Skip to content

Instantly share code, notes, and snippets.

View TIFlow.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<template encoding-version="1.3">
<description></description>
<groupId>afb1159b-0176-1000-7181-367e61a6a1ba</groupId>
<name>Threat Intel Pipeline</name>
<snippet>
<connections>
<id>10508819-cdfd-3f31-0000-000000000000</id>
<parentGroupId>324cac5c-1af5-3845-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
View example_fgt_traffic.log
Dec 03 31 - 15:43:23 192.168.250.1 date=2016-08-28 time=23:36:34 devname=gotham-fortigate devid=FGT60D4614044725 logid=0000000015 type=traffic subtype=forward level=notice vd=root srcip=192.168.227.189 srcport=32020 srcintf="internal5" dstip=8.8.4.4 dstport=53 dstintf="wan1" poluuid=b0031368-5022-51e4-7b44-081eb5c90956 sessionid=768688 proto=17 action=start policyid=3 dstcountry="United States" srccountry="Reserved" trandisp=snat transip=71.39.18.126 transport=47013 service="DNS" duration=0 sentbyte=0 rcvdbyte=0 appcat="unscanned"
Dec 03 31 - 15:43:23 192.168.250.1 date=2016-08-13 time=04:44:20 devname=gotham-fortigate devid=FGT60D4614044725 logid=0000000015 type=traffic subtype=forward level=notice vd=root srcip=192.168.225.15 srcport=123 srcintf="internal5" dstip=69.167.160.102 dstport=123 dstintf="wan1" poluuid=b0031368-5022-51e4-7b44-081eb5c90956 sessionid=803953 proto=17 action=start policyid=3 dstcountry="United States" srccountry="Reserved" trandisp=snat transip=71.39.18.126 transport=123 service="NTP"
@YoloSecurity
YoloSecurity / Dockerfile
Last active Sep 15, 2020
OpenCanarySSHExtending
View Dockerfile
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
@YoloSecurity
YoloSecurity / Dockerfile
Last active Sep 11, 2020
Excerpts of the ssh module for opencanaryd
View Dockerfile
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd