Johannes Kastl
ojkastl_buildservice
Involved Projects and Packages
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse
logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers
(firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security.
The official CLI tool for working with [Falco](https://github.com/falcosecurity/falco) and its ecosystem components.
OpenBao exists to provide a software solution to manage, store, and distribute
sensitive data including secrets, certificates, and keys. The OpenBao community
intends to provide this software under an OSI-approved open-source license, led
by a community run under open governance principles.
A modern system requires access to a multitude of secrets: database
credentials, API keys for external services, credentials for service-oriented
architecture communication, etc. Understanding who is accessing what secrets is
already very difficult and platform-specific. Adding on key rolling, secure
storage, and detailed audit logs is almost impossible without a custom
solution. This is where OpenBao steps in.
The key features of OpenBao are:
- Secure Secret Storage: Arbitrary key/value secrets can be stored in OpenBao.
OpenBao encrypts these secrets prior to writing them to persistent storage,
so gaining access to the raw storage isn't enough to access your secrets.
OpenBao can write to disk, Consul, and more.
- Dynamic Secrets: OpenBao can generate secrets on-demand for some systems,
such as AWS or SQL databases. For example, when an application needs to
access an S3 bucket, it asks OpenBao for credentials, and OpenBao will generate
an AWS keypair with valid permissions on demand. After creating these dynamic
secrets, OpenBao will also automatically revoke them after the lease is up.
- Data Encryption: OpenBao can encrypt and decrypt data without storing it.
This allows security teams to define encryption parameters and developers to
store encrypted data in a location such as a SQL database without having to
design their own encryption methods.
- Leasing and Renewal: All secrets in OpenBao have a lease associated with
them. At the end of the lease, OpenBao will automatically revoke that secret.
Clients are able to renew leases via built-in renew APIs.
- Revocation: OpenBao has built-in support for secret revocation. OpenBao can
revoke not only single secrets, but a tree of secrets, for example, all
secrets read by a specific user, or all secrets of a particular type.
Revocation assists in key rolling as well as locking down systems in the case
of an intrusion.
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:
- Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database)
- Anyone can suggest improvements to advisories, resulting in a very high quality database
- The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages
The above all results in fewer, more actionable vulnerability notifications, which reduces the time needed to resolve them.
A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM.
## Quickstart
$ nitropy --help
## Documentation
The user documentation for the `nitropy` CLI is available on [docs.nitrokey.com](https://docs.nitrokey.com/software/nitropy/index.html). See also the product documentation for more information on the available commands:
- [Nitrokey 3](https://docs.nitrokey.com/nitrokey3/index.html)
- [Nitrokey FIDO2](https://docs.nitrokey.com/fido2/index.html)
- [Nitrokey Start](https://docs.nitrokey.com/start/index.html)
- [NetHSM](https://docs.nitrokey.com/nethsm/index.html)
A poor man's tool to replicate secrets from one Vault instance to another.
How it works
When vault-sync starts, it does a full copy of the secrets from the source Vault instance to the destination Vault instance. Periodically, vault-sync does a full reconciliation to make sure all the destination secrets are up to date.
At the same time, you can manually enable the Socket Audit Device for the source Vault, so Vault will be sending audit logs to vault-sync. Using these audit logs, vault-sync keeps the secrets in the destination Vault up to date. Note that vault-sync does not create or delete the audit devices by itself.
It is possible to use the same Vault instance as the source and the destination. You can use this feature to replicate a "folder" of secrets to another "folder" on the same server. You need to specify different prefixes (src.prefix and dst.prefix) in the configuration file to make sure the source and the destination do not overlap.
Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate.
Features:
* Usable as a command line tool and a Go library.
* CLI designed with UNIX composability in mind.
* Avoids nasty Coordinated Omission.
* Extensive reporting functionality.
* Simple to use for distributed load testing.
* Easy to install and run (static binary, package managers, etc).
The Alertmanager handles alerts sent by client applications such as the
Prometheus server. It takes care of deduplicating, grouping, and routing
them to the correct receiver integration such as email, PagerDuty, or
OpsGenie. It also takes care of silencing and inhibition of alerts.
Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
Prometheus's main features are:
- a multi-dimensional data model (time series identified by metric name and key/value pairs)
- a flexible query language to leverage this dimensionality
- no reliance on distributed storage; single server nodes are autonomous
- time series collection happens via a pull model over HTTP
- pushing time series is supported via an intermediary gateway
- targets are discovered via service discovery or static configuration
- multiple modes of graphing and dashboarding support
| Mon | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Tue | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Wed | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Thu | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Fri | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sat | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sun |
- 27 commits in home:ojkastl_buildservice:Branch_devel_kubic
- 16 commits in devel:kubic
- 8 commits in home:ojkastl_buildservice:Branch_terraform
- and in 13 projects more
