wesyoung

1. * coding: utf-8 *

Download net install iso. Find a mirror close to you at http://isoredirect.centos.org/centos/6/isos/x86_64/

Create a new VirtualBox machine

- Name: vagrant-centos
- Operating System: Linux
- Version: Red Hat 64bit

wesyoung

#!/bin/sh

# Credits to:
#  - http://vstone.eu/reducing-vagrant-box-size/
#  - https://github.com/mitchellh/vagrant/issues/343

aptitude -y purge ri
aptitude -y purge installation-report landscape-common wireless-tools wpasupplicant ubuntu-serverguide
aptitude -y purge python-dbus libnl1 python-smartpm python-twisted-core libiw30
aptitude -y purge python-twisted-bin libdbus-glib-1-2 python-pexpect python-pycurl python-serial python-gobject python-pam python-openssl libffi5

wesyoung

dnl **************************************************
dnl * Python support                                 *
dnl **************************************************

AC_ARG_WITH(python, AC_HELP_STRING(--with-python@<:@=PATH@:>@, Enable support for python binding @<:@default=auto@:>@),
            [python_required=true; if test x$withval = xyes; then with_python="python"; fi], with_python="python")

if test x$with_python != xno; then

   AC_PATH_PROG(PYTHON, `basename $with_python`, no, `dirname $with_python`:$PATH)

wesyoung

{
    "order" : 0,
    "template" : "cif-*",
    "settings" : {
        "index.analysis.analyzer.default.stopwords" : "_none_",
        "index.refresh_interval" : "5s",
        "index.analysis.analyzer.default.type" : "standard",
        "index" : {
            "query" : { "default_field" : "@message" },
            "store" : { "compress" : { "stored" : true, "tv": true } }

wesyoung

{
  "title": "Collective Intelligence Framework (csirtgadgets.org)",
  "services": {
    "query": {
      "list": {
        "0": {
          "query": "*",
          "alias": "",
          "color": "#7EB26D",
          "id": 0,

wesyoung

#
# Nginx proxy for Elasticsearch + Kibana
#
# In this setup, we are password protecting the saving of dashboards. You may
# wish to extend the password protection to all paths.
#
# Even though these paths are being called as the result of an ajax request, the
# browser will prompt for a username/password on the first request
#
# If you use this, you'll want to point config.js at http://localhost:80/ instead of

wesyoung

sub main {
	my $ret = connect_bgpdata( $bgp_remote, $bgp_remote_port );
	die('connect failure') unless ( $ret == 0 );
	my $xml_msg;
	my ( @addrs, @peers, $hash, $timestamp, $asn );
	$Logger->debug('reading first message');
	while ( $xml_msg = read_xml_message() ) {
		warn 'test';
		if ( !defined($xml_msg) ) {
			$Logger->warn( get_error_code() . ": " . get_error_msg() );

wesyoung

{"impact": "Moderate", "block_type": "IPv4 Address", "tags": ['zeus','phish'] ... }

wesyoung

remote:p5-cif-sdk wes$ perl -Ilib bin/cif -R http://localhost:5000/v2 --tags hijacked,scanner
provider               |tlp  |group   |observable      |confidence|firsttime           |lasttime            |reporttime          |altid                                                |altid_tlp|tags               
dragonresearchgroup.org|amber|everyone|2.108.1.0       |85        |2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|116.10.191.175  |85        |2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|2014-07-28T19:07:13Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|193.107.16.206  |85        |2014-07-28T19:07:15Z|2014-07-28T19:07:15Z|2014-07-28T19:07:15Z|http://dragonresearchgroup.org/insight/sshpwauth.txt |green    |scanner            
dragonresearchgroup.org|amber|everyone|68.236.173.233  |85        |2014-07

wesyoung

#!/usr/bin/perl -w

# modified the feed_lock.pl script to check the file
# /tmp/cif_crontool.lock.daily and see it it's older than 23 hours


use strict;
use File::stat;
use MIME::Lite;