Sebastian Herzberg hrzbrg

## aws
IAMUSERID %{NUMBER:iam_user_id}
IAMUSERNAME [a-zA-Z0-9._-]+
IAMUSER arn:aws:iam::%{IAMUSERID}:user/%{IAMUSERNAME:iam_user_name}

S3TYPE [a-zA-z_]+
S3OP [a-zA-z]+
S3SOAPOPERATION (?:SOAP\.%{S3OP})
S3RESTOPERATION  (?:REST\.%{S3OP}(\.%{S3TYPE})?)
S3WEBSITEOPERATION  (?:WEBSITE\.%{S3OP}\.%{S3TYPE})
S3OPERATION (?:%{S3SOAPOPERATION}|%{S3RESTOPERATION}|%{S3WEBSITEOPERATION})

## fortigate52.pattern
FORTIDATE %{YEAR:year}\-%{MONTHNUM:month}\-%{MONTHDAY:day}
FORTIGATE_52BASE <%{NUMBER:syslog_index}>date=%{FORTIDATE:date} time=%{TIME:time} devname=%{HOST:hostname} devid=%{HOST:devid} logid=%{NUMBER:logid} type=%{WORD:type} subtype=%{WORD:subtype} eventtype=%{WORD:eventtype} level=%{WORD:level} vd=\"%{WORD:vdom}\"
FORTIGATE_52BASEV2 <%{NUMBER:syslog_index}>date=%{FORTIDATE:date} time=%{TIME:time} devname=%{HOST:hostname} devid=%{HOST:devid} logid=%{NUMBER:logid} type=%{WORD:type} subtype=%{WORD:subtype} level=%{WORD:level} vd=\"%{WORD:vdom}\"
FORTIGATE_52IPS severity=%{WORD:severity} srcip=%{IP:srcip} dstip=%{IP:dstip} sessionid=%{NUMBER:sessionid} action=%{DATA:action} proto=%{NUMBER:proto} service=%{DATA:service} attack="%{DATA:attack}" srcport=%{NUMBER:srcport} dstport=%{NUMBER:dstport} direction=%{NUMBER:direction} attackid=%{NUMBER:attackid} profile=\"%{DATA:profile}\" ref=\"%{DATA:ref}\";? incidentserialno=%{NUMBER:incidentserialno} msg=\"%{GREEDYDATA:msg}\"
FORTIGATE_52DOS severity=%{WORD:severity} s

## route53-asg-rrdns.sh
#!/bin/bash
#
# Get all IPs from an autoscale group and update set the local ip as
# equal weight A entries (round robin dns). Takes autoscale group as
# parameter.
#
# Amit Bakshi
# 10/21/2014
#

## pedantically_commented_playbook.yml
---
# ^^^ YAML documents must begin with the document separator "---"
#
#### Example docblock, I like to put a descriptive comment at the top of my
#### playbooks.
#
#  Overview: Playbook to bootstrap a new host for configuration management.
#  Applies to: production
#  Description:
#  Ensures that a host is configured for management with Ansible.

## gist:1a6bdcfa711474d7ba24
#!/bin/bash
set -e

sudo rm -f /etc/update-motd.d/10-help-text
sudo rm -f /etc/update-motd.d/51-cloudguest
sudo rm -f /etc/update-motd.d/91-release-upgrade
echo -e "[sysinfo]\nexclude_sysinfo_plugins = LandscapeLink" | sudo tee /etc/landscape/client.conf

echo deb https://get.docker.com/ubuntu docker main | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

## gist:741c64a3d623e9eaa3a8
GROUP=$(ec2-describe-tags --filter "resource-type=instance" --filter "resource-id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" --filter "key=aws:autoscaling:groupName" | cut -f5)

IDS=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $GROUP --query 'AutoScalingGroups[0].Instances[].InstanceId' --output text | sed 's/\t/ /g')

IPS=$(aws ec2 describe-instances --instance-ids $IDS --region us-east-1 --query Reservations[].Instances[].PrivateIpAddress --output text | sed 's/\t/,/g')

LAUNCH_TIME=$(date -d $(aws ec2 describe-instances --instance-ids `curl -s http://169.254.169.254/latest/meta-data/instance-id` --query Reservations[].Instances[0].LaunchTime --output text))

LAUNCH_TIMES=$(aws ec2 describe-instances --instance-ids $IDS --region us-east-1 --query Reservations[].Instances[].LaunchTime --output text)

## aws_powershell_get_all_instance_private_IP.ps1
$instances = (Get-ec2instance -region us-east-1 ).Instances

$servers = @()
foreach( $instance in $instances) {
    $ipAddrs+=$instance.PrivateIpAddress
}

foreach ($ip in $ipAddrs) {
  write-host $ip
}

## mvn-project-version.sh
mvn help:evaluate -Dexpression=project.version | grep -e '^[^\[]'

## consul_blocking_query.sh
#!/bin/bash
while true; do
  INDEX_FILE="$(mktemp -t consul_index_XXX)"
  CONSUL_INDEX=$(
curl -isL -H "X-Auth-Token: $CONSUL_TOKEN" \
-H 'X-Consul-Index: 1' \
--cacert /etc/consul/ssl/ca.cert "https://consul.service.consul:8500/v1/event/list?index=$CONSUL_INDEX&wait=1m" | \
tee "$INDEX_FILE" | \
grep X-Consul-Index | \
sed -e 's/^.*: *//' | \

## ecs_deploy.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from __future__ import print_function
from __future__ import unicode_literals
from __future__ import division

import re
import signal
import sys
import time
	IAMUSERID %{NUMBER:iam_user_id}
	IAMUSERNAME [a-zA-Z0-9._-]+
	IAMUSER arn:aws:iam::%{IAMUSERID}:user/%{IAMUSERNAME:iam_user_name}

	S3TYPE [a-zA-z_]+
	S3OP [a-zA-z]+
	S3SOAPOPERATION (?:SOAP\.%{S3OP})
	S3RESTOPERATION (?:REST\.%{S3OP}(\.%{S3TYPE})?)
	S3WEBSITEOPERATION (?:WEBSITE\.%{S3OP}\.%{S3TYPE})
	S3OPERATION (?:%{S3SOAPOPERATION}\|%{S3RESTOPERATION}\|%{S3WEBSITEOPERATION})
	FORTIDATE %{YEAR:year}\-%{MONTHNUM:month}\-%{MONTHDAY:day}
	FORTIGATE_52BASE <%{NUMBER:syslog_index}>date=%{FORTIDATE:date} time=%{TIME:time} devname=%{HOST:hostname} devid=%{HOST:devid} logid=%{NUMBER:logid} type=%{WORD:type} subtype=%{WORD:subtype} eventtype=%{WORD:eventtype} level=%{WORD:level} vd=\"%{WORD:vdom}\"
	FORTIGATE_52BASEV2 <%{NUMBER:syslog_index}>date=%{FORTIDATE:date} time=%{TIME:time} devname=%{HOST:hostname} devid=%{HOST:devid} logid=%{NUMBER:logid} type=%{WORD:type} subtype=%{WORD:subtype} level=%{WORD:level} vd=\"%{WORD:vdom}\"
	FORTIGATE_52IPS severity=%{WORD:severity} srcip=%{IP:srcip} dstip=%{IP:dstip} sessionid=%{NUMBER:sessionid} action=%{DATA:action} proto=%{NUMBER:proto} service=%{DATA:service} attack="%{DATA:attack}" srcport=%{NUMBER:srcport} dstport=%{NUMBER:dstport} direction=%{NUMBER:direction} attackid=%{NUMBER:attackid} profile=\"%{DATA:profile}\" ref=\"%{DATA:ref}\";? incidentserialno=%{NUMBER:incidentserialno} msg=\"%{GREEDYDATA:msg}\"
	FORTIGATE_52DOS severity=%{WORD:severity} s
	#!/bin/bash
	#
	# Get all IPs from an autoscale group and update set the local ip as
	# equal weight A entries (round robin dns). Takes autoscale group as
	# parameter.
	#
	# Amit Bakshi
	# 10/21/2014
	#
	---
	# ^^^ YAML documents must begin with the document separator "---"
	#
	#### Example docblock, I like to put a descriptive comment at the top of my
	#### playbooks.
	#
	# Overview: Playbook to bootstrap a new host for configuration management.
	# Applies to: production
	# Description:
	# Ensures that a host is configured for management with Ansible.
	#!/bin/bash
	set -e

	sudo rm -f /etc/update-motd.d/10-help-text
	sudo rm -f /etc/update-motd.d/51-cloudguest
	sudo rm -f /etc/update-motd.d/91-release-upgrade
	echo -e "[sysinfo]\nexclude_sysinfo_plugins = LandscapeLink" \| sudo tee /etc/landscape/client.conf

	echo deb https://get.docker.com/ubuntu docker main \| sudo tee /etc/apt/sources.list.d/docker.list
	sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
	GROUP=$(ec2-describe-tags --filter "resource-type=instance" --filter "resource-id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" --filter "key=aws:autoscaling:groupName" \| cut -f5)

	IDS=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $GROUP --query 'AutoScalingGroups[0].Instances[].InstanceId' --output text \| sed 's/\t/ /g')

	IPS=$(aws ec2 describe-instances --instance-ids $IDS --region us-east-1 --query Reservations[].Instances[].PrivateIpAddress --output text \| sed 's/\t/,/g')

	LAUNCH_TIME=$(date -d $(aws ec2 describe-instances --instance-ids `curl -s http://169.254.169.254/latest/meta-data/instance-id` --query Reservations[].Instances[0].LaunchTime --output text))

	LAUNCH_TIMES=$(aws ec2 describe-instances --instance-ids $IDS --region us-east-1 --query Reservations[].Instances[].LaunchTime --output text)
	$instances = (Get-ec2instance -region us-east-1 ).Instances

	$servers = @()
	foreach( $instance in $instances) {
	$ipAddrs+=$instance.PrivateIpAddress
	}

	foreach ($ip in $ipAddrs) {
	write-host $ip
	}
	#!/bin/bash
	while true; do
	INDEX_FILE="$(mktemp -t consul_index_XXX)"
	CONSUL_INDEX=$(
	curl -isL -H "X-Auth-Token: $CONSUL_TOKEN" \
	-H 'X-Consul-Index: 1' \
	--cacert /etc/consul/ssl/ca.cert "https://consul.service.consul:8500/v1/event/list?index=$CONSUL_INDEX&wait=1m" \| \
	tee "$INDEX_FILE" \| \
	grep X-Consul-Index \| \
	sed -e 's/^.: //' \| \
	#!/usr/bin/env python
	# -- coding: utf-8 --
	from __future__ import print_function
	from __future__ import unicode_literals
	from __future__ import division

	import re
	import signal
	import sys
	import time