Skip to content

Instantly share code, notes, and snippets.

View gwsales's full-sized avatar

gwsales

4 followers · 10 following
View GitHub Profile
@gwsales
gwsales / audit.rules
Created October 6, 2018 01:44 — forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@gwsales
gwsales / SysmonStartup.bat
Created October 25, 2018 19:13 — forked from silentbreaksec/SysmonStartup.bat
Windows batch file to deploy Sysmon using a startup script via GPO
@echo off
:: Author: Ryan Watson
:: Twitter: @gentlemanwatson
:: Version: 1.0
:: Credits: Credit to Syspanda.com and their Sysmon GPO article for the kick off point
:: https://www.syspanda.com/index.php/2017/02/28/deploying-sysmon-through-gpo/
:: ** IMPORTANT **
:: 1) Create a Sysmon folder with the SYSVOL share on your domain controller
:: 2) Download Sysmon from Microsoft and place both sysmon.exe and sysmon64.exe in
@gwsales
gwsales / pia-pptp-nm.sh
Last active February 16, 2019 14:08
Private Internet Access PPTP VPN Profile Script
#!/bin/bash
## This script requires jq
if ! [ -x "$(command -v jq)" ]; then
echo 'Error: jq is not installed.' >&2
exit 1
fi
echo -n "PIA pptp username (xNNNNNNN not pNNNNNNN): "
read pia_username
@gwsales
gwsales / ansible_local_playbooks.md
Created August 28, 2019 13:57 — forked from alces/ansible_local_playbooks.md
How to run an Ansible playbook locally
  • using Ansible command line:
ansible-playbook --connection=local 127.0.0.1 playbook.yml
  • using inventory:
127.0.0.1 ansible_connection=local
@gwsales
gwsales / ufw.md
Created October 18, 2019 01:04 — forked from kimus/ufw.md
NAT and FORWARD with Ubuntu’s ufw firewall

UFW

I use Ubuntu’s Uncomplicated firewall because it is available on Ubuntu and it's very simple.

Install UFW

if ufw is not installed by default be sure to install it first.

@gwsales
gwsales / fix.sh
Last active June 3, 2020 14:38 — forked from alexalouit/fix.sh
fix Logstash error "logstash load error: ffi/ffi -- java.lang.NullPointerException: null" on Raspbian
#!/bin/bash
# based on https://github.com/mew2057/CAST/blob/6c7f7d514b7af3c512635ec145aa829c535467dc/csm_big_data/config-scripts/logstashFixupScript.sh
# see: https://github.com/elastic/logstash/issues/10755
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
@gwsales
gwsales / Winlogbeat-Bulk-Read.ps1
Created August 14, 2020 02:08
Winlogbeat-Bulk-Read
<#
.SYNOPSIS
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
.DESCRIPTION
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
Use winlogbeat.yml to customize your configuration of winlogbeat including output.
This script will attempt to use winlogbeat.yml which is ignored in .gitignore but
if this file is not found, it will fall back to using the example that will output
logs to .\winlogbeat\events.json. Once an EVTX file has been read winlogbeat will
@gwsales
gwsales / Enable-PS7-Logging.ps1
Created November 24, 2023 15:43
Enable logging for PowerShell V7
#Requires -RunAsAdministrator
$Path = "HKLM:\Software\Policies\Microsoft\PowerShellCore"
## ScriptBlockLogging
if (-not (Test-Path $Path\ScriptBlockLogging)) {
$null = New-Item $Path\ScriptBlockLogging -Force
}
Set-ItemProperty -Path $Path\ScriptBlockLogging -Name EnableScriptBlockLogging -Value "1" -Type Dword
## ModuleLogging