Skip to content

Instantly share code, notes, and snippets.

Avatar

Larry Smith Jr. mrlesmithjr

View GitHub Profile
View bro-ids_logstash.conf
# Bro-IDS Logstash parser
# Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt
#Logs being parsed:
#app_stats.log
#conn.log
#dns.log
#dpd.log
#files.log
#http.log
View Dockerfile.j2
FROM {{ item.image }}
ENV container docker
{% if 'centos' in item.image %}
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
@mrlesmithjr
mrlesmithjr / parse.py
Created Nov 16, 2021
Bitwarden to 1Password conversion
View parse.py
#!/usr/bin/env python3
import json
import glob
from datetime import datetime
import csv
src = "./"
date = datetime.now()
View patch_rhel.yml
---
- hosts: rhel6
tasks:
- include_role:
name: yum_clean_all
- include_role:
name: yum_makecache
- include_role:
name: yum_check_update
- include_role:
View bootstrap.sh
#!/usr/bin/bash
ANSIBLE_VERSION=4.7.0
apt-get update
apt-get -y install build-essential curl fontconfig libbz2-dev libffi-dev \
libreadline-dev libsqlite3-dev libssl-dev python-is-python3 python3-dev \
python3-minimal python3-pip python3-setuptools python3-virtualenv \
python3-venv vim virtualenv zlib1g-dev zsh
View logstash_iis.yml
# Microsoft IIS logging....Use NXLOG for client side logging
filter {
if [type] == "iis" {
if [message] =~ "^#" {
drop {}
}
grok {
match => [
"message", "%{TIMESTAMP_ISO8601:logtime} %{IPORHOST:hostname} %{URIPROTO:cs_method} %{URIPATH:cs_stem} (?:%{NOTSPACE:cs_query}|-) %{NUMBER:src_port} %{NOTSPACE:cs_username} %{IP:clientip} %{NOTSPACE:cs_useragent} %{NUMBER:sc_status} %{NUMBER:sc_subresponse} %{NUMBER:sc_win32_status} %{NUMBER:timetaken}",
"message", "%{TIMESTAMP_ISO8601:logtime} %{IPORHOST:hostname} %{URIPROTO:cs_method} %{URIPATH:cs_stem} (?:%{NOTSPACE:cs_query}|-) %{NUMBER:src_port} %{NOTSPACE:cs_username} %{IP:clientip} %{NOTSPACE:cs_useragent} %{NOTSPACE:cs_referrer} %{NUMBER:sc_status} %{NUMBER:sc_subresponse} %{NUMBER:sc_win32_status} %{NUMBER:timetaken}"
View logstash_fw_grok.conf
filter {
grok {
match => [
"message", "<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp} %{SYSLOGHOST:sysloghost} %{NUMBER:log_sequence#}: %{CISCOTIMESTAMP:log_date}: %%{CISCO_REASON:facility}-%{INT:severity_level}-%{CISCO_REASON:facility_mnemonic}: %{GREEDYDATA:cisco_message}"
]
}
syslog_pri { }
grok {
match => [
"cisco_message", "(%{IP:src_ip}).*%{IP:dst_ip}"
View logstash_device_filtering.conf
filter {
if [type] == "syslog" {
dns {
reverse => [ "host" ]
action => "replace"
}
}
if "ESXi" in [syslog_host_id] {
mutate {
add_tag => [ "ESXi" ]
View logstash_source_host_ip.conf
filter {
if ![source_host_ip] and "_grokparsefailure" not in [tags] {
mutate {
add_field => [ "source_host_ip", "%{host}" ]
}
dns {
resolve => [ "source_host_ip" ]
action => "replace"
}
if [source_host_ip] == "127.0.1.1" {
View ansible-container --debug
2017-05-27T14:35:33.304571 The default type is [container.config] caller_file=/Users/larry/python-virtualenvs/ansible-container-0.9.1/lib/python2.7/site-packages/container/config.py caller_func=_resolve_defaults caller_line=140 config=<class 'ruamel.yaml.comments.CommentedMap'> defaults=<type '_ordereddict.ordereddict'>
2017-05-27T14:35:33.305364 Getting environment variables... [container.config] caller_file=/Users/larry/python-virtualenvs/ansible-container-0.9.1/lib/python2.7/site-packages/container/config.py caller_func=_get_environment_variables caller_line=156
2017-05-27T14:35:33.306091 Read environment variables [container.config] caller_file=/Users/larry/python-virtualenvs/ansible-container-0.9.1/lib/python2.7/site-packages/container/config.py caller_func=_get_environment_variables caller_line=161 env_vars={}
2017-05-27T14:35:33.306749 Resolved template variables [container.config] caller_file=/Users/larry/python-virtualenvs/ansible-container-0.9.1/lib/python2.7/site-packages/containe