From baed4ade885eaa7fab3f5a64d97e7f4fad7df9d4 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 12:26:54 -0700 Subject: [PATCH 01/18] Adds basic Travis CI files --- .travis.yml | 3 +++ Makefile | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 .travis.yml create mode 100644 Makefile diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..03f23c00 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,3 @@ +script: +- make + diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..33818f06 --- /dev/null +++ b/Makefile @@ -0,0 +1,2 @@ +test: + echo "hello world" From e585cee2641095ff108aa317805a5051c5b13b5f Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 15:42:08 -0700 Subject: [PATCH 02/18] Adds spell checker for one dir --- .travis.yml | 5 +- Makefile | 4 + .../access_control/access_control.adoc | 2 +- admin_guide/access_control/access_keys.adoc | 2 +- .../access_control/integrate_saml.adoc | 2 +- .../access_control/open_policy_agent.adoc | 2 +- our_dict | 643 ++++++++++++++++++ 7 files changed, 655 insertions(+), 5 deletions(-) create mode 100644 our_dict diff --git a/.travis.yml b/.travis.yml index 03f23c00..3f5c8eab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,6 @@ +services: + - docker + script: -- make + - make diff --git a/Makefile b/Makefile index 33818f06..36adc872 100644 --- a/Makefile +++ b/Makefile @@ -1,2 +1,6 @@ +services: + - docker + test: echo "hello world" + docker run --rm -v $(pwd):/workdir tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc diff --git a/admin_guide/access_control/access_control.adoc b/admin_guide/access_control/access_control.adoc index 58424eaf..a83fb1cc 100644 --- a/admin_guide/access_control/access_control.adoc +++ b/admin_guide/access_control/access_control.adoc @@ -6,5 +6,5 @@ Prisma Cloud provides broad enterprise identity support, integrating with Active Define accounts and IAM roles to integrate with your cloud providers in one place and reuse them across the product. Pluggable cryptography allows you to bring your own certificates, not just for TLS, but also for smart card authentication to Console. -Prisma Cloud ships with prebuilt roles to provide least privilege access to your devops and security teams. +Prisma Cloud ships with prebuilt roles to provide least privilege access to your DevOps and security teams. Use Assigned Collections to precisely control what data teams can view or use built-in multi-tenancy to securely isolate entire business units or geographies within the same Console. diff --git a/admin_guide/access_control/access_keys.adoc b/admin_guide/access_control/access_keys.adoc index 6ef17ac0..194e2505 100644 --- a/admin_guide/access_control/access_keys.adoc +++ b/admin_guide/access_control/access_keys.adoc @@ -87,7 +87,7 @@ This role will be assigned to your service account. . (Optional) Allow your service account to authenticate directly with Prisma Cloud. + -If you've integrated Prisma Cloud with a directory service, creating a new user in your underlying auth provider can be tedious in some enterprise environments. +If you have integrated Prisma Cloud with a directory service, creating a new user in your underlying auth provider can be tedious in some enterprise environments. Prisma Cloud lets select users authenticate directly with Prisma Cloud using their email and a password that's registered separately after the user account is created. .. In Prisma Cloud, go to *Settings > SSO*. diff --git a/admin_guide/access_control/integrate_saml.adoc b/admin_guide/access_control/integrate_saml.adoc index 7edd5291..930112e3 100644 --- a/admin_guide/access_control/integrate_saml.adoc +++ b/admin_guide/access_control/integrate_saml.adoc @@ -76,7 +76,7 @@ image::integrate_saml_610136.png[width=600] .. In the *Single Sign On URL* field, enter *\https://:8083/api/v1/authenticate*. + -Note that if you've changed the default port you use for the HTTPS listener, you'd need to adjust the URL here accordingly. +Note that if you have changed the default port you use for the HTTPS listener, you'd need to adjust the URL here accordingly. Additionally, this URL must be visible from the Okta environment, so if you're in a virtual network or behind a load balancer, it must be configured to forward traffic to this port and it's address is what should be used here. .. Select *Use this for Recipient URL and Destination URL*. diff --git a/admin_guide/access_control/open_policy_agent.adoc b/admin_guide/access_control/open_policy_agent.adoc index 42ba86c5..ae37de97 100644 --- a/admin_guide/access_control/open_policy_agent.adoc +++ b/admin_guide/access_control/open_policy_agent.adoc @@ -87,7 +87,7 @@ For Kubernetes v1.16 or later, copy the v1.16 template from <<_templates,here>>. . Create the webhook configuration object. + -After creating the object, the Kubenetest API server directs AdmissionReview requests to Defender. +After creating the object, the Kubernetes API server directs AdmissionReview requests to Defender. $ kubectl apply -f webhook.yaml diff --git a/our_dict b/our_dict new file mode 100644 index 00000000..9d7ec8bb --- /dev/null +++ b/our_dict @@ -0,0 +1,643 @@ +1a +5c770dca5feaa30001e9a3d8 +5cb138ec3fb74710869425df +7.4p1 +10m +256-bit +521-bit +_ +_Before +_You +AAD +aad +AccessReport +ack +ACL-based +ACLs +acme-dev +ACS +add-scc-to-user +addressers +ADFS +adfs +adm +Admin +admin +Admins +admins +admissionregistration +AdmissionReview +admissionReviewVersions +adoc +AF_SOCKET +aG +air-gapped +amd64 +ANDs +Ansible +api +api-group +api-resources +api.aporeto.io +apiauthorizationpolicies +APIAuthorizationPolicy +apiauthorizationpolicy +APICheck +apiGroups +APIProxy +apiproxy +APIs +APIVersion +apiVersion +apiVersions +Apobar +apoctl +APOCTL_API +APOCTL_NAMESPACE +Aporeto +aporeto +aporeto-crds +aporeto-operator +aporeto-operator-team-b +aporeto-operators +aporeto.io +aporeto.list +Aporeto.repo +app +appcred +AppCredential +appcredentials +appcreds +applyPolicyMode +apps +arn +aspx +associatedTags +auditd +AuditProfile +AuditProfileMappingPolicy +auditprofilemappingpolicy +AuditReport +AuhorizationEndpoint +Auth0 +auth +auth0 +auth.log +Authn +Authorization_Endpoint +authorizer +Authy +autocomplete +autocompletion +autodiscover +autogenerated +Automations +automations +AutomationTemplate +aws +aws-ebs +AWS_IAM_ROLE +AWSAccount +AWSSecurityToken +awssecuritytoken +backend +Base64 +base64-encoded +baseurl +bash_profile +bolded +boolean +booleans +CA +caBundle +CAs +cd629cb5-2826-4126-82fd-3f2df5f5bc7 +CentOS +centos +central-usa +centralus +cerberus +checkbox +CHILD_NAMESPACE +chmod +CIDRs +CIS +ClaimMapping +claims_supported +ClaimsSupported +ClauseMatch +clientConfig +clob +CLOUD_ID_TAG +CN +cn +CNs +CollectionID +collectionID +conntrack +containerd +containerPort +ContextID +CoreOS +CounterReport +CRD +crd +CRDs +CRI-O +cron +CSPM +CVE +CWPP +DaemonSet +daemonset +darwin +datapath +DataPathCertificate +dc +DDoS +debian +DependencyMap +depmaps +dev +DevHostA +DevOps +devs +DevSecOps +disable-aporeto-ctrls +DN +dns +DNSLookupReport +Docker +docker-ce +doesn +dpkg +e.g. +ec2 +ec2-namespace-map +ECDSA +Elasticsearch +ELBs +endif +ENFORCER_ID_TAG +enforcerconfig +enforcerd +enforcerd-initd +enforcerd-sshplugin +enforcerd.conf +enforcerd.creds +enforcerd.service +ENFORCERD_API +ENFORCERD_APPCREDS +ENFORCERD_COMPRESSED_TAGS +ENFORCERD_NAMESPACE +ENFORCERD_PERSIST_CREDENTIALS +ENFORCERD_TOKEN +enforcerlog +enforcerlogs +EnforcerProfile +EnforcerProfileMappingPolicy +EnforcerReport +EnforcerTraceReport +enum +eval +EventLog +ExternalNetwork +externalnetwork +failover +failurePolicy +Fibre +FileAccessPolicy +FileAccessReport +FilePath +finalizers +FlowReport +FQDN +FQDNs +FreeBSD +fsSL +fsType +gaia +gce-pd +gcp +gcp-namespace-map +GCPIdentityToken +gcpidentitytoken +georedundancy +GitHub +GitLab +gitlab +global.integrations.slack.channel +global.integrations.slack.webhook +global.integrations.smtp.pass +global.integrations.smtp.receivers.monitor +global.integrations.smtp.server +global.integrations.smtp.systemEmail +global.integrations.smtp.user +Gogole +Golang +gp2 +gpgcheck +gpgkey +Grafana +GraphEdge +GraphGroup +GraphNode +GraphPolicyInfo +grep +group1 +group2 +group3 +GroupA +GroupB +gRPC +hardcode +highwind +HookPolicy +hostname +HostService +HostServiceMappingPolicy +href +HTTPResourceSpec +https +i-0def01b1b215bbd1 +i-deadbeef12345 +i.e. +IAM +iat +id_token_signing_alg_values_supported +Idempotency +idempotency +IDP +IdP +IdPs +IDTokenSigningAlgValuesSupported +ifdef +ImportReference +ImportRequest +IncomingTraffic +InfluxDB +influxdb +InfluxQL +InfrastructurePolicy +init.d +InstalledApp +instanceid +instancename +IntermediateCA +ints +InvoiceRecord +io +iOS +IPInfo +IPs +IPsum +iptables +iSCSI +IsolationProfile +iss +IssuingCA1 +IssuingCA2 +jdong +jira +jq +JSON +JSON-encoded +JWKS +JWKS_URI +JWT-based +JWTCertificates +JWTCertificateType +JWTs +k8s +k8s.aporeto.io +Katacoda +KeyString +kube +kube-apiserver +kubeconfig +kubectl +kubelet +Kubernetes +kubernetes-api +kubernetes-api-example +kubernetes.io +LastPass +LDAP +ldap +LDAPProvider +LDAPS +ldaps +ldapsearch +linux +localhost +logon +logsEnabled +loopback +lsb_release +m4.2xlarge +m4.xlarge +m5.8xlarge +macOS +matchPolicy +md6GgsAZz58xseExGoIEyKqhS0Xu5lsi +MessagePack +metadata +mgmt +microservice +Microservices +microservices +midgard +Midguard +misconfigure +misconfigured +mkdir +MongoDB +mongodb +mountOptions +msg +multicast +multipart +mycompany +myinstance +myproject +n1-standard-4 +n1-standard-8 +n1-standard-32 +nameid +namespace +Namespaced +namespacemappingpolicies +NamespaceMappingPolicy +namespaces +namespaceSelector +Netfilter +NetworkAccessPolicy +networkaccesspolicy +NfQueue +nginx +nip.io +NodePort +nodist +NoneOnDryRun +OAuth +OAuth2 +OAUTHInfo +OAUTHKey +oc +OIDC +oidc +OIDC-based +OIDC-compliant +OIDCProvider +Okta +one-time +OPA +OpenBSD +OpenID +OpenLDAP +OpenShift +OpenSSH +openssl +OpenStack +OpenSuSE +operationalize +operationalizes +OperatorHub +ORs +otp +OU +PacketReport +param +PasswordReset +pd-ssd +PEM +pem +PEM-encoded +pid +PingFederate +PKI-based +PKIXName +plugin +plugins +png +PolicyGraph +PolicyRefresh +PolicyRenderer +PolicyRule +postprocessing +PowerShell +pre-created +pre-existing +pre-install +prebuilt +preinstall +prepended +preprocessing +Prisma +prisma +priv +ProcessingUnit +processingunit +ProcessingUnitPolicy +ProcessingUnitRefresh +processingunits +ProcessingUnitService +programmatically +projectid +projectnumber +Prometheus +proxied +ps +pseudoterminal +pu +publicApplicationPort +Quickstart +quickstart +QuotaCheck +QuotaPolicy +RBAC +rbac +rebalance +reCAPTCHA +RecipeOptions +reclaimPolicy +RedHat +redhat +Redis +Regex +Rego +releasever +RemoteProcessor +RenderedPolicy +RenderTemplate +ReplicaSet +repo +repo_gpgcheck +reprovision +requestee +resize +resourcetype +ResponseTypesSupported +Rexray +RFC-7518 +rolename +rolesessionname +RootCA +routable +runtime +runtimes +rw +SaaS +sAMAccountName +samAccountName +SAML +saml +SAML2 +SAMLProvider +ScopesSupported +screenshot +searchable +securityContext +SerialNumber +serverless +ServiceDependency +ServiceToken +set_value +sharded +sharding +shortlived +sideEffects +SKU +sources.list.d +specificities +SPIFFE +SSHAuthorizationPolicy +sshauthorizationpolicy +SSHD +sshd +SSHIdentity +sSL +SSO +stateful +StatefulSet +StatsInfo +StatsQuery +statsquery +step1 +step2 +step3 +step5 +step6 +step7 +step8 +step9 +step10 +step11 +step12 +step13 +storage.k8s.io +StorageClass +storageclass.kubernetes.io +sts +subcommand +SubjectTypesSupported +subnet +subnets +Sudo +sudo +SuggestedPolicy +svc +synack +sys +sysadmin +syslogs +systemctl +systemd +TagValue +tcp +templated +templating +tenantid +timeoutSeconds +TimeSeriesQueryResults +TimeSeriesRow +Timestamp +TLS +TLSType +tlsverify +TokenEndpointAuthMethodsSupported +tokenGroups +TokenScopePolicy +TraceMode +TraceRecord +TrustedCA +TW +tw +Twistcli +twistcli +Twistlock +twistlock +Ubuntu +ubuntu +udp +UI +uid +UIParameter +UIParameterVisibility +UIStep +uncomment +unencrypted +uninstallation +unlogged +UPN +upn +UPNs +URIs +url +us-central1-a +us-central1-c +UserAccessPolicy +useraccesspolicy +userid +userland +usermod +username +usernames +userPrincipalName +usr +utils +v1 +v1beta +v1beta1 +v8 +ValidateUIParameter +ValidatingWebhookConfiguration +ValidatingWebookConfiguration +vCPU +vCPUs +vince +VMs +Webhook +webhook +webhooks +whitelist +whitelisted +whitelisting +whoami +wildcard +wistlock +wordpress +workflow +workflows +ws +x509 +X.509 +xfs +xip.io +xref +xxhash +yaml +YourGroup +yum-config-manager +yum.repos.d +yy \ No newline at end of file From 19d7bdffe82af81d04a3cd8c613cd2eb07f40bd5 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 15:43:45 -0700 Subject: [PATCH 03/18] Fix --- Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Makefile b/Makefile index 36adc872..94aaa1e3 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -services: - - docker - test: echo "hello world" docker run --rm -v $(pwd):/workdir tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc From 6c07900eee284df05d5a2365e843430f160623c9 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 15:44:52 -0700 Subject: [PATCH 04/18] Fix --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3f5c8eab..04688f10 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ services: - - docker +- docker script: - - make +- make From c1f9fd82b2c3f5792d515dffb76c2b06b97bb0d1 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 15:49:50 -0700 Subject: [PATCH 05/18] Fix --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 94aaa1e3..712e66b5 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,3 @@ test: echo "hello world" - docker run --rm -v $(pwd):/workdir tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc + docker run --rm -v $(pwd):/workdir tmaier/hunspell -u3 -d en_US -p our_dict -H ./admin_guide/access_control/*.adoc From bc8e141527571a50221614c801c7f6a507a24ccb Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 15:54:36 -0700 Subject: [PATCH 06/18] Fix --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 712e66b5..bf15ae02 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,3 @@ test: echo "hello world" - docker run --rm -v $(pwd):/workdir tmaier/hunspell -u3 -d en_US -p our_dict -H ./admin_guide/access_control/*.adoc + docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc From 474dfb0670823a830551d14851a29c1af27e6f99 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 16:23:17 -0700 Subject: [PATCH 07/18] fix --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index bf15ae02..4626adee 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,4 @@ test: - echo "hello world" - docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc + export RESULT=$(docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc) + echo $RESULT + if [ "$RESULT" != "" ] ; then exit 1 ; fi \ No newline at end of file From c3779ed51200a143b12b0107143c3d1487627e3f Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 16:30:15 -0700 Subject: [PATCH 08/18] Fix --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 4626adee..57c27090 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,6 @@ test: export RESULT=$(docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc) - echo $RESULT - if [ "$RESULT" != "" ] ; then exit 1 ; fi \ No newline at end of file + echo $(RESULT) + ifeq ($(RESULT),) + exit 1 + endif \ No newline at end of file From 611b66350bc09e13c12922b2ae7e37fa80bd950a Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 16:32:22 -0700 Subject: [PATCH 09/18] Test --- Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Makefile b/Makefile index 57c27090..6ecffceb 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ test: export RESULT=$(docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc) echo $(RESULT) - ifeq ($(RESULT),) - exit 1 - endif \ No newline at end of file From 49cc43af41fa7cac917115abdf8efaf26ad27917 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 16:39:36 -0700 Subject: [PATCH 10/18] test --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 6ecffceb..979974c6 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ test: - export RESULT=$(docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc) - echo $(RESULT) + if docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc; + then echo yes; + else echo no; + fi From 0817903c3d074ac04ae11dc8084d395f2d0881da Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 16:47:36 -0700 Subject: [PATCH 11/18] fix --- Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 979974c6..588401d2 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,6 @@ +SHELL := /bin/bash + test: - if docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc; - then echo yes; - else echo no; + if docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc; \ + echo yes; fi From ca4a1787382471c35e04c0adf5e246e670c45351 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 17:39:13 -0700 Subject: [PATCH 12/18] Clean up syntax --- Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 588401d2..23f720f6 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,5 @@ -SHELL := /bin/bash + +RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc)) test: - if docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc; \ - echo yes; - fi + @echo "$(RESULT)" From e66312469ba1a8bc438b23b7c79ce5be8a42b786 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 17:44:35 -0700 Subject: [PATCH 13/18] Add if: --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 23f720f6..4342455f 100644 --- a/Makefile +++ b/Makefile @@ -3,3 +3,6 @@ RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d e test: @echo "$(RESULT)" + @if [ "$(RESULT)" != "" ]; then\ + echo "fail";\ + fi From 4637d70260a3d78a6dcb4e8e4f94fe8f7e785d85 Mon Sep 17 00:00:00 2001 From: emanic Date: Wed, 27 May 2020 17:46:35 -0700 Subject: [PATCH 14/18] Add exit 1 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4342455f..18544db2 100644 --- a/Makefile +++ b/Makefile @@ -4,5 +4,5 @@ RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d e test: @echo "$(RESULT)" @if [ "$(RESULT)" != "" ]; then\ - echo "fail";\ + exit 1;\ fi From e3b71c89cf74b60bff3cf8b7dce1459ff402c187 Mon Sep 17 00:00:00 2001 From: emanic Date: Thu, 28 May 2020 10:24:09 -0700 Subject: [PATCH 15/18] Adds some more words to our_dict --- our_dict | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/our_dict b/our_dict index 9d7ec8bb..a97a6404 100644 --- a/our_dict +++ b/our_dict @@ -1,8 +1,10 @@ 1a +4cba 5c770dca5feaa30001e9a3d8 5cb138ec3fb74710869425df 7.4p1 10m +100M 256-bit 521-bit _ @@ -11,6 +13,7 @@ _You AAD aad AccessReport +ACI ack ACL-based ACLs @@ -32,6 +35,7 @@ adoc AF_SOCKET aG air-gapped +AKS amd64 ANDs Ansible @@ -64,20 +68,26 @@ aporeto.io aporeto.list Aporeto.repo app +AppArmor appcred AppCredential appcredentials appcreds applyPolicyMode apps +aqsa +aqtaylor +aren arn aspx associatedTags +attackTools auditd AuditProfile AuditProfileMappingPolicy auditprofilemappingpolicy AuditReport +AuditSingle AuhorizationEndpoint Auth0 auth @@ -98,18 +108,23 @@ aws aws-ebs AWS_IAM_ROLE AWSAccount +AWSSecurityHubFullAccess AWSSecurityToken awssecuritytoken backend Base64 +base64 base64-encoded baseurl bash_profile bolded boolean booleans +busybox +butterbean CA caBundle +cantordemo CAs cd629cb5-2826-4126-82fd-3f2df5f5bc7 CentOS @@ -120,8 +135,10 @@ cerberus checkbox CHILD_NAMESPACE chmod +chrony CIDRs CIS +cis ClaimMapping claims_supported ClaimsSupported @@ -129,15 +146,23 @@ ClauseMatch clientConfig clob CLOUD_ID_TAG +cloudtrail CN cn +CNAF +CNNF CNs CollectionID collectionID +config +configs conntrack +containerCompliance containerd containerPort +ContainerRuntime ContextID +copytruncate CoreOS CounterReport CRD @@ -156,14 +181,23 @@ DataPathCertificate dc DDoS debian +Demisto DependencyMap depmaps +DescribeMetricFilters +deselect dev DevHostA DevOps devs DevSecOps +didn +diff +diffs +dima +directoryTraversal disable-aporeto-ctrls +disallowedFile DN dns DNSLookupReport @@ -175,6 +209,10 @@ e.g. ec2 ec2-namespace-map ECDSA +ecr +ECS +EKS +eks Elasticsearch ELBs endif @@ -217,15 +255,23 @@ FreeBSD fsSL fsType gaia +Gauge gce-pd gcp gcp-namespace-map GCPIdentityToken gcpidentitytoken +GDPR +GenerateCredentialReport georedundancy +GetAccountPasswordPolicy +GetBucketLogging +GetEventSelectors +GetPolicyVersion GitHub GitLab gitlab +GKE global.integrations.slack.channel global.integrations.slack.webhook global.integrations.smtp.pass @@ -252,17 +298,20 @@ GroupB gRPC hardcode highwind +HIPAA HookPolicy hostname HostService HostServiceMappingPolicy href +http HTTPResourceSpec https i-0def01b1b215bbd1 i-deadbeef12345 i.e. IAM +ian iat id_token_signing_alg_values_supported Idempotency @@ -272,12 +321,15 @@ IdP IdPs IDTokenSigningAlgValuesSupported ifdef +imagename1 +imagename2 ImportReference ImportRequest IncomingTraffic InfluxDB influxdb InfluxQL +informationLeak InfrastructurePolicy init.d InstalledApp @@ -288,6 +340,7 @@ ints InvoiceRecord io iOS +IP IPInfo IPs IPsum @@ -299,8 +352,10 @@ IssuingCA1 IssuingCA2 jdong jira +journald jq JSON +json JSON-encoded JWKS JWKS_URI @@ -328,17 +383,29 @@ LDAPProvider LDAPS ldaps ldapsearch +leveloffset linux +ListClusters +ListEntitiesForPolicy +ListPolicies +ListSubscriptions +LoadBalancer localhost logon logsEnabled loopback lsb_release +lzo2 m4.2xlarge m4.xlarge m5.8xlarge macOS +malformedRequest +malware matchPolicy +MaxMessageSize +MD5 +md5 md6GgsAZz58xseExGoIEyKqhS0Xu5lsi MessagePack metadata @@ -348,8 +415,10 @@ Microservices microservices midgard Midguard +minSeverity misconfigure misconfigured +missingok mkdir MongoDB mongodb @@ -369,6 +438,7 @@ Namespaced namespacemappingpolicies NamespaceMappingPolicy namespaces +NamespaceSelector namespaceSelector Netfilter NetworkAccessPolicy @@ -376,9 +446,11 @@ networkaccesspolicy NfQueue nginx nip.io +NIST NodePort nodist NoneOnDryRun +notifempty OAuth OAuth2 OAUTHInfo @@ -391,6 +463,7 @@ OIDC-compliant OIDCProvider Okta one-time +Onebox OPA OpenBSD OpenID @@ -406,8 +479,12 @@ OperatorHub ORs otp OU +P50 PacketReport +PagerDuty param +PASS01 +PASS02 PasswordReset pd-ssd PEM @@ -433,6 +510,7 @@ prebuilt preinstall prepended preprocessing +prewritten Prisma prisma priv @@ -451,12 +529,14 @@ ps pseudoterminal pu publicApplicationPort +python3 Quickstart quickstart QuotaCheck QuotaPolicy RBAC rbac +readme rebalance reCAPTCHA RecipeOptions @@ -474,26 +554,34 @@ ReplicaSet repo repo_gpgcheck reprovision +RequestBin requestee resize resourcetype ResponseTypesSupported +RESTful Rexray RFC-7518 +RHEL rolename rolesessionname RootCA routable +rsyslog runtime runtimes rw +s3 SaaS +SamAccountName sAMAccountName samAccountName SAML saml SAML2 SAMLProvider +scanTime +SCC ScopesSupported screenshot searchable @@ -503,14 +591,19 @@ serverless ServiceDependency ServiceToken set_value +sha256 sharded sharding +shellshock shortlived sideEffects +SIEM SKU sources.list.d specificities SPIFFE +SQL +src SSHAuthorizationPolicy sshauthorizationpolicy SSHD @@ -518,11 +611,13 @@ sshd SSHIdentity sSL SSO +Stackdriver stateful StatefulSet StatsInfo StatsQuery statsquery +stdout step1 step2 step3 @@ -550,21 +645,28 @@ svc synack sys sysadmin +syscalls +Syslog +syslog syslogs systemctl systemd +tag7 TagValue tcp templated templating tenantid +ThinkPad timeoutSeconds TimeSeriesQueryResults TimeSeriesRow Timestamp +timestamp TLS TLSType tlsverify +TODO TokenEndpointAuthMethodsSupported tokenGroups TokenScopePolicy @@ -577,6 +679,7 @@ Twistcli twistcli Twistlock twistlock +txt Ubuntu ubuntu udp @@ -596,6 +699,8 @@ URIs url us-central1-a us-central1-c +USER01 +USER02 UserAccessPolicy useraccesspolicy userid @@ -605,17 +710,21 @@ username usernames userPrincipalName usr +UTC utils v1 v1beta v1beta1 +v2 v8 ValidateUIParameter ValidatingWebhookConfiguration ValidatingWebookConfiguration vCPU vCPUs +ve vince +VisualEditor0 VMs Webhook webhook @@ -635,6 +744,7 @@ X.509 xfs xip.io xref +XSOAR xxhash yaml YourGroup From 6cefe872197dd1a4339219d71a26c098c433b129 Mon Sep 17 00:00:00 2001 From: emanic Date: Thu, 28 May 2020 18:07:42 -0700 Subject: [PATCH 16/18] Some more words --- .gitignore | 2 + our_dict | 204 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 206 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d5031ac1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.DS_Store +admin_guide/.DS_Store diff --git a/our_dict b/our_dict index a97a6404..7a0e1223 100644 --- a/our_dict +++ b/our_dict @@ -4,6 +4,7 @@ 5cb138ec3fb74710869425df 7.4p1 10m +15s 100M 256-bit 521-bit @@ -19,6 +20,7 @@ ACL-based ACLs acme-dev ACS +activeDefenders add-scc-to-user addressers ADFS @@ -36,9 +38,12 @@ AF_SOCKET aG air-gapped AKS +aks +AllAPIActionsOnBooks amd64 ANDs Ansible +antivirus api api-group api-resources @@ -51,6 +56,8 @@ apiGroups APIProxy apiproxy APIs +apiserver +apiServerArguments APIVersion apiVersion apiVersions @@ -73,12 +80,15 @@ appcred AppCredential appcredentials appcreds +appID applyPolicyMode apps aqsa aqtaylor aren arn +ARNs +ASLR aspx associatedTags attackTools @@ -86,8 +96,11 @@ auditd AuditProfile AuditProfileMappingPolicy auditprofilemappingpolicy +auditregistration AuditReport AuditSingle +AuditSink +auditsink AuhorizationEndpoint Auth0 auth @@ -112,11 +125,14 @@ AWSSecurityHubFullAccess AWSSecurityToken awssecuritytoken backend +backends Base64 base64 base64-encoded baseurl bash_profile +BatchGetItem +Bitcoin bolded boolean booleans @@ -129,9 +145,13 @@ CAs cd629cb5-2826-4126-82fd-3f2df5f5bc7 CentOS centos +central1 central-usa centralus cerberus +cfg +CFS +ChangePassword checkbox CHILD_NAMESPACE chmod @@ -143,10 +163,15 @@ ClaimMapping claims_supported ClaimsSupported ClauseMatch +cli clientConfig clob CLOUD_ID_TAG +CloudTrail cloudtrail +CloudWatch +cloudwatch +cmd CN cn CNAF @@ -157,6 +182,8 @@ collectionID config configs conntrack +consoleaddr +ContainerCompliance containerCompliance containerd containerPort @@ -165,26 +192,45 @@ ContextID copytruncate CoreOS CounterReport +cpe +cray CRD crd CRDs CRI-O cron +crypto CSPM +CSV +cto CVE +cve +cvss CWPP DaemonSet daemonset darwin datapath DataPathCertificate +datastream +Datastreams dc DDoS debian +DeleteTable Demisto +demisto +DEP DependencyMap depmaps +DescribeAlarms +DescribeCluster +DescribeClusters +DescribeConfigurationRecorders +DescribeConfigurationRecorderStatus DescribeMetricFilters +DescribeRepositories +DescribeTrails deselect dev DevHostA @@ -195,27 +241,42 @@ didn diff diffs dima +dimastopel directoryTraversal disable-aporeto-ctrls disallowedFile +DistroIndependent DN +dnf dns DNSLookupReport Docker docker-ce +Dockerfile doesn dpkg +ds +DSS +dst +dvwa +DynamicAuditing +DynamoDB +dynamoDB +dynamodb e.g. ec2 ec2-namespace-map ECDSA ecr ECS +ecs +ef EKS eks Elasticsearch ELBs endif +EndpointID ENFORCER_ID_TAG enforcerconfig enforcerd @@ -237,41 +298,67 @@ EnforcerProfileMappingPolicy EnforcerReport EnforcerTraceReport enum +ENV +env +eq eval EventLog +exe +exfiltration ExternalNetwork externalnetwork failover failurePolicy +fi Fibre FileAccessPolicy FileAccessReport FilePath +filesystem finalizers FlowReport FQDN +fqdn FQDNs +frag FreeBSD fsSL fsType +Fxq gaia Gauge +Gauges gce-pd +gcloud gcp gcp-namespace-map GCPIdentityToken gcpidentitytoken +gcr +gcss +GDM GDPR GenerateCredentialReport georedundancy GetAccountPasswordPolicy +GetAccountSummary +GetBucketAcl +GetBucketLocation GetBucketLogging +GetBucketPolicy +GetCredentialReport GetEventSelectors +GetItem +GetKeyRotationStatus +GetObject GetPolicyVersion +GetTrailStatus GitHub GitLab gitlab GKE +gke +glibc global.integrations.slack.channel global.integrations.slack.webhook global.integrations.smtp.pass @@ -281,6 +368,7 @@ global.integrations.smtp.systemEmail global.integrations.smtp.user Gogole Golang +google gp2 gpgcheck gpgkey @@ -296,23 +384,30 @@ group3 GroupA GroupB gRPC +gz hardcode +hfs highwind +hijackedProcess HIPAA HookPolicy +host1 hostname HostService HostServiceMappingPolicy href http +httpd HTTPResourceSpec https i-0def01b1b215bbd1 i-deadbeef12345 i.e. IAM +iam ian iat +ibm id_token_signing_alg_values_supported Idempotency idempotency @@ -321,8 +416,11 @@ IdP IdPs IDTokenSigningAlgValuesSupported ifdef +ifndef imagename1 imagename2 +imjournalRatelimitBurst +imjournalRatelimitInterval ImportReference ImportRequest IncomingTraffic @@ -330,6 +428,7 @@ InfluxDB influxdb InfluxQL informationLeak +infoslack InfrastructurePolicy init.d InstalledApp @@ -341,19 +440,27 @@ InvoiceRecord io iOS IP +ip +IPADDR IPInfo IPs IPsum iptables iSCSI +isn IsolationProfile iss IssuingCA1 IssuingCA2 +Istio +istio +itay jdong jira journald +jpath jq +js JSON json JSON-encoded @@ -366,13 +473,21 @@ JWTs k8s k8s.aporeto.io Katacoda +key1 +key2 KeyString +Kibana +kms +koko kube kube-apiserver +kubeadm +kubeapiserver kubeconfig kubectl kubelet Kubernetes +kubernetes kubernetes-api kubernetes-api-example kubernetes.io @@ -383,12 +498,23 @@ LDAPProvider LDAPS ldaps ldapsearch +ldd leveloffset +libc linux +ListAliases +ListAllMyBuckets +ListAttachedUserPolicies ListClusters +ListContainerInstances ListEntitiesForPolicy +ListFunctions +ListKeys ListPolicies ListSubscriptions +ListSubscriptionsByTopic +ListUserPolicies +ListUsers LoadBalancer localhost logon @@ -418,17 +544,22 @@ Midguard minSeverity misconfigure misconfigured +misconfiguring missingok mkdir +Mongo MongoDB mongodb mountOptions +MpCmdRun msg multicast multipart +myChecklist mycompany myinstance myproject +MYSQL n1-standard-4 n1-standard-8 n1-standard-32 @@ -451,41 +582,54 @@ NodePort nodist NoneOnDryRun notifempty +ntp OAuth OAuth2 OAUTHInfo OAUTHKey oc +oci OIDC oidc OIDC-based OIDC-compliant OIDCProvider Okta +onboarded one-time Onebox +online OPA OpenBSD OpenID OpenLDAP +OpenSCAP +openscap OpenShift +openshift OpenSSH openssl OpenStack OpenSuSE operationalize operationalizes +operationalizing OperatorHub ORs +oscap otp OU P50 PacketReport PagerDuty +pagerduty param +params PASS01 PASS02 +PASSWD PasswordReset +PCI pd-ssd PEM pem @@ -501,6 +645,7 @@ PolicyGraph PolicyRefresh PolicyRenderer PolicyRule +Postgres postprocessing PowerShell pre-created @@ -520,22 +665,29 @@ ProcessingUnitPolicy ProcessingUnitRefresh processingunits ProcessingUnitService +ProgramFiles programmatically projectid projectnumber Prometheus +prometheus proxied ps pseudoterminal pu publicApplicationPort python3 +qps Quickstart quickstart QuotaCheck QuotaPolicy +RabbitMQ +RateLimitBurst +RateLimitInterval RBAC rbac +RbacConfig readme rebalance reCAPTCHA @@ -548,16 +700,19 @@ Regex Rego releasever RemoteProcessor +removedefinitions RenderedPolicy RenderTemplate ReplicaSet repo repo_gpgcheck +repos reprovision RequestBin requestee resize resourcetype +ResponseComplete ResponseTypesSupported RESTful Rexray @@ -580,16 +735,26 @@ SAML saml SAML2 SAMLProvider +sandboxed +SandboxKey scanTime +SCAP +scap SCC +scc ScopesSupported screenshot +sds searchable +secretv1 +secteam securityContext SerialNumber serverless +ServiceAccount ServiceDependency ServiceToken +serviceViolation set_value sha256 sharded @@ -598,11 +763,18 @@ shellshock shortlived sideEffects SIEM +signup SKU +SMTPS +sns sources.list.d +spamminess specificities SPIFFE +spyware SQL +SQLi +sqli src SSHAuthorizationPolicy sshauthorizationpolicy @@ -612,6 +784,8 @@ SSHIdentity sSL SSO Stackdriver +StartInstances +startswith stateful StatefulSet StatsInfo @@ -630,10 +804,12 @@ step10 step11 step12 step13 +StopLogging storage.k8s.io StorageClass storageclass.kubernetes.io sts +su subcommand SubjectTypesSupported subnet @@ -651,12 +827,14 @@ syslog syslogs systemctl systemd +tag5 tag7 TagValue tcp templated templating tenantid +testsyscalls5 ThinkPad timeoutSeconds TimeSeriesQueryResults @@ -664,12 +842,14 @@ TimeSeriesRow Timestamp timestamp TLS +tls TLSType tlsverify TODO TokenEndpointAuthMethodsSupported tokenGroups TokenScopePolicy +totalDefenders TraceMode TraceRecord TrustedCA @@ -688,15 +868,19 @@ uid UIParameter UIParameterVisibility UIStep +unaryOp uncomment unencrypted uninstallation unlogged +unsupportedConfigOverrides +UpdateTrail UPN upn UPNs URIs url +urllib3 us-central1-a us-central1-c USER01 @@ -711,8 +895,10 @@ usernames userPrincipalName usr UTC +util utils v1 +v1alpha1 v1beta v1beta1 v2 @@ -724,18 +910,29 @@ vCPU vCPUs ve vince +violationsExceeded VisualEditor0 +VisualEditor1 +VM +vm VMs +vuln +weaveworksdemos Webhook webhook webhooks +websocket +weren whitelist whitelisted whitelisting whoami wildcard +Wildcards +wildcards wistlock wordpress +WORKDIR workflow workflows ws @@ -743,10 +940,17 @@ x509 X.509 xfs xip.io +xml xref XSOAR +xsoar +xss +xvf xxhash yaml +yml +yona +yonath YourGroup yum-config-manager yum.repos.d From 98b50e79212fea217ee917499cf77edf63e2db52 Mon Sep 17 00:00:00 2001 From: emanic Date: Fri, 29 May 2020 14:30:31 -0700 Subject: [PATCH 17/18] Minor fix --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 18544db2..6119024c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ -RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict -H admin_guide/access_control/*.adoc)) +RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict admin_guide/access_control/*.adoc)) test: @echo "$(RESULT)" From 0923a76da0a4d0d69d9df44449fce4b8de3cd96b Mon Sep 17 00:00:00 2001 From: emanic Date: Fri, 29 May 2020 15:05:00 -0700 Subject: [PATCH 18/18] Minor --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6119024c..02ba6ce3 100644 --- a/Makefile +++ b/Makefile @@ -5,4 +5,4 @@ test: @echo "$(RESULT)" @if [ "$(RESULT)" != "" ]; then\ exit 1;\ - fi + fi