| #!/bin/bash | |
| #Clean out old marvel indexes, only keeping the current index. | |
| for i in $(curl -sSL http://localhost:9200/_stats/indexes\?pretty\=1 | grep marvel | grep -Ev 'es-data|kibana' | grep -vF "$(date +%m.%d)" | awk '{print $1}' | sed 's/\"//g' 2>/dev/null); do | |
| curl -sSL -XDELETE http://127.0.0.1:9200/$i > /dev/null 2>&1 | |
| done | |
| #Delete Logstash indexes from 60 days ago. | |
| curl -sSL -XDELETE "http://127.0.0.1:9200/logstash-$(date -d '60 days ago' +%Y.%m.%d)" 2>&1 |
| #!/bin/bash | |
| CURRENTIP=$(curl http://ipinfo.io/ip 2>/dev/nulll) | |
| if [[ $CURRENTIP != $(cat /tmp/ipdata) ]]; then | |
| echo "CHANGE: $CURRENTIP - $(date) FROM: $(cat /tmp/ipdata)" | |
| /usr/sbin/ez-ipupdate -c /etc/ez-ipupdate/default.conf -a $CURRENTIP | |
| echo $CURRENTIP > /tmp/ipdata | |
| curl -Lk -XPOST -d "apikey=xxxxxxxxxxxxxxxxxx&priority=-2&application=Labs&event=IP%20Change&description=New%20IP%3A%20${CURRENTIP}" https://api.prowlapp.com/publicapi/add | |
| curl -A "DDUpdater - Dynamic DNS Updater - 0.0.1" -u 'xxxx.xxxxxxxx@xxxxxx.xxx:xxxxxxxxxx' https://updates.dnsomatic.com/nic/update?hostname=Home | |
| else | |
| echo "ALL GOOD - $(date) - $CURRENTIP" |
These changes should keep snort and bro working together in ROCK. I've tested it on 3 production instances and it's held up for almost 2 weeks.
Create the dir for old snort logs
mkdir /data/snort/OLD
Add the snort_cleanup.sh (content below)
vim /usr/local/bin/snort_cleanup.sh # Insert content
chmod +x /usr/local/bin/snort_cleanup.sh
| #Silliness abounds | |
| nocolor() { echo -en "\033[0;39m"; } | |
| dots() { clear; while :; do let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m⬤ "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b \b\b\b\b"; fi; done; } | |
| arrows() { clear; ARROWS=(⬅ ⬆ ⬇); while :; do let "arrval = $RANDOM % 3"; let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m${ARROWS[$arrval]} "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b \b\b\b\b"; fi; done; } |
| ping_check() { while :; do PINGRESULT=$(ping -c1 $1 | grep "bytes from"); if [[ $? -eq 0 ]]; then RTT=$(echo $PINGRESULT | awk -F= '{print $NF}'); echo "👍 $RTT"; else echo "💩 NO CONNECTION"; fi; sleep 5; done; } |
| */5 * * * * /usr/local/bin/ipupdate.sh >> /var/log/ipupdate.log 2>&1 |
| #!/bin/bash | |
| /usr/sbin/aide --check 2>&1 | tee /tmp/aide-daily.out | /bin/grep "Looks okay" > /dev/null | |
| if [[ $? -ne 0 ]]; then | |
| LOGDATE=$(date +%s) | |
| cat /tmp/aide-daily.out > /tmp/aide_mail.$LOGDATE | |
| echo -e "\n\n=============\nLOGIN INFO\n=============\n" >> /tmp/aide_mail.$LOGDATE | |
| /bin/last -ax -n 25 >> /tmp/aide_mail.$LOGDATE | |
| cat /tmp/aide_mail.$LOGDATE | mail -s "[ALERT] $(hostname -f) AIDE report" you@domain.com |
Install the source RPM for nginx and move it to you RPM build environment.
cd SOURCES/
tar xvzf nginx-1.6.3.tar.gz
cd nginx-1.6.3
git clone https://github.com/stnoonan/spnego-http-auth-nginx-module.git
cd ..
mv nginx-1.6.3 nginx-spnego-1.6.3
tar cvzf nginx-spnego-1.6.3.tar.gz nginx-spnego-1.6.3/
| #!/usr/bin/env ruby | |
| =begin | |
| USAGE: | |
| cat example.log | ruby grokparse.rb | |
| =end | |
| require 'rubygems' | |
| require 'grok-pure' | |
| require 'pp' |
| # Author: Darren Martyn, Xiphos Research Ltd. | |
| # Version: 20150309.1 | |
| # Licence: WTFPL - wtfpl.net | |
| import json | |
| import requests | |
| import sys | |
| import readline | |
| readline.parse_and_bind('tab: complete') | |
| readline.parse_and_bind('set editing-mode vi') | |
| __version__ = "20150309.1" |