This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# convert shallalist.tar.gz into logstash yml | |
# http://www.shallalist.de/categories.html | |
# Harisfazillah Jamel 30032019 | |
# wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
# make sure uncompress under same directory as this script. | |
echo "localhost: locahost" > /etc/logstash/malware2.yml | |
find BL/ -name 'domains' -print0 | | |
while IFS= read -r -d $'\0' line; do |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Haproxy For Elastic beats And Logstash | |
# Date: 13 May 2019 | |
# 1) Example of haproxy.cfg listen for Filebeat or other beats by using port 5044/tcp | |
# And load balance to 2 servers. | |
# https://www.haproxy.com/blog/introduction-to-haproxy-logging/ | |
# Please read above article for syslog configuration to listen port 514 | |
# Or change config log to |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
### | |
# Elasticsearch Rolling restart using Ansible | |
### | |
## | |
## Why is this needed? | |
## | |
# | |
# Even if you use a serial setting to limit the number of nodes processed at one |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# convert shallalist.tar.gz into csv | |
# http://www.shallalist.de/categories.html | |
# Harisfazillah Jamel 30032019 | |
# wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
# https://www.squidblacklist.org/downloads/dg-malicious.acl (masukkan dalam BL/malware dan tukar nama fail ke domains | |
echo "\"localhost\",locahost" > malware3.tmp | |
find BL/ -name 'domains' -print0 | | |
while IFS= read -r -d $'\0' line; do |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a | |
# logstash yaml "www.google.com": "known search engine" | |
# Choose from here https://github.com/StevenBlack/hosts | |
#HOSTS_RAW=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |
##### https://raw.githubusercontent.com/StevenBlack/hosts/master/data/malwaredomainlist.com/hosts | |
### first must using > and others using >> for pipe | |
##### first file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Terima Kasih Kepada Amir Haris Ahmad, Localhost Sdn Bhd | |
### kerana izinkan saya gunakan servers ujian mereka di Digital Ocean | |
### dan team beliau dengan berkongsi pengalaman dan pandangan mereka. | |
### | |
### Untuk saya menguji bruteforce attack log kepada syslog dengan fail2ban | |
### | |
### Server telah dipasang dengan fail2ban dan SSH dibuka dengan port 22. | |
### SSH tidak membenarkan module password dan hanya digital cert. | |
### | |
### Filebeat telah digunakan untuk mengumpulkan log. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filter { | |
# start if | |
if "syslog" in [tags] and "sshd" in [program] { | |
### Start Rule 1 | |
## https://github.com/ossec/ossec-rules/blob/master/rules.d/50-sshd_rules.xml | |
grok { | |
match => { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"index_patterns": [ | |
"winlogbeat-7.6.0-*" | |
], | |
"mappings": { | |
"_meta": { | |
"beat": "winlogbeat", | |
"version": "7.6.0" | |
}, | |
"date_detection": false, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### http://shairosenfeld.blogspot.com/2011/03/authorization-header-in-nginx-for.html | |
### https://www.opinionatedgeek.com/codecs/base64encoder | |
### (Pilih URL safe) | |
### Example user ujian and password ujian 1234 | |
# ujian:ujian1234 | |
# Base64 for nginx | |
# dWppYW46dWppYW4xMjM0 | |
### ================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Filebeat For Iptables Centos 7 And Iptables using UFW For Ubuntu 18.04 | |
1) Enable firewalld log | |
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_logging_for_denied_packets | |
firewall-cmd --get-log-denied | |
off | |
firewall-cmd --set-log-denied=all |