Conor Schaefer conorsch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Helper script to query the SecureDrop Directory API, | |
| # and display how many instances are serving Onion v3 URLs. | |
| set -e | |
| set -u | |
| set -o pipefail | |
| onion_info="$(curl -s https://securedrop.org/api/v1/directory/ | python3 -m json.tool | grep -i onion_address)" |
conorsch
/ pft-demo.sh
Created
December 15, 2020 23:38
Example API queries for US Press Freedom Tracker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -s https://pressfreedomtracker.us/all-incidents/export/ | xsv frequency -s categories | xsv select 2,3 | xsv table | |
| value count | |
| Physical Attack 265 | |
| Arrest / Criminal Charge 100 | |
| Other Incident 73 | |
| Subpoena / Legal Order 71 | |
| Physical Attack, Equipment Damage 54 | |
| Denial of Access 48 | |
| Chilling Statement 42 | |
| Arrest / Criminal Charge, Physical Attack 35 |
conorsch
/ kernel-debugging.py
Created
August 4, 2020 00:14
Investigating dkms failures from https://github.com/freedomofpress/securedrop-workstation/issues/590
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Debugging script meant to reproduce the problems documented in | |
| https://github.com/freedomofpress/securedrop-workstation/issues/590 | |
| """ | |
| import logging | |
| import subprocess | |
| import sys | |
| import os |
conorsch
/ test-hvm-start-times.sh
Last active
May 5, 2020 01:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Test script to evaluate the qrexec service for Qubes VMs, | |
| # depending on virt_mode=(hvm|pvh). Starts several test-only VMs | |
| # of both virt types, then executes a command inside of them and reports | |
| # the time to completion of that command. | |
| function run_cmd_in_vm() { | |
| vm_name="$1" | |
| shift |
conorsch
/ qvm-reboot
Created
April 13, 2020 20:39
Qubes utility to reboot (halt, then start) a target VM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Utility script to reboot Qubes domains. Attempts | |
| to perform a graceful shutdown, kills if shutdown fails, | |
| then starts up. Inspiration for the timeout logic taken | |
| from qubesadmin.tools.qvm_shutdown.main. | |
| """ | |
| import argparse | |
| import time | |
| from functools import partial |
conorsch
/ qmemman-verbose.log
Created
March 31, 2020 23:54
Verbose logging of qubes-qmemman service, for https://github.com/QubesOS/qubes-issues/issues/4890
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global_lock released | |
| do_balance() | |
| balance(xen_free_memory=35843820, domain_dictionary={'24': {'last_target': 721125047, 'mem_used': 283856896, 'memory_current': 704278528, 'slow_memset_react': False, 'id': '24', 'memory_maximum': 786432000, 'memory_actual': 721125047, 'no_progress': False}, '128': {'last_target': 955639321, 'mem_used': 389140480, 'memory_current': 938901504, 'slow_memset_react': False, 'id': '128', 'memory_maximum': 4194304000, 'memory_actual': 955639321, 'no_progress': False}, '172': {'last_target': 808155535, 'mem_used': 322928640, 'memory_current': 791416832, 'slow_memset_react': False, 'id': '172', 'memory_maximum': 4194304000, 'memory_actual': 808155535, 'no_progress': False}, '171': {'last_target': 1480951661, 'mem_used': 624975872, 'memory_current': 1464107008, 'slow_memset_react': False, 'id': '171', 'memory_maximum': 4194304000, 'memory_actual': 1480951661, 'no_progress': False}, '17': {'last_target': 786432000, 'mem_used': 343920640, 'memory_current': 769589248, 'slow_memset_react': |
conorsch
/ qmemman-service-observation.txt
Created
March 31, 2020 23:25
Observations during debugging qubes-qmemman service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@dom0 ~]# cat /home/user/scripts/evaluate-qmemman.sh | |
| #!/bin/bash | |
| set -u | |
| set -o pipefail | |
| vm="fpf-dev-dvm" | |
| echo "Poll the assigned memory for the vm, so we can see whether it changes" | |
| while true; do | |
| echo "$(date) $(xl list | grep -i $vm)" |
conorsch
/ check-qmemman.sh
Created
March 24, 2020 21:00
Helper scripts to manage Qubes memory balance service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Utility script to check whether Qubes memory balancing | |
| # service has failed. Compares the timestamps of the last | |
| # success balance operation and the most recent "EOF" | |
| # message available in the log file. If EOF is more | |
| # recent, declare service broken. Recommended invocation: | |
| # | |
| # watch -n5 ./check-qmemman.sh | |
| # | |
| set -e |
conorsch
/ gist:ad21b2535b4f4a4b37717591bbe7196e
Created
September 24, 2019 21:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://27p5nbsmdt5okqun.onion/.well-known/pki-validation/40f318fb930440be9aea960640b01777.txt | |
| c17f3564e25844c5ae626955b46af267 |
conorsch
/ ossec registration fail
Created
January 28, 2019 19:28
failing on clean xenial install with new xenial build logic
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TASK [ossec : Add firewall exemption for OSSEC agent registration (both servers)] *** | |
| ok: [mon-staging] => (item={u'chain': u'INPUT', u'proto': u'tcp', u'cstate': u'NEW,ESTABLISHED,RELATED', u'jump': u'ACCEPT', u'source': u'app-staging', u'match': u'state', u'dest_port': 1515}) | |
| ok: [app-staging] => (item={u'chain': u'OUTPUT', u'proto': u'tcp', u'cstate': u'NEW,ESTABLISHED,RELATED', u'jump': u'ACCEPT', u'dest': u'10.0.1.3', u'match': u'state', u'dest_port': 1515}) | |
| ok: [mon-staging] => (item={u'chain': u'OUTPUT', u'proto': u'tcp', u'cstate': u'ESTABLISHED,RELATED', u'jump': u'ACCEPT', u'dest': u'app-staging', u'source_port': 1515, u'match': u'state'}) | |
| ok: [app-staging] => (item={u'chain': u'INPUT', u'proto': u'tcp', u'cstate': u'ESTABLISHED,RELATED', u'jump': u'ACCEPT', u'source': u'10.0.1.3', u'source_port': 1515, u'match': u'state'}) | |
| TASK [ossec : Register OSSEC agent.] ******************************************* | |
| fatal: [app-staging]: FAILED! => {"changed": true, "cmd": [ |