anthonygtellez

Fix for Splunk TA Bro to index gzipped data and have the sourcetype match current log

• disable input once historical data onboarding is completed.
• required on UF, HF, IDX, SH

Inputs.conf

[monitor:///usr/local/bro/logs/*/*.log.gz]
sourcetype = brogz
index = bro

apolloclark

Redhat No-Cost Developer Subscription

https://developers.redhat.com/blog/2016/03/31/no-cost-rhel-developer-subscription-now-available/

https://developers.redhat.com/articles/frequently-asked-questions-no-cost-red-hat-enterprise-linux-developer-subscription/

• one physical install, with up to 8 processor sockets
• unlimited number of guest VM's

Redhat EOL dates

ArnaudValensi

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 10000 -nodes

automine

[WinEventLog:Security]
#Returns most of the space savings XML would provide
SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
SEDCMD-clean3-blank_ipv6 = s/::ffff://g
SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g

craigvantonder

#!/bin/bash

# NB: First install nscd with sudo apt-get install nscd

# run this command to flush dns cache:
sudo /etc/init.d/dns-clean restart
# or use:
sudo /etc/init.d/networking force-reload
# Flush nscd dns cache:
sudo /etc/init.d/nscd restart

dcode

cat << EOF | sudo tee /etc/yum.repos.d/ol7_addons.repo
[ol7_addons]
name=Oracle Linux $releasever Add ons (\$basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/addons/\$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
EOF

# Verify this manually if you're paranoid like me

Khoulaiz

Here are several different ways to test a TCP port without telnet.

BASH (man page)

$ cat < /dev/tcp/127.0.0.1/22
SSH-2.0-OpenSSH_5.3
^C

$ cat &lt; /dev/tcp/127.0.0.1/23

fivemini

csshX --login user --ssh_args '-i /path/to/key.pem' ddd.ddd.ddd.dd1 ddd.ddd.ddd.dd2

Kartones

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

• -E: will describe the underlaying queries of the \ commands (cool for learning!)
• -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)

jhubert

$('form').each(function(i, el){
  var sender = $(this).parent().siblings('p').text().trim();
  if (sender == 'Errbit') { 
    var data = 'action=delete';
    data += '&message_id='+$(el).find('input[name="message_id"]').val();
    data += '&xsrf_token='+$(el).find('input[name="xsrf_token"]').val();
    data += '&message_index='+$(el).find('input[name="message_index"]').val();
    $.ajax({
      type: $(el).attr('method'),
      url: $(el).attr('action'),