This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. dsa host key muss vorhanden sein, sonst startet server nicht | |
# 2. dsa auth kann man abschalten, ausser firmware ist extra alt. FW <=5.5 kann kein RSA FW >=5.6 kann RSA. | |
# 3. secure mode disabled alle anderen Protokolle - auch snmp! | |
# 4. pubkey download ist nur via tftp server (nicht usb) | |
# 5. RO user fuer backup funktioniert nicht wegen Problem mit `enable` ohne PW in oxidized | |
# 6. PW muss man manuell eingeben | |
# 7. telnet bleibt hier so erreichbar! (block via ipmgr) | |
no ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from textfsm_aos.parser import parse | |
import re | |
sample_data = """ | |
Local Chassis ID 1 (Master) | |
Model Name: OS6860E-24, | |
Module Type: 0x6062203, | |
Description: Chassis, | |
Part Number: 903708-90, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from elasticsearch import Elasticsearch | |
from elasticsearch_dsl import Search | |
from elasticsearch_dsl import query as q | |
from elasticsearch_dsl import Q | |
from elasticsearch_dsl.query import MultiMatch, Match | |
from elasticsearch_dsl import UpdateByQuery | |
import re, sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: '3' | |
services: | |
checkmk: | |
image: checkmk/check-mk-raw:2.0.0-latest | |
ports: | |
- "162:162/udp" | |
- "514:514/udp" | |
- "514:514/tcp" | |
- "6557:6557/tcp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Powershell refuses to connect to the Netbox API on our setup without this. | |
add-type @" | |
using System.Net; | |
using System.Security.Cryptography.X509Certificates; | |
public class TrustAllCertsPolicy : ICertificatePolicy { | |
public bool CheckValidationResult( | |
ServicePoint srvPoint, X509Certificate certificate, | |
WebRequest request, int certificateProblem) { | |
return true; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: '3' | |
services: | |
checkmk: | |
image: checkmk/check-mk-raw:2.0.0-latest | |
ports: | |
- "162:162/udp" | |
- "514:514/udp" | |
- "514:514/tcp" | |
- "6557:6557/tcp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ! type gawk >/dev/null ; then | |
echo "script requires gawk, please install it via apt/similar" | |
fi | |
cd ~/var/pnp4nagios/perfdata || exit 1 | |
# out | |
for X in */Interface_*_outnucast.rrd; do | |
rrdtool fetch $X MAX -r 300 -s -1h | gawk -v x=$X '{printf(x",\t\t %s,%8.2f,%8.2f \n",strftime("%c",$1),$2,$3) }' | |
done |\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# references | |
# [Switch Management Guide](https://www.al-enterprise.com/-/media/assets/internet/documents/os8-sw-87r3-rev-a.pdf) | |
# [Security Target for EAL2](https://www.fmv.se/globalassets/csec/alcatel-lucent-enterprise-omniswitch-with-aos-8.6.4.r11/alcatel-lucent-enterprise-omniswitch-with-aos-8.6.r11-security-target-for-eal2.pdf) | |
# [Security Best Practices in AOS](https://support.alcadis.nl/Support_files/Alcatel-Lucent/OmniSwitch//OS6450/Technotes/Security%20Best%20Practices%20in%20AOS%20v1.7.pdf) | |
# hier gesammelt in 8. AOS 8 example configuration (seite 68ff) | |
### ssh session limit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#username=ubnt | |
#password=ubnt | |
#baseurl=https://unifi:8443 | |
#site=default | |
#[ -f ./unifi_sh_env ] && . ./unifi_sh_env | |
cookie=$(mktemp) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
setup_ipset() { | |
# this only needs to be run once | |
if ! type ipset 2>/dev/null ; then | |
ipset create log4j_attackers nethash | |
iptables -I INPUT -m set --match-set log4j_attackers src -j DROP | |
iptables -I OUTPUT -m set --match-set log4j_attackers dst -j DROP | |
} |