sshimko

alias: Speak Faulted Alarm Sensors Script
description: ""
sequence:
  - service: tts.cloud_say
    data:
      entity_id: media_player.office_sonos
      message: >
        {% set lst = states.binary_sensor |
        rejectattr('attributes.device_class', 'undefined') |
        selectattr('entity_id', 'in', integration_entities('mqtt')) |

sshimko

#!/bin/bash
# Builds a module that is present in the kernel sources but not built and shipped by Red Hat.
# For me, this was a 5Gbps USB NIC needing the aqc111 module (not atlantic) on RHEL 8.
#
# It grabs the kernel src RPM based on the latest you have installed
# This might be a lot easier in DKMS.
MODULE="aqc111"
MODULE_KPATH="drivers/net/usb"
MODULE_KCONF="CONFIG_USB_NET_AQC111"

sshimko

#!/bin/bash
# libvirt is rude and clobbers rules but lets us hook in via /etc/libvirt/hooks/network, update the IP and NIC if you need to.
# This adds a simple rule to accept NEW incoming packets on a host so a guest (or perhaps something like a UPNP daemon on the host) can determine what comes and goes
# What is looks like before:
# ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
# REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
# What it looks like after
# ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     state NEW
# ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
# REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

sshimko

#!/bin/sh
# Fetch current govcloud IP ranges
 /usr/bin/curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '[.prefixes]|.[]|.[] | select(.region|test("us-gov")) | .ip_prefix| gsub("\""; "")'

sshimko

# Sort out your own auth.
com2sec mynetwork 192.168.0.1/24 COMMUNITYNAME
rocommunity COMMUNITYNAME default .1
syscontact My Name <MyEmail@address.com>
syslocation Judecca

# LibreNMS had some example extends for Linux so I put these together for macOS.
extend distro /bin/bash -c '/usr/bin/sw_vers|grep -v Build|sed -e "s/^.*:.//"|tr "\\n" " "'

# This gives a pretty name, but a pretty name isn't always available in a system-wide place and pointing into /Users/ somewhere is bad.

sshimko

#!/bin/bash

cd /usr/share/icons

# Microseven MYM7 1080i-A etc
wget -O cam1.jpg 'http://192.168.0.2/tmpfs/snap.jpg?usr=username&pwd=password&1562769315776'
wget -O cam2.jpg 'http://192.168.0.3/tmpfs/snap.jpg?usr=username&pwd=password&1562769315776'
wget -O cam3.jpg 'http://192.168.0.4/tmpfs/snap.jpg?usr=username&pwd=password&1562769315776'
# foscam 9821 v2
wget -O cam4.jpg 'http://192.168.0.5/cgi-bin/CGIProxy.fcgi?cmd%3DsnapPicture2%26usr%3Dsuername%26pwd%3Dpassword'

sshimko

#!/bin/sh

SETNAME=baddies
echo "Current stats of ipset ${SETNAME}"

iptables -LINPUT -n -v | head -n2
iptables -LINPUT -n -v | grep ${SETNAME}

echo -e "\nCreating or flushing the \"${SETNAME}\"."

sshimko

#!/bin/sh
pk12util -d . -r -n Server-Cert -o foo.p12
openssl pkcs12 -in foo.p12 -out foo-crt.pem -clcerts -nokeys
openssl pkcs12 -in foo.p12 -out foo-key.pem -nocerts -nodes

sshimko

#!/bin/sh
# this is a pre-connect script for Tunnelblick that displays a bnner prior to connect and bails if the user clicks "Decline".
# adjust the banner as needed for your compliance requirements.
# NOTE: after you add pre-connect.sh to your tblk config directory you must attempt to connect once and then in the subsequent dialog that appears
# you must alloiw tunnelblick to access the System UI Server.
#

banner="
You will be monitored.
If you are unauthorized or do not agree to the terms above, you are not permitted to use this system.

sshimko

In Yubikey tool:

1. Click OATH+HOTP tab

2. Click Advanced 

3. Deselect token identifier.

4. Press Generate to create a new random seed.