Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Kroh andrewkroh

View GitHub Profile
@andrewkroh
andrewkroh / redhat_6_stig.sh
Created Mar 5, 2015
Redhat 6 STIG Examples using OpenSCAP
View redhat_6_stig.sh
# Install openscap tool.
sudo yum install openscap-utils
# Generate report based on RedHat's scap-security-guide project (SSG).
# Requires EPEL.
sudo yum install scap-security-guide
oscap xccdf eval --profile stig-rhel6-server-upstream \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
@andrewkroh
andrewkroh / jar-verify-openssl.sh
Created Sep 8, 2015
Jar Verification with OpenSSL
View jar-verify-openssl.sh
# Print attributes inside of DSA/RSA file:
openssl cms -in ORG.RSA -inform DER -noout -cmsout -print
# Verify the signature:
openssl smime -verify -inform DER -in ORG.RSA -content ORG.SF -noverify
# Print signing chain:
openssl pkcs7 -text -in ORG.RSA -inform DER -print_certs -noout
@andrewkroh
andrewkroh / install-golang1.5.1-solaris.sh
Last active Nov 20, 2017
Install Golang 1.5.1 on Solaris
View install-golang1.5.1-solaris.sh
#!/bin/bash -e
function setup_profile() {
profile=$1
cat << 'EOF' >> $profile
export GOROOT=/go1.5.1-solaris
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
[ ! -d "$GOPATH" ] && mkdir $GOPATH
EOF
@andrewkroh
andrewkroh / install-go.ps1
Last active Jan 24, 2022
Install Golang using Powershell
View install-go.ps1
# Installs golang on Windows.
#
# # Run script:
# .\install-go.ps1 -version 1.5.3
#
# # Download and run script:
# $env:GOVERSION = '1.5.3'
# iex ((new-object net.webclient).DownloadString('SCRIPT_URL_HERE'))
Param(
[String]$version,
@andrewkroh
andrewkroh / beats-logstash-tls.md
Last active Jan 11, 2022
Using TLS between Beats and Logstash
View beats-logstash-tls.md

Using TLS between Beats and Logstash

Beats to Logstash over TLS

The purpose of this document is to help with configuring and troubleshooting using TLS on the connection between Beats and Logstash.

Configuration

You must configure TLS on both the client and server to make this work. This

@andrewkroh
andrewkroh / deduplicate_strings.go
Created Mar 1, 2016
Deduplicate a Slice of Strings in Go
View deduplicate_strings.go
// Deduplicate returns a new slice with duplicates values removed.
func Deduplicate(s []string) []string {
if len(s) == 0 {
return s
}
result := []string{}
seen := make(map[string]struct{})
for _, val := range s {
if _, ok := seen[val]; !ok {
@andrewkroh
andrewkroh / Vagrantfile
Last active Apr 15, 2016
Beats Vagrant Files
View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Version of go to download from ports. http://ports.su/lang/go,-main
go_version = '1.5.3'
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
# Source: https://atlas.hashicorp.com/kaorimatz/boxes/openbsd-5.9-amd64/versions/20160402.0.0
@andrewkroh
andrewkroh / winlogbeat-account-usage-dashboard.json
Last active Aug 20, 2018
Winlogbeat - Account Usage Dashboard for Kibana
View winlogbeat-account-usage-dashboard.json
[
{
"_id": "Winlogbeat-Account-Usage",
"_type": "dashboard",
"_source": {
"title": "Windows - Account Usage",
"hits": 0,
"description": "",
"panelsJSON": "[\n {\n \"col\": 7,\n \"id\": \"Failed-Logon-Attempts-Area-Chart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 3,\n \"id\": \"Remote-Desktop-Connections\",\n \"panelIndex\": 3,\n \"row\": 5,\n \"size_x\": 10,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Logon-Map\",\n \"panelIndex\": 5,\n \"row\": 5,\n \"size_x\": 2,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Total-Successful-Logons-1\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n }\n]",
"optionsJSON": "{\n \"darkTheme\": false\n}",
@andrewkroh
andrewkroh / metricbeat.yml
Created Nov 21, 2016
Metricbeat Config for Monitoring a Docker-Machine
View metricbeat.yml
# Run `eval $(docker-machine env default)` to set the environment variables used below.
metricbeat.modules:
- module: docker
metricsets: ["cpu", "info", "memory", "network", "diskio", "container"]
hosts: ["${DOCKER_HOST}"]
ssl:
certificate_authority: "${DOCKER_CERT_PATH}/ca.pem"
certificate: "${DOCKER_CERT_PATH}/cert.pem"
key: "${DOCKER_CERT_PATH}/key.pem"
@andrewkroh
andrewkroh / Microsoft-Windows-Security-Auditing.txt
Created Feb 2, 2017
Microsoft-Windows-Security-Auditing Messages from Windows 2012 Server
View Microsoft-Windows-Security-Auditing.txt
Id : 4608
Version : 0
LogLink : System.Diagnostics.Eventing.Reader.EventLogLink
Level : System.Diagnostics.Eventing.Reader.EventLevel
Opcode : System.Diagnostics.Eventing.Reader.EventOpcode
Task : System.Diagnostics.Eventing.Reader.EventTask
Keywords : {}
Template :