## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
# Do this elsewhere, you don't want dev tools on a box you're trying to secure. ;)
# Also note, the repo has moved, so you need to adjust the git path:
# https://github.com/google/google-authenticator-libpam
sudo yum install epel-release -y
sudo yum install qrencode qrencode-devel qrencode-libs
sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
google-authenticator #per-user setup
Jeff Geiger jeffgeiger
jeffgeiger
/ SSH_2FA_Google.md
Last active
March 13, 2018 03:40
Quick and dirty setup guide for Google Auth 2FA on CentOS7
jeffgeiger
/ etc_sysconfig_netsniff-ng
Last active
October 20, 2017 06:33
example systemd script for netsniff-ng
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PROM_INTERFACE=enp0s8 | |
| USER=99 | |
| GROUP=99 | |
| INTERVAL=5min | |
| DATA_DIR=/pcap/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # -*- perl -*- | |
| =head1 NAME | |
| spamstats - Plugin to graph spamassassin throughput | |
| =head1 CONFIGURATION | |
| This plugin does not have any configuration |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyftpdlib.authorizers import DummyAuthorizer | |
| from pyftpdlib.handlers import FTPHandler | |
| from pyftpdlib.servers import FTPServer | |
| authorizer = DummyAuthorizer() | |
| authorizer.add_user("user", "12345", "/tmp", perm="elradfmw") | |
| authorizer.add_anonymous("/tmp") | |
| handler = FTPHandler | |
| handler.authorizer = authorizer | |
| server = FTPServer(("0.0.0.0", 21), handler) | |
| server.serve_forever() |
jeffgeiger
/ AIX_KRB5LDAP_In_A_Nutshell
Last active
May 18, 2017 09:59
Rough outline of how I set up Kerberos and LDAP integration between Active Directory and IBM AIX using the KRB5LDAP load module.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Environment: | |
| Tested with AIX 6.1 TL 8(6100-08-00-0000) and TL 6 (6100-06-01-1043) with Active Directory on 2008R2 domain controllers at the 2003 functional level. | |
| Prerequisites: | |
| DNS: A and PTR records for AIX host in Windows DNS server. | |
| AD: Computer object matching AIX hostname in Active Directory. | |
| AD: A target OU that will contain AIX objects. | |
| AD: At least one “Unix enabled” user in the target OU. (Separate document) | |
| AD: A service account user that will be used for LDAP binds to AD. | |
| AIX: Ensure that the `hostname` command returns the FQDN of the AIX server. |
jeffgeiger
/ slackmoji-voodoo.md
Created
April 14, 2017 16:05
— forked from bndabbs/slackmoji-voodoo.md
Grab the main page with all the links:
curl https://slackmojis.com/ > emoji
Open file in vim and run the following commands:
v/src=/d
%s/^.*http:/http:/g"
%s/?.*$//g
jeffgeiger
/ 00-README.adoc
Created
January 12, 2017 20:41
— forked from dcode/00-README.adoc
This is a CentOS-themed /etc/issue w/ hooks to update IP address and OS release upon ifup/ifdown. My motivation was that I was tired of logging into an otherwise headless box just to find the IP of the system so I can SSH to it.
|
Note
|
The issue.in file actually contains control characters to do the color
in the text. The easiest way to preserve that is to clone this gist and run
the install.sh script w/ sudo, which will copy the file and set the SELinux
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ping_check() { while :; do PINGRESULT=$(ping -c1 $1 | grep "bytes from"); if [[ $? -eq 0 ]]; then RTT=$(echo $PINGRESULT | awk -F= '{print $NF}'); echo "👍 $RTT"; else echo "💩 NO CONNECTION"; fi; sleep 5; done; } |
jeffgeiger
/ keybase.md
Created
July 18, 2016 14:42
I hereby claim:
- I am jeffgeiger on github.
- I am jeffgeiger (https://keybase.io/jeffgeiger) on keybase.
- I have a public key whose fingerprint is 3EE0 89DC 9EA2 CB58 703C 658F 67F2 38AC C74F 83F8
To claim this, I am signing this object:
jeffgeiger
/ es_cleanup.sh
Created
June 25, 2016 16:24
Keep 60 days of ES logs on ROCK with memory constraints.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Clean out old marvel indexes, only keeping the current index. | |
| for i in $(curl -sSL http://localhost:9200/_stats/indexes\?pretty\=1 | grep marvel | grep -Ev 'es-data|kibana' | grep -vF "$(date +%m.%d)" | awk '{print $1}' | sed 's/\"//g' 2>/dev/null); do | |
| curl -sSL -XDELETE http://127.0.0.1:9200/$i > /dev/null 2>&1 | |
| done | |
| #Delete Logstash indexes from 60 days ago. | |
| curl -sSL -XDELETE "http://127.0.0.1:9200/logstash-$(date -d '60 days ago' +%Y.%m.%d)" 2>&1 |