Skip to content

Instantly share code, notes, and snippets.

View wrossmann's full-sized avatar
👺
¯\_(ツ)_/¯

Wade Rossmann wrossmann

👺
¯\_(ツ)_/¯
  • Victoria, BC
View GitHub Profile
@wrossmann
wrossmann / README.md
Created January 29, 2020 01:01
Find all Graylog output mappings

There doesn't seem to be a UI function for this, so if you're stuck up a creek like I am.

curl -s \
    -H "Authorization: Basic $(echo -n 'username:password' | base64)" \
    http://graylog-server:9000/api/streams \
| jq '
.streams[] | 
select(.outputs | length > 0) | 
{
@wrossmann
wrossmann / DoveadmAuth.php
Created November 28, 2013 00:47
Quick, dirty, simple PHP to use `doveadm auth` to validate a user's plaintext password against the stored hash without exposing the password through shell commands. Note: This assumes that you already have dovecot's auth backend set up and working. Also, there does not appear to be a simple way to feed in a pre-computed hash, it will only use th…
<?php
class DoveadmAuth {
public static function auth($username, $password) {
$descriptors = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w'),
);
$cwd = sys_get_temp_dir();
@wrossmann
wrossmann / README.md
Last active March 10, 2020 21:15 — forked from keithchambers/gist:80b60559ad83cebf1672
Ansible role to set 'noop' i/o scheduler (CentOS 7)

Fixes

  • make the IO scheduler configurable
  • register grub_test to match the actual variable usage
  • changed stdout to stdout_lines
  • make block_devs work.
    • it looks gross, but previously interpreted block_devs.stdout_lines as a literal string

Ansible version: 2.7

@wrossmann
wrossmann / certbot-acm-post-hook.sh
Created July 17, 2021 00:44
CertBot post-renew hook to update ACM
#!/bin/bash
#requirements: aws CLI v2, jq, openssl
LE_DIR=${LE_DIR:-/etc/letsencrypt}
QUIET=${QUIET:-1}
function dbg {
if [ $QUIET -eq 0 ]; then
echo $@ >&2
@wrossmann
wrossmann / no-jndi.nginx.conf
Created December 11, 2021 01:19
Nginx config to filter out requests and User-Agents that contain LogJam jndi strings.
if ( $http_user_agent ~* "\${jndi:" ) {
return 400;
}
if ( $request_uri ~* "(\$|%24)({|%7b)(j|%6a)(n|%6e)(d|%64)(i|%69)(:|%3a)" ) {
return 400;
}
@wrossmann
wrossmann / README.md
Created March 7, 2019 00:59
Decrypt Ansible AWX or Tower Data

Let's say you're having a bad day and while trying to upgrade your AWX instance you instead unrecoverably brick it, and then you realize that you made a point of storing a very important SSH key in AWX and nowhere else. Why? REASONS.

What do I need?

  1. The secret key from your AWX config file.
  2. A dump of your postgres database in plaintext.
    • If you're lucky yours is still functional and you can just query it.
  3. Gumption.

What do I do?