andrewkroh

# Install openscap tool.
sudo yum install openscap-utils

# Generate report based on RedHat's scap-security-guide project (SSG).
# Requires EPEL.
sudo yum install scap-security-guide
oscap xccdf eval --profile stig-rhel6-server-upstream \
  --results /tmp/`hostname`-ssg-results.xml \
  --report /tmp/`hostname`-ssg-results.html \
  --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \

andrewkroh

# Print attributes inside of DSA/RSA file:
openssl cms -in ORG.RSA -inform DER -noout -cmsout -print

# Verify the signature:
openssl smime -verify -inform DER -in ORG.RSA -content ORG.SF -noverify

# Print signing chain:
openssl pkcs7 -text -in ORG.RSA -inform DER -print_certs -noout

andrewkroh

#!/bin/bash -e

function setup_profile() {
  profile=$1
  cat << 'EOF' >> $profile
export GOROOT=/go1.5.1-solaris
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
[ ! -d "$GOPATH" ] && mkdir $GOPATH
EOF

andrewkroh

# Installs golang on Windows.
#
# # Run script:
# .\install-go.ps1 -version 1.5.3 
#
# # Download and run script:
# $env:GOVERSION = '1.5.3'
# iex ((new-object net.webclient).DownloadString('SCRIPT_URL_HERE'))
Param(
    [String]$version,

andrewkroh

Using TLS between Beats and Logstash

The purpose of this document is to help with configuring and troubleshooting using TLS on the connection between Beats and Logstash.

Configuration

You must configure TLS on both the client and server to make this work. This

andrewkroh

// Deduplicate returns a new slice with duplicates values removed.
func Deduplicate(s []string) []string {
	if len(s) == 0 {
		return s
	}

	result := []string{}
	seen := make(map[string]struct{})
	for _, val := range s {
		if _, ok := seen[val]; !ok {

andrewkroh

# -*- mode: ruby -*-
# vi: set ft=ruby :

# Version of go to download from ports. http://ports.su/lang/go,-main
go_version = '1.5.3'

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

# Source: https://atlas.hashicorp.com/kaorimatz/boxes/openbsd-5.9-amd64/versions/20160402.0.0

andrewkroh

[
  {
    "_id": "Winlogbeat-Account-Usage",
    "_type": "dashboard",
    "_source": {
      "title": "Windows - Account Usage",
      "hits": 0,
      "description": "",
      "panelsJSON": "[\n  {\n    \"col\": 7,\n    \"id\": \"Failed-Logon-Attempts-Area-Chart\",\n    \"panelIndex\": 2,\n    \"row\": 1,\n    \"size_x\": 6,\n    \"size_y\": 4,\n    \"type\": \"visualization\"\n  },\n  {\n    \"col\": 3,\n    \"id\": \"Remote-Desktop-Connections\",\n    \"panelIndex\": 3,\n    \"row\": 5,\n    \"size_x\": 10,\n    \"size_y\": 4,\n    \"type\": \"visualization\"\n  },\n  {\n    \"col\": 1,\n    \"id\": \"Logon-Map\",\n    \"panelIndex\": 5,\n    \"row\": 5,\n    \"size_x\": 2,\n    \"size_y\": 4,\n    \"type\": \"visualization\"\n  },\n  {\n    \"col\": 1,\n    \"id\": \"Total-Successful-Logons-1\",\n    \"panelIndex\": 6,\n    \"row\": 1,\n    \"size_x\": 6,\n    \"size_y\": 4,\n    \"type\": \"visualization\"\n  }\n]",
      "optionsJSON": "{\n  \"darkTheme\": false\n}",

andrewkroh

# Run `eval $(docker-machine env default)` to set the environment variables used below.

metricbeat.modules:
- module: docker
  metricsets: ["cpu", "info", "memory", "network", "diskio", "container"]
  hosts: ["${DOCKER_HOST}"]
  ssl:
    certificate_authority: "${DOCKER_CERT_PATH}/ca.pem"
    certificate: "${DOCKER_CERT_PATH}/cert.pem"
    key: "${DOCKER_CERT_PATH}/key.pem"

andrewkroh

Id          : 4608
Version     : 0
LogLink     : System.Diagnostics.Eventing.Reader.EventLogLink
Level       : System.Diagnostics.Eventing.Reader.EventLevel
Opcode      : System.Diagnostics.Eventing.Reader.EventOpcode
Task        : System.Diagnostics.Eventing.Reader.EventTask
Keywords    : {}
Template    :