dcode
/ gist:f879a62574e94a2265ae
Created
May 4, 2014 22:49
— forked from cr0t/gist:1243431
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| object Download extends Controller { | |
| import org.apache.commons.logging.Log | |
| import org.apache.hadoop.conf.Configuration | |
| import org.apache.hadoop.fs._ | |
| import java.io.InputStream | |
| import java.net.URI | |
| import java.net.URLDecoder | |
| def download(filename: String) = { |
dcode
/ gist:d7f19f519bfe9ff8ce5d
Last active
August 29, 2015 14:05
Shell snippet. Takes output from bro2json.py and creates an array of JSON objects grouped by uid and id fields
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This more or less just shows the format of the log data on input. | |
| zcat bro2jsondata.json.gz| sed 's/id\./id_/g' | ./json -g | jq '[ map(select(.uid and .uid != "-" )) | group_by(.uid) | .[0] ]' | |
| [ | |
| [ | |
| { | |
| "type": "conn", | |
| "id_orig_h": "10.10.10.17", | |
| "resp_ip_bytes": "0", | |
| "ts": "1384833674.270877", |
dcode
/ gist:66343a641c0f3caf122d
Created
August 10, 2014 18:48
Download the Java 8 64-bit RPM using curl (which more commonly installed over wget)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl --location --remote-name --remote-header-name --cookie "oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u11-b12/jre-8u11-linux-x64.rpm |
dcode
/ Attempt at File Extraction Policy
Created
September 4, 2014 03:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global ext_map: table[string] of string = { | |
| ["application/x-dosexec"] = "exe", | |
| ["text/plain"] = "txt", | |
| ["image/jpeg"] = "jpg", | |
| ["image/png"] = "png", | |
| ["text/html"] = "html", | |
| } &default =""; | |
| event file_new(f: fa_file) | |
| { |
dcode
/ brocolor.sh
Last active
August 29, 2015 14:06
— forked from jeffgeiger/brocolor.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cat $1 | sed 's/#fields\t\|#types\t//g' | grep -v "^#" | awk 'BEGIN {FS="\t"; OFS=FS};{for(i=1;i<=NF;i++) printf("\x1b[%sm%s\x1b[0m%s",(i%7)+31,$i,OFS); print ""}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # encoding: utf-8 # *NOTE*: I have no idea what I'm doing and this is untested. Use at your own risk | |
| # (though I welcome assistance) | |
| require "logstash/filters/base" | |
| require "logstash/namespace" | |
| require "csv" | |
| require "bigdecimal" | |
| # The Bro filter takes an event field containing Bro log data, parses it, |
dcode
/ gist:afb3f21c0dd5801ad540
Created
October 29, 2014 23:56
bro log to pipe separated values (PSV) w/ camelcase headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bro-cut -uc -F'|' | grep -E '^#fields|^2014' | sed 's/^#fields|//' | sed -e '1s/\./_/g' -e '1s/_\([a-z]\)/\u\1/g' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $1 ~ /#fields.*/ { print $0 "\tend"; next }; | |
| $1 ~ /#types/ { print $0 "\ttime"; next }; | |
| $1 ~ /^#.*/ { print $0; next}; | |
| $1 ~ /^[^#]/ { OFMT="%.16g"; print $0, $1+$9 } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user="root" | |
| group="root" | |
| chroot="/" | |
| chdir="/" | |
| nice="" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You just need to save that to rpm2cpio.sh, make it executable, and then | |
| run | |
| rpm2cpio rpm-4.1.1-1.7x.src.rpm | cpio -idv | |
| Source: http://www.redhat.com/archives/rpm-list/2003-June/msg00367.html |
OlderNewer