Skip to content

Instantly share code, notes, and snippets.

View gitcomrade's full-sized avatar

comrade_for_hire gitcomrade

5 followers · 13 following
View GitHub Profile
@gitcomrade
gitcomrade / jail.d_kippo.conf
Last active February 5, 2018 22:16
Fail2ban Custom Jail for Kippo
#Place in /etc/fail2ban/jail.d/kippo.conf
[kippo-iptables]
enabled = true
#filter points to file in filter.d/
filter = kippo
#action points to file in action.d/
action = iptables[name=kippo, port=22, protocol=tcp]
logpath = $kippo_dir/log/kippo.log
maxretry = 5
bantime = 3600
@gitcomrade
gitcomrade / filter.d_kippo.conf
Created January 22, 2018 23:02
Fail2ban Custom Jail for Kippo
#Place in /etc/fail2ban/filter.d/kippo.conf
[Definition]
failregex = \[SSHService ssh-connection on HoneyPotTransport,(\d{1,5}),<HOST>\] Unhandled Error
\[SSHService ssh-connection on HoneyPotTransport,(\d{1,5}),<HOST>\] channel open failed
\[SSHService ssh-connection on HoneyPotTransport,(\d{1,5}),<HOST>\] got channel direct-tcpip request
ignoreregex =
#example text lines
#2010-12-28 14:57:09-0600 [SSHService ssh-connection on HoneyPotTransport,60,10.0.0.1] Unhandled Error
#2011-01-22 15:28:02-0600 [SSHService ssh-connection on HoneyPotTransport,10500,10.0.0.1] channel open failed
@gitcomrade
gitcomrade / sudoers.txt
Last active October 30, 2018 18:36
Suders entry for Nexpose Credentialed Scans
username ALL = (root) NOPASSWD:/bin/bash -c echo *, /bin/mount "", /bin/sh -c umask --login, /bin/echo ScanEnginePermissionElevationTest, /bin/sed "s/^/R7stdout\: /", /bin/id, /bin/ls, /usr/sbin/dmidecode, /bin/netstat *, /usr/sbin/lsof, /bin/cat /etc/securetty, /bin/grep -l *, /bin/find / -xdev -nouser -o -nogroup, /bin/find / -xdev -type f -perm -02 | head -50, /bin/find / -xdev \\( -perm -2000 -o -perm -4000 \\) -exec ls -lLd {} \\;, /bin/find /root /home -xdev -type f -name .rhosts, /bin/find /root /home -xdev -type f -name .netrc, /bin/find / \\( -fstype cifs -o -fstype smbfs -o -fstype nfs -o -fstype nfs4 -o -fstype ncpfs -o -fstype vmhgfs -o -fstype gpfs \\) -prune -type f -o -name 'sshd_config' -o -name 'mysqlhotcopy' -o -name 'mysqlaccess' -o -name 'suidperl' -o -name 'mail' -o -name 'registry.xml' -o -name 'bsu.sh' -o -name 'version.txt' -o -name 'jar-versions.xml', /bin/find /etc \\( -fstype cifs -o -fstype smbfs -o -fstype nfs -o -fstype nfs4 -o -fstype ncpfs -o -fstype vmhgfs -o -fstype gpfs \\)
@gitcomrade
gitcomrade / nsloop.sh
Created June 17, 2019 22:57
nslookup loop for omnidirectional IP to hostname conversion
#!/bin/bash
# IP to hostname converter
# takes a command line argument of a text file containing IP addresses or hostnames with one per line
# performs DNS forward or reverse lookups depending on the source type and parses the exact string we want
# list needs to be either all IPs or all hostnames
if head -n1 $1 | grep -P "^[[:alpha:]]{2}" > /dev/null ; then
field=2
elif head -n1 $1 | grep -P "^[[:digit:]]{1,3}" > /dev/null ; then
field=3
@gitcomrade
gitcomrade / apt-cron.sh
Last active April 8, 2021 16:21
Applying scheduled patching sometimes needs a system reboot. Works with https://gist.github.com/gitcomrade/8a1707e45c00b2751bbfde1855747ec5
#!/bin/bash
# If https://wiki.debian.org/UnattendedUpgrades doesn't work well, uncomment and run it in this script
# unattended-upgrade
# Schedule apt to update regularly via unattended-upgrade. This script should run slightly afterwards.
# It checks to see if the system needs to be rebooted to load what apt updated.
# Checks to see if a running service is running an old library from memory.
@gitcomrade
gitcomrade / Debian-unattended-upgrades
Last active April 8, 2021 16:20
Taken from vendor docs at https://wiki.debian.org/UnattendedUpgrades
Goal is to have updates ran once per week on Weds mornings.
sudo apt install unattended-upgrades apt-listchanges
sudo vim /etc/apt/apt.conf.d/20auto-upgrades default no changes
sudo vim /etc/apt/apt.conf.d/50unattended-upgrades AND uncomment out the following lines by deleting preceeding //'s (or just config this file how you want)