This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/make -f | |
### CONFIGURATION BEGINS ### | |
PACKAGE:=bro-plugin-foo | |
MAINTAINER:=<derek@criticalstack.com> | |
VENDOR:=Critical Stack, Inc. | |
WEBSITE:=http://www.criticalstack.com | |
DESCRIPTION:=Build scripts for Critical Stack sensor configurations. | |
VERSION:=0.2.0 | |
RELEASE:=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Find all commits from last week since Sunday from current directory | |
find . -name .git -print -exec git --git-dir={} log --branches \ | |
--pretty=format:"%ci|%D|%s%n" --since="$(date -v-1w -v-sun +%F)" \ | |
2>/dev/null \; | grep -B1 -E "^[0-9]{4}" | grep -v -E "^$|--" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create Fake ethernet interface | |
/sbin/modprobe dummy | |
sudo ip link set dev dummy0 up |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat /proc/modules | cut -f 1 -d " " | while read module; do \ | |
echo "Module: $module"; \ | |
if [ -d "/sys/module/$module/parameters" ]; then \ | |
ls /sys/module/$module/parameters/ | while read parameter; do \ | |
echo -n "Parameter: $parameter --> "; \ | |
cat /sys/module/$module/parameters/$parameter; \ | |
done; \ | |
fi; \ | |
echo; \ | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(cat files.log | grep EXTRACT | jbro | jq --slurp 'sort_by(.missing_bytes) | .[].conn_uids ' | jq --slurp 'flatten | unique | join("|") ' > /tmp/side.fifo & ); while read line </tmp/side.fifo; do cat conn.log | grep -E $line; break; done; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build Bro from Source on Fedora 22 | |
## Install runtime dependencies - These will be needed once the RPM is built | |
sudo dnf -y install libpcap openssl-libs bind-libs zlib bash python libcurl gawk GeoIP gperftools-libs | |
## Install the build dependencies | |
sudo dnf -y install @development-tools libpcap-devel openssl-devel bind-devel zlib-devel cmake git perl libcurl-devel GeoIP-devel python-devel gperftools-devel swig flex bison rpmdevtools gcc-c++ | |
## Checkout code and build RPMs | |
git clone git://git.bro.org/bro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build bro with pfring on debian 7.8 | |
# Setup the source tree | |
mkdir src | |
git clone git@github.com:bro/bro.git | |
cd bro; git submodule update --init --recursive | |
# Install build-time dependencies | |
sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Enable EPEL | |
sudo yum -y install epel-release | |
# Install run-time deps | |
sudo yum -y install libpcap openssl bind-libs zlib bash python libcurl gawk GeoIP gperftools-libs | |
# Install compile-time deps | |
sudo yum -y install @development libpcap-devel openssl-devel bind-devel zlib-devel cmake git perl libcurl-devel GeoIP-devel python-devel gperftools-devel swig flex bison rpmdevtools gcc-c++ | |
# Clone git repo (this is from Vagrant) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Notice tail | |
stdbuf -o0 tail -n+1 -F notice.log \ | |
| stdbuf -o0 bro-cut -d ts note msg \ | |
| awk -F'\t' '{ print "================\n" $1, $2"\n", $3 }' | |
# HTTP Tail | |
stdbuf -o0 tail -n+1 -F http.log \ | |
| stdbuf -o0 bro-cut id.orig_h uri user_agent \ | |
| awk -F'\t' '{ print "=================\n" $1, $2"\n", $3 }' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zcat */notice.*.gz \ | |
| cat - current/notice.log \ | |
| jq -s '.[].ts |= (split(".")[0] | . + "Z" | fromdateiso8601 ) | |
| group_by(.note) | [ .[] | {note: unique_by(.note)[0].note, first_heard: min_by(.ts).ts | |
| todate, last_heard: max_by(.ts).ts | todate, count: length } ] | sort_by(.count) | reverse ' |