Samet Sazak sametsazak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BIOS strong passwords, and strong login passwords, and full disk encryption for physical attacks, | |
| close unused ports and services for things you don't need (not so much a problem for desktops, but still) and keep everything up to date | |
| if you are not using a piece of software (java, adobe flash and other common attack client side vectors) uninstall, and keep your attack surface low as possible | |
| To avoid social engineering don't click attachments on emails or links. Senders can easily be spoofed with tools like SET, If you don't know and need to click, create a vm with snapshots to be safe. | |
| if your browsing shady sites use a vm, for worst case scenario and always keep external backups in a safe location. |
sametsazak
/ install_suricata.sh
Created
March 11, 2017 12:39
— forked from gretel/install_suricata.sh
install suricata on openbsd-current https://suricata-ids.org
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ## adopted from https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup | |
| doas pkg_add gcc git libtool pcre jansson libmagic libyaml | |
| ## version strings might change like patchlevel and stuff | |
| doas pkg_add libnet-1.1.2.1p3v0 autoconf-2.69p2 automake-1.14.1p0 | |
| cd | |
| git clone --depth 1 git://phalanx.openinfosecfoundation.org/oisf.git | |
| cd oisf | |
| git clone --depth 1 https://github.com/OISF/libhtp.git -b 0.5.x | |
| export AUTOCONF_VERSION=2.69 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %YAML 1.1 | |
| --- | |
| # Suricata configuration file. In addition to the comments describing all | |
| # options in this file, full documentation can be found at: | |
| # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml | |
| # Number of packets preallocated per thread. The default is 1024. A higher number | |
| # will make sure each CPU will be more easily kept busy, but may negatively |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Init file for suricata | |
| # | |
| # | |
| # chkconfig: 345 52 48 | |
| # description: Network Intrusion Detection System | |
| # | |
| # processname: suricata-enp0s3 | |
| # pidfile: /var/run/suricata-enp0s3.pid |
sametsazak
/ gist:e82a521089a2a9e88c684fc0578a6d86
Created
April 24, 2017 01:49
Enable tap-to-click when using i3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xinput --set-prop "AlpsPS/2 ALPS DualPoint TouchPad" "libinput Tapping Enabled" 1 |
sametsazak
/ syslog.conf
Last active
February 23, 2018 11:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@input@@ | |
| filter { | |
| if [type] == "@@type@@" { | |
| grok { | |
| match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } | |
| add_field => [ "received_at", "%{@timestamp}" ] | |
| add_field => [ "received_from", "%{host}" ] | |
| } | |
| date { | |
| match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] |
sametsazak
/ beats.conf
Created
February 23, 2018 11:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| beats { | |
| port => @@port@@ | |
| } | |
| } |
sametsazak
/ syslog1.conf
Created
March 1, 2018 19:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| udp { | |
| port => 5000 | |
| type => syslog | |
| } | |
| } | |
| filter { | |
| if [type] == "syslog" { | |
| grok { |
sametsazak
/ syslog2.conf
Created
March 1, 2018 19:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| port => 5000 | |
| type => syslog | |
| } | |
| } | |
| filter { | |
| if [type] == "syslog" { | |
| grok { |
sametsazak
/ test.json
Created
June 21, 2018 12:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "data": [ | |
| { | |
| "x": [ | |
| "192.121.166.207", | |
| "192.121.166.202", | |
| "192.121.166.217" | |
| ], | |
| "y": [ | |
| 20, |
OlderNewer