hijak

#!/bin/bash

source /home/$USER/.bashrc

echo "Renew lease for"

curl -sS --fail -X POST -H "X-Vault-Token: $VAULT_TOKEN" ${VAULT_ADDR}/v1/auth/token/renew-self | jq .auth.lease_duration
retval=$?
if [[ $retval -ne 0 ]]; then
  echo "Error renewing Vault token lease."

hijak

ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6fxvW8VLHJrEj8v7WHLjNkootX+WGquz8ARqTWcnkLYueJZq4i9YsVf1wUIyIt2dqA1bfLPc3B+ulOs7MACICvayumCOzz5NVW5xEWG8tTbQGTN0RD9uXDEx1EmcCvsZ9gKwibLNGxcwiHzVPmOmKdbp3CT4615JJHdmLtdhHcEhiJhxNc8D+Etv929VOIH95Or9cpzn+aSKs4BX6f+R5TWY6cjuLgvR5f5i9hVxwmNp1zbzhMPijKpbUH56dyl2NPlPlcMU1FLwlBWZCx5hG+tBsY2wFyyp5JZATQsJQ+t7uGzmhZbqxa1VaAJivgfWRQglP8iTz3MhlKy4g4yYd
hostname: k3.k8.tf

hijak

Keybase proof

I hereby claim:

• I am hijak on github.
• I am hijak (https://keybase.io/hijak) on keybase.
• I have a public key ASCzMj5bqiYUdXrRk7D8yRGXUHyT-AO6VTosorK29Olvygo

To claim this, I am signing this object:

hijak

Keybase proof

I hereby claim:

• I am hijak on github.
• I am hijak (https://keybase.io/hijak) on keybase.
• I have a public key ASBftrLW4ZY5ceOH7KPM5u0mwVHy1ZjHItW0vXWREVPc1wo

To claim this, I am signing this object:

hijak

#!/bin/bash

_usage() {
  echo "Usage: $0 CHECKNAME PROFILE"
  echo "Checks: infra, os, keys, vol"
  echo "you might want to output stdout to a .tsv file"
}


_infra () {

hijak

var startingPort = 2011

var neoProxy = require('neo-proxy')

var customHTML = '<center><script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><ins class="adsbygoogle" style="display:inline-block;width:728px;height:90px" data-ad-client="ca-pub-9374665233285997" data-ad-slot="9625600444"></ins><script>(adsbygoogle = window.adsbygoogle || []).push({});</script></center></br>'

var batman = neoProxy({
  port: startingPort,
  target: 'https://eztv.ch',
  needle: '<div id="line"></div>',

hijak

<IfModule mod_ssl.c>
	SSLProtocol All -SSLv2 -SSLv3
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
</IfModule>

hijak

print ip of eth0
ip a s eth0 | sed -nr 's!.*inet ([^/]+)/.*!\1!p'

print groups
cut -d: -f1 /etc/group | sort

find external ip address
curl http://canihazip.com/s && echo 

load of server/mem/disk

hijak

failed attempts
awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n|uniq -c|sort -nk1|awk '{sum+=$1;if($1>300)print "IP: ",$2,"Failed login",$1,"Times"}END{print "\nTotal failed attempts:\t"sum}'
or
cat /var/log/secure | grep sshd | grep Failed | sed 's/invalid//' | sed 's/user//' | awk '{print $11}' | sort | uniq -c | sort -rn
or
grep "Failed password for" /var/log/secure | grep "Dec  8" | awk '{print $11}' | sort | uniq -c | sort -nr | head -7

connections to ssh
netstat -antp|awk '{gsub(/[f:]/, " ");if($7 ~ /22/)print "LOCAL: ",$6,"TARGET: ",$4,"STATE: ",$8}'|sort|uniq -c|sort -nk1|awk '{sum += $1;print}END{print "Total:\t"sum}'

hijak

$HTTP["useragent"] =~ "(|Aboundex|80legs|360Spider|^Java|^Cogentbot|^Alexibot|^asterias|^attach|^BackDoorBot|^BackWeb|Bandit|^BatchFTP|^Bigfoot|^Black.Hole|^BlackWidow|^BlowFish|^BotALot|Buddy|^BuiltBotTough|^Bullseye|^BunnySlippers|^Cegbfeieh|^CheeseBot|^CherryPicker|^ChinaClaw|Collector|Copier|^CopyRightCheck|^cosmos|^Crescent|^Custo|^AIBOT|^DISCo|^DIIbot|^DittoSpyder|^Download\ Demon|^Download\ Devil|^Download\ Wonder|^dragonfly|^Drip|^eCatch|^EasyDL|^ebingbong|^EirGrabber|^EmailCollector|^EmailSiphon|^EmailWolf|^EroCrawler|^Exabot|^Express\ WebPictures|Extractor|^EyeNetIE|^Foobot|^flunky|^FrontPage|^Go-Ahead-Got-It|^gotit|^GrabNet|^Grafula|^Harvest|^hloader|^HMView|^HTTrack|^humanlinks|^IlseBot|^Image\ Stripper|^Image\ Sucker|Indy\ Library|^InfoNaviRobot|^InfoTekies|^Intelliseek|^InterGET|^Internet\ Ninja|^Iria|^Jakarta|^JennyBot|^JetCar|^JOC|^JustView|^Jyxobot|^Kenjin.Spider|^Keyword.Density|^larbin|^LexiBot|^lftp|^libWeb/clsHTTP|^likse|^LinkextractorPro|^LinkScan/8.1a.Unix|^LNSpiderguy|^LinkWalker|^lwp-