Skip to content

Instantly share code, notes, and snippets.

Jeff Geiger jeffgeiger

Block or report user

Report or block jeffgeiger

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View knife cheat
# knife cheat
## Search Examples
knife search "name:ip*"
knife search "platform:ubuntu*"
knife search "platform:*" -a macaddress
knife search "platform:ubuntu*" -a uptime
knife search "platform:ubuntu*" -a virtualization.system
knife search "platform:ubuntu*" -a network.default_gateway
View asciiputsonglasses
Puts on glasses:
(•_•)
( •_•)>⌐■-■
(⌐■_■)
Takes off glasses ("mother of god..."):
(⌐■_■)
( •_•)>⌐■-■
@jeffgeiger
jeffgeiger / gist:c11fd13073d9c9a18ae5958626928203
Created Sep 12, 2018
RockNSM 2.1 - Add suricata rules on an offline install
View gist:c11fd13073d9c9a18ae5958626928203
# Add the offline rules file as a source:
sudo suricata-update add-source "Local Rules" "file:///srv/rocknsm/support/emerging.rules-suricata.tar.gz"
# Check that we're not going to go screaming at the internet for an update
sudo suricata-update list-enabled-sources
# You should see this:
# Enabled sources:
# - Local Rules
@jeffgeiger
jeffgeiger / client.py
Created Jul 31, 2018 — forked from yoavram/client.py
Example of uploading binary files programmatically in python, including both client and server code. Client implemented with the requests library and the server is implemented with the flask library.
View client.py
import requests
#http://docs.python-requests.org/en/latest/user/quickstart/#post-a-multipart-encoded-file
url = "http://localhost:5000/"
fin = open('simple_table.pdf', 'rb')
files = {'file': fin}
try:
r = requests.post(url, files=files)
print r.text
@jeffgeiger
jeffgeiger / ftp.py
Created Jul 31, 2017
Simple python FTP server
View ftp.py
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer
authorizer = DummyAuthorizer()
authorizer.add_user("user", "12345", "/tmp", perm="elradfmw")
authorizer.add_anonymous("/tmp")
handler = FTPHandler
handler.authorizer = authorizer
server = FTPServer(("0.0.0.0", 21), handler)
server.serve_forever()
View slackmoji-voodoo.md

Grab the main page with all the links:
curl https://slackmojis.com/ > emoji

Open file in vim and run the following commands:

v/src=/d
%s/^.*http:/http:/g"
%s/?.*$//g
@jeffgeiger
jeffgeiger / SSH_2FA_Google.md
Last active Mar 13, 2018
Quick and dirty setup guide for Google Auth 2FA on CentOS7
View SSH_2FA_Google.md
## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
# Do this elsewhere, you don't want dev tools on a box you're trying to secure.  ;) 
# Also note, the repo has moved, so you need to adjust the git path:
# https://github.com/google/google-authenticator-libpam

sudo yum install epel-release -y
sudo yum install qrencode qrencode-devel qrencode-libs
sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
google-authenticator  #per-user setup
View 00-README.adoc

README

This is a CentOS-themed /etc/issue w/ hooks to update IP address and OS release upon ifup/ifdown. My motivation was that I was tired of logging into an otherwise headless box just to find the IP of the system so I can SSH to it.

Note
The issue.in file actually contains control characters to do the color in the text. The easiest way to preserve that is to clone this gist and run the install.sh script w/ sudo, which will copy the file and set the SELinux
View keybase.md

Keybase proof

I hereby claim:

  • I am jeffgeiger on github.
  • I am jeffgeiger (https://keybase.io/jeffgeiger) on keybase.
  • I have a public key whose fingerprint is 3EE0 89DC 9EA2 CB58 703C 658F 67F2 38AC C74F 83F8

To claim this, I am signing this object:

@jeffgeiger
jeffgeiger / es_cleanup.sh
Created Jun 25, 2016
Keep 60 days of ES logs on ROCK with memory constraints.
View es_cleanup.sh
#!/bin/bash
#Clean out old marvel indexes, only keeping the current index.
for i in $(curl -sSL http://localhost:9200/_stats/indexes\?pretty\=1 | grep marvel | grep -Ev 'es-data|kibana' | grep -vF "$(date +%m.%d)" | awk '{print $1}' | sed 's/\"//g' 2>/dev/null); do
curl -sSL -XDELETE http://127.0.0.1:9200/$i > /dev/null 2>&1
done
#Delete Logstash indexes from 60 days ago.
curl -sSL -XDELETE "http://127.0.0.1:9200/logstash-$(date -d '60 days ago' +%Y.%m.%d)" 2>&1
You can’t perform that action at this time.