From a4adbc2b1c89fa121ea777dca4c870d87956df48 Mon Sep 17 00:00:00 2001 From: Tommy Skaug Date: Tue, 6 Aug 2024 16:13:47 +0200 Subject: [PATCH] chore: adjustments to line length of code blocks --- ...c-graph-a-different-kind-of-rule-scheme.md | 62 ++++++++++++++----- data/avenger-openbsd68.md | 5 +- data/converting-pst.md | 4 +- data/gpg-openssl.md | 13 ++-- data/mac-mini-debian.md | 4 +- data/new-format.md | 11 +++- data/osquery.md | 10 ++- data/remote-forensics.md | 3 +- data/ssh-ca-proxyjump.md | 6 +- data/ssh-certs-apple-t2.md | 6 +- data/traefik-centralized-logging.md | 12 +++- data/travel.md | 3 +- 12 files changed, 101 insertions(+), 38 deletions(-) diff --git a/data/an-openioc-graph-a-different-kind-of-rule-scheme.md b/data/an-openioc-graph-a-different-kind-of-rule-scheme.md index 8034621..f63d03c 100644 --- a/data/an-openioc-graph-a-different-kind-of-rule-scheme.md +++ b/data/an-openioc-graph-a-different-kind-of-rule-scheme.md @@ -46,7 +46,9 @@ example). class IOC: def __init__(self): - self.IOC = ioc_api.IOC(name='Test', description='An IOC generated from a Python script', author='Someone') + self.IOC = ioc_api.IOC(name='Test', + description='An IOC generated from a Python script', + author='Someone') self.IOC.set_created_date() self.IOC.set_published_date() @@ -56,13 +58,15 @@ example). self.id = self.IOC.iocid def addNode(self,label,text,type,indicator,condition='is'): - IndicatorItem_node = ioc_api.make_IndicatorItem_node(condition, label, text, type, indicator) + IndicatorItem_node = ioc_api.make_IndicatorItem_node(condition, + label, text, type, indicator) current_guid = IndicatorItem_node.attrib['id'] print current_guid self.IOC.top_level_indicator.append(IndicatorItem_node) def __str__(self): - self.xml = et.tostring(self.IOC.root, encoding='utf-8', xml_declaration=True, pretty_print=True) + self.xml = et.tostring(self.IOC.root, encoding='utf-8', + xml_declaration=True, pretty_print=True) return self.xml This enables us to do something like this: @@ -74,7 +78,12 @@ This enables us to do something like this: Which will again return the XML of the IOC. - + test A Test @@ -85,10 +94,12 @@ Which will again return the XML of the IOC. - + vg.no - + 195.88.55.16 @@ -110,10 +121,12 @@ attributes: A nested IOC might look like this (relevant excerpt): - + vg.no - + 195.88.55.16 @@ -152,7 +165,9 @@ Creating an OpenIOC-compatible graph is a breeze: def addVertice(self,content,content_type,condition): vertice_id = self.graph.execute(""" - def v1 = g.addVertex([content:content,content_type:content_type,condition:condition]) + def v1 = g.addVertex([content:content, + content_type:content_type, + condition:condition]) return v1""", {'content':content, 'content_type':content_type, 'condition':condition}) return vertice_id @@ -179,7 +194,9 @@ process in reverse: def __init__(self): self.graph = RexProConnection('localhost',8184,'titan') - self.IOC = ioc_api.IOC(name='Test', description='A test IOC generated from Rexster', author='Someone') + self.IOC = ioc_api.IOC(name='Test', + description='A test IOC generated from Rexster', + author='Someone') self.IOC.set_created_date() self.IOC.set_published_date() @@ -190,8 +207,18 @@ process in reverse: self.id = self.IOC.iocid self.lastId=None - def addNode(self,label,text,type,indicator,condition='is',addToLast=False): - IndicatorItem_node = ioc_api.make_IndicatorItem_node(condition, label, text, type, indicator) + def addNode(self, + label, + text, + type, + indicator, + condition='is', + addToLast=False): + IndicatorItem_node = ioc_api.make_IndicatorItem_node(condition, + label, + text, + type, + indicator) if addToLast and self.last: self.last.append(IndicatorItem_node) @@ -202,13 +229,15 @@ process in reverse: self.last = IndicatorItem_node def traverse(self,rootNodeId): - root=self.graph.execute("""return g.v(80284)""",{'vid':str(rootNodeId)}) + root=self.graph.execute("""return g.v(80284)""", + {'vid':str(rootNodeId)}) self.addNode('test','Just a test', root['_properties']['content_type'], root['_properties']['content'], root['_properties']['condition']) - one_level_out=self.graph.execute("""return g.v(vid).out""",{'vid':str(rootNodeId)}) + one_level_out=self.graph.execute("""return g.v(vid).out""", + {'vid':str(rootNodeId)}) for vertex in one_level_out: self.addNode('test','Just a test', vertex['_properties']['content_type'], @@ -216,7 +245,10 @@ process in reverse: vertex['_properties']['condition'],addToLast=True) def __str__(self): - self.xml = et.tostring(self.IOC.root, encoding='utf-8', xml_declaration=True, pretty_print=True) + self.xml = et.tostring(self.IOC.root, + encoding='utf-8', + xml_declaration=True, + pretty_print=True) return self.xml ioc = RexsterIOC() diff --git a/data/avenger-openbsd68.md b/data/avenger-openbsd68.md index 82a0596..f6ab9ed 100644 --- a/data/avenger-openbsd68.md +++ b/data/avenger-openbsd68.md @@ -8,12 +8,11 @@ openssl rand -base64 8 | shasum | head -c16 > ~/.avenger/.macpass echo "" >> ~/.avenger/.macpass ``` - - ``` brew install berkeley-db4 curl -O http://www.mailavenger.org/dist/avenger-0.8.5.tar.gz -echo "b0fc3e2e03ed010e95e561367fce7b087968df7ea6056251eba95cad14d26d37 avenger-0.8.5.tar.gz" | shasum -a 256 --check +echo "b0fc3e2e03ed010e95e561367fce7b087968df7ea6056251eba95cad14d26d37 avenger-0.8.5.tar.gz" | \ + shasum -a 256 --check tar xvzf avenger-0.8.5.tar.gz cd avenger-0.8.5 ./configure --with-db=/usr/local/Cellar/berkeley-db@4/4.8.30 diff --git a/data/converting-pst.md b/data/converting-pst.md index 5f109d8..b855e44 100644 --- a/data/converting-pst.md +++ b/data/converting-pst.md @@ -81,7 +81,9 @@ Personal Folder'``: If you sample ``Inbox/Mails/``, you will find: - 1.eml 10.eml 11.eml 12.eml 13.eml 14.eml 15.eml 16.eml 17.eml 2.eml 3.eml 4.eml 5.eml 6.eml 7.eml 8.eml 9.eml + 1.eml 10.eml 11.eml 12.eml 13.eml 14.eml + 15.eml 16.eml 17.eml 2.eml 3.eml 4.eml + 5.eml 6.eml 7.eml 8.eml 9.eml You can now continue with our previous post [6]. I'll also encourage you to have a look at the documentation of the diff --git a/data/gpg-openssl.md b/data/gpg-openssl.md index 0966397..d62ed20 100644 --- a/data/gpg-openssl.md +++ b/data/gpg-openssl.md @@ -30,9 +30,11 @@ on my [contact page](https://contact.252.no): ``` KEY=`openssl rand -hex 32` IV=`openssl rand -hex 16` -ENCRYPTED_KEY_B64=`openssl pkeyutl -encrypt -pubin -inkey /tmp/test.pem -pkeyopt rsa_padding_mode:oaep <<< $KEY|base64` +ENCRYPTED_KEY_B64=`openssl pkeyutl -encrypt -pubin -inkey /tmp/test.pem \ + -pkeyopt rsa_padding_mode:oaep <<< $KEY|base64` BLOB=`openssl enc -aes-256-cfb -a -e -K ${KEY} -iv ${IV} -in some-file` -echo "PKCS11-VAULT;aes-256-cfb;rsa_padding_mode:oaep;$ENCRYPTED_KEY_B64:$IV:$BLOB;" > encrypted.txt +echo "PKCS11-VAULT;aes-256-cfb;rsa_padding_mode:oaep;$ENCRYPTED_KEY_B64:$IV:$BLOB;" \ + > encrypted.txt ``` The steps of the above are: @@ -92,9 +94,12 @@ for BLOB in ${ENCRYPTION_BLOBS[@]}; do IFS=':' read ENCRYPTED_KEY_B64 IV TEXTFILE_ENC <<< $BLOB ENCRYPTED_KEY=`printf $ENCRYPTED_KEY_B64 | base64 -d` decrypted=false - DECRYPTED_KEY=`echo $ENCRYPTED_KEY_B64 |base64 -d | openssl pkeyutl -decrypt -inkey /tmp/$key.key -pkeyopt ${PADDING_MODE} 2> /dev/null` && decrypted=true + DECRYPTED_KEY=`echo $ENCRYPTED_KEY_B64 |base64 -d | \ + openssl pkeyutl -decrypt -inkey /tmp/$key.key \ + -pkeyopt ${PADDING_MODE} 2> /dev/null` && decrypted=true if [ $decrypted != false ]; then - TEXTFILE_DEC=`printf %s "$TEXTFILE_ENC"|base64 -d|openssl enc -$ALGORITHM -d -K "$DECRYPTED_KEY" -iv "$IV" |base64` + TEXTFILE_DEC=`printf %s "$TEXTFILE_ENC"|base64 -d|openssl enc \ + -$ALGORITHM -d -K "$DECRYPTED_KEY" -iv "$IV" |base64` break fi done diff --git a/data/mac-mini-debian.md b/data/mac-mini-debian.md index 8e2fb1c..9054039 100644 --- a/data/mac-mini-debian.md +++ b/data/mac-mini-debian.md @@ -86,7 +86,9 @@ installation (run the same image as the one you installed, remember to simulate that you don't have network on that virtual installation): - apt-get -qq --print-uris install build-essential linux-headers-$(uname -r) broadcom-sta-dkms patch bzip2 wpasupplicant | cut -d\' -f 2 > urls.txt + apt-get -qq --print-uris install build-essential \ + linux-headers-$(uname -r) broadcom-sta-dkms \ + patch bzip2 wpasupplicant | cut -d\' -f 2 > urls.txt This will produce a file of urls that are all the packages requested and its dependencies, get the stick, format it with diff --git a/data/new-format.md b/data/new-format.md index 02a9fc0..cfc1f63 100644 --- a/data/new-format.md +++ b/data/new-format.md @@ -17,7 +17,8 @@ uses git and a post-receive hook: else repo="$pwd/.git" fi - git --work-tree=~/secdiary/content --git-dir=~/secdiary/content.git checkout -f + git --work-tree=~/secdiary/content \ + --git-dir=~/secdiary/content.git checkout -f cd ~/secdiary rm -r /var/www/secdiary.com/* rm -r /var/gopher/* @@ -27,7 +28,8 @@ uses git and a post-receive hook: cp ~/twtxt/content/twtxt.txt /var/www/secdiary.com/ echo "\nBuild: " >> /var/gopher/index.gph - git --git-dir=~/secdiary/content.git log -1 --pretty="%H%n%ci" >> /var/gopher/index.gph + git --git-dir=~/secdiary/content.git log -1 \ + --pretty="%H%n%ci" >> /var/gopher/index.gph I also publish twtxt messages in a similar way. My twtxt config looks like the following: @@ -39,7 +41,10 @@ config looks like the following: disclose_identity = False character_limit = 140 character_warning = 140 - post_tweet_hook = "cd ~/twtxt/ && git pull && git add twtxt.txt && git commit -m 'added new tweet' && git push" + post_tweet_hook = "cd ~/twtxt/ && git pull && \ + git add twtxt.txt && \ + git commit -m 'added new tweet' && \ + git push" In addition to my twtxt feed, I am present on Mastodon, which lead me to Solene's static site generator cl-yag diff --git a/data/osquery.md b/data/osquery.md index bc53503..daae883 100644 --- a/data/osquery.md +++ b/data/osquery.md @@ -38,7 +38,8 @@ Posts about osquery that you should review before moving on: * Another post on applying osquery for security [7] * Palantir on osquery [8] -So that was a couple of links to get you started. The next section shows you how to quickly get a lab environment up and running. +So that was a couple of links to get you started. The next section +shows you how to quickly get a lab environment up and running. ## Setup and Configuration @@ -112,12 +113,15 @@ You can start the osquery daemon on the client by using the following command. At this point you should start thinking about packaging, which is detailed in the osquery docs [11]. - /usr/local/bin/osqueryd --disable_events=false --flagfile=/private/var/osquery/osquery.flags + /usr/local/bin/osqueryd --disable_events=false \ + --flagfile=/private/var/osquery/osquery.flags osquery also has an interactive mode if you would like to test the local instance, based on a local configuration file: - sudo osqueryi --disable_events=false --config_path=/etc/osquery/osquery.conf --config_path=/etc/osquery/osquery.conf + sudo osqueryi --disable_events=false \ + --config_path=/etc/osquery/osquery.conf \ + --config_path=/etc/osquery/osquery.conf To make the client persistent on macOS, use the following documentation from osquery [12]. diff --git a/data/remote-forensics.md b/data/remote-forensics.md index 62202a9..4d4ee36 100644 --- a/data/remote-forensics.md +++ b/data/remote-forensics.md @@ -120,7 +120,8 @@ says OS, this might as well have been ``REGISTRY`` or ``TSK``): for client in SearchClients('host:Webserver'): id=client[0].client_id o=flow.GRRFlow.StartFlow(client_id=str(id), - flow_name="GetFile", pathspec=rdfvalue.PathSpec(path=path, pathtype=rdfvalue.PathSpec.PathType.OS)) + flow_name="GetFile", pathspec=rdfvalue.PathSpec(path=path, + pathtype=rdfvalue.PathSpec.PathType.OS)) flows.append(o) files=[] diff --git a/data/ssh-ca-proxyjump.md b/data/ssh-ca-proxyjump.md index af24dcc..c9ebadf 100644 --- a/data/ssh-ca-proxyjump.md +++ b/data/ssh-ca-proxyjump.md @@ -134,9 +134,11 @@ certificate may now be signed and distributed to the user. $ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub - $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web -V +1w -z 1 id_rsa.pub + $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web \ + -V +1w -z 1 id_rsa.pub Enter PIN for 'OpenPGP card (User PIN)': - Signed user key .ssh/id_rsa-cert.pub: id "example" serial 1 for zone-web valid from 2020-10-13T15:09:00 to 2020-10-20T15:10:40 + Signed user key .ssh/id_rsa-cert.pub: id "example" serial 1 for zone-web + valid from 2020-10-13T15:09:00 to 2020-10-20T15:10:40 The same concept goes for a user smart-card, except that is a plug and play as long as you have the gpg-agent diff --git a/data/ssh-certs-apple-t2.md b/data/ssh-certs-apple-t2.md index 7784133..f2bd69d 100644 --- a/data/ssh-certs-apple-t2.md +++ b/data/ssh-certs-apple-t2.md @@ -71,9 +71,11 @@ compromising security [3]. In this case I use a Nitrokey: $ brew cask install opensc $ PKCS11_MODULE_PATH=/usr/local/lib/opensc-pkcs11.so $ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub - $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web -V +1h -z 1 id_ecdsa.pub + $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web \ + -V +1h -z 1 id_ecdsa.pub Enter PIN for 'OpenPGP card (User PIN)': - Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51 + Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web + valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51 cp id_ecdsa-cert.pub ~/.ssh/ If you now try to ssh into a server using the given diff --git a/data/traefik-centralized-logging.md b/data/traefik-centralized-logging.md index 6275d50..88f00d4 100644 --- a/data/traefik-centralized-logging.md +++ b/data/traefik-centralized-logging.md @@ -28,7 +28,8 @@ OpenBSD. This mostly has to do with vendor support and the fact that OpenBSD does things differently. Within security monitoring, centralized logging with -[LimaCharlie Adapters](https://doc.limacharlie.io/docs/documentation/73a613e8e43ed-lima-charlie-adapter) is a good option, which is what I wanted to share a +[LimaCharlie Adapters](https://doc.limacharlie.io/docs/documentation/73a613e8e43ed-lima-charlie-adapter) +is a good option, which is what I wanted to share a simple example of here. Please note that this is simplistic in design, since the @@ -166,7 +167,14 @@ version: '3.3' services: traefik-lc-adapter: image: refractionpoint/lc-adapter:latest - command: file file_path=/logs/traefik/access.log client_options.identity.installation_key=$LC_INSTALLATION_KEY client_options.identity.oid=$LC_ORG_ID client_options.hostname=$LC_HOSTNAME client_options.sensor_seed_key=$LC_HOSTNAME client_options.platform=json + command: + - file + - file_path=/logs/traefik/access.log + - client_options.identity.installation_key=$LC_INSTALLATION_KEY + - client_options.identity.oid=$LC_ORG_ID + - client_options.hostname=$LC_HOSTNAME + - client_options.sensor_seed_key=$LC_HOSTNAME + - client_options.platform=json restart: unless-stopped environment: TZ: UTC diff --git a/data/travel.md b/data/travel.md index 2724f40..e62b2a5 100644 --- a/data/travel.md +++ b/data/travel.md @@ -179,7 +179,8 @@ Open Network Configuration (ONC) [7]. In order to convert this format to a working configuration file, use ovpn2onc.py [9] like the following. - python3 reference/convert.py --infile *-pki-embedded.ovpn --outfile vpn_configuration.onc --name my_vpn + python3 reference/convert.py --infile *-pki-embedded.ovpn \ + --outfile vpn_configuration.onc --name my_vpn This results in a configuration file named ``vpn_configuration.onc``. ChromeOS will not give you any feedback