adampielak

#!/bin/bash
# Suricata Operational Maintenance and Incident Response Scripts
# Purpose: Performance monitoring, rule tuning, maintenance, and incident response workflows

# ============================================================================
# Rule Tuning
# ============================================================================

# Disable noisy rules
echo "1234567" | sudo tee -a /etc/suricata/disable.conf

adampielak

{
  "query": {
    "bool": {
      "must": [
        {"match": {"event_type": "alert"}},
        {"range": {"@timestamp": {"gte": "now-1h"}}}
      ]
    }
  },
  "aggs": {

adampielak

#!/usr/bin/env python3
"""
IoT Network Monitor
Real-time packet monitoring and anomaly detection for IoT devices using scapy
"""

from scapy.all import *
import json
from datetime import datetime

adampielak

#!/usr/bin/env python3
"""
IoT Vulnerability Testing Toolkit
Combines default credential testing, MQTT discovery, and command injection tests
for OWASP IoTGoat security assessment
"""

import telnetlib
import time
import paho.mqtt.client as mqtt

adampielak

#!/bin/bash
# KubeFence Helm Installation Script
# Deploys KubeFence as DaemonSet on K3s control plane nodes
# Tested on K3s 1.28.6, Ubuntu 24.04

set -euo pipefail

NAMESPACE="kubefence-system"
RELEASE_NAME="kubefence"
CHART_VERSION="0.1.0"

adampielak

#!/usr/bin/env python3
"""
KubeFence Policy Generator
Analyzes K3s audit logs and generates fine-grained API policies

Usage:
    python3 kubefence-policy-generator.py --namespace default --output policies/
"""

import argparse

adampielak

#!/bin/bash
# PromSketch benchmark script - compare query performance

PROMETHEUS_URL="http://localhost:9090"
PROMSKETCH_URL="http://localhost:8080"
QUERY='histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))'

echo "=== PromSketch Benchmark ==="
echo "Query: ${QUERY}"
echo ""

adampielak

#!/usr/bin/env python3
"""
NVD Vulnerability Scanner for Homelab
Scans installed packages against National Vulnerability Database
"""

import requests
import json
import subprocess
from packaging import version

adampielak

{
  "dashboard": {
    "title": "Vulnerability Scanner - Homelab",
    "panels": [
      {
        "title": "Total Vulnerabilities by Severity",
        "type": "graph",
        "targets": [
          {
            "expr": "vulns_total{severity=\"critical\"}",

adampielak

# Docker AppArmor Security Profiles
# Custom restrictive profiles for common containers

# ========================================
# Nginx Container Profile (Highly Restrictive)
# ========================================
# /etc/apparmor.d/docker-nginx-restricted

#include <tunables/global>