Skip to content

Instantly share code, notes, and snippets.

View jakewarren's full-sized avatar

jakewarren

70 followers · 130 following
View GitHub Profile
@jakewarren
jakewarren / ssh-login-email-alert.md
Last active March 27, 2023 20:50
PAM configuration for sending email alerts for ssh logins

Receive an email alert for each ssh login. The script can be extended to support other notification methods such as Slack, etc.

mkdir -p /etc/pam.scripts
chmod 0755 /etc/pam.scripts
vim /etc/pam.scripts/ssh_alert.sh

add the following script to ssh_alert.sh, modifying the variables from their default value

#!/bin/bash
@jakewarren
jakewarren / NOTES.md
Last active August 4, 2023 18:11
my personal Wazuh ruleset along with documentation

Installation

Installation Documentation

CentOS 7

rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH

cat > /etc/yum.repos.d/wazuh.repo << EOF
@jakewarren
jakewarren / auditd_lograte.md
Last active March 16, 2022 17:54
my auditd ruleset along with some documentation

an example logrotate configuration to rotate auditd logs.

vim /etc/logrotate.d/auditd

/var/log/audit/audit.log {
    daily
    rotate 91
    # compress the logs
	compress
@jakewarren
jakewarren / README.md
Created June 30, 2021 17:05
Track directories and files from outside of /etc via etckeeper
@jakewarren
jakewarren / unshorten.go
Last active October 11, 2018 18:20
unshorten urls
#!/usr/bin/env gorun
//requires https://github.com/erning/gorun
package main
import (
"flag"
"fmt"
"net/http"
)
@jakewarren
jakewarren / Description.md
Last active January 11, 2024 02:33
Restrict the amount of CPU and memory resources that Chrome can consume.

Restrict the amount of CPU and memory resources that Chrome can consume.

Tested on Ubuntu 16.04/Linux Mint 18.

Install cgroups:

sudo apt install cgroup-bin
@jakewarren
jakewarren / trid-install.sh
Created September 6, 2017 16:33
TrID linux x64 install script
#!/bin/bash
#------ Global configuration section ---------#
TMP_DIR=/tmp
BIN_DIR=/usr/local/bin
#------ Utility Functions ---------#
@jakewarren
jakewarren / gist:6dc04feefda90409c55a
Last active December 15, 2015 17:54
Joomla 12/14/15 RCE 0day Mitigation
# Joomla 12/14/15 RCE 0day Mitigation
# Note: Use at your own risk. The best mitigation is to patch Joomla to v3.4.6
# Apache mitigation
# Apply within .htaccess file
RewriteCond %{HTTP_USER_AGENT} O:[0-9]+:
RewriteRule .* - [F,L]
RewriteCond %{HTTP:X-FORWARDED-FOR} O:[0-9]+:
@jakewarren
jakewarren / github_dorks.txt
Last active June 29, 2016 21:13
#md5 hash of most used password 123456
#ref: https://twitter.com/TekDefense/status/294556153151647744
https://github.com/search?q=e10adc3949ba59abbe56e057f20f883e&type=Code&ref=searchresults
#DB_PASSWORD
#ref: http://seclists.org/fulldisclosure/2014/Mar/343
https://github.com/search?q=define%28%22DB_PASSWORD%22&type=Code&ref=searchresults
#Possible SQL injection
#ref: http://seclists.org/fulldisclosure/2013/Jun/15
@jakewarren
jakewarren / hb-test.py
Last active August 29, 2015 13:58 — forked from takeshixx/hb-test.py
#!/usr/bin/env python2
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# Modifed to send heartbeat requests for both TLS v1.1 and v1.2
import sys
import struct
import socket