Mitch chilledornaments

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                chilledornaments
                / keybase.md
            
            
              Created
              February 27, 2018 20:13
            
          
    Keybase proof

I hereby claim:

I am mitchya1 on github.
I am mitchya1 (https://keybase.io/mitchya1) on keybase.
I have a public key whose fingerprint is 8266 53C6 86AD 723B 9B3C  4240 2C51 8DCB EA0F 759E

To claim this, I am signing this object:

  
## check-certs.sh
#!/bin/bash
TARGETS=(
			'example.com'
			'example.net'
			'example.org'
		)
SLACK_URL='Your incoming webhook'. # 'https://hooks.slack.com/services/SOMETHING/SOMETHING ELSE'
emoji=":terminator:"
uname="CERT CHECKER"
channel="#alerts"

## WatchGuardGraylogExtractors.txt
protocol:
(tcp|udp)

srcIP:
(?:tcp|udp)\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})

dstIP:
(?:\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}))

insideInterface:

## info.txt
Monitoring a WatchGuard with Zabbix via SNMP isn't as well documented as you'd hope, but it's also not difficult.

Step 1) Install this template into Zabbix: https://share.zabbix.com/network_devices/watchguard/firebox-watchguard-m400

Step 2) In your WatchGuard, go to System > SNMP. Select SNMP v1/v2c. Create a community string.

Step 3) In your WatchGuard, go to Firewall > Firewall Policies. Create a new policy allowing SNMP from your Zabbix server.

Step 4) Create the host in Zabbix. Remove the Zabbix agent entry. Add an SNMP entry. Leave port 161. Assign the WatchGuard to a group.
Add the "Halley Firewall Watchguard M400" template (unless you renamed it). Go to "Macros". Add "{$SNMP_COMMUNITY}" and

## ratelimit-watchguard.txt
Rate limiting specific traffic/services on WatchGuard

Firewall > Traffic Management > Add Policy

Name Policy

Set 'Type' to 'Per Policy'

Set bandwidth limitations

## TD-Agent-GELF.sh
#!/usr/bin/env bash
# I've spent too much time banging my head against the wall trying to do this to not document it

cd /etc/td-agent/plugin/ && sudo wget https://raw.githubusercontent.com/emsearcy/fluent-plugin-gelf/master/lib/fluent/plugin/out_gelf.rb
sudo /usr/sbin/td-agent-gem install gelf

echo "Installed td-agent GELF plugin"

exit 0

## Python3-CloudFront-SignedURL
#!/usr/bin/env python36
import boto3, rsa, datetime
from botocore.signers import CloudFrontSigner
from datetime import timedelta

"""
First things first, sign into your AWS Root account. Per Amazon's documentation:

IAM users can't create CloudFront key pairs. You must log in using root credentials to create key pairs.

## WatchGuard_Graylog_Grok.txt
######################
WatchGuard doesn't send standardized messages meaning you have to create
different extractors for different scenarios

######################

# Temporarily host blocks
# String to match: Temporarily blocking host

%{IPV4:blocked_host}

## gunicorn_conf.py
import socket

from os import environ

hostname = socket.gethostname()

"""
Logging env vars with %({env_var}e)s hasn't worked for me in gunicorn 20.0.4
"""

## main.go
/*
This is a very basic example of sending custom messages to Graylog with the go-gelf package
GELF Spec https://docs.graylog.org/en/3.2/pages/gelf.html#gelf-via-udp
*/

package main

import (
	"fmt"
	"gopkg.in/Graylog2/go-gelf.v2/gelf"
	#!/bin/bash
	TARGETS=(
	'example.com'
	'example.net'
	'example.org'
	)
	SLACK_URL='Your incoming webhook'. # 'https://hooks.slack.com/services/SOMETHING/SOMETHING ELSE'
	emoji=":terminator:"
	uname="CERT CHECKER"
	channel="#alerts"
	protocol:
	(tcp\|udp)

	srcIP:
	(?:tcp\|udp)\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})

	dstIP:
	(?:\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\s(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}))

	insideInterface:
	Monitoring a WatchGuard with Zabbix via SNMP isn't as well documented as you'd hope, but it's also not difficult.

	Step 1) Install this template into Zabbix: https://share.zabbix.com/network_devices/watchguard/firebox-watchguard-m400

	Step 2) In your WatchGuard, go to System > SNMP. Select SNMP v1/v2c. Create a community string.

	Step 3) In your WatchGuard, go to Firewall > Firewall Policies. Create a new policy allowing SNMP from your Zabbix server.

	Step 4) Create the host in Zabbix. Remove the Zabbix agent entry. Add an SNMP entry. Leave port 161. Assign the WatchGuard to a group.
	Add the "Halley Firewall Watchguard M400" template (unless you renamed it). Go to "Macros". Add "{$SNMP_COMMUNITY}" and
	Rate limiting specific traffic/services on WatchGuard

	Firewall > Traffic Management > Add Policy

	Name Policy

	Set 'Type' to 'Per Policy'

	Set bandwidth limitations
	#!/usr/bin/env bash
	# I've spent too much time banging my head against the wall trying to do this to not document it

	cd /etc/td-agent/plugin/ && sudo wget https://raw.githubusercontent.com/emsearcy/fluent-plugin-gelf/master/lib/fluent/plugin/out_gelf.rb
	sudo /usr/sbin/td-agent-gem install gelf

	echo "Installed td-agent GELF plugin"

	exit 0
	#!/usr/bin/env python36
	import boto3, rsa, datetime
	from botocore.signers import CloudFrontSigner
	from datetime import timedelta

	"""
	First things first, sign into your AWS Root account. Per Amazon's documentation:

	IAM users can't create CloudFront key pairs. You must log in using root credentials to create key pairs.
	######################
	WatchGuard doesn't send standardized messages meaning you have to create
	different extractors for different scenarios

	######################

	# Temporarily host blocks
	# String to match: Temporarily blocking host

	%{IPV4:blocked_host}
	import socket

	from os import environ

	hostname = socket.gethostname()

	"""
	Logging env vars with %({env_var}e)s hasn't worked for me in gunicorn 20.0.4
	"""
	/*
	This is a very basic example of sending custom messages to Graylog with the go-gelf package
	GELF Spec https://docs.graylog.org/en/3.2/pages/gelf.html#gelf-via-udp
	*/

	package main

	import (
	"fmt"
	"gopkg.in/Graylog2/go-gelf.v2/gelf"