Justin JustinAzoff
JustinAzoff
/ snort_drop_rate
Created
August 15, 2013 15:42
version of the snort drop rate munin plugin that can graph multiple snort instances
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # -*- sh -*- | |
| : << =cut | |
| =head1 NAME | |
| snort_droprate - Plugin to monitor Snort packet drop rate | |
| =head1 CONFIGURATION |
JustinAzoff
/ is_file_growing.py
Last active
December 25, 2015 05:39
checks to see if a file is growing and exits accordingly. Useful with a cron job
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # */5 * * * * root sleep 60 ; is_file_changing /usr/local/bro/logs/current/conn.log || broctl restart | |
| import os | |
| import sys | |
| import time | |
| SIZE_TIMEOUT = 10 | |
| def get_size(f): | |
| for x in range(SIZE_TIMEOUT): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IP=$1 | |
| for x in `seq 1200 20 1700`; | |
| do echo -n "$x " | |
| ping -W 1 -M do -s $(($x-28)) $IP -c 1 > /dev/null && echo WORKED || echo failed | |
| done |
JustinAzoff
/ cpus.py
Created
April 21, 2014 14:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def parse_cpu_info(): | |
| cpu = {} | |
| for line in open("/proc/cpuinfo"): | |
| if ':' in line: | |
| k, v = line.split(":", 1) | |
| k = k.strip() | |
| v = v.strip() | |
| cpu[k] = v | |
| if not line.strip(): |
JustinAzoff
/ tm_query_notices.bro
Last active
August 29, 2015 14:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module Notice; | |
| export { | |
| redef enum Action += { | |
| ACTION_TM_QUERY, | |
| }; | |
| const tm_query_types: set[Type] = {} &redef; | |
| } |
JustinAzoff
/ conn-peer.bro
Created
August 1, 2014 15:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Add the peer to the connection logs. | |
| module Conn; | |
| export { | |
| redef record Conn::Info += { | |
| peer: string &optional &log; | |
| }; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/sysconfig/modules/pfring.modules | |
| if [ ! -e /proc/net/pfring ] ; then | |
| exec /sbin/modprobe pf_ring enable_tx_capture=0 min_num_slots=32768 >/dev/null 2>&1 | |
| fi |
JustinAzoff
/ is_file_growing.py
Last active
August 29, 2015 14:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import time | |
| SIZE_TIMEOUT = 10 | |
| def get_size(f): | |
| for x in range(SIZE_TIMEOUT): | |
| try: |
JustinAzoff
/ gen_certs.py
Last active
December 4, 2024 18:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| ZEEK_CERT_TEMPLATE = """#auto generated | |
| redef SSL::root_certs += { | |
| ["%(subject)s"] = "%(cert)s" | |
| }; | |
| """ |
JustinAzoff
/ InterfaceSetup.py
Last active
January 15, 2016 20:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # A plugin to setup capture interfaces | |
| # The plugin is off by default. To enable it, add "interfacesetup.enabled=1" to broctl.cfg. | |
| # | |
| import BroControl.plugin | |
| class InterfaceSetupPlugin(BroControl.plugin.Plugin): | |
| def __init__(self): | |
| super(InterfaceSetupPlugin, self).__init__(apiversion=1) |