Scott Woods woods

## gen-key-script
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: Root Superuser
Name-Email: root@handbook.westarete.com
Expire-Date: 0

## geoip.sh
# This is an example of how to use xtables / xt_geoip to block requests
# based on their source/destination country.
#
# It can be computationally expensive to have tons of iptables rules.
# According to the bottom of the following page, this xt_geoip is probably
# about as efficient as can be for doing this kind of thing:
# http://xtables-addons.sourceforge.net/geoip.php

# Install packages
apt-get install xtables-addons-common libtext-csv-xs-perl unzip

## git_svn_bash_prompt.sh
#!/bin/bash
#
# DESCRIPTION:
#
#   Set the bash prompt according to:
#    * the branch/status of the current git repository
#    * the branch of the current subversion repository
#    * the return value of the previous command
#
# USAGE:

## gist:8713516
#!/bin/bash

if [ "$1" == "-t" ] ; then
  test_mode='true'
else
  if [ "$1" == "" ] ; then
    test_mode='false'
  else
    echo "Unrecognized option \"$1\""
    echo "Usage: asdf.sh [-t]"

## check_vault_seal_status.sh
#!/bin/bash

# Assumes the following:
# - The `curl` package is installed
# - Vault is listening on the standard port 8200
# - Vault is using https with a valid certificate

# The hostname of the vault server that we're supposed to check.
hostname=$1

## tinyurl.rb
#!/usr/bin/env ruby
#
# A complete URL-shortening web application, written in Ruby/Sinatra. Run it
# from the command line, and then visit http://localhost:4567/
#
# Or to run it under apache/passenger, you'll need a config.ru file with the
# following contents:
#
#   require 'tinyurl'
#   run Sinatra::Application

## command.bash
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json \
  | jq '.prefixes | map(select(.service=="ROUTE53_HEALTHCHECKS")) | map(.ip_prefix)'

## purge.sh
# Get all patch versions of all kernels on the system
all_kernel_patch_versions=$( dpkg -l | egrep 'linux-headers-3.13.0-[0-9]+-generic' | awk -F '-' '{print $4}' | sort -n )

# Exclude any kernels that are in use (hard coded; you must CUSTOMIZE THIS PER MACHINE)
unused_kernel_patch_versions=$( echo "$all_kernel_patch_versions" | egrep -v '1[67]' )

for n in $unused_kernel_patch_versions ; do
  echo
  echo "========== $n ========="
  echo

## example.tf
# Allow access to the vault service from the public and private subnets
# Note that this doesn't allow access from the internet; it just allows
# traffic over the private network from hosts that reside in either of our
# two subnets.
resource "aws_security_group_rule" "vault" {
  security_group_id = "${aws_security_group.security_group.id}"
  type = "ingress"
  from_port = 8200
  to_port   = 8200
  protocol  = "tcp"

## update_ip_address.sh
#!/bin/bash
#
# When a machine is on a dynamic IP address cable modem, we use this script to
# periodically update DNS with the current record.
#
# Keep the contents of this file secret, since it contains the domain's API
# key. The ID of the record to be updated by hovering over it in DNSimple's
# web interface.

IP_ADDRESS="`curl -s http://icanhazip.com/`"
	Key-Type: 1
	Key-Length: 2048
	Subkey-Type: 1
	Subkey-Length: 2048
	Name-Real: Root Superuser
	Name-Email: root@handbook.westarete.com
	Expire-Date: 0
	# This is an example of how to use xtables / xt_geoip to block requests
	# based on their source/destination country.
	#
	# It can be computationally expensive to have tons of iptables rules.
	# According to the bottom of the following page, this xt_geoip is probably
	# about as efficient as can be for doing this kind of thing:
	# http://xtables-addons.sourceforge.net/geoip.php

	# Install packages
	apt-get install xtables-addons-common libtext-csv-xs-perl unzip
	#!/bin/bash
	#
	# DESCRIPTION:
	#
	# Set the bash prompt according to:
	# * the branch/status of the current git repository
	# * the branch of the current subversion repository
	# * the return value of the previous command
	#
	# USAGE:
	#!/bin/bash

	if [ "$1" == "-t" ] ; then
	test_mode='true'
	else
	if [ "$1" == "" ] ; then
	test_mode='false'
	else
	echo "Unrecognized option \"$1\""
	echo "Usage: asdf.sh [-t]"
	#!/bin/bash

	# Assumes the following:
	# - The `curl` package is installed
	# - Vault is listening on the standard port 8200
	# - Vault is using https with a valid certificate

	# The hostname of the vault server that we're supposed to check.
	hostname=$1
	#!/usr/bin/env ruby
	#
	# A complete URL-shortening web application, written in Ruby/Sinatra. Run it
	# from the command line, and then visit http://localhost:4567/
	#
	# Or to run it under apache/passenger, you'll need a config.ru file with the
	# following contents:
	#
	# require 'tinyurl'
	# run Sinatra::Application
	curl -s https://ip-ranges.amazonaws.com/ip-ranges.json \
	\| jq '.prefixes \| map(select(.service=="ROUTE53_HEALTHCHECKS")) \| map(.ip_prefix)'
	# Get all patch versions of all kernels on the system
	all_kernel_patch_versions=$( dpkg -l \| egrep 'linux-headers-3.13.0-[0-9]+-generic' \| awk -F '-' '{print $4}' \| sort -n )

	# Exclude any kernels that are in use (hard coded; you must CUSTOMIZE THIS PER MACHINE)
	unused_kernel_patch_versions=$( echo "$all_kernel_patch_versions" \| egrep -v '1[67]' )

	for n in $unused_kernel_patch_versions ; do
	echo
	echo "========== $n ========="
	echo
	# Allow access to the vault service from the public and private subnets
	# Note that this doesn't allow access from the internet; it just allows
	# traffic over the private network from hosts that reside in either of our
	# two subnets.
	resource "aws_security_group_rule" "vault" {
	security_group_id = "${aws_security_group.security_group.id}"
	type = "ingress"
	from_port = 8200
	to_port = 8200
	protocol = "tcp"
	#!/bin/bash
	#
	# When a machine is on a dynamic IP address cable modem, we use this script to
	# periodically update DNS with the current record.
	#
	# Keep the contents of this file secret, since it contains the domain's API
	# key. The ID of the record to be updated by hovering over it in DNSimple's
	# web interface.

	IP_ADDRESS="`curl -s http://icanhazip.com/`"