Lee Ramsay leeramsay

## iptables_rules.sh
# Modify this file accordingly for your specific requirement.
# http://www.thegeekstuff.com
# 1. Delete all existing rules
iptables -F

# 2. Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

## expecting.md

      
              1 file
            
          
              95 forks
            
          
              16 comments
            
          
              165 stars
            
          
                ksafranski
                / expecting.md
            
            
              Last active
              November 11, 2023 23:00
            
              
                Basic principles of using tcl-expect scripts
              
          
    Intro

TCL-Expect scripts are an amazingly easy way to script out laborious tasks in the shell when you need to be interactive with the console. Think of them as a "macro" or way to programmaticly step through a process you would run by hand. They are similar to shell scripts but utilize the .tcl extension and a different #! call.
Setup Your Script

The first step, similar to writing a bash script, is to tell the script what it's executing under. For expect we use the following:
#!/usr/bin/expect


## gist:7713916
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

   Undercover communication

   It should be obvious by now, that the only way to communicate
   stealthily and securely is to avoid raising suspicion to the
   level at which the authorities might consider it worthwhile
   to put you under active surveillance (e.g., park a van with
   TEMPEST equipment by your apartment).

## Howto convert a PFX to a seperate .key & .crt file
source: http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/

`openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]`

What this command does is extract the private key from the .pfx file. Once entered you need to type in the importpassword of the .pfx file.  This is the password that you used to protect your keypair when you created your .pfx file.  If you cannot remember it anymore you can just throw your .pfx file away, cause you won’t be able to import it again, anywhere!.  Once you entered the import password OpenSSL requests you to type in another password, twice!. This new password will protect your .key file.

Now let’s extract the certificate:

`openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]`

## GPO
GPO

Office 2010 SP1 Admin Templates:
Explanation: http://technet.microsoft.com/en-us/library/cc178992.aspx
Download: http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=18968

# How to create custom .adm or .admx files to add search providers to the toolbar search box in IE7
http://support.microsoft.com/kb/918238

# Allowing Standard Users to Install Network Printers on Windows 7 without Prompting for Administrative Credentials

## MunkiSyncer.sh
#!/bin/bash
SERVER_MOUNT_PT="/Volumes/Munki"
SERVER_URL="//SERVICEACCOUNTNAME:SERVICEACCOUNTPASS@mastermunkiserver.yourorg.org/Munki"
we_mounted="false"

MUNKI_MASTER="/Volumes/Munki/Master Repository/munki_repo/"
MUNKI_LOCAL="/Users/Shared/munki_repo"
# important, trailing slash must be on source and must not be on destination

MountServer()

## grok-patterns
# NOTE: These patterns take into account the additional log-line information passed to the logstash listener from rsyslog. YMMV.

DHCPD ((%{SYSLOGTIMESTAMP:timestamp})\s*(%{HOSTNAME:hostname})\s*dhcpd\S+\s*(%{WORD:dhcp_action})?.*[for|on] (%{IPV4:dhcp_client_ip})?.*[from|to] (%{COMMONMAC:dhcp_client_mac})?.*via (%{USERNAME:interface}))
IPTABLES ((%{SYSLOGTIMESTAMP:nf_timestamp})\s*(%{HOSTNAME:nf_host})\s*kernel\S+\s*(%{WORD:nf_action})?.*IN=(%{USERNAME:nf_in_interface})?.*OUT=(%{USERNAME:nf_out_interface})?.*MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?.*SRC=(%{IPV4:nf_src_ip}).*DST=(%{IPV4:nf_dst_ip}).*PROTO=(%{WORD:nf_protocol}).?*SPT=(%{INT:nf_src_port}?.*DPT=%{INT:nf_dst_port}?.*))
DNS ((%{MONTHDAY:day})-(%{MONTH:month})-(%{YEAR:year}) (%{TIME:timestamp}) client (%{IPV4:dns_client_ip})#(%{NONNEGINT:dns_uuid})?.*query: (%{HOSTNAME:dns_dest}) (%{WORD:dns_type}) (%{WORD:dns_record})?.*(%{IPV4:dns_server}))
PGSQL ((%{SYSLOGTIMESTAMP:pgsql_timestamp}) (%{HOSTNAME:pgsql_hostname})?.*SAST >(%{WORD:pgs

## update_complex_pref_v1.py
import CoreFoundation
from Foundation import NSDate

# read Safari's current ManagedPlugInPolicies
policy = CoreFoundation.CFPreferencesCopyAppValue(
    'ManagedPlugInPolicies', 'com.apple.Safari')

if not 'com.oracle.java.JavaAppletPlugin' in policy:
    # create an empty dict
    policy['com.oracle.java.JavaAppletPlugin'] = {}

## profile-cleanup.cmd
@echo off
REM use this file to run the powershell script bypassing the policy restrictions
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%~dpn0.ps1'"
pause

## curl-smtp-email.sh
curl --connect-timeout 15 -v --insecure "smtp://smtp.example.com:25" -u "username:password"
\ --mail-from "sender@example.com" --mail-rcpt "destination@example.com"
\ -T email-contents.txt --ssl
	# Modify this file accordingly for your specific requirement.
	# http://www.thegeekstuff.com
	# 1. Delete all existing rules
	iptables -F

	# 2. Set default chain policies
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT DROP
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	Undercover communication

	It should be obvious by now, that the only way to communicate
	stealthily and securely is to avoid raising suspicion to the
	level at which the authorities might consider it worthwhile
	to put you under active surveillance (e.g., park a van with
	TEMPEST equipment by your apartment).
	source: http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/

	`openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]`

	What this command does is extract the private key from the .pfx file. Once entered you need to type in the importpassword of the .pfx file. This is the password that you used to protect your keypair when you created your .pfx file. If you cannot remember it anymore you can just throw your .pfx file away, cause you won’t be able to import it again, anywhere!. Once you entered the import password OpenSSL requests you to type in another password, twice!. This new password will protect your .key file.

	Now let’s extract the certificate:

	`openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]`
	GPO

	Office 2010 SP1 Admin Templates:
	Explanation: http://technet.microsoft.com/en-us/library/cc178992.aspx
	Download: http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=18968

	# How to create custom .adm or .admx files to add search providers to the toolbar search box in IE7
	http://support.microsoft.com/kb/918238

	# Allowing Standard Users to Install Network Printers on Windows 7 without Prompting for Administrative Credentials
	#!/bin/bash
	SERVER_MOUNT_PT="/Volumes/Munki"
	SERVER_URL="//SERVICEACCOUNTNAME:SERVICEACCOUNTPASS@mastermunkiserver.yourorg.org/Munki"
	we_mounted="false"

	MUNKI_MASTER="/Volumes/Munki/Master Repository/munki_repo/"
	MUNKI_LOCAL="/Users/Shared/munki_repo"
	# important, trailing slash must be on source and must not be on destination

	MountServer()
	# NOTE: These patterns take into account the additional log-line information passed to the logstash listener from rsyslog. YMMV.

	DHCPD ((%{SYSLOGTIMESTAMP:timestamp})\s(%{HOSTNAME:hostname})\sdhcpd\S+\s(%{WORD:dhcp_action})?.[for\|on] (%{IPV4:dhcp_client_ip})?.[from\|to] (%{COMMONMAC:dhcp_client_mac})?.via (%{USERNAME:interface}))
	IPTABLES ((%{SYSLOGTIMESTAMP:nf_timestamp})\s(%{HOSTNAME:nf_host})\skernel\S+\s(%{WORD:nf_action})?.IN=(%{USERNAME:nf_in_interface})?.OUT=(%{USERNAME:nf_out_interface})?.MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?.SRC=(%{IPV4:nf_src_ip}).DST=(%{IPV4:nf_dst_ip}).PROTO=(%{WORD:nf_protocol}).?SPT=(%{INT:nf_src_port}?.DPT=%{INT:nf_dst_port}?.))
	DNS ((%{MONTHDAY:day})-(%{MONTH:month})-(%{YEAR:year}) (%{TIME:timestamp}) client (%{IPV4:dns_client_ip})#(%{NONNEGINT:dns_uuid})?.query: (%{HOSTNAME:dns_dest}) (%{WORD:dns_type}) (%{WORD:dns_record})?.(%{IPV4:dns_server}))
	PGSQL ((%{SYSLOGTIMESTAMP:pgsql_timestamp}) (%{HOSTNAME:pgsql_hostname})?.*SAST >(%{WORD:pgs
	import CoreFoundation
	from Foundation import NSDate

	# read Safari's current ManagedPlugInPolicies
	policy = CoreFoundation.CFPreferencesCopyAppValue(
	'ManagedPlugInPolicies', 'com.apple.Safari')

	if not 'com.oracle.java.JavaAppletPlugin' in policy:
	# create an empty dict
	policy['com.oracle.java.JavaAppletPlugin'] = {}
	@echo off
	REM use this file to run the powershell script bypassing the policy restrictions
	PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%~dpn0.ps1'"
	pause
	curl --connect-timeout 15 -v --insecure "smtp://smtp.example.com:25" -u "username:password"
	\ --mail-from "sender@example.com" --mail-rcpt "destination@example.com"
	\ -T email-contents.txt --ssl