Skip to content

Instantly share code, notes, and snippets.

@gwsales
gwsales / audit.rules
Created Oct 6, 2018 — forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
View audit.rules
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@gwsales
gwsales / SysmonStartup.bat
Created Oct 25, 2018 — forked from silentbreaksec/SysmonStartup.bat
Windows batch file to deploy Sysmon using a startup script via GPO
View SysmonStartup.bat
@echo off
:: Author: Ryan Watson
:: Twitter: @gentlemanwatson
:: Version: 1.0
:: Credits: Credit to Syspanda.com and their Sysmon GPO article for the kick off point
:: https://www.syspanda.com/index.php/2017/02/28/deploying-sysmon-through-gpo/
:: ** IMPORTANT **
:: 1) Create a Sysmon folder with the SYSVOL share on your domain controller
:: 2) Download Sysmon from Microsoft and place both sysmon.exe and sysmon64.exe in
@gwsales
gwsales / pia-pptp-nm.sh
Last active Feb 16, 2019
Private Internet Access PPTP VPN Profile Script
View pia-pptp-nm.sh
#!/bin/bash
## This script requires jq
if ! [ -x "$(command -v jq)" ]; then
echo 'Error: jq is not installed.' >&2
exit 1
fi
echo -n "PIA pptp username (xNNNNNNN not pNNNNNNN): "
read pia_username
@gwsales
gwsales / ansible_local_playbooks.md
Created Aug 28, 2019 — forked from alces/ansible_local_playbooks.md
How to run an Ansible playbook locally
View ansible_local_playbooks.md
  • using Ansible command line:
ansible-playbook --connection=local 127.0.0.1 playbook.yml
  • using inventory:
127.0.0.1 ansible_connection=local
@gwsales
gwsales / ufw.md
Created Oct 18, 2019 — forked from kimus/ufw.md
NAT and FORWARD with Ubuntu’s ufw firewall
View ufw.md

UFW

I use Ubuntu’s Uncomplicated firewall because it is available on Ubuntu and it's very simple.

Install UFW

if ufw is not installed by default be sure to install it first.

@gwsales
gwsales / fix.sh
Last active Jun 3, 2020 — forked from alexalouit/fix.sh
fix Logstash error "logstash load error: ffi/ffi -- java.lang.NullPointerException: null" on Raspbian
View fix.sh
#!/bin/bash
# based on https://github.com/mew2057/CAST/blob/6c7f7d514b7af3c512635ec145aa829c535467dc/csm_big_data/config-scripts/logstashFixupScript.sh
# see: https://github.com/elastic/logstash/issues/10755
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
View Winlogbeat-Bulk-Read.ps1
<#
.SYNOPSIS
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
.DESCRIPTION
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
Use winlogbeat.yml to customize your configuration of winlogbeat including output.
This script will attempt to use winlogbeat.yml which is ignored in .gitignore but
if this file is not found, it will fall back to using the example that will output
logs to .\winlogbeat\events.json. Once an EVTX file has been read winlogbeat will