jeffgeiger

sqlite3 /Users/$USER/Library/Messages/chat.db <<EOF
.mode line
select ROWID, text, datetime(date, 'unixepoch', 'localtime') as date from message where handle_id = (select ROWID from handle where id = "+12223334444");
EOF

jeffgeiger

#!/bin/bash

DATEDIR=$(date +%Y-%m-%d_%H:%M:00)
BRO_FILES_DIR="/capes/bro/extract"
BRO_FILES_ARCHIVE="/capes/bro/extract/${DATEDIR}"
PCAP_FILES_DIR="/pcap/"
PCAP_FILES_ARCHIVE="/pcap/${DATEDIR}"

mkdir -p $BRO_FILES_ARCHIVE
mkdir -p $PCAP_FILES_ARCHIVE

jeffgeiger

#!/bin/bash

LINES=$(wc -l /nsm/bro/logs/current/intel.log | awk '{print $1}')

if [[ $LINES -gt 8 ]]; then 
  echo -e "<font face='monospace, monospace' size='1'>\n<pre>\n $(cat /nsm/bro/logs/current/intel.log | while read line; do echo "$line </br>"; done) \n</pre>\n</font>" | mail -a "Content-Type: text/html" -s "Bro Intel Hits - $(date)" some.address@domain.tld
fi

exit 0

jeffgeiger

#!/usr/bin/env ruby

# Parse nginx logs with ruby
# http://rubular.com/r/2wVbwiZPMS
# (?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) - .{0}- \[(?<day>[\d]{2})\/(?<mon>[\w]+)\/(?<yr>[\d]{4})\:(?<hr>[\d]{2})\:(?<min>[\d]{2})\:(?<sec>[\d]{2}) [^$]+\] "(?<method>GET|POST|PUT|DELETE) (?<uri>[^\s]+?) HTTP\/1\.1" (?<response>[\d]+) [\d]+ "(?<referrer>[^\s]+?)" "(?<agent>[^\"]+?)"

require 'sqlite3'

dbfile = ARGV[0]

jeffgeiger

# Author: Darren Martyn, Xiphos Research Ltd.
# Version: 20150309.1
# Licence: WTFPL - wtfpl.net
import json
import requests
import sys
import readline
readline.parse_and_bind('tab: complete')
readline.parse_and_bind('set editing-mode vi')
__version__ = "20150309.1"

jeffgeiger

#!/bin/bash

/usr/sbin/aide --check 2>&1 | tee /tmp/aide-daily.out | /bin/grep "Looks okay" > /dev/null

if [[ $? -ne 0 ]]; then
  LOGDATE=$(date +%s)
  cat /tmp/aide-daily.out > /tmp/aide_mail.$LOGDATE
  echo -e "\n\n=============\nLOGIN INFO\n=============\n" >> /tmp/aide_mail.$LOGDATE
  /bin/last -ax -n 25 >> /tmp/aide_mail.$LOGDATE
  cat /tmp/aide_mail.$LOGDATE | mail -s "[ALERT] $(hostname -f) AIDE report" you@domain.com

jeffgeiger

*/5 * * * * /usr/local/bin/ipupdate.sh >> /var/log/ipupdate.log 2>&1

jeffgeiger

#!/bin/bash

CHAINLIST=$(/sbin/iptables -nL | grep 'Chain block-traffic-from-openbl' | cut -d\  -f 2)

if [ -z $CHAINLIST ]; then
        /sbin/iptables -N block-traffic-from-openbl
        /sbin/iptables -A INPUT -j block-traffic-from-openbl
fi

BLACKLIST=$(/usr/bin/curl -fs http://www.openbl.org/lists/base_7days.txt.gz | gunzip | egrep "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}")

jeffgeiger

#!/bin/bash

export PATH=/opt/bro/bin:$PATH
BRO_LOGS="/nsm/bro/logs"
TODAY=`date +%Y-%m-%d`
YESTERDAY=`date -d yesterday +%Y-%m-%d`
OLD_DIRS=`ls $BRO_LOGS |egrep -v "current|stats|$TODAY|$YESTERDAY"`
TMPDIR=/tmp
OLDLOG=$TMPDIR/oldlog
NEWLOG=$TMPDIR/newlog

jeffgeiger

#!/bin/ksh
#
# Sample script to gather, merge and sort mmfs.log files
# from nodes listed in file /tmp/gpfs.allnodes
#
# /tmp/gpfs.allnodes has been created by the user of this script
# and contains the host names of the nodes that the
# mmfs.log files are required from.  No blank lines.
#
# Output file is called: /tmp/logs.sorted on node script is executes from