pedroagabreu

## dns2.py
#!/usr/bin/python
# This script will query a name server nonrecursively
# RFC 1912 recommends that the $TTL value on the name server
# be set to 1 day or longer
# -*- coding: utf-8 -*-

import sys
import dns
from dns.exception import DNSException
from dns.rdataclass import *

## escleanup.sh
#!/bin/bash

# delete one day
# curl -s -XDELETE  'http://127.0.0.1:9200/logstash-2014.02.28'

# delete from crontab
# DATETODELETE=`date +%Y.%m.%d -d '7 days ago'`
# curl -s -XDELETE  http://127.0.0.1:9200/logstash-${DATETODELETE}

# delete by space

## gist:11008087
  # Set global proxy timeouts
  <Proxy http://127.0.0.1:9200>
    ProxySet connectiontimeout=5 timeout=90
  </Proxy>

  # Proxy for _aliases and .*/_search
  <LocationMatch "^/(_status|_stats|_nodes|_aliases|.*/_aliases|_search|.*/_search|_mapping|.*/_mapping)$">
    ProxyPassMatch http://127.0.0.1:9200/$1
    ProxyPassReverse http://127.0.0.1:9200/$1
  </LocationMatch>

## gist:fbcf8ed5eb03cf533c1f
# verify client certificates using CA.pem
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/ServerCertAndKey.pem
SSLCACertificateFile /etc/apache2/ssl/CA.pem
SSLVerifyClient require
SSLVerifyDepth  1

# allow connections from certain CN only, except for that guy
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ and %{SSL_CLIENT_S_DN_CN} =~ m/^ROBOTS/ and %{SSL_CLIENT_S_DN_CN} !~ m/^ROBOTS - Bad Robot/ )

## gist:1908892061fcb2b2f3c6
$sfurl = 'https://webto.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8';
$sffields = array(
                        'oid' => 'someoid',
                        'lead_source' => 'my website',
                        'last_name' => urlencode($_POST['name']),
                        'company' => urlencode($_POST['organization']),
                        'email' => urlencode($_POST['email']),
                        'phone' => urlencode($_POST['phone']),
                );
foreach($sffields as $key=>$value) { $fieldstring .= $key.'='.$value.'&'; }

## gist:ae87dc081ff0588bbeff
# Perfect Forward Secrecy ciphers
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLHonorCipherOrder on

# Enabled protocols
SSLProtocol all -SSLv2 -SSLv3

# OCSP stapling
SSLUseStapling on
SSLStaplingResponderTimeout 5

## suricata
/var/log/suricata/*.log /var/log/suricata/*.json
{
    daily
    rotate 3
    missingok
    nocompress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP $(pidof suricata)

## oinkmaster
MAILTO="security@domain.tld"

55 5 * * * root ( /usr/sbin/oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules; sleep 5; kill -USR2 `pidof suricata` )

## suricata.conf
description "Suricata Intrusion Detection System Daemon"
start on runlevel [2345]
stop on runlevel [!2345]
expect fork
exec suricata -D --pidfile /var/run/suricata.pid -c /etc/suricata/suricata.yaml -i eth1

## ratelimit.conf
$SystemLogRateLimitInterval 5
$SystemLogRateLimitBurst 2000
	#!/usr/bin/python
	# This script will query a name server nonrecursively
	# RFC 1912 recommends that the $TTL value on the name server
	# be set to 1 day or longer
	# -- coding: utf-8 --

	import sys
	import dns
	from dns.exception import DNSException
	from dns.rdataclass import *
	#!/bin/bash

	# delete one day
	# curl -s -XDELETE 'http://127.0.0.1:9200/logstash-2014.02.28'

	# delete from crontab
	# DATETODELETE=`date +%Y.%m.%d -d '7 days ago'`
	# curl -s -XDELETE http://127.0.0.1:9200/logstash-${DATETODELETE}

	# delete by space
	# Set global proxy timeouts
	<Proxy http://127.0.0.1:9200>
	ProxySet connectiontimeout=5 timeout=90
	</Proxy>

	# Proxy for _aliases and .*/_search
	<LocationMatch "^/(_status\|_stats\|_nodes\|_aliases\|./_aliases\|_search\|./_search\|_mapping\|.*/_mapping)$">
	ProxyPassMatch http://127.0.0.1:9200/$1
	ProxyPassReverse http://127.0.0.1:9200/$1
	</LocationMatch>
	# verify client certificates using CA.pem
	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/ServerCertAndKey.pem
	SSLCACertificateFile /etc/apache2/ssl/CA.pem
	SSLVerifyClient require
	SSLVerifyDepth 1

	# allow connections from certain CN only, except for that guy
	SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP\|NULL)-/ and %{SSL_CLIENT_S_DN_CN} =~ m/^ROBOTS/ and %{SSL_CLIENT_S_DN_CN} !~ m/^ROBOTS - Bad Robot/ )
	$sfurl = 'https://webto.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8';
	$sffields = array(
	'oid' => 'someoid',
	'lead_source' => 'my website',
	'last_name' => urlencode($_POST['name']),
	'company' => urlencode($_POST['organization']),
	'email' => urlencode($_POST['email']),
	'phone' => urlencode($_POST['phone']),
	);
	foreach($sffields as $key=>$value) { $fieldstring .= $key.'='.$value.'&'; }
	# Perfect Forward Secrecy ciphers
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
	SSLHonorCipherOrder on

	# Enabled protocols
	SSLProtocol all -SSLv2 -SSLv3

	# OCSP stapling
	SSLUseStapling on
	SSLStaplingResponderTimeout 5
	/var/log/suricata/.log /var/log/suricata/.json
	{
	daily
	rotate 3
	missingok
	nocompress
	create
	sharedscripts
	postrotate
	/bin/kill -HUP $(pidof suricata)
	MAILTO="security@domain.tld"

	55 5 * * * root ( /usr/sbin/oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules; sleep 5; kill -USR2 `pidof suricata` )
	description "Suricata Intrusion Detection System Daemon"
	start on runlevel [2345]
	stop on runlevel [!2345]
	expect fork
	exec suricata -D --pidfile /var/run/suricata.pid -c /etc/suricata/suricata.yaml -i eth1