I hereby claim:
- I am markuskont on github.
- I am rev013 (https://keybase.io/rev013) on keybase.
- I have a public key ASCRd_Jcdgwx4q2ukIDlUzds9eijzMuHeHAZnckvNzfFLAo
To claim this, I am signing this object:
markuskont
markuskont
/ keybase.md
Created
May 27, 2020 10:45
markuskont
/ ansible_play_update_golang.yml
Created
March 17, 2020 12:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: update go | |
| connection: local | |
| hosts: localhost | |
| vars: | |
| home: | |
| version: 1.14 | |
| source: "https://dl.google.com/go/go{{ version }}.linux-amd64.tar.gz" | |
| sha256sum: 08df79b46b0adf498ea9f320a0f23d6ec59e9003660b4c9c1ce8e5e2c6f823ca | |
| tasks: | |
| - name: remove old go install |
markuskont
/ 98-monitor.rules
Created
November 30, 2019 22:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| KERNEL=="card0", SUBSYSTEM=="drm", ENV{DISPLAY}=":0", ENV{XAUTHORITY}="/home/markus/.Xauthority", RUN+="/usr/share/markus/hotplug-monitor.sh" |
markuskont
/ gmail.py
Last active
October 18, 2019 06:18
Read gmail through API with python. See https://github.com/abhishekchhibber/Gmail-Api-through-Python/blob/master/gmail_read.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #from __future__ import print_function | |
| import pickle | |
| import os.path | |
| from googleapiclient.discovery import build | |
| from google_auth_oauthlib.flow import InstalledAppFlow | |
| from google.auth.transport.requests import Request | |
| import json |
markuskont
/ reindex_moloch_sessions.py
Created
August 21, 2019 12:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from elasticsearch import Elasticsearch, helpers | |
| host = "X.X.X.X" | |
| pattern = "sessions2" | |
| c1 = ["{}:9213".format(host)] | |
| c2 = ["{}:9214".format(host)] |
markuskont
/ moloch-hot-cold-balancer.py
Created
March 29, 2019 09:49
Periodic python script for managing moloch indices in elasticsearch hot-cold setup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from elasticsearch import Elasticsearch | |
| import sys | |
| import argparse | |
| if __name__ == "__main__": | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument("--conn", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| extern crate redis; | |
| extern crate reqwest; | |
| extern crate serde_json; | |
| use redis::Commands; | |
| use serde_json::{json, Map, Value}; | |
| use std::{thread, time}; | |
| use std::collections::HashMap; |
markuskont
/ set-capture-affinity.py
Created
February 27, 2019 12:59
Set CPU affinity and IRQ stuff for moloch-capture with python3 and python-psutil
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import psutil | |
| import subprocess | |
| import re | |
| import sys | |
| import os.path | |
| def get_moloch_capture_parent(): | |
| procs = {p.pid: p.info for p in psutil.process_iter(attrs=['pid', 'name', 'username'])} |
markuskont
/ new-observed-tls.lua
Created
February 14, 2019 13:25
Suricata lua output script for maintaining a list of known TLS certificates in redis. Log if new is seen.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["protocol"] = "tls" | |
| return needs | |
| end | |
| function setup (args) | |
| name = "tls.log" | |
| filename = SCLogPath() .. "/" .. name | |
| file = assert(io.open(filename, "a")) |
markuskont
/ ja3-whitelist.lua
Last active
February 14, 2019 10:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["tls"] = tostring(true) | |
| return needs | |
| end | |
| function match(args) | |
| hash = Ja3GetHash() | |
| if hash == nil then | |
| return 0 |
NewerOlder