|
Description Logstash filters for ssh brute for, sudo auth failures, or failed login attempts Filters grok { type => “syslog” patterns_dir => ["/opt/logstash/patterns"] pattern => [ "%{SYSLOGLINE}" ] } grep { type => “syslog” drop => false match => [ "@message", "([fF]ailed|[fF]ailure).*password|authentication.*failure|incorrect.password” ] add_tag => [ "auth_failure" ] } grep { type => “syslog” drop . . . → Read More: logstash filters for ssh attempts How to get Logstash to read your ec2 instance id logstash.sh !/bin/bash EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) export EC2_INSTANCE_ID conf=/opt/logstash/simple.conf lsjar=/opt/logstash/logstash.jar myjava=$(which java) if [ -z $myjava ]; then echo “java is required; please install openjdk or jre” exit 1 fi # spawn logstash $myjava -jar $lsjar agent -f $conf config file /opt/logstash/simple.conf input { exec { . . . → Read More: logstash ec2 instanceid Objective: Set Timezone to UTC on Ubuntu 12.04 LTS Howto You will be using tzdata and ntpdate Setting the timezone After running this select “etc” (hit enter) then select “UTC” (hit enter) pkg-reconfigure tzdata Syncing the clock apt-get -y install ntpdate ntpdate pool.ntp.org Updating crontab to sync clock daily crontab -l > tmp.cron echo “@daily . . . → Read More: Ubuntu Set Timezone to UTC Howto Convert a ESXv5 to ESXv4 VM This details the steps needed to convert a machine from ESXv5 to ESXv4 Convert OVA to VMX On ESXv5 Machine, Export the VMWare ESX5 Machine to OVF (File -> Export -> Export OVF Template) Download ovftool Convert ova to vmx (ignoring manifest errors) ovftool sourefile.ova destfile.vmx (make sure . . . → Read More: Howto Convert a ESXv5 to ESXv4 VM here’s a nohup example: nohup nice -n -19 /bin/bash cidr_to_ipset.sh all_countries.txt 2>&1 >/root/cidr_to_ipset_output.log </dev/null & nohup is a POSIX command to ignore the HUP (hangup) signal. The HUP signal is, by convention, the way a terminal warns dependent processes of logout. Output that would normally go to the terminal goes to a file called nohup.out . . . → Read More: nohup example To use Apache ProxyPass directives with dynamic hostnames you will need to also use ModRewrite. Objective All requests to the virtualhost will ProxyPass and ProxyPassReverse (also known as an “Apache Gateway”) to the %{HTTP_HOST} The only reason this would make sense to do is if you have localhost entries on the apache server for specfic . . . → Read More: Apache ProxyPass with dynamic hostname Problem When running curl you get this response: curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) Solution curl -ssl3 I have a love hate relationship with the beaver log shipper and ensuring that it is in fact running on all of my machines (and not in a defunct or partially running state) I have finally whipped up a script to take care of this issue and thought i’d share it for anyone that cares. . . . → Read More: Ensure Beaver Log Shipping is Running Here’s a handy alias for shredding files on CentOS alias shred=’shred -v -n 1 -z -u’ alias chkconfig=”chkconfig | perl -pe ‘use Term::ANSIColor; s/\bon\b/color(\”green\”).on.color(\”reset\”)/ige;’” or to permit passing an agrument: function chkconfig(){ /sbin/chkconfig $* | perl -pe ‘use Term::ANSIColor; s/\bon\b/color(“green”).on.color(“reset”)/ige;’ } |
|
|
Copyright © 2015 Brakertech - All Rights Reserved i can haz interweb |
|
