Skip to content

Instantly share code, notes, and snippets.

View chilledornaments's full-sized avatar

Mitchell chilledornaments

9 followers · 10 following
  • Colorado
View GitHub Profile
@chilledornaments
chilledornaments / keybase.md
Created February 27, 2018 20:13

Keybase proof

I hereby claim:

  • I am mitchya1 on github.
  • I am mitchya1 (https://keybase.io/mitchya1) on keybase.
  • I have a public key whose fingerprint is 8266 53C6 86AD 723B 9B3C 4240 2C51 8DCB EA0F 759E

To claim this, I am signing this object:

@chilledornaments
chilledornaments / check-certs.sh
Last active January 20, 2020 08:48 — forked from cgmartin/check-certs.sh
Bash SSL Certificate Expiration Check
#!/bin/bash
TARGETS=(
'example.com'
'example.net'
'example.org'
)
SLACK_URL='Your incoming webhook'. # 'https://hooks.slack.com/services/SOMETHING/SOMETHING ELSE'
emoji=":terminator:"
uname="CERT CHECKER"
channel="#alerts"
@chilledornaments
chilledornaments / WatchGuardGraylogExtractors.txt
Last active February 20, 2019 18:08
Graylog Regex Extractors for WatchGuard Logs
protocol:
(tcp|udp)
srcIP:
(?:tcp|udp)\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})
dstIP:
(?:\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}))
insideInterface:
@chilledornaments
chilledornaments / info.txt
Created November 28, 2018 14:52
WatchGuard SNMP with Zabbix
Monitoring a WatchGuard with Zabbix via SNMP isn't as well documented as you'd hope, but it's also not difficult.
Step 1) Install this template into Zabbix: https://share.zabbix.com/network_devices/watchguard/firebox-watchguard-m400
Step 2) In your WatchGuard, go to System > SNMP. Select SNMP v1/v2c. Create a community string.
Step 3) In your WatchGuard, go to Firewall > Firewall Policies. Create a new policy allowing SNMP from your Zabbix server.
Step 4) Create the host in Zabbix. Remove the Zabbix agent entry. Add an SNMP entry. Leave port 161. Assign the WatchGuard to a group.
Add the "Halley Firewall Watchguard M400" template (unless you renamed it). Go to "Macros". Add "{$SNMP_COMMUNITY}" and
@chilledornaments
chilledornaments / ratelimit-watchguard.txt
Created December 4, 2018 19:12
WatchGuard Rate Limiting
Rate limiting specific traffic/services on WatchGuard
Firewall > Traffic Management > Add Policy
Name Policy
Set 'Type' to 'Per Policy'
Set bandwidth limitations
@chilledornaments
chilledornaments / TD-Agent-GELF.sh
Created March 29, 2019 21:13
Installing the GELF plugin for td-agent on CentOS 7
#!/usr/bin/env bash
# I've spent too much time banging my head against the wall trying to do this to not document it
cd /etc/td-agent/plugin/ && sudo wget https://raw.githubusercontent.com/emsearcy/fluent-plugin-gelf/master/lib/fluent/plugin/out_gelf.rb
sudo /usr/sbin/td-agent-gem install gelf
echo "Installed td-agent GELF plugin"
exit 0
@chilledornaments
chilledornaments / Python3-CloudFront-SignedURL
Created April 1, 2019 19:02
Walkthrough of creating a CloudFront Signed URL with Python + Boto3
#!/usr/bin/env python36
import boto3, rsa, datetime
from botocore.signers import CloudFrontSigner
from datetime import timedelta
"""
First things first, sign into your AWS Root account. Per Amazon's documentation:
IAM users can't create CloudFront key pairs. You must log in using root credentials to create key pairs.
@chilledornaments
chilledornaments / WatchGuard_Graylog_Grok.txt
Last active July 2, 2019 14:26
Graylog Grok Patterns for WatchGuard Syslog
######################
WatchGuard doesn't send standardized messages meaning you have to create
different extractors for different scenarios
######################
# Temporarily host blocks
# String to match: Temporarily blocking host
%{IPV4:blocked_host}
@chilledornaments
chilledornaments / gunicorn_conf.py
Created January 10, 2020 16:45
Gunicorn logging with custom values
import socket
from os import environ
hostname = socket.gethostname()
"""
Logging env vars with %({env_var}e)s hasn't worked for me in gunicorn 20.0.4
"""
@chilledornaments
chilledornaments / main.go
Last active February 18, 2020 15:43
go-gelf Custom Message Example
/*
This is a very basic example of sending custom messages to Graylog with the go-gelf package
GELF Spec https://docs.graylog.org/en/3.2/pages/gelf.html#gelf-via-udp
*/
package main
import (
"fmt"
"gopkg.in/Graylog2/go-gelf.v2/gelf"