Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@reyjrar
reyjrar / request-to-rule.pl
Created Aug 4, 2011
Generate Snort Signature from a HTTP Request
View request-to-rule.pl
#!/usr/bin/env perl
use strict;
use warnings;
use HTTP::Status;
use URI;
use Snort::Rule;
@reyjrar
reyjrar / moosex-poe-test.pl
Created Sep 29, 2011
MooseX::POE Testing
View moosex-poe-test.pl
#------------------------------------------------------------------------#
package base;
use MooseX::POE;
with qw( MooseX::POE::Aliased );
event process => sub {
my ($self,$thing) = @_[OBJECT,ARG0];
print "base::process called with $thing\n";
};
@reyjrar
reyjrar / stdout.pm
Created Oct 5, 2011
MooseX::POE Simple STDOUT Plugin
View stdout.pm
package dns::monitor::plugin::sniffer::log::dest::stdout;
use Moose;
extends 'dns::monitor::plugin::sniffer::log';
sub write {
my ($self,$line) = @_;
print $line,"\n";
View dns-monitor-deploy.sh
#!/bin/bash
BINDIR="/usr/local/sbin"
SVNURL="file:///repo/projects/dns-monitor"
TARGET="/opt/www/dns-monitor"
$BINDIR/svncheckrel $SVNURL $TARGET
rc=$?;
if [ "$rc" -eq "0" ]; then
@reyjrar
reyjrar / local-cpan-mirror.txt
Created Nov 17, 2011
Local CPAN Mirror Setup, Simply
View local-cpan-mirror.txt
#=======================================
# Part 1 is Setting up the Mirror Server
# Install CPAN::Mini
$ curl -L http://cpanmin.us | perl - --sudo CPAN::Mini
# Select a CPAN Mirror URL from http://mirrors.cpan.org/
# - We'll use http://cpan.pair.com
# Pick a directory to mirror to, I'll use /var/www/cpan
@reyjrar
reyjrar / syslog-hosts-carbon.sh
Created Nov 19, 2011
log the number of distinct hosts communicating with syslog in the past 60 minutes
View syslog-hosts-carbon.sh
#!/bin/sh
# Assumes /var/log/remote/%HOSTNAME/ configuration for central logger
#
# collect data
time=`date +%s`;
distinct=`find /var/log/remote -mmin -60 | cut -d/ -f5| sort -u |wc -l`
# send it!
echo "syslog.distinct_hosts $distinct $time" | nc graphite 2003
@reyjrar
reyjrar / syslog-archive.sh
Created Nov 19, 2011
Manage /var/log/remote/ syslog storage, compressing and pruning older files.
View syslog-archive.sh
#!/bin/sh
#
# Script to manage syslog storage capacity
# Remove anything older than 1 year
find /var/log/remote/ -mindepth 2 -mtime +365 -type f -exec rm '{}' \;
# Remove empty directories
find /var/log/remote/ -type d -empty -exec rmdir '{}' \;
@reyjrar
reyjrar / New-iTerm-Window.scpt
Created Feb 8, 2012
AppleScript to Open a New iTerm Window and bring it to the front
View New-iTerm-Window.scpt
(*
* New-iTerm-Window.scpt
*
* Intended for use with QuickSilver
* I mapped option-y to running this script to create
* a new iTerm window on the current workspace
*
* Based on much Googling - very little "original" code here
* Comments/Suggestions to brad.lhotsky@gmail.com
*)
@reyjrar
reyjrar / logstash.conf
Created Jul 5, 2012
LogStash Configuration
View logstash.conf
input {
tcp {
type => "syslog"
port => 8514
}
}
filter {
## DISCARD IMPROPERLY FORMATTED MESSAGES
@reyjrar
reyjrar / accumulate.c
Created Aug 28, 2012
incomplete C code I'm workign on for adding accumulation of attributes to OSSEC-HIDS
View accumulate.c
int Accumulate(Eventinfo *lf)
{
// Declare our variables
bool do_update = false;
char _key[OS_ACM_MAXKEY];
char _data[OS_ACM_MAXDATA];
char hashed_line[OS_ACM_MAXDATA];
char hash_buffer[OS_ACM_MAXELM];
You can’t perform that action at this time.