Skip to content

Instantly share code, notes, and snippets.

View dcode's full-sized avatar
πŸ’­
Hack the 🌎!

Derek Ditch dcode

πŸ’­
Hack the 🌎!
142 followers · 15 following
View GitHub Profile
@dcode
dcode / rock_hardware.adoc
Last active July 31, 2019 04:41

ROCK Sensor Parts List

Below is the hardware I use for development and home use of my ROCK sensor. It’s an extremely powerful system in a small form factor, under $1000. The most important aspects to me were that I wanted IPMI for baremetal remote management, dual Intel NICs, quiet, and relatively low-power. I sit by this thing and work everyday and don’t want to wear hearing protection while I write code.

The prices reflect what I paid for them in March 2016. No doubt the prices will have changed and newer, better stuff is probably available. Things like RAM and SSDs go on sale all the time, so look for that if you’re a bargain shopper.

@dcode
dcode / smtp_message_share.bro
Created July 14, 2017 13:41
redef Site::local_nets += { 10.0.0.0/24, 192.168.11.0/24 };
global share_exe_IPs: addr_set;
event smtp_data (c: connection, is_orig: bool, data:string)
{
for (line in find_all(data, /.*\\\\.*\\.*\.exe/))
{
local temp = split_string(line,/\\/);
local IP = to_addr(temp[2]);
if ( ! is_local(IP) )
@dcode
dcode / remove_modules.sh
Created June 11, 2017 20:40
Remove Python modules back to a given snapshot
# requirements.txt.orig is the result of `pip freeze > requirements.txt.orig`
# requirements.txt is the current snapshot of pipe
comm -2 -3 requirements.txt requirements.txt.orig | awk -F= '{ print $1 }' | xargs pip uninstall -y
@dcode
dcode / bro-findkernelheaders-hack.patch
Last active September 27, 2017 13:58
Patches needed for bro RPM packages for ROCK NSM
diff -u --recursive bro-2.5.orig/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake bro-2.5/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake
--- bro-2.5.orig/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake 2017-05-26 03:15:47.598844347 +0000
+++ bro-2.5/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake 2017-05-26 03:21:44.099990030 +0000
@@ -20,10 +20,18 @@
OUTPUT_STRIP_TRAILING_WHITESPACE
)
+# Admittedly a hack, but in practice we just need *some* headers
+execute_process(
+ COMMAND bash "-c" "find /usr/src/kernels -print | grep -E '/include/linux/user.h' | cut -d/ -f5 | sort -u | tail -1"
@dcode
dcode / 75-dual-home-routing.sh
Last active May 11, 2023 03:11
NetworkManager hook to update the routing tables for dual-homed systems, allowing traffic past the gateway on either interface.
#!/bin/bash
# 75-dual-home-routing
# Description: Updates routing tables to allow traffic on dual-homed boxes
# according to the interface it came in on
# Place in /etc/NetworkManager/dispatcher.d/ and update interface name below
IF=$1
STATUS=$2
function update_routing_table() {
@dcode
dcode / ROCKNSM-BETA0.adoc
Created December 14, 2016 05:32

ROCK NSM Beta 0 Notes

@dcode
dcode / Vagrantfile
Created November 4, 2016 17:27
Working Vagrantfile using bento/centos-7.2 w/ bridged interface and self-updating HGFS for /vagrant mapping
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "bento/centos-7.2"
config.vm.provider "vmware_fusion" do |vmware|
vmware.linked_clone = true
#vmware.gui = true
vmware.vmx["memsize"] = "8192"
@dcode
dcode / Makefile
Last active March 28, 2017 12:03
My bro.spec.in file and Makefile for building bro packages + bro-plugins packages
NAME := bro
GIT_REPO := https://github.com/bro/bro.git
GIT_BRANCH := master
COMMIT0 := $(shell git ls-remote $(GIT_REPO) | grep -E 'refs/heads/$(GIT_BRANCH)$$' | cut -f1)
SHORTCOMMIT0 := $(shell echo $(COMMIT0)| awk '{ print substr($$0, 1, 7)}')
VERSION ?=$(shell cat VERSION | cut -d- -f1)
RELEASE ?=$(shell cat VERSION | cut -d- --complement -f1 | tr -d '-')
SNAPSHOT := .git$(SHORTCOMMIT0)
@dcode
dcode / logging_tweaks.bro
Created October 26, 2016 20:17
Configure kafka & logging extensions in bro 2.5
## Setup Kafka output
@load Bro/Kafka/logs-to-kafka.bro
redef Kafka::topic_name = "bro";
redef Kafka::json_timestamps = JSON::TS_ISO8601;
redef Kafka::tag_json = T;
## Setup event extension to include sensor and probe name
type Extension: record {
## The name of the system that wrote this log. This
@dcode
dcode / es_architecture.txt
Created October 20, 2016 18:01
Monodraw diagram to detail a large scale architecture for elasticsearch
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ β”‚ β”‚ β”‚ β”‚ β”‚
β”‚ Master Node β”‚ β”‚ Master Node β”‚ β”‚ Master Node β”‚
β”‚ β”‚ β”‚ β”‚ β”‚ β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
node.master: true
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” nod