mbrownnycnyc

## .rarc
#
#  Argus Software
#  Copyright (c) 2000-2013 QoSient, LLC
#  All rights reserved.
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2, or (at your option)
#  any later version.
#

## nsclient_update.sh
#!/bin/sh
#original from http://community.spiceworks.com/topic/262635-linux-does-not-register-on-the-windows-ad-dns
# reply of Phil6196 Oct 1, 2012 at 12:41 AM (EDT)
ADDR=`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e s/.*://`
HOST=`hostname`
echo "update delete $HOST A" > /var/nsupdate.txt
echo "update add $HOST 86400 A $ADDR" >> /var/nsupdate.txt
echo "update delete $HOST PTR" > /var/nsupdate.txt
echo "update add $HOST 86400 PTR $ADDR" >> /var/nsupdate.txt
nsupdate /var/nsupdate.txt

## argus_histo.py
#!/usr/bin/env python
import sys, traceback, scipy, numpy
from matplotlib import pyplot
from scipy.stats.mstats import mquantiles

def HistogramImage(data):
        print 'entered HistogramImage'
        #http://www.saltycrane.com/blog/2011/12/creating-histogram-plot-python/
        x = [int(dbyte[0]) for dbyte in data]

## flow-inspector_one_month.sql
CREATE EVENT `flowinspector_dump` ON SCHEDULE
  EVERY 1 DAY
  ON COMPLETION NOT PRESERVE
  ENABLE
  COMMENT ''
  DO BEGIN
    set @a=unix_timestamp(date_sub(now(),interval 1 month));
    delete from flowinspector.flows_600 where bucket < @a;
    delete from flowinspector.flows_aggr_600 where bucket < @a;
    delete from flowinspector.index_nodes_600 where bucket < @a;

## argus_dnsdb.sql
-- MySQL Administrator dump 1.4
--
-- ------------------------------------------------------
-- Server version  5.5.20


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

## radecode.pl
#   #!@PERLBIN@
use strict;
use File::Basename;
use POSIX;

####
#  david also supplied me with a self-contained, modified version of text2pcap.  Please email argus-info@lists.andrew.cmu.edu for more information (note you must register: http://qosient.com/argus/mailinglists.shtml)
####


## radump_to_dns_db.py
#!/usr/bin/python
'''

You must create a config file with:
grep -v ^# /root/.rarc | grep -v ^$ > ~/for_dnsdb.rarc && if grep ^RA_TIME_FORMAT ~/for_dnsdb.rarc > /dev/null ; then sed s/^RA_TIME_FORMAT/#RA_TIME_FORMAT/g -i ~/for_dnsdb.rarc && echo -e "RA_TIME_FORMAT=\"%Y-%m-%d %T.%f\"\nRA_PRINT_LABELS=-1\nRA_FIELD_DELIMITER='^'" >> ~/for_dnsdb.rarc ; fi

expecting the input to be from:
radump -F ~/for_dnsdb.rarc  -r argus_10\:00\:00.gz -s seq ltime saddr daddr suser:1024 duser:1024 - port domain
or
radump -F ~/for_dnsdb.rarc  -S 127.0.0.1:561 -s seq ltime saddr daddr suser:1024 duser:1024 - port domain

## esxtop_config_to_fields.txt
#refer to:
## https://communities.vmware.com/docs/DOC-9279 (see section 7)
## https://communities.vmware.com/docs/DOC-5600
## https://communities.vmware.com/docs/DOC-5230

[category letter]:[category]
  [letter]: [stat set name] = [description] [(set of real stat fields, if different than stat set name)]
c: cpu
  A:  ID = Id
  B:  GID = Group Id

## console.xml
<?xml version="1.0"?>
<settings>
	<console change_refresh="10" refresh="100" rows="25" columns="174" buffer_rows="3000" buffer_columns="174" shell="%windir%\system32\cmd.exe" init_dir="c:\" start_hidden="0" save_size="0">
		<colors>
			<color id="0" r="0" g="0" b="0"/>
			<color id="1" r="0" g="0" b="128"/>
			<color id="2" r="0" g="150" b="0"/>
			<color id="3" r="0" g="150" b="150"/>
			<color id="4" r="170" g="25" b="25"/>
			<color id="5" r="128" g="0" b="128"/>

## cmd_start.bat
@echo off
doskey clear=cls
doskey history=doskey /history
doskey ~=pushd "%userprofile%"
set prompt=CMD $P$G
REM `chocolatey install module -source python` doesn't like parsing these strings.
REM echo.
REM echo.
REM echo aliases set: `history`, `clear`
REM echo `~` will be `pushd` on top of dir stack.  `popd` to get out.
	#
	# Argus Software
	# Copyright (c) 2000-2013 QoSient, LLC
	# All rights reserved.
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation; either version 2, or (at your option)
	# any later version.
	#
	#!/bin/sh
	#original from http://community.spiceworks.com/topic/262635-linux-does-not-register-on-the-windows-ad-dns
	# reply of Phil6196 Oct 1, 2012 at 12:41 AM (EDT)
	ADDR=`/sbin/ifconfig eth0 \| grep 'inet addr' \| awk '{print $2}' \| sed -e s/.*://`
	HOST=`hostname`
	echo "update delete $HOST A" > /var/nsupdate.txt
	echo "update add $HOST 86400 A $ADDR" >> /var/nsupdate.txt
	echo "update delete $HOST PTR" > /var/nsupdate.txt
	echo "update add $HOST 86400 PTR $ADDR" >> /var/nsupdate.txt
	nsupdate /var/nsupdate.txt
	#!/usr/bin/env python
	import sys, traceback, scipy, numpy
	from matplotlib import pyplot
	from scipy.stats.mstats import mquantiles

	def HistogramImage(data):
	print 'entered HistogramImage'
	#http://www.saltycrane.com/blog/2011/12/creating-histogram-plot-python/
	x = [int(dbyte[0]) for dbyte in data]
	CREATE EVENT `flowinspector_dump` ON SCHEDULE
	EVERY 1 DAY
	ON COMPLETION NOT PRESERVE
	ENABLE
	COMMENT ''
	DO BEGIN
	set @a=unix_timestamp(date_sub(now(),interval 1 month));
	delete from flowinspector.flows_600 where bucket < @a;
	delete from flowinspector.flows_aggr_600 where bucket < @a;
	delete from flowinspector.index_nodes_600 where bucket < @a;
	-- MySQL Administrator dump 1.4
	--
	-- ------------------------------------------------------
	-- Server version 5.5.20


	/!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT /;
	/!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS /;
	/!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION /;
	/!40101 SET NAMES utf8 /;
	# #!@PERLBIN@
	use strict;
	use File::Basename;
	use POSIX;

	####
	# david also supplied me with a self-contained, modified version of text2pcap. Please email argus-info@lists.andrew.cmu.edu for more information (note you must register: http://qosient.com/argus/mailinglists.shtml)
	####
	#!/usr/bin/python
	'''

	You must create a config file with:
	grep -v ^# /root/.rarc \| grep -v ^$ > ~/for_dnsdb.rarc && if grep ^RA_TIME_FORMAT ~/for_dnsdb.rarc > /dev/null ; then sed s/^RA_TIME_FORMAT/#RA_TIME_FORMAT/g -i ~/for_dnsdb.rarc && echo -e "RA_TIME_FORMAT=\"%Y-%m-%d %T.%f\"\nRA_PRINT_LABELS=-1\nRA_FIELD_DELIMITER='^'" >> ~/for_dnsdb.rarc ; fi

	expecting the input to be from:
	radump -F ~/for_dnsdb.rarc -r argus_10\:00\:00.gz -s seq ltime saddr daddr suser:1024 duser:1024 - port domain
	or
	radump -F ~/for_dnsdb.rarc -S 127.0.0.1:561 -s seq ltime saddr daddr suser:1024 duser:1024 - port domain
	#refer to:
	## https://communities.vmware.com/docs/DOC-9279 (see section 7)
	## https://communities.vmware.com/docs/DOC-5600
	## https://communities.vmware.com/docs/DOC-5230

	[category letter]:[category]
	[letter]: [stat set name] = [description] [(set of real stat fields, if different than stat set name)]
	c: cpu
	A: ID = Id
	B: GID = Group Id
	<?xml version="1.0"?>
	<settings>
	<console change_refresh="10" refresh="100" rows="25" columns="174" buffer_rows="3000" buffer_columns="174" shell="%windir%\system32\cmd.exe" init_dir="c:\" start_hidden="0" save_size="0">
	<colors>
	<color id="0" r="0" g="0" b="0"/>
	<color id="1" r="0" g="0" b="128"/>
	<color id="2" r="0" g="150" b="0"/>
	<color id="3" r="0" g="150" b="150"/>
	<color id="4" r="170" g="25" b="25"/>
	<color id="5" r="128" g="0" b="128"/>
	@echo off
	doskey clear=cls
	doskey history=doskey /history
	doskey ~=pushd "%userprofile%"
	set prompt=CMD $P$G
	REM `chocolatey install module -source python` doesn't like parsing these strings.
	REM echo.
	REM echo.
	REM echo aliases set: `history`, `clear`
	REM echo `~` will be `pushd` on top of dir stack. `popd` to get out.