Andrew Kroh andrewkroh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <libproc.h> | |
| #include <sys/proc_info.h> | |
| static const char* USAGE = "Usage: %s pid\n"; | |
| static const char* INVALID_PID = "Invalid pid: %s\n"; | |
| static const char* UNABLE_TO_GET_PROC_FDS = "Unable to get open file handles for %d\n"; | |
| static const char* OUT_OF_MEMORY = "Out of memory. Unable to allocate buffer with %d bytes\n"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am andrewkroh on github. | |
| * I am andrewkroh (https://keybase.io/andrewkroh) on keybase. | |
| * I have a public key whose fingerprint is 3244 3ADF 2BE8 47C2 B49D 729B 0558 8481 AB5B 6468 | |
| To claim this, I am signing this object: |
andrewkroh
/ main.go
Created
September 20, 2017 20:09
Go seccomp-bpf example using Google Kafel to generate BPF filter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "errors" | |
| "log" | |
| "os/exec" | |
| "syscall" | |
| "unsafe" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Amazon SNS Event Publisher | |
| * | |
| * Copyright 2016 Andrew Kroh | |
| */ | |
| import java.text.DateFormat | |
| import java.text.SimpleDateFormat | |
| import javax.crypto.Mac | |
| import javax.crypto.spec.SecretKeySpec |
andrewkroh
/ elasticsearch.groovy
Created
March 23, 2017 16:02
Elasticsearch Output for SmartThings Events
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Elasticsearch Event Publisher | |
| * | |
| * Copyright 2017 Andrew Kroh | |
| */ | |
| import java.text.DateFormat; | |
| import java.text.SimpleDateFormat; | |
| definition( |
andrewkroh
/ Microsoft-Windows-FileInfoMinifilter.txt
Last active
January 7, 2022 11:08
Microsoft-Windows-FileInfoMinifilter Messages from Windows 2012 Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Id : 1 | |
| Version : 0 | |
| LogLink : System.Diagnostics.Eventing.Reader.EventLogLink | |
| Level : System.Diagnostics.Eventing.Reader.EventLevel | |
| Opcode : System.Diagnostics.Eventing.Reader.EventOpcode | |
| Task : System.Diagnostics.Eventing.Reader.EventTask | |
| Keywords : {, fi:FileNameCreate} | |
| Template : <template xmlns="http://schemas.microsoft.com/win/2004/08/events"> |
andrewkroh
/ Microsoft-Windows-Security-Auditing.txt
Created
February 2, 2017 04:27
Microsoft-Windows-Security-Auditing Messages from Windows 2012 Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Id : 4608 | |
| Version : 0 | |
| LogLink : System.Diagnostics.Eventing.Reader.EventLogLink | |
| Level : System.Diagnostics.Eventing.Reader.EventLevel | |
| Opcode : System.Diagnostics.Eventing.Reader.EventOpcode | |
| Task : System.Diagnostics.Eventing.Reader.EventTask | |
| Keywords : {} | |
| Template : |
andrewkroh
/ metricbeat.yml
Created
November 21, 2016 15:34
Metricbeat Config for Monitoring a Docker-Machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run `eval $(docker-machine env default)` to set the environment variables used below. | |
| metricbeat.modules: | |
| - module: docker | |
| metricsets: ["cpu", "info", "memory", "network", "diskio", "container"] | |
| hosts: ["${DOCKER_HOST}"] | |
| ssl: | |
| certificate_authority: "${DOCKER_CERT_PATH}/ca.pem" | |
| certificate: "${DOCKER_CERT_PATH}/cert.pem" | |
| key: "${DOCKER_CERT_PATH}/key.pem" |
andrewkroh
/ winlogbeat-account-usage-dashboard.json
Last active
August 20, 2018 19:19
Winlogbeat - Account Usage Dashboard for Kibana
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "_id": "Winlogbeat-Account-Usage", | |
| "_type": "dashboard", | |
| "_source": { | |
| "title": "Windows - Account Usage", | |
| "hits": 0, | |
| "description": "", | |
| "panelsJSON": "[\n {\n \"col\": 7,\n \"id\": \"Failed-Logon-Attempts-Area-Chart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 3,\n \"id\": \"Remote-Desktop-Connections\",\n \"panelIndex\": 3,\n \"row\": 5,\n \"size_x\": 10,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Logon-Map\",\n \"panelIndex\": 5,\n \"row\": 5,\n \"size_x\": 2,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Total-Successful-Logons-1\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n }\n]", | |
| "optionsJSON": "{\n \"darkTheme\": false\n}", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| # Version of go to download from ports. http://ports.su/lang/go,-main | |
| go_version = '1.5.3' | |
| # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! | |
| VAGRANTFILE_API_VERSION = "2" | |
| # Source: https://atlas.hashicorp.com/kaorimatz/boxes/openbsd-5.9-amd64/versions/20160402.0.0 |