diff options
author | Chinaman <root@chinaman> | 2011-11-29 02:00:22 +0100 |
---|---|---|
committer | Chinaman <root@chinaman> | 2011-11-29 02:00:22 +0100 |
commit | c4c5f5570ddfd4f76e9078826aeb3df16920f7ce (patch) | |
tree | c7ddafa500b98dd1a34d2157d0de98ed8ef2a132 | |
parent | a95cb58ffa45cf2f25430592a7cc60b70e26f232 (diff) | |
parent | b1d71c062f1d29b2be3269a5e7e8a67030adfa6a (diff) |
Merge branch 'master' of github.com:krebscode/painload
66 files changed, 555 insertions, 328 deletions
diff --git a/.gitmodules b/.gitmodules index 3677b710..2823cad5 100644 --- a/.gitmodules +++ b/.gitmodules @@ -16,3 +16,6 @@ [submodule "submodules/github/makefu/dpfhack_display"] path = submodules/github/makefu/dpfhack_display url = https://github.com/makefu/dpfhack_pearl +[submodule "submodules/github/jbalogh/python-irclib"] + path = submodules/github/jbalogh/python-irclib + url = https://github.com/jbalogh/python-irclib.git diff --git a/Monitoring/Makefile b/Monitoring/Makefile index 794f9262..4730f30d 100644 --- a/Monitoring/Makefile +++ b/Monitoring/Makefile @@ -1,6 +1,7 @@ NAGDIR = /etc/nagios3/ NAGLIBDIR = /usr/lib/nagios HTDOCS = /usr/share/nagios3/htdocs +KREBS = /krebs .phony: debian debian: @@ -21,3 +22,11 @@ debian: chown nagios:www-data /var/lib/nagios3/rw || true chmod g+x /var/lib/nagios3 || true chmod ugo=rwx /var/lib/nagios3/rw/nagios.cmd || true + +debian-shinken: + curl https://raw.github.com/nicolargo/shinkenautoinstall/master/shinkenautoinstall-debian.sh | sh + +shinken-discover-hosts: /etc/shinken/resources.cfg + sed -i '/.*NMAPTARGETS.*/d' /etc/shinken/resource.cfg + $(KREBS)/retiolum/bin/hosts | awk '{print $2}'| tr '\n' ' ' | xargs echo '$$NMAPTARGETS$$=' | magic create krebs-discovery /etc/shinken/resource.cfg + shinken-discovery -o /etc/shinken/objects/discovery diff --git a/census/README.md b/census/README.md index e45d39c1..2842368d 100644 --- a/census/README.md +++ b/census/README.md @@ -1,13 +1,23 @@ -ARPING Users +Census (formerly known as ARPING Users) ========== This is a simplified python script which checks the available subnet for computers online and returns a list of users which are online based on their mac-address +The initial idea was to find known users in the given network, now it finds and stores everyone in the given network and might try to resolve these addresses into names. This is why the name `census` is coined for the project. -arping_users.py: - call `python arping_users.py v` for verbose output -> print all discovered hosts +Return Data +---------- +after trying to reach all hosts in the selected subnets the script spits out th e following data: +<pre> + { "timestamp" : 12345678, "data" : { "ip1" : ["mac1","mac2","macn"] } +</pre> + +Census is meant to be put into a cronjob or some kind of wrapper scripts as it is currently really really (2-3 minutes) slow. SNMPWALK Command =============== +For historic reasons, this is the snmpwalk command to pull the currently registered mac-addresses on the firewall: +<pre> snmpwalk -c shammunity 10.42.0.1 1.3.6.1.2.1.3.1.1.2 +</pre> diff --git a/cholerab/bling/krebs-v2.xpm b/cholerab/bling/krebs-v2.xpm new file mode 100644 index 00000000..cc411095 --- /dev/null +++ b/cholerab/bling/krebs-v2.xpm @@ -0,0 +1,24 @@ +/* XPM */ +static char *krebs_v2[] = { +/* columns rows colors chars-per-pixel */ +"16 16 2 1 ", +" c None", +"x c #E4002B", +/* pixels */ +" ", +" ", +" x x x x", +"xx x xx xx xx x", +"xx x xx xx xx x", +" xxx x x xxx", +" xxx xxxxx xxx", +" x xxxxxxx x ", +" xxxxxxxxxxxxx ", +" xxxxxxx ", +" xxxxxxxxxxx ", +" x xxx x ", +" x x x x x x ", +" x x x x x x ", +" x xx x x xx x ", +" ", +}; diff --git a/cholerab/news/Candidate b/cholerab/news/Candidate index 31d2c670..b8bdd893 100644 --- a/cholerab/news/Candidate +++ b/cholerab/news/Candidate @@ -100,8 +100,18 @@ Nachdem Gedaechnistausch von Fuerkrebs und Urkrebs hat es ja wie beschrieben die Der Graphengenerator fuer KD;RP (siehe [ɐ]ist ueberarbeitet worden und bietet seit dem 2011-10-23 die moeglichkeit Statistiken zu dem Netzwerk und einzelnen Nodes auszugeben. Hervorzuheben ist hierbei die funktionalitaet die Availability von Nodes zu beschreiben, also wie wahrscheinlich es ist einen Knoten X zu einem Zeitpunkt Y im Darknet anzutreffen. Zusaetzlich wurde die Stats-generator engine ueberarbeitet und laeuft nun besonders bei grossen /var/log/syslog files schneller [⠣]. +## TODO 10. Ticket-fetcher fuer den 28C2 + +Da die 28C3 Presales Tickets rar sind und Leute anfangen das einkaufen zu automatisieren kann nicht auf das glueck des tuechtigen gehofft werden, sondern auch fuer den shack wird automatisiert. Herausgekommen ist ein Skript[Բ] (basierend auf einem anderen Skript[в] welches aber zu hart gesuckt hat) welches sich auf der Presales seite einloggt und dort den "Confirm Order" button drueckt. Das ganze wird in eine ELoop gepackt und den Tickets steht nun nichts mehr im wege. Gebaut wurde das Skript in der nacht am 14.November (T-10H) bis zur naechsten Presales Runde fuer den 28C3. + +UPDATE 14.11.2011 16:30: Die Tickets sind bestellt, das Ziel ist erreicht. Allerdings nicht von einem der deployten Skripten gefetcht, sondern durch die manuelle Klick-Kraft[1]. Fuer das naechste Jahr muss das skript also noch viel aggressiver fetchen und die bandbreite mit HTTP requests fuellen. + + [⠣] https://github.com/krebscode/painload/commit/822c43a763aa61c1accce3768090d066048faaff [⌅] man dd +[в] http://pastebin.com/SRwtNwKS +[1] http://f.cl.ly/items/213N2l0c1p3d24332l0X/ragecomic.png [Ȳ] http://shackspace.de/wiki/doku.php?id=project:krebs#fuerkrebs +[Բ] https://github.com/krebscode/painload/blob/master/too_old/mechanize_tickets.py [Ƀ] https://github.com/krebscode/painload/tree/master/census [ɐ] http://euer.krebsco.de/graphs/retiolum/retiolum_1.svg diff --git a/cholerab/reports/Empera.txt b/cholerab/reports/Empera.txt new file mode 100644 index 00000000..e972c8c7 --- /dev/null +++ b/cholerab/reports/Empera.txt @@ -0,0 +1,53 @@ +Datum: 2011-11-11 22:13 + +Zutaten: + - 250ml La Emperatriz 2006 CRIANZA RIOJA (13,5% VOL) EM No 825078 (EUR 11.5) + - 3mg b0463c6c9cc0ab65a467d620be5a40f1217f1038 Pulver + - 50mg d5fe8c3fc8ba214b334c6eb6cdae6b3dcc0d63e3 Gelantine-Kapsel + - 5mg Zink Gelantine-Kapsel + - 300mg C Gelantine-Kapsel + - 300mg Mg gepresst + - 100mg B6 gepresst + - 95.2mg Fe(II) Dragee + +Probanden: + 3x mit super-vollem Magen, ein Proband ohne Kapsel + +Start: 2011-11-11 22:35:09+01:00 + +Farbe: Super-Schwarz-Rot + +Gerucht: + frisch und fruchtig + hat was von Brombeeren + Organisch + leicht gammelig (hat was von fauligen Pflaumen) + +Geschmack: + halb-trocken + fast bisschen zu fruchtig + finde ich nicht zu fruchtig + bisschen bitter + besser zu Nudelgericht (wir hatten dicke Nudelsuppe) + leichte Zitrusnote im Abgang + der hat das Ekelhafte, was auch andere schaebige Weine haben + fuer melancholische Sommerabende (man kann die letzten Sonnenstrahlen + rausspuehren)--da wurde doch einer gepanscht + Eine echte Emperatriz--eine Dame des Hasses. + Wuerde definitiv gut gehen mit was halbwegs herzhaften zu Essen. + ganz und garnicht lieblich. + +Fazit: + Trinkbar aber nicht der Beste. + Ich hatte auch schon Bessere. + ALDI-Weine sind billiger und besser. + Sie verspricht mehr als sie haelt. + Ich wuerd sie wieder tun. + +Checkpoint: 2011-11-11 23:05:24+01:00 + +SpO₂: 98 96 97 + +BPM: 71 75 73 + + diff --git a/cholerab/tincrouting b/cholerab/tincrouting new file mode 100644 index 00000000..f430da4e --- /dev/null +++ b/cholerab/tincrouting @@ -0,0 +1,9 @@ +#add 0.0.0.0/0 to hostsfile + +echo 1 >/proc/sys/net/ipv4/ip_forward + +/sbin/iptables -P FORWARD ACCEPT +/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE + +#for supercool portforwarding: +#example!: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d jgibbs.dyndns.org --dport 3389 -j DNAT --to 172.17.207.4:3389 diff --git a/infest/profiles/README b/infest/profiles/README new file mode 100644 index 00000000..cab5fd93 --- /dev/null +++ b/infest/profiles/README @@ -0,0 +1,9 @@ +Install different profiles for a user on the system + +UseCase: +./load-profile bob + [if necessary, check out the bob submodule] + [write dotfiles of profile bob for logged-in users ~] + +./load-profile system + [write krebs additions to /etc and /root] diff --git a/oncology/bin/krebshostup b/oncology/bin/krebshostup index eb422ff7..65ccae12 100755 --- a/oncology/bin/krebshostup +++ b/oncology/bin/krebshostup @@ -1,2 +1,2 @@ #!/bin/sh -nmap -sP 10.7.7.0/24 -T5| grep "Host is up" | wc -l +nmap -sP 42.0.0.0/8 -T5| grep "Host is up" | wc -l diff --git a/punani/README.md b/punani/README.md new file mode 100644 index 00000000..1b70eab7 --- /dev/null +++ b/punani/README.md @@ -0,0 +1,30 @@ +Overview +======= +Punani is a meta packagemanager comprising a server which resolves package +requests and a client containing the logic to find the best suitable packer +on the host system. Packagenames in Punani are binaries in the PATH. All +library packages are named in the Principle of Least Surprise[1]. Different +package names can resolve into the same package. + +If you want to install the `hostname` tool, the query is + punani install hostname +on an archlinux this will result in the call : + pacman --noconfirm -Sy --needed inetutils + +[1] http://de.wikipedia.org/wiki/Principle_of_Least_Surprise + +Punani Client +============ +The punani client will determine which packer are available on the system +and then send a request to the punani server to find out how the given +package is called with the given packer. In addition to that, the client +will add flags to the packers call in order to install packages only when +needed and disable user interaction. + +Punani Server +============ + +The punani server is a web-service which resolves request in the following +manner: + localhost/$packer/$package +The result is the package-name with the given packer or 404 if not found. diff --git a/punani/bin/punani b/punani/bin/punani index 058331f1..4be74f77 100755 --- a/punani/bin/punani +++ b/punani/bin/punani @@ -1,276 +1,64 @@ #! /bin/sh -# -# punani - filesystem scienteer -# -# Engineering Operations -# -E -i spec insert a package to the target filesystem -# -E -r spec remove a package -# set -euf -godmode() { - if test "${nosudo-false}" != true -a `id -u` != 0; then - echo "!! we require god mode..." >&2 - exec sudo "$0" "$@" - exit 23 # go to hell - fi -} -# return the 'system' variable -# currently be: -# arch-like -# debian-like -guess_system() -{ - if [ -f "/etc/arch-release" ] ;then - system="${system+$system, }arch-like" - fi - if [ -f "/etc/lsb-release" -o -f "/etc/debian_version" ] ;then - system="${system+$system, }debian-like" - fi +PUNANI_HOST="${PUNANI_HOST-http://euer.krebsco.de:9111}" +ACTION="$1"; shift +PKGS="$*" -} +## find package manager +if ! :; then : # dummy case, so the rest has a common format -arch_aur_helper() -{ - # pacman is the last fallback helper - manager="yaourt clyde packer bauerbill tupac pacaur paktahn pbfetch aurget aurora cower powaur pacman" - for i in $manager;do - mgr=`which $i` - if [ "$mgr" ] ;then - echo $mgr - return 0 - fi - done - echo "!! no helper found, this should never happen(tm)." - return 1 -} - -handle_system () { - case "$system" in - (*arch-like*) - # dryrun - # TODO dryrun not dry enough for aur helper - if [ "${dryrun-}" ];then - pacman () { echo "pacman $@" ; } - pkgfile () { echo "pkgfile $@"; } - yaourt () { echo "yaourt $@" ; } - fi - - # get dependencies : - # we need pkgfile - if ! [ `which pkgfile` ] ; then - pacman -S --needed --noconfirm pkgtools - pkgfile -u - fi - punani_Scientist_update() { - pacman -Sy - pkgtool -u - } - punani_Scientist_search() { - pkgfile -s -b $1 - if [ "${hard-}" ] ; then - mgr=`arch_aur_helper` - $mgr -Ss $1 - fi +elif for PACKER_CMD in yum + do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then + INSTALL_PARAM='-y install' + REMOVE_PARAM='-y remove' - } - - punani_Engineer_insert() { - # punani under archlinux first tries to load the packages with the given file name - # it needs pkgfile for that - # - # when trying harder it tries to load the package with the given name directly via yaourt - echo "** trying to find package with given file" - pkgs=$(pkgfile -s -b -r $1 | tr "\n" "|" ) - if [ "$pkgs" ];then - echo "** found one or more packages matching, skip the ones you do not need!" - OLDIFS=$IFS - IFS='|' - for to_install in $pkgs;do - if pacman -S --needed "$to_install"; then - echo "++ finished" - fi - done - IFS=$OLDIFS - else - echo "!! nothing found in base repos" - if [ "${hard-}" ] ; then - echo "** trying harder" - echo "** trying yaourt directly with given package" - mgr=`arch_aur_helper` - if $mgr -S $1 ;then - echo "++ finished" - return 0 - else - echo "!! giving up...i am sorry" - return 1 - fi - echo - else - echo "?? When in doubt try $0 -h -Ei $1 " - fi - fi - } - punani_Engineer_remove() { - pacman -Rcs "`pacman -Ql | grep $1$ | awk '{print $1}'`" - if [ "${hard-}" ] ; then - echo "** trying harder" - echo "** directly delete given package name" - pacman -Rcs "$1" - fi - } - ;; - (*debian-like*) - #if [ "${dryrun-}" ]; then - # apt-file () { echo $@; } - # apt-get () { echo $@; } - #fi - if ! which apt-file; then - echo "** installing dependencies: apt-file" - apt-get install --yes apt-file - echo "** update the apt-file tool" - apt-file update - fi - punani_Scientist_update() { - apt-get update - apt-file update - } - - punani_Scientist_search() { - apt-file search -l -x $1\$ && exit 0 - if [ "${hard-}" ] ; then - apt-cache search $1 - fi - } - punani_Engineer_insert() { - echo "trying to install $1" - pkgs=$(apt-file search -l -x $1\$ | tr "\n" "|" ) - if [ "$pkgs" ];then - echo "** found one or more packages matching, skip the ones you do not need!" - OLDIFS=$IFS - IFS='|' - for to_install in $pkgs;do - if apt-get install $to_install;then - echo "++ finished" - fi - done - IFS=$OLDIFS - else - if [ "${hard-}" ] ; then - echo "** trying harder" - apt-get install $1 - fi - fi - } - punani_Engineer_remove() { - apt-get remove --purge "`apt-file search -l -x /$1\$`" - if [ "${hard-}" ] ; then - echo "** trying harder" - echo "** directly delete given package name" - apt-get remove --purge "$1" - fi - } - ;; - (*) - email='krebs@syntax-fehler.de' - irc_host='irc.freenode.org' - irc_channel='#tincspasm' - cat >&2 <<EOF -Error 2: Your System Will Be Supported ASAP -1. send us a bug report -1.1 your operating system's name and version -1.2 this message: $0 $* -1.3 mailto:$email -2. join the relevant IRC channel -2.1 /connect $irc_host -2.2 /join $irc_channel -EOF - exit 23 - esac -} -help(){ - cat <<EOF -Usage: $0 [Options] [role][command] +elif for PACKER_CMD in brew + do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then + INSTALL_PARAM='install' + REMOVE_PARAM='remove' -Options: - -f force - -h hard - -v verbose - -d dryrun - -? this message +elif for PACKER_CMD in bauerbill packer yaourt pacman + do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then + INSTALL_PARAM='--noconfirm -S --needed' + REMOVE_PARAM='-Rcs' -Role: - -E Engineer - -S Scientist +elif for PACKER_CMD in aptitude apt-get + do type $PACKER_CMD 2>/dev/null 1>&2 && break; done; then + INSTALL_PARAM='--yes install' + REMOVE_PARAM='--yes remove' -Engineer: - i insert - r remove +else + echo "Error 2: no known package manager found; no punani for you!" >&2 + exit 23 +fi -Scientist: - s search - y update -EOF - exit 1 -} -punani (){ - ns=punani - role=undefined - while getopts 'dfhvSsopEir?' OPT; do - case $OPT in - (f) force=true; continue;; - (h) hard=true; continue;; - (v) set -x; continue;; - (d) dryrun=true; continue;; - (\?) help;continue ;; - esac - case ${role-Manager} in - (Engineer) - case $OPT in - (i) command="${ns}_${role}_insert";; - (r) command="${ns}_${role}_remove";; - (*) - echo 'Error 1: You are made of stupid!' >&2 - exit 23;; - esac;; - (Scientist) - case $OPT in - (s) command="${ns}_${role}_search";; - (y) command="${ns}_${role}_update";; - (*) - echo 'Error 1: You are made of stupid!' >&2 - exit 23;; - esac ;; - (undefined) - case $OPT in - (E) role=Engineer;; - (S) role=Scientist;; - (*) - exit 23;; - esac - ;; - (*) - echo 'Error 1: You are made of stupid!' >&2 - exit 23 - ;; - esac +## find package name +if test -n "$PKGS"; then + for PKG in $PKGS; do + RES="`wget -O- $PUNANI_HOST/$PACKER_CMD/$PKG 2>/dev/null || :`" + if [ ! "$RES" ]; then + echo "Error 2: could not resolve '$PKG'; no punani for you!" >&2 + exit 23 + fi + RESOLVED="${RESOLVED+$RESOLVED }$RES" done -} -punani $@ +else |