dcode
/ smtp_message_share.bro
Created
July 14, 2017 13:41
dcode
/ remove_modules.sh
Created
June 11, 2017 20:40
Remove Python modules back to a given snapshot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # requirements.txt.orig is the result of `pip freeze > requirements.txt.orig` | |
| # requirements.txt is the current snapshot of pipe | |
| comm -2 -3 requirements.txt requirements.txt.orig | awk -F= '{ print $1 }' | xargs pip uninstall -y |
dcode
/ bro-findkernelheaders-hack.patch
Last active
September 27, 2017 13:58
Patches needed for bro RPM packages for ROCK NSM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -u --recursive bro-2.5.orig/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake bro-2.5/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake | |
| --- bro-2.5.orig/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake 2017-05-26 03:15:47.598844347 +0000 | |
| +++ bro-2.5/aux/plugins/af_packet/cmake/FindKernelHeaders.cmake 2017-05-26 03:21:44.099990030 +0000 | |
| @@ -20,10 +20,18 @@ | |
| OUTPUT_STRIP_TRAILING_WHITESPACE | |
| ) | |
| +# Admittedly a hack, but in practice we just need *some* headers | |
| +execute_process( | |
| + COMMAND bash "-c" "find /usr/src/kernels -print | grep -E '/include/linux/user.h' | cut -d/ -f5 | sort -u | tail -1" |
dcode
/ 75-dual-home-routing.sh
Last active
May 11, 2023 03:11
NetworkManager hook to update the routing tables for dual-homed systems, allowing traffic past the gateway on either interface.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # 75-dual-home-routing | |
| # Description: Updates routing tables to allow traffic on dual-homed boxes | |
| # according to the interface it came in on | |
| # Place in /etc/NetworkManager/dispatcher.d/ and update interface name below | |
| IF=$1 | |
| STATUS=$2 | |
| function update_routing_table() { |
dcode
/ ROCKNSM-BETA0.adoc
Created
December 14, 2016 05:32
dcode
/ Vagrantfile
Created
November 4, 2016 17:27
Working Vagrantfile using bento/centos-7.2 w/ bridged interface and self-updating HGFS for /vagrant mapping
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| Vagrant.configure("2") do |config| | |
| config.vm.box = "bento/centos-7.2" | |
| config.vm.provider "vmware_fusion" do |vmware| | |
| vmware.linked_clone = true | |
| #vmware.gui = true | |
| vmware.vmx["memsize"] = "8192" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NAME := bro | |
| GIT_REPO := https://github.com/bro/bro.git | |
| GIT_BRANCH := master | |
| COMMIT0 := $(shell git ls-remote $(GIT_REPO) | grep -E 'refs/heads/$(GIT_BRANCH)$$' | cut -f1) | |
| SHORTCOMMIT0 := $(shell echo $(COMMIT0)| awk '{ print substr($$0, 1, 7)}') | |
| VERSION ?=$(shell cat VERSION | cut -d- -f1) | |
| RELEASE ?=$(shell cat VERSION | cut -d- --complement -f1 | tr -d '-') | |
| SNAPSHOT := .git$(SHORTCOMMIT0) |
dcode
/ logging_tweaks.bro
Created
October 26, 2016 20:17
Configure kafka & logging extensions in bro 2.5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Setup Kafka output | |
| @load Bro/Kafka/logs-to-kafka.bro | |
| redef Kafka::topic_name = "bro"; | |
| redef Kafka::json_timestamps = JSON::TS_ISO8601; | |
| redef Kafka::tag_json = T; | |
| ## Setup event extension to include sensor and probe name | |
| type Extension: record { | |
| ## The name of the system that wrote this log. This |
dcode
/ es_architecture.txt
Created
October 20, 2016 18:01
Monodraw diagram to detail a large scale architecture for elasticsearch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| βββββββββββββββ βββββββββββββββ βββββββββββββββ | |
| β β β β β β | |
| β Master Node β β Master Node β β Master Node β | |
| β β β β β β | |
| βββββββββββββββ βββββββββββββββ βββββββββββββββ | |
| node.master: true | |
| βββββββββββββββ nod |
dcode
/ bro-aliases.sh
Last active
October 11, 2016 15:34
Some handy aliases for working with bro logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alias bro-fields="awk -vOFS='\n' '/^#fields/ { for ( i = 2 ; i<= NF; i++) print \$i }'" |