Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@reyjrar
reyjrar / errors.log
Last active Nov 20, 2016
Sample Queries with es-search.pl
View errors.log
brad@janus $ es-search.pl --top program error
= Querying Indexes: syslog-2016.11.20
count program
487 sshd
33 postfix/smtpd
24 postfix/smtps/smtpd
1 freshclam
# Search Parameters:
# {"bool":{"must":[{"query_string":{"query":"error"}}]}}
# Displaying 4 of 545 in 0 seconds.
@reyjrar
reyjrar / logstash-config-broken.conf - Starting Point
Last active Aug 4, 2016
Massive Parse Tree Failure in Logstash 5.0.0-alpha3
View logstash-config-broken.conf - Starting Point
input {
udp {
host => "127.0.0.1"
port => 9514
type => "syslog"
}
}
filter {
# This grok FAILS with a PARSE ERROR
grok {
@reyjrar
reyjrar / unbound.pp
Created May 7, 2016
Puppet class to install unbound and use yoyo.org for blocking ad servers.
View unbound.pp
# puppet module install zleslie-unbound
class dns::caching {
# I'm using extlookup for a very small personal network, could be hiera
$trusted_ipv4 = extlookup('trusted_ipv4')
$trusted_ipv6 = extlookup('trusted_ipv6')
realize(Group['unbound'])
realize(User['unbound'])
$local_ad_servers = "/etc/unbound/local.d/adservers.conf"
View keybase.md

Keybase proof

I hereby claim:

  • I am reyjrar on github.
  • I am reyjrar (https://keybase.io/reyjrar) on keybase.
  • I have a public key ASBhL2F7FpCetTBbHeSajnZusy0pe2QJNTX69go64Lwm_wo

To claim this, I am signing this object:

@reyjrar
reyjrar / es-utils-4.4-release-notes
Created Feb 27, 2016
es-utils-4.4-release-notes
View es-utils-4.4-release-notes
==================================================
Changes from 2014-02-27 00:00:00 +0000 to present.
==================================================
----------------------------------------
version 4.4 at 2016-02-27 07:15:06 +0000
----------------------------------------
Change: 4a832f92659ebc575d2de0948dbb01b8e349138b
Author: Brad Lhotsky <blhotsky@craigslist.org>
@reyjrar
reyjrar / digiti-matching.pl
Created Dec 8, 2013
Testing variations on matching digits with Perl Regex
View digiti-matching.pl
#!/usr/bin/env perl
#
use strict;
use warnings;
use Benchmark qw(cmpthese);
my @tests = (
q{testing 12345 some more stuff},
q{123 testing some stuff},
@reyjrar
reyjrar / adobe.txt
Last active Dec 29, 2015
Output from a bitsquatting whois tool I'm working on. GOOGLEUSERCONTENT.COM is rated #44 on the Alexa Top Sites
View adobe.txt
$ ./bin/bit-whois.pl adobe.com
adobe.com variation bdobe.com is taken (ns01.domaincontrol.com)
adobe.com variation aeobe.com is !! ERROR !!
No Match Domain!
adobe.com variation acobe.com is taken (ns1.s416.sureserver.com)
adobe.com variation adpbe.com is taken (ns2.hastydns.com)
adobe.com variation adnbe.com is ** AVAILABLE **
adobe.com variation adoce.com is taken (ns2.warptech.net)
adobe.com variation adoae.com is ** AVAILABLE **
adobe.com variation adobf.com is ** AVAILABLE **
@reyjrar
reyjrar / feature.xml
Created Jul 9, 2013
Possible enhancement to the decoders/rules
View feature.xml
<decoder name="uptime">
<regex>load avergage: (\S+),</regex>
<order>var:load<order>
</decoder>
<rule id="100000" level="10">
<decoded_as>uptime</decoded_as>
<compare var="load" is="numeric" check="gt">2</compare>
</rule>
@reyjrar
reyjrar / crontab.xml
Created Jun 26, 2013
OSSEC Decoder for crontab manipulation.
View crontab.xml
<!-- Decoder to enable extracting data from the crontab command
Aug 30 17:13:02 server.example.com crontab[1347]: (root) LIST (root)
Aug 30 17:13:38 server.example.com crontab[2852]: (root) BEGIN EDIT (root)
Aug 30 17:13:41 server.example.com crontab[2852]: (root) REPLACE (root)
Aug 30 17:13:41 server.example.com crontab[2852]: (root) END EDIT (root)
Aug 30 17:14:01 server.example.com crond[1756]: (root) RELOAD (/var/spool/cron/root)
Aug 30 17:14:01 server.example.com CROND[4018]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Aug 30 17:14:06 server.example.com crontab[4030]: (root) LIST (root)
Aug 30 17:15:01 server.example.com CROND[5818]: (root) CMD (/usr/lib64/sa/sa1 1 1)
@reyjrar
reyjrar / named-axfr.xml
Created Jun 26, 2013
OSSEC Decoder for Named Zone Transfers
View named-axfr.xml
<!-- AXFR Logs
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR started
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR ended
06-Mar-2013 09:18:26.971 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR started
06-Mar-2013 09:18:26.974 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR ended
-->
<decoder name="bind-axfr-start">
You can’t perform that action at this time.