Skip to content

Instantly share code, notes, and snippets.


Andrew Kroh andrewkroh

View GitHub Profile
andrewkroh /
Created Mar 5, 2015
Redhat 6 STIG Examples using OpenSCAP
# Install openscap tool.
sudo yum install openscap-utils
# Generate report based on RedHat's scap-security-guide project (SSG).
# Requires EPEL.
sudo yum install scap-security-guide
oscap xccdf eval --profile stig-rhel6-server-upstream \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
andrewkroh /
Created Sep 8, 2015
Jar Verification with OpenSSL
# Print attributes inside of DSA/RSA file:
openssl cms -in ORG.RSA -inform DER -noout -cmsout -print
# Verify the signature:
openssl smime -verify -inform DER -in ORG.RSA -content ORG.SF -noverify
# Print signing chain:
openssl pkcs7 -text -in ORG.RSA -inform DER -print_certs -noout
andrewkroh /
Last active Nov 20, 2017
Install Golang 1.5.1 on Solaris
#!/bin/bash -e
function setup_profile() {
cat << 'EOF' >> $profile
export GOROOT=/go1.5.1-solaris
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
[ ! -d "$GOPATH" ] && mkdir $GOPATH
andrewkroh / install-go.ps1
Last active Jul 23, 2022
Install Golang using Powershell
View install-go.ps1
# Installs golang on Windows.
# # Run script:
# .\install-go.ps1 -version 1.5.3
# # Download and run script:
# $env:GOVERSION = '1.5.3'
# iex ((new-object net.webclient).DownloadString('SCRIPT_URL_HERE'))
andrewkroh /
Last active Jan 11, 2022
Using TLS between Beats and Logstash

Using TLS between Beats and Logstash

Beats to Logstash over TLS

The purpose of this document is to help with configuring and troubleshooting using TLS on the connection between Beats and Logstash.


You must configure TLS on both the client and server to make this work. This

andrewkroh / deduplicate_strings.go
Created Mar 1, 2016
Deduplicate a Slice of Strings in Go
View deduplicate_strings.go
// Deduplicate returns a new slice with duplicates values removed.
func Deduplicate(s []string) []string {
if len(s) == 0 {
return s
result := []string{}
seen := make(map[string]struct{})
for _, val := range s {
if _, ok := seen[val]; !ok {
andrewkroh / Vagrantfile
Last active Apr 15, 2016
Beats Vagrant Files
View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Version of go to download from ports.,-main
go_version = '1.5.3'
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
# Source:
andrewkroh / winlogbeat-account-usage-dashboard.json
Last active Aug 20, 2018
Winlogbeat - Account Usage Dashboard for Kibana
View winlogbeat-account-usage-dashboard.json
"_id": "Winlogbeat-Account-Usage",
"_type": "dashboard",
"_source": {
"title": "Windows - Account Usage",
"hits": 0,
"description": "",
"panelsJSON": "[\n {\n \"col\": 7,\n \"id\": \"Failed-Logon-Attempts-Area-Chart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 3,\n \"id\": \"Remote-Desktop-Connections\",\n \"panelIndex\": 3,\n \"row\": 5,\n \"size_x\": 10,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Logon-Map\",\n \"panelIndex\": 5,\n \"row\": 5,\n \"size_x\": 2,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Total-Successful-Logons-1\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n }\n]",
"optionsJSON": "{\n \"darkTheme\": false\n}",
andrewkroh / metricbeat.yml
Created Nov 21, 2016
Metricbeat Config for Monitoring a Docker-Machine
View metricbeat.yml
# Run `eval $(docker-machine env default)` to set the environment variables used below.
- module: docker
metricsets: ["cpu", "info", "memory", "network", "diskio", "container"]
hosts: ["${DOCKER_HOST}"]
certificate_authority: "${DOCKER_CERT_PATH}/ca.pem"
certificate: "${DOCKER_CERT_PATH}/cert.pem"
key: "${DOCKER_CERT_PATH}/key.pem"
andrewkroh / Microsoft-Windows-Security-Auditing.txt
Created Feb 2, 2017
Microsoft-Windows-Security-Auditing Messages from Windows 2012 Server
View Microsoft-Windows-Security-Auditing.txt
Id : 4608
Version : 0
LogLink : System.Diagnostics.Eventing.Reader.EventLogLink
Level : System.Diagnostics.Eventing.Reader.EventLevel
Opcode : System.Diagnostics.Eventing.Reader.EventOpcode
Task : System.Diagnostics.Eventing.Reader.EventTask
Keywords : {}
Template :