Mikulas Dite Mikulas
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: frp | |
| --- | |
| apiVersion: v1 | |
| kind: LimitRange | |
| metadata: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SRC := $(shell find $(CURDIR)/src -name '*.php') | |
| composer.lock: $(SRC) | |
| composer dump-autoload --classmap-authoritative --optimize | |
| test: composer.lock | |
| vendor/bin/tester tests/ | |
| .PHONY: test |
Mikulas
/ aws-vpc-flow-log-single-offender-source.sql
Last active
July 28, 2017 08:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT srcaddr, srcport, sum(bytes) | |
| FROM vpc | |
| WHERE crosszone=1 | |
| AND external=0 | |
| AND dstaddr='172.31.29.150' | |
| GROUP BY srcaddr, srcport | |
| ORDER BY 3 desc; |
Mikulas
/ aws-vpc-flow-log-internal-costly-traffic.sql
Last active
July 28, 2017 08:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT dstaddr, sum(bytes) | |
| FROM vpc | |
| WHERE crosszone=1 | |
| AND external=0 | |
| GROUP BY dstaddr | |
| ORDER BY 2 desc; |
Mikulas
/ aws-vpc-flow-log-external-outliers.sql
Created
July 28, 2017 07:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT dstaddr, sum(bytes) | |
| FROM vpc | |
| WHERE srcaddr << '172.31.0.0/16' | |
| AND external=1 | |
| GROUP BY dstaddr | |
| ORDER BY 2 desc; |
Mikulas
/ aws-vpc-flow-log-what-goes-out.sql
Last active
July 28, 2017 07:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT srcport, sum(bytes) | |
| FROM vpc | |
| WHERE srcaddr << '172.31.0.0/16' -- packets sent from our VPC CIDR | |
| AND external=1 -- going outside the VPC | |
| GROUP BY srcport -- aggregated by your application ports | |
| ORDER BY 2 desc; |
Mikulas
/ migrate-db-retry-lock.sh
Last active
July 28, 2017 06:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -uo pipefail | |
| IFS=$'\n\t' | |
| DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |
| cd "$(dirname "$DIR")" | |
| for RETRY in $(seq 1 120); do | |
| OUT="$(php bin/console migrations:continue --production)" | |
| STATUS="$?" |
Mikulas
/ vpc-flow-logs-crosszone-entries.sql
Last active
July 27, 2017 09:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UPDATE "vpc" SET "crosszone" = CASE | |
| -- Get those values from a list of AWS VPC Subnets: | |
| WHEN dstaddr::inet << '172.31.16.0/20' AND srcaddr::inet << '172.31.16.0/20' | |
| THEN 0 | |
| WHEN dstaddr::inet << '172.31.0.0/20' AND srcaddr::inet << '172.31.0.0/20' | |
| THEN 0 | |
| ELSE 1 | |
| END, "external" = CASE | |
| -- This is a combined CIDR of all the subnets. If you can't simplify | |
| -- into a single condition, add more cases. |
Mikulas
/ import-vpc-flow-log.sql
Created
July 27, 2017 08:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| COPY vpc FROM '/SOME/PATH/000000' | |
| WITH ( | |
| FORMAT CSV, | |
| DELIMITER ' ', | |
| NULL '-' -- some Flog Log entries will have unset fields with '-', this normalizes the value to NULL | |
| ); |
Mikulas
/ aws-vpc-flow-log.sql
Last active
July 27, 2017 09:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE TABLE "public"."vpc" ( | |
| "time" timestamp NOT NULL, | |
| "version" integer NOT NULL, | |
| "account" text NOT NULL, | |
| "interface" text NOT NULL, | |
| "srcaddr" inet, | |
| "dstaddr" inet, | |
| "srcport" integer, | |
| "dstport" integer, | |
| "protocol" int, |