Skip to content

Instantly share code, notes, and snippets.

View satta's full-sized avatar

Sascha Steinbiss satta

146 followers · 174 following
View GitHub Profile
@mschoch
mschoch / test-bleve-search.sh
Last active June 18, 2023 03:53
bleve - create index, index JSON, query index
#!/bin/sh
# create a custom mapping
cat > /tmp/mapping.json << MAPPING
{
"types": {
"_default": {
"properties": {
"location": {
"properties": {
@jermdw
jermdw / b64_2_pcap.py
Created January 9, 2018 18:30
Convert Base64 encoded packet capture from Suricata IDS into a binary PCAP file for analysis.
#!/usr/bin/env python2
import base64, struct, sys
if len(sys.argv) > 1:
try:
binary = base64.decodestring(sys.argv[1])
#File header
sys.stdout.write(struct.pack("IHHIIII",
0xa1b2c3d4, # Magic
@chrisxaustin
chrisxaustin / tshark-syslog
Last active October 5, 2023 14:35
tshark - extract src and syslog message
# To read foo.pcap
tshark -ln -r foo.pcap -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg
# To listen on eth0
tshark -ln - eth0 -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg
@kevinelliott
kevinelliott / osx-10.10-setup.md
Last active December 1, 2023 08:21
Mac OS X 10.10 Yosemite Setup

Mac OS X 10.10 Yosemite

Custom recipe to get OS X 10.10 Yosemite running from scratch, setup applications and developer environment. I use this gist to keep track of the important software and steps required to have a functioning system after a semi-annual fresh install. On average, I reinstall each computer from scratch every 6 months, and I do not perform upgrades between distros.

This keeps the system performing at top speeds, clean of trojans, spyware, and ensures that I maintain good organizational practices for my content and backups. I highly recommend this.

You are encouraged to fork this and modify it to your heart's content to match your own needs.

Install Software

@tylerneylon
tylerneylon / json.lua
Last active April 19, 2024 21:02
Pure Lua json library.
--[[ json.lua
A compact pure-Lua JSON library.
The main functions are: json.stringify, json.parse.
## json.stringify:
This expects the following to be true of any tables being encoded:
* They only have string or number keys. Number keys must be represented as
strings in json; this is part of the json spec.
@rfdrake
rfdrake / raid1.cfg
Last active April 21, 2024 23:08
Debian Wheezy raid1 preseed configuration
# This puts all files in one partition. You'll need to change proxy settings
# (USERNAME, PASSWORD, PROXYSERVER) and crypted passwords, as well as the
# get_domain string to your dns domain.
# This is not quite fully automatic. It will prompt you for hostname. If you
# want to automatically fill in the hostname you'll need to provide it in the
# kernel APPEND line by saying netcfg/get_hostname=hostname
# If you've never setup preseeding, the first step is going to be getting PXE
# netinstall working. You don't need a full CD, you just need netboot/debian-installer/amd64/linux
@nrollr
nrollr / nginx.conf
Last active April 22, 2024 15:11
NGINX config for SSL with Let's Encrypt certs
# UPDATED 17 February 2019
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
}
# SSL configuration
@eenblam
eenblam / linux_reading_list.md
Last active April 25, 2024 10:25
Linux Networking Reading List

Linux Networking Reading List

Currently in no particular order. Most of these are kind of ancient.

Where's all the modern documentation? So much of what I've turned up searching is other folks complaining about having few options beyond reading source code.

The OREILLY books, while dated, seem to be some of the best available. Note that these can be read with a 7-day trial. Do this! At least get through the introduction section and first chapter of each to see if it's what you're after.

https://www.netfilter.org/

@mpurzynski
mpurzynski / protoanomalies.rules
Created November 27, 2017 16:53
Suricata rules for protocol anomalies
alert tcp any any -> any !80 (msg:"SURICATA HTTP on unusual port"; flow:to_server; app-layer-protocol:http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271001; rev:1;)
alert tcp any any -> any 80 (msg:"SURICATA non-HTTP on TCP port 80"; flow:to_server; app-layer-protocol:!http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271002; rev:1;)
alert tcp any any -> any ![443,465,587] (msg:"SURICATA TLS on unusual port"; flow:to_server; app-layer-protocol:tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271004; rev:1;)
alert tcp any any -> any [443,465] (msg:"SURICATA non-TLS on TLS port"; flow:to_server; app-layer-protocol:!tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271003; rev:1;)
alert tcp any any -> any ![20,21] (msg:"SURICATA FTP on unusual TCP port"; flow:to_server; app-layer-protocol:ftp; threshold: type limit, track by_src, seconds 60, count 1; sid:2271005; rev:1;)
alert tcp any any -> any [20,21] (msg:"SURICATA non-FTP on TCP
@joshbuchea
joshbuchea / semantic-commit-messages.md
Last active May 6, 2024 07:52
Semantic Commit Messages

Semantic Commit Messages

See how a minor change to your commit message style can make you a better programmer.

Format: <type>(<scope>): <subject>

<scope> is optional

Example