1.2 seconds upper bound for rules table on the UI to load without any rules The below is just the API
$ time ./get_prepackaged_rules_status.sh
{
"rules_custom_installed": 0,
"rules_installed": 0,
"rules_not_installed": 145,
Devin W. Hurley dhurley14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Configuration file for a typical Tor user | |
| ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. | |
| ## (may or may not work for much older or much newer versions of Tor.) | |
| ## | |
| ## Lines that begin with "## " try to explain what's going on. Lines | |
| ## that begin with just "#" are disabled commands: you can enable them | |
| ## by removing the "#" symbol. | |
| ## | |
| ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, | |
| ## for more options you can use in this file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################# | |
| # Sample OpenVPN 2.0 config file for # | |
| # multi-client server. # | |
| # # | |
| # This file is for the server side # | |
| # of a many-clients <-> one-server # | |
| # OpenVPN configuration. # | |
| # # | |
| # OpenVPN also supports # | |
| # single-machine <-> single-machine # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Configuration file for a typical Tor user | |
| ## Last updated 9 October 2013 for Tor 0.2.5.2-alpha. | |
| ## (may or may not work for much older or much newer versions of Tor.) | |
| ## | |
| ## Lines that begin with "## " try to explain what's going on. Lines | |
| ## that begin with just "#" are disabled commands: you can enable them | |
| ## by removing the "#" symbol. | |
| ## | |
| ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, | |
| ## for more options you can use in this file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # rules.before | |
| # | |
| # Rules that should be run before the ufw command line added rules. Custom | |
| # rules should be added to one of these chains: | |
| # ufw-before-input | |
| # ufw-before-output | |
| # ufw-before-forward | |
| # |
dhurley14
/ openvpn_client_log
Created
March 29, 2016 02:24
openvpn client log trying to connect to vpn through tor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2016-03-28 22:19:58 SIGUSR1[soft,init_instance] received, process restarting | |
| 2016-03-28 22:19:58 MANAGEMENT: >STATE:1459217998,RECONNECTING,init_instance,, | |
| 2016-03-28 22:20:00 *Tunnelblick: No 'reconnecting.sh' script to execute | |
| 2016-03-28 22:20:00 MANAGEMENT: CMD 'hold release' | |
| 2016-03-28 22:20:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts | |
| 2016-03-28 22:20:00 Socket Buffers: R=[131072->65536] S=[131072->65536] | |
| 2016-03-28 22:20:00 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:9040 [nonblock] | |
| 2016-03-28 22:20:00 MANAGEMENT: >STATE:1459218000,TCP_CONNECT,,, | |
| 2016-03-28 22:20:00 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:9040 failed, will try again in 5 seconds: Can't assign requested address | |
| 2016-03-28 22:20:00 SIGUSR1[soft,init_instance] received, process restarting |
dhurley14
/ malicious_nodes
Created
May 25, 2016 03:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pi@raspberrypi:/var/log/maltrail $ tail 2016-05-18.log 2016-05-19.log 2016-05-20.log 2016-05-21.log 2016-05-22.log 2016-05-23.log 2016-05-24.log 2016-05-25.log | |
| ==> 2016-05-18.log <== | |
| "2016-05-18 23:47:51.125602" raspberrypi 192.168.1.5 35579 128.208.2.233 9001 TCP IP 128.208.2.233 "tor exit node (suspicious)" blutmagie.de | |
| "2016-05-18 23:49:59.424015" raspberrypi 192.168.1.5 - 136.161.101.53 - ICMP IP 136.161.101.53 "sinkhole conficker (malware)" (static) | |
| ==> 2016-05-19.log <== | |
| "2016-05-19 10:26:19.485956" raspberrypi 192.168.1.5 39074 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
| "2016-05-19 11:59:51.032876" raspberrypi 192.168.1.5 39075 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
| "2016-05-19 13:25:15.583751" raspberrypi 192.168.1.5 39076 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
| "2016-05-19 15:10:59.114896" raspberrypi 192.168.1.5 39077 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" bl |
dhurley14
/ bitbucket-pipelines.yml
Created
December 28, 2017 17:40
— forked from adilsoncarvalho/bitbucket-pipelines.yml
Bitbucket Pipelines deployment to a Google Container Engine configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| options: | |
| docker: true | |
| pipelines: | |
| branches: | |
| master: | |
| - step: | |
| script: | |
| # Installing gcloud |
dhurley14
/ signals_mappings_difference.csv
Created
October 1, 2019 15:00
difference between csv and frank's json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent.type | ||
|---|---|---|
| as.number | ||
| as.organization.name | ||
| client.as.number | ||
| client.as.organization.name | ||
| client.nat.ip | ||
| client.nat.port | ||
| client.user.domain | ||
| cloud.machine.type | ||
| destination.as.number |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server log [16:05:30.489] [error][plugins][plugins][siem][siem] [-] nextSearchAfter threw an error [security_exception] missing authentication credentials for REST request [/apm-*-transaction*%2Cauditbeat-*%2Cendgame-*%2Cfilebeat-*%2Cpacketbeat-*%2Cwinlogbeat-*/_search?allow_no_indices=true&size=100&ignore_unavailable=true], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } } :: {"path":"/apm-*-transaction*%2Cauditbeat-*%2Cendgame-*%2Cfilebeat-*%2Cpacketbeat-*%2Cwinlogbeat-*/_search","query":{"allow_no_indices":true,"size":100,"ignore_unavailable":true},"body":"{\"query\":{\"bool\":{\"filter\":[{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"exists\":{\"field\":\"host.name\"}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}},{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"range\":{\"@timestamp\":{\"gte\":\"now-6m\"}}}],\"minimum_should_match\":1}},{\"bool\":{\"should\":[{\"range\":{\"@timestamp\": |
OlderNewer