linuxmalaysia
/ winlogbeat.template.json
Created
March 3, 2020 06:07
winlogbeat.template.json for Winlogbeat 7.6.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "index_patterns": [ | |
| "winlogbeat-7.6.0-*" | |
| ], | |
| "mappings": { | |
| "_meta": { | |
| "beat": "winlogbeat", | |
| "version": "7.6.0" | |
| }, | |
| "date_detection": false, |
linuxmalaysia
/ Monitoring_Setting_For_Elastic_Stack_7.txt
Created
January 31, 2020 07:17
Monitoring Setting For Elastic Stack 7.x
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *** Monitoring Setting For Elastic Stack 7.x *** | |
| ===> elasticsearch.yml | |
| xpack.monitoring.enabled: true | |
| xpack.monitoring.collection.enabled: true | |
| ===> kibana.yml | |
| xpack.monitoring.enabled: true |
linuxmalaysia
/ logstash-example-haris22012020.conf
Last active
January 22, 2020 00:59
logstash example filter by rules with if then else
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| # start if | |
| if "syslog" in [tags] and "sshd" in [program] { | |
| ### Start Rule 1 | |
| ## https://github.com/ossec/ossec-rules/blob/master/rules.d/50-sshd_rules.xml | |
| grok { | |
| match => { |
linuxmalaysia
/ logstash-config-example-searching-filebeat-index.txt
Created
October 13, 2019 02:33
Example logstash configuration file. Tested using Logstash 7.4.0 and Filebeat as input and Elasticsearch. Terima Kasih Kepada Amir Haris Ahmad, Localhost Sdn Bhd # kerana izinkan saya gunakan servers ujian mereka di Digital Ocean # dan team beliau dengan berkongsi pengalaman dan pandangan mereka. # Untuk saya menguji bruteforce attack log kepada…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Terima Kasih Kepada Amir Haris Ahmad, Localhost Sdn Bhd | |
| ### kerana izinkan saya gunakan servers ujian mereka di Digital Ocean | |
| ### dan team beliau dengan berkongsi pengalaman dan pandangan mereka. | |
| ### | |
| ### Untuk saya menguji bruteforce attack log kepada syslog dengan fail2ban | |
| ### | |
| ### Server telah dipasang dengan fail2ban dan SSH dibuka dengan port 22. | |
| ### SSH tidak membenarkan module password dan hanya digital cert. | |
| ### | |
| ### Filebeat telah digunakan untuk mengumpulkan log. |
linuxmalaysia
/ process-blacklist-csv.sh
Created
July 19, 2019 06:21
# convert shallalist.tar.gz into csv # http://www.shallalist.de/categories.html # Harisfazillah Jamel 30032019 # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz # https://www.squidblacklist.org/downloads/dg-malicious.acl (masukkan dalam BL/malware dan tukar nama fail ke domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # convert shallalist.tar.gz into csv | |
| # http://www.shallalist.de/categories.html | |
| # Harisfazillah Jamel 30032019 | |
| # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
| # https://www.squidblacklist.org/downloads/dg-malicious.acl (masukkan dalam BL/malware dan tukar nama fail ke domains | |
| echo "\"localhost\",locahost" > malware3.tmp | |
| find BL/ -name 'domains' -print0 | | |
| while IFS= read -r -d $'\0' line; do |
linuxmalaysia
/ convert-to-yaml-logstash.sh
Last active
July 19, 2019 08:19
# origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a # logstash yaml "www.google.com": "known search engine" # Choose from here https://github.com/StevenBlack/hosts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a | |
| # logstash yaml "www.google.com": "known search engine" | |
| # Choose from here https://github.com/StevenBlack/hosts | |
| #HOSTS_RAW=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |
| ##### https://raw.githubusercontent.com/StevenBlack/hosts/master/data/malwaredomainlist.com/hosts | |
| ### first must using > and others using >> for pipe | |
| ##### first file |
linuxmalaysia
/ elasticsearch-handlers-main.yml
Created
June 20, 2019 21:24
— forked from labrown/elasticsearch-handlers-main.yml
Ansible rolling restart of Elasticsearch Cluster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ### | |
| # Elasticsearch Rolling restart using Ansible | |
| ### | |
| ## | |
| ## Why is this needed? | |
| ## | |
| # | |
| # Even if you use a serial setting to limit the number of nodes processed at one |
linuxmalaysia
/ haproxy.cfg
Last active
May 12, 2019 23:37
haproxy.cfg Haproxy For Elastic beats And Logstash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Haproxy For Elastic beats And Logstash | |
| # Date: 13 May 2019 | |
| # 1) Example of haproxy.cfg listen for Filebeat or other beats by using port 5044/tcp | |
| # And load balance to 2 servers. | |
| # https://www.haproxy.com/blog/introduction-to-haproxy-logging/ | |
| # Please read above article for syslog configuration to listen port 514 | |
| # Or change config log to |
linuxmalaysia
/ ansible-hardening.txt
Last active
April 17, 2019 01:20
Ansible script for hardening two files play.yml and requirements.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ansible script for hardening two files play.yml and requirements.yml | |
| This ansible steps are for hardening MariaDB server | |
| 1) ansible-galaxy install -r requirements.yml | |
| 2) ansible-playbook play.yml | |
| #### start of requirements.yml | |
| #### ansible-galaxy install -r requirements.yml |
linuxmalaysia
/ logstash-yml-shallalist.sh
Last active
April 20, 2019 23:31
Convert shallalist to logstash yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # convert shallalist.tar.gz into logstash yml | |
| # http://www.shallalist.de/categories.html | |
| # Harisfazillah Jamel 30032019 | |
| # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
| # make sure uncompress under same directory as this script. | |
| echo "localhost: locahost" > /etc/logstash/malware2.yml | |
| find BL/ -name 'domains' -print0 | | |
| while IFS= read -r -d $'\0' line; do |