南知 nanzhipro

Disclaimer: I'm not the original author of this sheet, but can't recall where I found it. ~~If you know the author, please let me know so I give the attribution.~~

The original author seems to be Charles Edge, here's the original content, as pointed out by @percisely.

Note: Since this seems to be helpful to some people, I formatted it to improve readability of the original. Also, note that this is from 2016, many things may have changed, and I don't use macOS anymore, so I probably can't help in case of questions, but maybe someone else can.

Mac Network Commands Cheat Sheet

After writing up the presentation for MacSysAdmin in Sweden, I decided to go ahead and throw these into a quick cheat sheet for anyone who’d like to have them all in one place. Good luck out there, and s

	#include <sys/types.h>
	#include <sys/ioctl.h>
	#include <sys/socket.h>
	#include <sys/sys_domain.h>
	#include <sys/kern_control.h>
	#include <net/if_utun.h>
	#include <errno.h>
	#include <stdio.h>
	#include <string.h>
	#include <syslog.h>

	{
	"options": {
	"config_plugin": "filesystem",
	"logger_plugin": "filesystem",
	"logger_path": "/var/log/osquery",
	"disable_logging": "false",
	"log_result_events": "true",
	"schedule_splay_percent": "10",
	"pidfile": "/var/osquery/osquery.pidfile",
	"events_expiry": "3600",

	#!/bin/sh
	##########################################################################################################
	## Pupose: Create a pwpolicy XML file based upon variables and options included below.
	## Policy is applied and then file gets deleted. Use "sudo pwpolicy -u <user> -getaccountpolicies"
	## to see it, and "sudo pwpolicy -u <user> -clearaccountpolicies" to clear it.
	##
	## Usage: Edit variables in Variable flowerbox below.
	## Then run as a policy from Casper, or standalone as root.
	##
	## Tested on: OS X 10.10 and 10.11

	#include <stdio.h>
	#include <stdlib.h>
	#include <libproc.h>

	// Uses proc_pidinfo from libproc.h to find the parent of given pid.
	// Call this repeatedly until ppid(pid) == pid to get ancestors.
	int ppid(pid_t pid) {
	struct proc_bsdinfo info;
	proc_pidinfo(pid, PROC_PIDTBSDINFO, 0, &info, sizeof(info));
	return info.pbi_ppid;

	import "hash"

	private rule Macho
	{
	meta:
	description = "private rule to match Mach-O binaries"
	condition:
	uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca

	}

	import dnssd

	struct DNSTxtRecord {

	typealias DNSLookupHandler = ([String: String]?) -> Void

	static func lookup(_ domainName: String, completionHandler: @escaping DNSLookupHandler) {
	var mutableCompletionHandler = completionHandler // completionHandler needs to be mutable to be used as inout param
	let callback: DNSServiceQueryRecordReply = {
	(sdRef, flags, interfaceIndex, errorCode, fullname, rrtype, rrclass, rdlen, rdata, ttl, context) -> Void in

	## FOR UBUNTU
	Dependencies install

	1. apt-get install nginx-extras
	2. apt-get install lua-zlib

	lua file decompress request body
	--------------------------------

	see https://gist.github.com/iammehrabalam/30f5402bbcdad139c9eafd3a6f47ce6c

	-- Debian packages nginx-extras, lua-zlib required

	ngx.ctx.max_chunk_size = tonumber(ngx.var.max_chunk_size)
	ngx.ctx.max_body_size = tonumber(ngx.var.max_body_size)

	function create_error_response (code, description)
	local message = string.format('{"status":400,"statusReason":"Bad Request","code":%d,"exception":"","description":"%s","message":"HTTP 400 Bad Request"}', code, description)
	ngx.status = ngx.HTTP_BAD_REQUEST
	ngx.header.content_type = "application/json"
	ngx.say(message)

	"""
	Python 3
	"""

	import os
	import glob
	import argparse
	import cv2
	from PIL import Image
	import numpy as np