Skip to content

Instantly share code, notes, and snippets.

View 6d61726b760a's full-sized avatar

Mark Vandenbos 6d61726b760a

5 followers · 3 following
View GitHub Profile
@6d61726b760a
6d61726b760a / sync_lp_op.sh
Last active January 23, 2023 02:17
sync specific lastpass credentials with onepass
#!/bin/bash
#
# sync specific lastpass credentials with onepass
#
# my employer uses lastpass, but i use 1password. i dont
# want to replicate all my work passwords into 1password
# but i do want to replicate a few "critical" passwords
# (eg webmail) so i can check my emails from home. this
# script is a quick hack to do this.
@6d61726b760a
6d61726b760a / splunkcloud_hec_stanza.spl
Created December 5, 2022 03:25
splunkcloud: generate hec input stanza from splunkclound config
| rest splunk_server=local /services/data/inputs/http
```
some fields may not be populated so
we try to come up with sane defaults
```
| eval allowQueryStringAuth = if(isnull(allowQueryStringAuth), "false", allowQueryStringAuth)
| eval useACK = if(isnull(useACK), "false", useACK)
| eval indexes = if(isnull(indexes), index, mvjoin(indexes, " "))
| fillnull value="" sourcetype
| rex field=title ".*\/\/(?<x_description>[^\$]+)"
@6d61726b760a
6d61726b760a / README.md
Created September 6, 2022 06:06
lastpass cli + fzf = <3

lp2agent

add an ssh key from lastpass to ssh-agent

pull an ssh key from lastpass and add it to ssh agent for 30 seconds so you can ssh

usage

lp2agent

@6d61726b760a
6d61726b760a / splunk_dbx.http
Created April 16, 2021 06:54
VS Code Rest Client Examples for Splunk DBConnect
# this file was written to be used with the VS Code HTTP rest client.
# (https://marketplace.visualstudio.com/items?itemName=humao.rest-client)
# There should be more than enough detail to create some more advanced
# scripting/automation
# NOTE: if there is a problem with a connection (eg incorrect username/password,
# or a db permissions issue) when you are trying to add an input, splunk
# responds with "unable to process json" which is a little misleading
@6d61726b760a
6d61726b760a / psql_long_queries.sh
Created February 2, 2021 12:41
bash script to find and terminate long running postgres queries, logging results to splunk
#!/bin/bash
set -x
now=$( date '+%Y/%m/%d %H:%M:%S' )
TMPFILE1=$(mktemp /tmp/XXXXXXXXXX.json)
script_exit () {
rm -rf ${TMPFILE1}
exit 0
}
@6d61726b760a
6d61726b760a / cloud-init_prefix_hostname.sh
Last active January 31, 2022 00:46
cloud-init hostnames
#!/bin/bash
# /var/lib/cloud/scripts/per-boot/00-hostname.sh
# https://cloudinit.readthedocs.io/en/latest/topics/modules.html#scripts-per-boot
#
# create/set server hostname using a static prefix with a cloud instance id appended.
#
# sed -i '' \
@6d61726b760a
6d61726b760a / splunk.sh
Created September 8, 2020 02:00
# /etc/profile.d/splunk.sh
if [ -d /opt/splunk ]; then
export SPLUNK_HOME="/opt/splunk"
export PATH=${PATH}:${SPLUNK_HOME}/bin
elif [ -d /opt/splunkforwarder ]; then
export SPLUNK_HOME="/opt/splunkforwarder"
export PATH=${PATH}:${SPLUNK_HOME}/bin
fi
@6d61726b760a
6d61726b760a / splunk_UF_deploy.sh
Created July 14, 2020 11:46
splunk universal forwarder deployment script
#!/bin/bash
# Description: Install, start, and enable splunk forwarder , or just install.
# Usage:
# splunkUFDeploy.sh [nostart]
#
# NOSTART intended for base images, where we install Splunk but may not use it.
# NOSTART = 1 is true, default is false (0)
NOSTART=0
if [ $# -eq 1 ] && [ $1 == 'nostart' ] ; then
@6d61726b760a
6d61726b760a / splunk_deployment_server_client_cleanup.py
Created July 14, 2020 08:27
import requests
import os
from lxml import etree
# remove old clients from deployment server
deployment_server = os.getenv('SPLUNK_DS')
splunk_username = os.getenv('SPLUNK_DS_USER')
splunk_password = os.getenv('SPLUNK_DS_PASS')
ds_auth=(splunk_username, splunk_password)
@6d61726b760a
6d61726b760a / README.md
Last active June 12, 2020 06:41
download and parse/query logs from cloudtrail

get_trails.py

download cloudtrail logs from an s3 bucket

usage: get_trails.py [-h] --profile PROFILE --bucket BUCKET --prefix PREFIX --account ACCOUNT --region REGION [--from FROM_S] [--to TO_S] [--target_dir TARGET_DIR]

download cloudtrail logs from s3

optional arguments: