Skip to content

Instantly share code, notes, and snippets.

View cherdt's full-sized avatar

Chris Herdt cherdt

11 followers · 2 following
View GitHub Profile
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@drmalex07
drmalex07 / README-setup-tunnel-as-systemd-service.md
Last active May 4, 2024 15:04
Setup a secure (SSH) tunnel as a systemd service. #systemd #ssh #ssh-tunnel #ssh-forward

README

Create a template service file at /etc/systemd/system/secure-tunnel@.service. The template parameter will correspond to the name of target host:

[Unit]
Description=Setup a secure tunnel to %I
After=network.target
@apolloclark
apolloclark / Twitter API with Curl
Last active November 10, 2023 11:36
Twitter API with Curl
# create an account, create an app
# @see https://apps.twitter.com/
# retrieve the access tokens
# @see https://dev.twitter.com/oauth/reference/post/oauth2/token
# create the file ~/twitter_api
nano ~/twitter_api
Authorization: OAuth oauth_consumer_key="XXXXXX", oauth_nonce="11111111", oauth_signature="XXXXXX", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1450728725", oauth_token="99999-XXXXXX", oauth_version="1.0"
@stbuehler
stbuehler / systemd-spawn-fcgi.sh
Created March 28, 2015 09:09
systemd to FastCGI socket passing compatibility script
#!/bin/bash
set -e
if [ "${LISTEN_PID}" != $$ ]; then
echo >&2 "file descriptors not for us, pid not matching: '${LISTEN_PID}' != '$$'"
exit 255
fi
if [ "${LISTEN_FDS}" != "1" ]; then
@arthurzenika
arthurzenika / poodlebleed.sls
Created October 15, 2014 09:22
poodlebleed.sls for saltstack deploymenet of poodel vulnerability in SSLv3
{% if salt['pkg.version']('apache2') %}
poodle apache server restart:
service.running:
- name: apache2
{% for foundfile in salt['cmd.run']('rgrep -m 1 SSLProtocol /etc/apache*').split('\n') %}
{% if 'No such file' not in foundfile and 'bak' not in foundfile and foundfile.strip() != ''%}
poodle {{ foundfile.split(':')[0] }}:
file.replace:
- name : {{ foundfile.split(':')[0] }}
- pattern: "SSLProtocol all -SSLv2[ ]*$"
@mattwhite
mattwhite / build-bash-lenny.sh
Last active August 29, 2015 14:06
Compile Bash 3.2 from source for Debian Lenny to patch the shellshock vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187)
# inspired by http://askubuntu.com/a/528171 and the comments below
# build bash 3.2, though this should work for other versions as well
BASH_MAJOR=3
BASH_MINOR=2
# prerequisites
sudo apt-get install build-essential gettext bison
# get bash source
@fernandoaleman
fernandoaleman / rpm-digital-signature.sh
Created November 18, 2011 15:18
How to sign your custom RPM package with GPG key
# How to sign your custom RPM package with GPG key
# Step: 1
# Generate gpg key pair (public key and private key)
#
# You will be prompted with a series of questions about encryption.
# Simply select the default values presented. You will also be asked
# to create a Real Name, Email Address and Comment (comment optional).
#
# If you get the following response: