linuxmalaysia
/ logstash-yml-shallalist.sh
Last active
April 20, 2019 23:31
Convert shallalist to logstash yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # convert shallalist.tar.gz into logstash yml | |
| # http://www.shallalist.de/categories.html | |
| # Harisfazillah Jamel 30032019 | |
| # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
| # make sure uncompress under same directory as this script. | |
| echo "localhost: locahost" > /etc/logstash/malware2.yml | |
| find BL/ -name 'domains' -print0 | | |
| while IFS= read -r -d $'\0' line; do |
linuxmalaysia
/ haproxy.cfg
Last active
May 12, 2019 23:37
haproxy.cfg Haproxy For Elastic beats And Logstash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Haproxy For Elastic beats And Logstash | |
| # Date: 13 May 2019 | |
| # 1) Example of haproxy.cfg listen for Filebeat or other beats by using port 5044/tcp | |
| # And load balance to 2 servers. | |
| # https://www.haproxy.com/blog/introduction-to-haproxy-logging/ | |
| # Please read above article for syslog configuration to listen port 514 | |
| # Or change config log to |
linuxmalaysia
/ elasticsearch-handlers-main.yml
Created
June 20, 2019 21:24
— forked from labrown/elasticsearch-handlers-main.yml
Ansible rolling restart of Elasticsearch Cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ### | |
| # Elasticsearch Rolling restart using Ansible | |
| ### | |
| ## | |
| ## Why is this needed? | |
| ## | |
| # | |
| # Even if you use a serial setting to limit the number of nodes processed at one |
linuxmalaysia
/ process-blacklist-csv.sh
Created
July 19, 2019 06:21
# convert shallalist.tar.gz into csv # http://www.shallalist.de/categories.html # Harisfazillah Jamel 30032019 # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz # https://www.squidblacklist.org/downloads/dg-malicious.acl (masukkan dalam BL/malware dan tukar nama fail ke domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # convert shallalist.tar.gz into csv | |
| # http://www.shallalist.de/categories.html | |
| # Harisfazillah Jamel 30032019 | |
| # wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz | |
| # https://www.squidblacklist.org/downloads/dg-malicious.acl (masukkan dalam BL/malware dan tukar nama fail ke domains | |
| echo "\"localhost\",locahost" > malware3.tmp | |
| find BL/ -name 'domains' -print0 | | |
| while IFS= read -r -d $'\0' line; do |
linuxmalaysia
/ convert-to-yaml-logstash.sh
Last active
July 19, 2019 08:19
# origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a # logstash yaml "www.google.com": "known search engine" # Choose from here https://github.com/StevenBlack/hosts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a | |
| # logstash yaml "www.google.com": "known search engine" | |
| # Choose from here https://github.com/StevenBlack/hosts | |
| #HOSTS_RAW=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |
| ##### https://raw.githubusercontent.com/StevenBlack/hosts/master/data/malwaredomainlist.com/hosts | |
| ### first must using > and others using >> for pipe | |
| ##### first file |
linuxmalaysia
/ logstash-config-example-searching-filebeat-index.txt
Created
October 13, 2019 02:33
Example logstash configuration file. Tested using Logstash 7.4.0 and Filebeat as input and Elasticsearch. Terima Kasih Kepada Amir Haris Ahmad, Localhost Sdn Bhd # kerana izinkan saya gunakan servers ujian mereka di Digital Ocean # dan team beliau dengan berkongsi pengalaman dan pandangan mereka. # Untuk saya menguji bruteforce attack log kepada…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Terima Kasih Kepada Amir Haris Ahmad, Localhost Sdn Bhd | |
| ### kerana izinkan saya gunakan servers ujian mereka di Digital Ocean | |
| ### dan team beliau dengan berkongsi pengalaman dan pandangan mereka. | |
| ### | |
| ### Untuk saya menguji bruteforce attack log kepada syslog dengan fail2ban | |
| ### | |
| ### Server telah dipasang dengan fail2ban dan SSH dibuka dengan port 22. | |
| ### SSH tidak membenarkan module password dan hanya digital cert. | |
| ### | |
| ### Filebeat telah digunakan untuk mengumpulkan log. |
linuxmalaysia
/ logstash-example-haris22012020.conf
Last active
January 22, 2020 00:59
logstash example filter by rules with if then else
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| # start if | |
| if "syslog" in [tags] and "sshd" in [program] { | |
| ### Start Rule 1 | |
| ## https://github.com/ossec/ossec-rules/blob/master/rules.d/50-sshd_rules.xml | |
| grok { | |
| match => { |
linuxmalaysia
/ winlogbeat.template.json
Created
March 3, 2020 06:07
winlogbeat.template.json for Winlogbeat 7.6.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "index_patterns": [ | |
| "winlogbeat-7.6.0-*" | |
| ], | |
| "mappings": { | |
| "_meta": { | |
| "beat": "winlogbeat", | |
| "version": "7.6.0" | |
| }, | |
| "date_detection": false, |
linuxmalaysia
/ nginx-for-elasticsearch-with-username-password.conf
Last active
April 26, 2020 09:15
nginx for elasticsearch with username password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### http://shairosenfeld.blogspot.com/2011/03/authorization-header-in-nginx-for.html | |
| ### https://www.opinionatedgeek.com/codecs/base64encoder | |
| ### (Pilih URL safe) | |
| ### Example user ujian and password ujian 1234 | |
| # ujian:ujian1234 | |
| # Base64 for nginx | |
| # dWppYW46dWppYW4xMjM0 | |
| ### ================ |
linuxmalaysia
/ Filebeat For Iptables Centos 7 And Iptables using UFW For Ubuntu 18.04.txt
Created
May 7, 2020 04:35
Filebeat For Iptables Centos 7 And Iptables using UFW For Ubuntu 18.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Filebeat For Iptables Centos 7 And Iptables using UFW For Ubuntu 18.04 | |
| 1) Enable firewalld log | |
| https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_logging_for_denied_packets | |
| firewall-cmd --get-log-denied | |
| off | |
| firewall-cmd --set-log-denied=all |