This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #top10 protocol name | |
| GET _search | |
| { | |
| "size" : 0, | |
| "query": { | |
| "bool": { | |
| "should": [ | |
| { | |
| "term":{"IPV4_SRC_ADDR":"203.68.62.36"} | |
| }, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <errno.h> | |
| #include <sys/types.h> | |
| #include <fcntl.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| int removeDuplicates(int* nums, int numsSize) { | |
| } | |
| int main() | |
| { | |
| int i=0,j=0,k=0,count=0; | |
| int arr[]={1,2,2,3,3,4,5,5}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\Windows\system32>cd /d E:\ELK\elasticsearch-curator-5.2.0-amd64\curator-5.2.0-amd64\ | |
| E:\ELK\elasticsearch-curator-5.2.0-amd64\curator-5.2.0-amd64>curator --config curator.yml delete_indeces.yml | |
| 2018-02-05 12:00:03,160 INFO Preparing Action ID: 1, "delete_indices" | |
| 2018-02-05 12:00:03,254 INFO Trying Action ID: 1, "delete_indices": Delete indices older than 1 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. | |
| 2018-02-05 12:00:03,317 INFO Skipping action "delete_indices" due to empty list: <class 'curator.exceptions.NoIndices'> | |
| 2018-02-05 12:00:03,317 INFO Action ID: 1, "delete_indices" completed. | |
| 2018-02-05 12:00:03,317 INFO Job completed. |
Howard-Chang
/ basic authenticate
Last active
July 12, 2018 08:21
nginx-ldap-auth&nginx-auth-ldap& basic authenticate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| basic authenticate (lab:苗網ES4) | |
| nginx.conf: | |
| user nginx; | |
| worker_processes 4; | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sh users useradd my_admin -p my_password -r superuser | |
| curl -u my_admin -XPUT 'http://163.19.163.239:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d' | |
| { | |
| "password" : "9ol./;p0" | |
| }' | |
| Enter host password for user 'my_admin': |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| netstat -tulpn //查看有哪些port被哪些程序所佔用 | |
| firewall-cmd --zone=public --list-all //查看哪些port是public的 | |
| firewall-cmd --zone=public --add-port=5510/tcp //把tcp 5510加到public | |
| firewall-cmd --zone=public --remove-port=5510/tcp //把tcp 5510從public中移除 | |
| LS server: | |
| firewall-cmd --zone=public --add-port=5556/udp //把udp 5556加到public | |
| ES server: | |
| firewall-cmd --zone=public --add-port=9300/tcp //把tcp 9300加到public |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.把type是anomaly的syslog抓出來,包含其IPV4_SRC_ADDR、IPV4_DST_ADDR、time. | |
| GET _search | |
| { | |
| "_source": { | |
| "includes": [ "IPV4_SRC_ADDR","IPV4_DST_ADDR","msg","time","attack"] | |
| }, | |
| "query":{ | |
| "bool": { | |
| "must":[ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 建立一個sh檔案,加入以下指令: | |
| sh /home/es3/Downloads/elasticsearch-5.6.6/bin/elasticsearch & | |
| sh /home/es3/Downloads/kibana-5.6.6-linux-x86_64/bin/kibana | |
| cd /home/logstash/Downloads/logstash-5.6.6/bin | |
| sh logstash -f /home/logstash/Downloads/logstash-5.6.6/bin/flow.conf | |
| logstash server: | |
| #!/bin/bash | |
| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /d D:\nProbe | |
| start nprobe /c --zmq "tcp://*:2055" -i none -n none --collector-port 5556 | |
| cd /d D:\ntopng | |
| start ntopng /c -i tcp://127.0.0.1:2055 -F "logstash;120.127.160.91;tcp;5510" --local-networks "120.127.0.0/16" | |
| cd /d D:\elasticsearch-5.6.5\bin | |
| echo "starting elasticsearch" | |
| start elasticsearch | |
| cd /d D:\kibana-5.6.5-windows-x86\bin |
NewerOlder