -- python3 manage.py generate_report > report.csv
from django.core.management.base import BaseCommand
from django.db import connection
from django.utils import timezone
from django_tenants.utils import schema_context
@nyrahul
nyrahul / kind-cluster-issue-apparmor.md
Last active September 24, 2023 15:47

Step 1: Create cluster

./create-cluster.sh

Step 2: Install apparmor utilities

# Install apparmor utilites in the kind cluster nodes
docker exec -it cluster01-worker bash -c "apt update && apt install apparmor-utils -y && systemctl restart containerd"
docker exec -it cluster01-control-plane bash -c "apt update && apt install apparmor-utils -y && systemctl restart containerd"
@nyrahul
nyrahul / pulsar-admin.sh
Last active April 21, 2024 17:56
bin/pulsar-admin tenants list
bin/pulsar-admin namespaces list "accuknox"
bin/pulsar-admin topics list "accuknox/cluster"
bin/pulsar-admin topics list "accuknox/datapipeline"
bin/pulsar-admin topics stats "persistent://accuknox/datapipeline/kubearmoralerts" | less
bin/pulsar-admin topics examine-messages --initialPosition latest --messagePosition 1 "persistent://accuknox/datapipeline/kubearmoralerts"
bin/pulsar-admin topics clear-backlog -s "accuknox-data-offloader" "persistent://accuknox/datapipeline/kubearmoralerts"
@nyrahul
nyrahul / nmap-scan.sh
Created June 23, 2023 13:25
Get nmap report for TLS/SSL and convert it to json
nmap -Pn -sT -p 3000 localhost --script ssl-cert --script ssl-enum-ciphers --script ssl-cert -oX t.xml
yq . t.xml -o json --xml-attribute-prefix '' > t.json