markuskont
markuskont
/ logitech_k750.sh
Created
November 23, 2015 21:22
Fix keyboard mapping for logitech k750 (mac version). Meant to be run in crontab, bat PATH and DISPLAY variables must be set!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $(/usr/bin/xinput | /bin/grep K750) ]] ; then | |
| /usr/bin/setxkbmap -option apple:badmap,lv3:rwin_switch,altwin:swap_alt_win | |
| else | |
| /usr/bin/setxkbmap -option | |
| fi |
markuskont
/ Vagrantfile
Last active
April 6, 2016 12:56
Use go to parse bind nameserver XML stats output (statistics-channel)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| $NS = <<SCRIPT | |
| sudo cat <<REPO >> /etc/apt/sources.list | |
| deb http://http.us.debian.org/debian/ testing non-free contrib main | |
| REPO | |
| sudo apt-get update |
markuskont
/ checkExfilBlacklist.bro
Created
March 15, 2016 12:01
BRO script for checking file sha checksums
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| type Val: record { | |
| sha256_hash: string; | |
| document_name: string; | |
| }; | |
| global blacklist_hash_database = "/var/db/blacklist"; | |
| event document_exfil(description: Input::EventDescription, tpe: Input::Event, r: Val) | |
| { | |
| print fmt("Data exfiltration detected with hash %s, document %s", r$sha256_hash, r$document_name); |
markuskont
/ reverse6.pl
Last active
April 15, 2016 10:44
Generate IPv6 reverse DNS records for Bind
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| sub populateArrayFromFile { | |
| my ($filename) = @_; | |
| open FILE, $filename || die "Cannot open file ".$filename." for read"; | |
| @lines=<FILE>; | |
| close FILE; | |
| return @lines; | |
| } | |
| sub ip6AppendZeroes { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| sub populateArrayFromFile { | |
| my ($filename) = @_; | |
| open FILE, $filename || die "Cannot open file ".$filename." for read"; | |
| @lines=<FILE>; | |
| close FILE; | |
| return @lines; | |
| } |
markuskont
/ moloch_hourly_clean_daily.sh
Last active
April 28, 2016 08:17
Delete moloch session indices as per retention period in days when indices are created hourly. Very hacky and quick solution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RETAINDAYS=7 | |
| HOST="localhost" | |
| PORT=9200 | |
| INDICES=`curl -ss -XGET $HOST:$PORT/_cat/indices?v | awk -F " " '{print $3}' | grep sessions | sort -n` | |
| TODAY=`date +"%y%m%d"` | |
| for index in $INDICES; do |
markuskont
/ moloch_del_red_indices.sh
Created
April 28, 2016 08:18
Delete moloch hourly indices that are RED
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for index in `curl -ss -XGET localhost:9200/_cat/indices?v | grep red | perl -ne 'if (m/.+(sessions-\d+\w\d+).+/){print "$1\n"}'` | |
| do curl -XDELETE localhost:9200/$index | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SERIAL=`sudo hdparm -I /dev/sda | grep 'Serial Number:' | perl -ne 'if(m/:\s*(\S+)/){print "$1\n"}' | tr -cd 0-9` | |
| UNIQUE_FILE='/tmp/uniq.txt' | |
| grep $SERIAL $UNIQUE_FILE > /dev/null 2>&1 || echo $SERIAL > $UNIQUE_FILE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var warn_threshold = 30 | |
| var crit_threshold = 10 | |
| var data = stream | |
| .from().measurement('cpu') | |
| .where(lambda: "cpu" == 'cpu-total') | |
| .groupBy('host') | |
| // Do normal alerting | |
| data.alert() |
markuskont
/ rsyslog8_xenial.sh
Created
May 5, 2016 07:45
Build rsyslog8 from source on Ubuntu 16.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ./configure \ | |
| --prefix=/opt/rsyslog8 \ | |
| --enable-extended-tests=yes \ | |
| --enable-imptcp \ | |
| --enable-imttcp \ | |
| --enable-impstats \ | |
| --enable-omstdout \ | |
| --enable-imfile \ |
OlderNewer