View ftp.py
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer
authorizer = DummyAuthorizer()
authorizer.add_user("user", "12345", "/tmp", perm="elradfmw")
authorizer.add_anonymous("/tmp")
handler = FTPHandler
handler.authorizer = authorizer
server = FTPServer(("0.0.0.0", 21), handler)
server.serve_forever()
View slackmoji-voodoo.md

Grab the main page with all the links:
curl https://slackmojis.com/ > emoji

Open file in vim and run the following commands:

v/src=/d
%s/^.*http:/http:/g"
%s/?.*$//g
View SSH_2FA_Google.md
## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
# Do this elsewhere, you don't want dev tools on a box you're trying to secure.  ;) 
# Also note, the repo has moved, so you need to adjust the git path:
# https://github.com/google/google-authenticator-libpam

sudo yum install epel-release -y
sudo yum install qrencode qrencode-devel qrencode-libs
sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
google-authenticator  #per-user setup
View 00-README.adoc

README

This is a CentOS-themed /etc/issue w/ hooks to update IP address and OS release upon ifup/ifdown. My motivation was that I was tired of logging into an otherwise headless box just to find the IP of the system so I can SSH to it.

Note
The issue.in file actually contains control characters to do the color in the text. The easiest way to preserve that is to clone this gist and run the install.sh script w/ sudo, which will copy the file and set the SELinux
View keybase.md

Keybase proof

I hereby claim:

  • I am jeffgeiger on github.
  • I am jeffgeiger (https://keybase.io/jeffgeiger) on keybase.
  • I have a public key whose fingerprint is 3EE0 89DC 9EA2 CB58 703C 658F 67F2 38AC C74F 83F8

To claim this, I am signing this object:

View es_cleanup.sh
#!/bin/bash
#Clean out old marvel indexes, only keeping the current index.
for i in $(curl -sSL http://localhost:9200/_stats/indexes\?pretty\=1 | grep marvel | grep -Ev 'es-data|kibana' | grep -vF "$(date +%m.%d)" | awk '{print $1}' | sed 's/\"//g' 2>/dev/null); do
curl -sSL -XDELETE http://127.0.0.1:9200/$i > /dev/null 2>&1
done
#Delete Logstash indexes from 60 days ago.
curl -sSL -XDELETE "http://127.0.0.1:9200/logstash-$(date -d '60 days ago' +%Y.%m.%d)" 2>&1
View ip_updater.sh
#!/bin/bash
CURRENTIP=$(curl http://ipinfo.io/ip 2>/dev/nulll)
if [[ $CURRENTIP != $(cat /tmp/ipdata) ]]; then
echo "CHANGE: $CURRENTIP - $(date) FROM: $(cat /tmp/ipdata)"
/usr/sbin/ez-ipupdate -c /etc/ez-ipupdate/default.conf -a $CURRENTIP
echo $CURRENTIP > /tmp/ipdata
curl -Lk -XPOST -d "apikey=xxxxxxxxxxxxxxxxxx&priority=-2&application=Labs&event=IP%20Change&description=New%20IP%3A%20${CURRENTIP}" https://api.prowlapp.com/publicapi/add
curl -A "DDUpdater - Dynamic DNS Updater - 0.0.1" -u 'xxxx.xxxxxxxx@xxxxxx.xxx:xxxxxxxxxx' https://updates.dnsomatic.com/nic/update?hostname=Home
else
echo "ALL GOOD - $(date) - $CURRENTIP"
View SNORT_README.md

BLUF

These changes should keep snort and bro working together in ROCK. I've tested it on 3 production instances and it's held up for almost 2 weeks.

Create the dir for old snort logs
mkdir /data/snort/OLD

Add the snort_cleanup.sh (content below)
vim /usr/local/bin/snort_cleanup.sh # Insert content
chmod +x /usr/local/bin/snort_cleanup.sh

View useless.sh
#Silliness abounds
nocolor() { echo -en "\033[0;39m"; }
dots() { clear; while :; do let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m⬤ "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b \b\b\b\b"; fi; done; }
arrows() { clear; ARROWS=(⬅ ⬆ ⬇); while :; do let "arrval = $RANDOM % 3"; let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m${ARROWS[$arrval]} "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b \b\b\b\b"; fi; done; }
View ping_check
ping_check() { while :; do PINGRESULT=$(ping -c1 $1 | grep "bytes from"); if [[ $? -eq 0 ]]; then RTT=$(echo $PINGRESULT | awk -F= '{print $NF}'); echo "👍 $RTT"; else echo "💩 NO CONNECTION"; fi; sleep 5; done; }