Howto Add Hex Numbers via Command Line

Recently I needed to calculate the starting and ending memory addresses of an IOS application (in order to dump it). As a result i needed to figure out how to add two hex addresses. Here’s what I discovered.

Basic Example

In this case we are adding 0x4f000 and 0×2000

$ printf “0x%X\n” $(( 0x4f000+0×2000 )) . . . → Read More: Howto Add Hex Numbers via Command Line

Logstash Logrotate Howto

Problems

I was facing two problems with my Logstash setup

Logstash service constantly required manual restarts (no longer indexing, hanging process) Local log files were filling up my root partition Symptom

Logstash failed to:

Index events in the queue Trim its own logs =) Cause Indexing

I’m not sure why it was failing to index. . . . → Read More: Logstash Logrotate Howto

Bash Cheat Sheet

Here’s my bash cheat sheet:

Tests Combining [ condition ] && action; # action executes if condition is true. [ condition ] || action; # action executes if condition is false. Filesystem related tests

We can test different filesystem related attributes using different condition flags as follows:

[ -f $file_var ]: Returns true if the . . . → Read More: Bash Cheat Sheet

Testing SSL Chaining Issues

Recently I needed to debug an issue by testing SSL chaining issues My old standby tools (curl and openssl were not reporting any errors) The exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors Cause The cert from the keystore does not match the cert from . . . → Read More: Testing SSL Chaining Issues

Whitelist Entire Country with ipset

Goal: Whitelist an Entire Country with ipset For this article i’ll be referencing the github repository I set up at

https://github.com/ssstonebraker/braker-scripts/tree/master/working-scripts/ipset We have a few files there, specifically: * cidr_to_ipset.sh (a script to create an ipset ruleset) * Some example CIDR blocks for Italy (IT.txt), Spain (ES.txt), Great Britian (GB.txt), USA (US.TXT) * sample_firewall.txt (example . . . → Read More: Whitelist Entire Country with ipset

barnyard2 won’t log to database – how to fix it

What to do when barnyard2 won’t log to the database….

Are you seeing something like this?

[SignatureReferencePullDataStore()]: No Reference found in database …

Full text:

# /usr/local/bin/barnyard2 -c /etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/barnyard2/barnyard2.waldo Running in Continuous mode –== Initializing Barnyard2 ==– Initializing Input Plugins! Initializing Output Plugins! Parsing config file “/etc/barnyard2.conf” +[ Signature . . . → Read More: barnyard2 won’t log to database – how to fix it

egrep valid ip address

Example to egrep valid ip address

To egrep all valid ip addresses in current directory:

egrep -r ‘[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}’ .

An Alternative:

/bin/egrep ‘\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b’

neo4j SSL howto

Getting SSL to work with neo4j can be very frustrating. The crux of the problem is that their documentation isn’t very robust.

Here’s what they don’t tell you:

Both the cert and the key MUST be in DER format!

example to convert a PEM formatted crt key to a der formatted crt key openssl x509 . . . → Read More: neo4j SSL howto

convert valid godaddy cert key to java keystore for tomcat

I spend hours trying to figure this out and here are the fruits of my labor

Problem

You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file

Curl output may look like this:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify . . . → Read More: convert valid godaddy cert key to java keystore for tomcat

nginx code igniter remove index.php prefix

Objective

Remove the index.php prefix from your nginx code igniter instance.

Assumptions In your main nginx conf file you define how php is called (unix socket or ip:port) You will replace foo.example.com with whatever your domain name is The proper logging path will be defined per your system as opposed to the location i have . . . → Read More: nginx code igniter remove index.php prefix