Skip to content

Instantly share code, notes, and snippets.

View 13Cubed's full-sized avatar

Richard Davis 13Cubed

View GitHub Profile
@13Cubed
13Cubed / ossec-installer.sh
Last active January 27, 2016 18:43
OSSEC HIDS agent installation script for RHEL/CentOS.
#!/bin/bash
# This script simplifies the installation of the OSSEC HIDS Agent for RHEL/CentOS boxes.
# Are we running is root?
if [ $(id -u) -ne 0 ]; then
echo
echo "This script must be run as root!"
echo
exit;
fi
@13Cubed
13Cubed / audit-tool.py
Created January 27, 2016 18:42
A simple file comparison utility written in Python.
#!/usr/bin/python
# audit-tool.py 2.0 - A simple file comparison utility.
# Copyright 2014 13Cubed. All rights reserved. Written by: Richard Davis
import sys
def compareFiles(filename1, filename2, ignorecase, bidirectional):
"""
Given two filenames and an ignorecase booelean, compares filename1
against filename2 and returns list of the differences and a count of
@13Cubed
13Cubed / checknet.sh
Last active January 23, 2017 11:29
A simple Bash script to monitor a remote address and send an email when it goes down.
#!/bin/bash
# If the file that holds the flag doesn't exist, create it with default of 0
if [ ! -f /tmp/checknet.tmp ]
then
echo 0 > /tmp/checknet.tmp
fi
target=TARGET_GOES_HERE
@13Cubed
13Cubed / bashrc
Last active February 26, 2016 15:12
Custom bash prompt. Can be placed in /etc/bashrc (or /etc/bash.bashrc).
# If this is an interactive shell, customize the prompt
if [[ $- == *i* ]]; then
echo
if [ $(id -u) -eq 0 ]; then # Root user prompt
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;166m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]"
else # Normal user prompt
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;99m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]"
fi
fi
@13Cubed
13Cubed / service
Created February 20, 2016 04:24
This template can be used to create a service script for Red Hat Enterprise Linux. It will enable you to use “service myservice start”, “service myservice stop”, or “service myservice status” to control a particular process.
#!/bin/bash
# Replace myservice with your service name. Insert commands where noted.
# chkconfig: - 99 00
# Source function library.
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo -n "Starting myservice"
@13Cubed
13Cubed / checklog.py
Created February 20, 2016 04:26
Use RegEx (Regular Expressions) to search through files for specific text.
#!/usr/bin/python
import sys
import re
def ParseLog(filename, search_string):
try:
f = open(filename, 'rU')
except IOError:
print '\n*** I/O Error: Can\'t read file', filename, '***\n'
@13Cubed
13Cubed / iptohex.py
Created February 20, 2016 04:26
Convert IPv4 decimal (base 10) addresses to hex (base 16). Useful for 6to4 tunnel configs.
#!/usr/bin/python
import sys
import re
def DecToHex(dec_ip):
dec_octets = str.split(dec_ip, '.')
hex_octets = []
if len(dec_octets) != 4:
@13Cubed
13Cubed / update_dnsbl.sh
Last active October 23, 2020 06:55
Download DNS adware and malware blacklists in BIND format and add them to a blacklist zone file. This is a modified version of the script from Paul's Security Weekly (http://wiki.securityweekly.com/wiki/index.php/Episode472).
#!/bin/bash
HOME=/var/named
ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;mimetype=plaintext"
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones"
ADLISTFILE=/tmp/adlistfile
MWLISTFILE=/tmp/mwlistfile
# Download newest blacklists
curl -s -o $ADLISTFILE $ADLISTURL
@13Cubed
13Cubed / conkyrc
Created October 21, 2016 02:28
A simple and clean Conky config that displays system, processors, memory, disks, and top processes.
# .conkyrc
background yes
use_xft yes
xftfont Droid:normal:size=10
xftalpha 1
update_interval 1.0
top_cpu_separate true
total_run_times 0
own_window yes
@13Cubed
13Cubed / ticketbleed.go
Last active February 9, 2017 14:27 — forked from FiloSottile/ticketbleed.go
Check for Ticketbleed (CVE-2016-9244) vulnerability.
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
"os"
)