Skip to content

Instantly share code, notes, and snippets.

View jasonish's full-sized avatar

Jason Ish jasonish

269 followers · 24 following
View GitHub Profile
@jasonish
jasonish / -
Created October 17, 2018 14:51
#! /usr/bin/env python
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@jasonish
jasonish / eve-schema.json
Created October 12, 2018 23:13
{
"$schema": "http://json-schema.org/draft-06/schema#",
"title": "eve",
"type": "object",
"properties": {
"timestamp": { "$ref": "#/definitions/timestamp" },
"metadata": { "$ref": "#/definitions/metadata" }
},
"definitions": {
"timestamp": {
@jasonish
jasonish / non-root-suricata-setup.md
Last active October 13, 2018 17:19
Enable Non-Root Suricata-Update on Fedora

Suricata and Suricata-Update

chgrp suricata /etc/suricata
chmod 770 /etc/suricata
chmod o+r /etc/suricata/*
mkdir -p /var/lib/suricata
chown suricata.suricata /var/lib/suricata
chmod 2770 /var/lib/suricata

You you also want to this for non-root log access

@jasonish
jasonish / foo.yaml
Created July 13, 2018 14:47
%YAML 1.1
---
# Suricata configuration file. In addition to the comments describing all
# options in this file, full documentation can be found at:
# https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html
##
## Step 1: inform Suricata about your network
##
@jasonish
jasonish / eve-dhcp-extended.json
Created June 14, 2018 13:29
{"timestamp":"2004-12-05T13:16:24.317453-0600","flow_id":1437877179832333,"pcap_cnt":1,"event_type":"dhcp","src_ip":"0.0.0.0","src_port":68,"dest_ip":"255.255.255.255","dest_port":67,"proto":"UDP","dhcp":{"type":"request","id":15645,"client_mac":"00:0b:82:01:fc:42","assigned_ip":"0.0.0.0","client_ip":"0.0.0.0","dhcp_type":"discover","client_id":"00:0b:82:01:fc:42","requested_ip":"0.0.0.0","params":["subnet_mask","router","dns_server","ntp_server"]}}
{"timestamp":"2004-12-05T13:16:24.317748-0600","flow_id":876149144607028,"pcap_cnt":2,"event_type":"dhcp","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.10","dest_port":68,"proto":"UDP","dhcp":{"type":"reply","id":15645,"client_mac":"00:0b:82:01:fc:42","assigned_ip":"192.168.0.10","client_ip":"0.0.0.0","relay_ip":"0.0.0.0","next_server_ip":"192.168.0.1","dhcp_type":"offer","subnet_mask":"255.255.255.0","renewal_time":1800,"rebinding_time":3150,"lease_time":3600}}
{"timestamp":"2004-12-05T13:16:24.387484-0600","flow_id":1437877179832333,"pcap_cnt":3,"eve
@jasonish
jasonish / eve-dhcp-default.json
Created June 14, 2018 13:29
{"timestamp":"2004-12-05T13:16:24.387798-0600","flow_id":2065979639650612,"pcap_cnt":4,"event_type":"dhcp","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.10","dest_port":68,"proto":"UDP","dhcp":{"type":"reply","id":15646,"client_mac":"00:0b:82:01:fc:42","assigned_ip":"192.168.0.10","dhcp_type":"ack","renewal_time":1800}}
@jasonish
jasonish / discover-offer-request-ack.json
Created May 29, 2018 21:52
{
"timestamp": "2004-12-05T13:16:24.317453-0600",
"flow_id": 710739216619533,
"pcap_cnt": 1,
"event_type": "dhcp",
"src_ip": "0.0.0.0",
"src_port": 68,
"dest_ip": "255.255.255.255",
"dest_port": 67,
"proto": "UDP",
@jasonish
jasonish / request-ack.json
Created May 29, 2018 21:51
{
"timestamp": "2004-12-05T13:16:24.317453-0600",
"flow_id": 710739216619533,
"pcap_cnt": 1,
"event_type": "dhcp",
"src_ip": "0.0.0.0",
"src_port": 68,
"dest_ip": "255.255.255.255",
"dest_port": 67,
"proto": "UDP",
@jasonish
jasonish / request-ack.json
Created May 29, 2018 21:50
{
"timestamp": "2017-04-21T22:07:33.165957-0600",
"flow_id": 562399510104133,
"pcap_cnt": 1,
"event_type": "dhcp",
"src_ip": "0.0.0.0",
"src_port": 68,
"dest_ip": "255.255.255.255",
"dest_port": 67,
"proto": "UDP",
@jasonish
jasonish / foo.yaml
Created April 17, 2018 16:19
ubuntu-common-packages: &ubuntu-common-packages
- libpcre3
- libpcre3-dbg
- libpcre3-dev
- build-essential
- autoconf
- automake
- libtool
- libpcap-dev
- libnet1-dev