| #!/usr/bin/env ruby -w | |
| # pnginator.rb: pack a .js file into a PNG image with an HTML payload; | |
| # when saved with an .html extension and opened in a browser, the HTML extracts and executes | |
| # the javascript. | |
| # Usage: ruby pnginator.rb input.js output.png.html | |
| # By Gasman <http://matt.west.co.tt/> | |
| # from an original idea by Daeken: http://daeken.com/superpacking-js-demos |
| from phply.phpparse import parser | |
| import phply.phplex as phplex | |
| from phply.phpast import * | |
| import sys | |
| import copy | |
| import os.path | |
| import pickle | |
| import subprocess | |
| import traceback |
| /etc/logstash/logstash.conf : | |
| # We handle the syslog part of the Cisco PIX/ASA messages | |
| grok { | |
| tags => "cisco-fw" | |
| patterns_dir => "/etc/logstash/patterns" | |
| pattern => "^<%{POSINT:syslog_pri}>(?:(%{TIMESTAMP_ISO8601:timestamp8601} |%{CISCOTIMESTAMP:timestamp} ))?%{SYSLOGHOST:logsource}?[ :]+%{GREEDYDATA:syslog_message}" | |
| } | |
| syslog_pri { | |
| tags => "cisco-fw" |
| Migrates multiple SVN repos to Git, without anything fancy (no Ruby, no dependencies, no issues | |
| with Cygwin paths). SVN tags are created as Git tags and properly pushed to the Git repo. To run: | |
| 1) Edit run-authors.sh to have your SVN repos. Run it to get an authors.txt file. | |
| 2) Edit the authors.txt to have the names and emails if you like. You must use GitHub user email | |
| addresses if you want contributions to be associated with GitHub accounts. | |
| 3) Edit run-convert.sh to have your SVN repos and project name (for local temp directories). Run it. |
Note: this is a summary of different git workflows putting together to a small git bible. references are in between the text
try to keep your hacking out of the master and create feature branches. the [feature-branch workflow][4] is a good median between noobs (i have no idea how to branch) and git veterans (let's do some rocket sience with git branches!). everybody get the idea!
| import requests, json, logging, sys | |
| class PassiveTotal: | |
| def __init__(self, apikey): | |
| self.__apikey = apikey | |
| self.__classifications = [ 'targeted', 'crime', 'benign', 'multiple' ] | |
| self.__actions = [ 'add', 'remove' ] | |
| 1. Parse evtx logs with evtxdump.py (https://github.com/williballenthin/python-evtx) | |
| 2. Create custom Splunk sourcetype "winevtx": | |
| Edit $SPLUNK_HOME/etc/system/local/props.conf | |
| [winevtx] | |
| NO_BINARY_CHECK = 1 | |
| SHOULD_LINEMERGE = true | |
| BREAK_ONLY_BEFORE = ^\<Event xmlns= |
| input { | |
| file { | |
| path => "/var/log/nginx/access.log" | |
| type => "nginx-access" | |
| sincedb_path => "/var/log/.nginxaccesssincedb" | |
| } | |
| } | |
| input { | |
| file { | |
| path => "/var/log/nginx/error.log" |
| # Install Java 1.8 in CentOS/RHEL 6.X | |
| sudo yum remove -y java-1.6.0-openjdk | |
| wget --no-cookies \ | |
| --no-check-certificate \ | |
| --header "Cookie: oraclelicense=accept-securebackup-cookie" \ | |
| "http://download.oracle.com/otn-pub/java/jdk/8-b132/jdk-8-linux-x64.rpm" \ | |
| -O jdk-8-linux-x64.rpm | |
| sudo rpm -Uvh jdk-8-linux-x64.rpm | |
| sudo alternatives --install /usr/bin/java java /usr/java/jdk1.8.0/jre/bin/java 20000 | |
| sudo alternatives --install /usr/bin/jar jar /usr/java/jdk1.8.0/bin/jar 20000 |
| input { | |
| file { | |
| type => "ossec" | |
| path => "/var/ossec/logs/alerts/alerts.log" | |
| sincedb_path => "/opt/logstash/" | |
| codec => multiline { | |
| pattern => "^\*\*" | |
| negate => true | |
| what => "previous" | |
| } |
