dcode
/ 01-migrate-bro-data.sh
Last active
October 7, 2016 17:10
Attempt to migrate data to old indexes. I need to do this because data types changed, but I don't want to lose the old data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Move index names from bro-YYYY.MM.DD to bro-v1-YYYY.MM.DD | |
| for item in $(curl -s -n -XGET localhost:9200/_cat/indices | awk '/bro-/ { split($3,a,"-"); print a[2] }'); do | |
| cat <<EOF | curl -s -n -XPOST localhost:9200/_reindex -d @- >/dev/null | |
| { "source": {"index": "bro-${item}"}, "dest": {"index": "bro.v1-${item}"} } | |
| EOF | |
| echo -e "\nCloned data from bro-${item} to bro.v1-${item}" | |
| done |
dcode
/ GitHub Flavored Asciidoc (GFA).adoc
Last active
August 23, 2025 16:53
Demo of some useful tips for using Asciidoc on GitHub
dcode
/ group_cpuinfo_by_socket-core-ids.sh
Last active
September 27, 2016 21:07
Get top-level physical processor numbers grouped by socket and core id's
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| egrep -e "processor" -e "core id" -e ^physical /proc/cpuinfo | \ | |
| xargs -l3 echo | \ | |
| awk -vOFS='\t' '{ print "{\"socket\": "$7", \"core\": " $11 ", \"proc\":" $3 "}" }' | \ | |
| jq -sc ' | |
| [.[] | {sock_core:"\(.socket)-\(.core)", proc, core, socket } ] | |
| | group_by(.sock_core) | .[] | .[0] ' | \ | |
| sort -V |
dcode
/ stenographer.service
Last active
June 30, 2023 03:00
This is a hack that I put together to pull PCAP from multiple instances of stenographer, each with a different configuration file. It adds `mergecap` as a dependency, which is used to produce the final PCAP, which is then filtered through `tcpdump` as before.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2014 Google Inc. All rights reserved. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, |
dcode
/ 00-README.adoc
Last active
January 25, 2023 21:33
This is a CentOS-themed /etc/issue w/ hooks to update IP address and OS release upon ifup/ifdown. My motivation was that I was tired of logging into an otherwise headless box just to find the IP of the system so I can SSH to it.
|
Note
|
The issue.in file actually contains control characters to do the color
in the text. The easiest way to preserve that is to clone this gist and run
the install.sh script w/ sudo, which will copy the file and set the SELinux
|
dcode
/ elasticsearch@.service
Last active
September 7, 2016 16:27
Example template service file for multiple instances. Set `node.name` in `elasticsearch.yml` to ${NODENAME}.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Elasticsearch | |
| Documentation=http://www.elastic.co | |
| Wants=network-online.target | |
| After=network-online.target | |
| [Service] | |
| Environment=ES_HOME=/usr/share/elasticsearch | |
| Environment=CONF_DIR=/etc/elasticsearch | |
| Environment=DATA_DIR=/var/lib/elasticsearch |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # file: /etc/ethers | |
| 00:0c:29:c0:94:bf 172.16.121.40 | |
| 00:0c:59:44:f0:a0 10.0.0.5 |
dcode
/ json2csv.jq
Created
August 30, 2016 16:58
Useful for mapping JSON to CSV when each of the records have the same structure. You can put this into a script and `chmod +x` it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/jq -s -r -f | |
| ( map(keys) | add | unique ) as $cols | | |
| map(. as $row | $cols | map($row[.])) as $rows | | |
| $cols, $rows[] | @csv |
dcode
/ zone_checks.bro
Last active
February 17, 2020 03:31
Demonstrates how to use Bro's Site::local_zones and Site::neighbor_zones in scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| redef Site::local_zones = { | |
| "example.org", | |
| }; | |
| # Bro will automatically include all subdomains | |
| # so don't swing too big of a hammer in production | |
| redef Site::neighbor_zones = { | |
| "bar.org", | |
| "org", | |
| }; |