yannhowe

#!/bin/bash

# CrowdStrike 容器镜像和软件包扫描器 (JSON 输出)
#
# 此脚本从 CrowdStrike Falcon Cloud Security APIs 获取容器镜像详情和软件包 (SBOM)
# 并以结构化 JSON 格式输出。
#
# 作者: CrowdStrike
# 版本: 1.0
# 许可证: MIT

yannhowe

#!/bin/bash

# CrowdStrike Container Image & Package Scanner (JSON Output)
#
# This script retrieves container image details and software packages (SBOM)
# from CrowdStrike Falcon Cloud Security APIs in JSON format.
#
# Author: CrowdStrike
# Version: 1.0
# License: MIT

yannhowe

#!/bin/bash

# Count ACI containers
RESOURCE_GROUP=""
TOTAL_CONTAINERS=0
CONTAINER_COUNT=0

echo "\$CONTAINER_RESOURCEGROUP | \$CONTAINER_NAME | \$CONTAINER_COUNT"

while IFS=$'\t' read -r CONTAINER_NAME CONTAINER_RESOURCEGROUP ; do

yannhowe

#!/bin/bash
clusters=$(aws ecs list-clusters --query 'clusterArns' --output text)
total_tasks=0
for cluster in $clusters; do
    task_count=$(aws ecs list-tasks --cluster $cluster --query 'length(taskArns[])')
    total_tasks=$((total_tasks + task_count))
done
echo "Total ECS tasks in all clusters in the account, region: $total_tasks"

yannhowe

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Sid": "QualysCustomPolicyPermissions",
         "Effect": "Allow",
         "Action": [
            "states:DescribeStateMachine",
            "elasticfilesystem:DescribeFileSystemPolicy",
            "qldb:ListLedgers",

yannhowe

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "InventoryPermissions",
            "Effect": "Allow",
            "Action": [
                "eks:ListFargateProfiles",
                "eks:DescribeFargateProfile"
            ],

yannhowe

#!/bin/bash
aws ecs list-clusters | jq --raw-output 'map(.[])| .[]' | while read -r CLUSTER; do
    aws ecs list-tasks --cluster "$CLUSTER" --desired-status RUNNING --launch-type FARGATE --no-paginate | jq --raw-output 'map(.[])| .[]' | while read -r TASK; do
        aws ecs describe-tasks --cluster "$CLUSTER" --tasks "$TASK" | jq ".tasks | .[] | .taskDefinitionArn" | awk -F "/" '{print $NF}' | tr -d '"' | while read -r RUNNINGTASKDEFINITION; do
            echo "cluster, taskDefinitionArn, patchStatus"
            echo -n "$CLUSTER, $RUNNINGTASKDEFINITION, "
            # 'Checking for string "/tmp/CrowdStrike/rootfs/entrypoint-ecs.sh" in entrypoint'
            if aws ecs describe-task-definition --task-definition "$RUNNINGTASKDEFINITION" | grep -q "/tmp/CrowdStrike/rootfs/entrypoint-ecs.sh"
            then
                echo patched

yannhowe

#!/bin/bash
# 'Checking for string "/tmp/CrowdStrike/rootfs/entrypoint-ecs.sh" in entrypoint'
echo "taskDefinitionArn, patchStatus"
aws ecs list-task-definitions | jq --raw-output 'map(.[])| .[]' | while read -r i; do
    echo -n "$i, "
    if aws ecs describe-task-definition --task-definition "$i" | grep -q "/tmp/CrowdStrike/rootfs/entrypoint-ecs.sh"
    then
        echo patched
    else
        echo not patched

yannhowe

apiVersion: app/v1
kind: Deployment
metadata:
  name: carts-db
  labels:
    app: carts-db
  namespace: sock-shop
spec:
  replicas: 1
  template:

yannhowe

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install adobereader vlc git 7zip teamviewer mremoteng telegram whatsapp vmware-powercli-psmodule bosh-cli vmwarevsphereclient govc kubernetes-cli docker-compose docker-desktop vault kubernetes-helm vscode vscode-gitlens vscode-docker scode-gitignore vscode-icons vscode-ansible microsoft-windows-terminal terraform