This script enables checking of dates on a certificate. Usually tied together with some form of alerting when within a month ot week of renewal needs.
echo | openssl s_client -connect HOSTNAME:PORT 2>/dev/null | openssl x509 -noout -dates
Ryan Donahue Splat
Splat
/ fast_hash.md
Last active
November 3, 2017 20:17
secure ciphers, keys, and macs for optimal performance for things like SSH and SCP
When using things like SSH and SCP at scale across many hosts, it's important to trim available cipher suites. Rolling through all ciphers suites until a match is found can be time costly. At the very least you should trim your client and proxies to use a limited set of valid ciphers. It's also valuable to limit on the server side too in order to avoid keys and certificates using corrupted ciphers.
Below is what I deem to be the best security/performance configurations for an optimal path.
ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
aes192-ctr,aes256-ctr,aes192-cbc,aes256-cbc
Splat
/ couch-install-centos7.
Created
February 24, 2017 20:50
— forked from wmealing/couch-install-centos7.
centos7 / rhel7 install instructions for couchdb.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Move to a location where you don't mind storing the couchdb install files. | |
| cd /tmp/ | |
| EPEL_FILE=epel-release-latest-7.noarch.rpm | |
| COUCH=apache-couchdb-1.6.1.tar.gz | |
| rm -rf epel-release-latest-7.noarch.rpm |
Splat
/ ruby_cert_chain_request.rb
Last active
November 21, 2016 16:37
Loading certificate chain from a CA directory to use for validation to a certain depth.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'net/http' | |
| require 'net/https' | |
| require 'uri' | |
| API_URI = 'some.site.com' | |
| root_ca_path = '/etc/ssl/certs' | |
| root_ca_depth = 5 | |
| api_user = 'username' | |
| api_password = 'password' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pbcopy < ~/.ssh/id_rsa.pub |
Splat
/ mongo_missing_indexes
Created
September 22, 2016 23:59
Working with the mongodb oplog for non indexed queries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /var/log/mongodb/ | |
| grep '2015-07-10' mongodb.log| grep IXSCAN | sed -e s'/.*planSummary: IXSCAN//' | sed -e 's/ cursorid.*//; s/ keyUpdates.*//; s/ nto.*//; ' | perl -lne 'print join "\n", split /, IXSCAN/;' | perl -pne 's/(^\s+)//' | sort | uniq -c |
Splat
/ tiger_output_diff
Created
September 22, 2016 23:55
Working with the output of Tiger vulnerability reports to sanitized and diff from a prior
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find security.report.safer.* -type f -printf "%C@ %p\n" | sort -rn | head -n 2 | |
| diff <(tail -n +4 file | head -n -1) <(tail -n +4 file2 | head -n -1) |
Splat
/ auth_log_failures
Created
September 22, 2016 23:52
Getting some sorted and unique information from the auth log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| egrep -i 'authentication failure;' FILENAME.txt | egrep 'root' | egrep -v ' more ' | awk '{print $14}' | tr '=' ' ' | awk '{print $2}' | sort | uniq -c | sort -nr | more |
Splat
/ git_branch_clutter
Created
September 22, 2016 23:49
find old and dead branches within a Git repo for potential cleanup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for k in $(git branch -a --merged|grep -v "\->"|sed s/^..//);do echo -e $(git log -1 --pretty=format:"%Cgreen%ci %Cred%cr%Creset" "$k")\\t"$k";done|sort|more |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git ls-files -z | xargs -0n1 git blame -w | ruby -n -e '$_ =~ /^.*\((.*?)\s[\d]{4}/; puts $1.strip' | sort -f | uniq -c | sort -n |
NewerOlder