This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ZONE="example.com" | |
HOSTNAME="test" | |
SGROUP="my_security_group" | |
CURRENT_IP=$(dig @resolver1.opendns.com myip.opendns.com +short) | |
OLD_IP=$(dig @resolver1.opendns.com $HOSTNAME.$ZONE +short) | |
if [[ $CURRENT_IP =~ [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]] ; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Note: Do not run this script as root. Allow the standard user under which it runs the ability to execute /bin/fuser without entering credentials. | |
# Example: username ALL = (root) NOPASSWD: /bin/fuser | |
cd /capture | |
for file in dns*.pcap; | |
do | |
if ! sudo fuser -s $file; then | |
/usr/bin/tshark -n -t ad -r $file | awk '{ if ($10 !="query") print $2, $3, "ERROR: " $0; else if ($11 == "response") print $2, $3, $12, "R", $4, $6, substr($0, index($0,$13)); else print $2, $3, $11, "Q", $4, $6, $12, $13, $14 }' 1>>/var/log/dns/query.log 2>/dev/null; | |
mv $file /capture/processed/$file | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Note: Do not run this script as root. You know better than that. Allow the standard user under which it runs the ability to execute /usr/sbin/tcpdump. | |
# Example: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap | |
/usr/sbin/tcpdump -i [INTERFACE] -s0 -G 300 -w '/capture/dns_%Y-%m-%d_%H:%M:%S.pcap' 'port 53' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=DNS Sniffer | |
[Service] | |
User=[USERNAME_HERE] | |
ExecStart=/usr/local/bin/dns-sniffer.sh | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"log" | |
"strings" | |
"os" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .conkyrc | |
background yes | |
use_xft yes | |
xftfont Droid:normal:size=10 | |
xftalpha 1 | |
update_interval 1.0 | |
top_cpu_separate true | |
total_run_times 0 | |
own_window yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
HOME=/var/named | |
ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;mimetype=plaintext" | |
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones" | |
ADLISTFILE=/tmp/adlistfile | |
MWLISTFILE=/tmp/mwlistfile | |
# Download newest blacklists | |
curl -s -o $ADLISTFILE $ADLISTURL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import sys | |
import re | |
def DecToHex(dec_ip): | |
dec_octets = str.split(dec_ip, '.') | |
hex_octets = [] | |
if len(dec_octets) != 4: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import sys | |
import re | |
def ParseLog(filename, search_string): | |
try: | |
f = open(filename, 'rU') | |
except IOError: | |
print '\n*** I/O Error: Can\'t read file', filename, '***\n' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Replace myservice with your service name. Insert commands where noted. | |
# chkconfig: - 99 00 | |
# Source function library. | |
. /etc/rc.d/init.d/functions | |
case "$1" in | |
start) | |
echo -n "Starting myservice" |
NewerOlder