Martin martinseener

## gist:6865383
%{SYSLOGBASE2} (?<messagebody>(?:%{DATA:mail_message_id}: to=<%{DATA:mail_recipient}>, relay=%{DATA:mail_relay_url}\[%{IP:mail_relay_ip}\]:%{INT:mail_relay_port}, delay=%{BASE10NUM:mail_processing_time}, delays=%{GREEDYDATA:mail_processing_delays}, dsn=%{DATA:mail_delivery_status_notification}, status=%{GREEDYDATA:mail_relay_status}|%{GREEDYDATA}))

## gist:98d2690d48895be25d0f
* First: Install libxml2 through RVM

rvm pkg install libxml2

* Then: Configure libxml in bundle

bundle config build.libxml-ruby \
--with-xml2-lib=${HOME}/.rvm/usr/lib \
--with-xml2-include=${HOME}/.rvm/usr/include/libxml2

## kcov xcodebuild
-- The C compiler identification is AppleClang 8.0.0.8000042
-- The CXX compiler identification is AppleClang 8.0.0.8000042
-- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
-- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++
-- Check for working CXX compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++ -- works

## postgresql_9.1_to_9.3_on_ubuntu_debian
# Probably excessive, but it makes these instructions simpler
sudo -i

# Add postgresql repo and update apt listing
echo "deb http://apt.postgresql.org/pub/repos/apt/ squeeze-pgdg main" > /etc/apt/sources.list.d/pgdg.
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt-get update

# For some reason this is necessary with PostgreSQL on Ubuntu 12.04
update-alternatives --remove postmaster.1.gz /usr/share/postgresql/9.1/man/man1/postmaster.1.gz

## gist:5247292
filter {
 grok {
  pattern => ['(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGHOST:logsource}) (?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})-(?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND}) (?:%{SYSLOGHOST}) (?:%{SYSLOGPROG}): (?<messagebody>(?:id=\"%{INT:utm_id}\" severity=\"%{LOGLEVEL:utm_severity}\" sys=\"%{DATA:utm_sys}\" sub=\"%{DATA:utm_sub}\" name=\"%{DATA:utm_name}\" action=\"%{DATA:utm_action}\" fwrule=\"%{INT:utm_ulogd_fwrule}\" initf=\"%{DATA:utm_ulogd_initf}\" outitf=\"%{DATA:utm_ulogd_outif}\" (?:srcmac=\"%{GREEDYDATA:utm_ulogd_srcmac}\" dstmac=\"%{GREEDYDATA:utm_ulogd_dstmac}\"|srcmac=\"%{GREEDYDATA:utm_ulogd_srcmac}\") srcip=\"%{IP:utm_srcip}\" dstip=\"%{IP:utm_dstip}\" proto=\"%{INT:utm_protocol}\" length=\"%{INT:utm_ulogd_pkglength}\" tos=\"%{DATA:utm_ulogd_tos}\" prec=\"%{DATA:utm_ulogd_prec}\" ttl=\"%{INT:utm_ulogd_ttl}\" srcport=\"%{INT:utm_srcport}\" dstport=\"%{INT:utm_dstport}\" tcpflags=\"%{DATA:utm_ulogd_tcpflags}\"|id=\"%{INT:utm_id}\" severity=\"%{LOGLEVEL:utm

## gist:5238576
filter {
 grok {
  pattern => ['(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGHOST:logsource}) (?:%{SYSLOGPROG}): (?<messagebody>(?:\[(?<esxi_thread_id>[0-9A-Z]{8,8}) %{DATA:esxi_loglevel} \'%{DATA:esxi_service}\'\] %{GREEDYDATA:esxi_message}|%{GREEDYDATA}))']
  type => "esxi"
 }
}

# Puppet format with escaping

pattern => [ "(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:.* (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}|(?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}): (?:(?:\[[0-9A-Z]{8,8}) (?:%{GREEDYDATA:esxi_loglevel}) \\\'(?:%{GREEDYDATA:esxi_service})\\\'] (?:%{GREEDYDATA:message})|(?:%{GREEDYDATA:message}))" ],

## check_freak.sh
#!/usr/bin/env bash

# check_freak.sh
# (c) 2015 Martin Seener

# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!

PROGNAME=$(basename $0)

## modx-revolution-backup.php
<?php
if ( !shell_exec("type type")) { echo "Weak your PHP powers are, Luke."; die; }
$dir = "../backup"; /* Verzeichnis außerhalb des Webroot */
$configFile = "./core/config/config.inc.php";
if (file_exists($configFile)) {
    include($configFile);
    $date = date("Ymd-His");
    $targetSql = "$dir/{$date}_mysql.sql";
    $targetTar = "$dir/{$date}_files.tar";
    system("mkdir $dir");
	* First: Install libxml2 through RVM

	rvm pkg install libxml2

	* Then: Configure libxml in bundle

	bundle config build.libxml-ruby \
	--with-xml2-lib=${HOME}/.rvm/usr/lib \
	--with-xml2-include=${HOME}/.rvm/usr/include/libxml2
	-- The C compiler identification is AppleClang 8.0.0.8000042
	-- The CXX compiler identification is AppleClang 8.0.0.8000042
	-- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
	-- Check for working C compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -- works
	-- Detecting C compiler ABI info
	-- Detecting C compiler ABI info - done
	-- Detecting C compile features
	-- Detecting C compile features - done
	-- Check for working CXX compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++
	-- Check for working CXX compiler: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++ -- works
	# Probably excessive, but it makes these instructions simpler
	sudo -i

	# Add postgresql repo and update apt listing
	echo "deb http://apt.postgresql.org/pub/repos/apt/ squeeze-pgdg main" > /etc/apt/sources.list.d/pgdg.
	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc \| sudo apt-key add -
	apt-get update

	# For some reason this is necessary with PostgreSQL on Ubuntu 12.04
	update-alternatives --remove postmaster.1.gz /usr/share/postgresql/9.1/man/man1/postmaster.1.gz
	filter {
	grok {
	pattern => ['(?:%{SYSLOGTIMESTAMP:timestamp}\|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGHOST:logsource}) (?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})-(?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND}) (?:%{SYSLOGHOST}) (?:%{SYSLOGPROG}): (?<messagebody>(?:id=\"%{INT:utm_id}\" severity=\"%{LOGLEVEL:utm_severity}\" sys=\"%{DATA:utm_sys}\" sub=\"%{DATA:utm_sub}\" name=\"%{DATA:utm_name}\" action=\"%{DATA:utm_action}\" fwrule=\"%{INT:utm_ulogd_fwrule}\" initf=\"%{DATA:utm_ulogd_initf}\" outitf=\"%{DATA:utm_ulogd_outif}\" (?:srcmac=\"%{GREEDYDATA:utm_ulogd_srcmac}\" dstmac=\"%{GREEDYDATA:utm_ulogd_dstmac}\"\|srcmac=\"%{GREEDYDATA:utm_ulogd_srcmac}\") srcip=\"%{IP:utm_srcip}\" dstip=\"%{IP:utm_dstip}\" proto=\"%{INT:utm_protocol}\" length=\"%{INT:utm_ulogd_pkglength}\" tos=\"%{DATA:utm_ulogd_tos}\" prec=\"%{DATA:utm_ulogd_prec}\" ttl=\"%{INT:utm_ulogd_ttl}\" srcport=\"%{INT:utm_srcport}\" dstport=\"%{INT:utm_dstport}\" tcpflags=\"%{DATA:utm_ulogd_tcpflags}\"\|id=\"%{INT:utm_id}\" severity=\"%{LOGLEVEL:utm
	#!/usr/bin/env bash

	# check_freak.sh
	# (c) 2015 Martin Seener

	# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
	# It will output if the checked host is vulnerable and returns the right exit code
	# so it can also be used as a nagios check!

	PROGNAME=$(basename $0)
	<?php
	if ( !shell_exec("type type")) { echo "Weak your PHP powers are, Luke."; die; }
	$dir = "../backup"; /* Verzeichnis außerhalb des Webroot */
	$configFile = "./core/config/config.inc.php";
	if (file_exists($configFile)) {
	include($configFile);
	$date = date("Ymd-His");
	$targetSql = "$dir/{$date}_mysql.sql";
	$targetTar = "$dir/{$date}_files.tar";
	system("mkdir $dir");