In my code note I try to put useful stuff, I have on my computer that I can share that will be useful for other people.
Found this cool one-liner in stackoverflow, really useful if I need to debug something really fast and can’t bother to open wireshark:
ncat -lkv localhost 10000 -c 'tee /dev/stderr | ncat -v localhost 8080 | tee /dev/stderr'
I use this thing at work, thought I’ll just paste it here, this will just create a database user and 3 databases for different development environments, supposes that it needs to do ssh tunneling because that’s what we do at work.
import click
import mysql.connector
def ssh_tunnel(ip, username, password, port, sshport):
from sshtunnel import SSHTunnelForwarder
server = SSHTunnelForwarder(
ip,
ssh_port=sshport,
ssh_username=username,
ssh_password=password,
remote_bind_address=('127.0.0.1', port)
)
server.daemon_forward_servers = True
server.start()
return server
def create_mysql_databases(prefix, local_port, user, password):
env = ["int", "qualif", "test"]
mydb = mysql.connector.connect(
host="127.0.0.1",
user=user,
password=password,
port=local_port,
auth_plugin='mysql_native_password'
)
mycursor = mydb.cursor()
dbs = []
for e in env:
dbs.append("{}-{}_db".format(prefix, e))
mycursor.execute("CREATE DATABASE IF NOT EXISTS `{}-{}_db`".format(prefix, e))
mydb.close()
return dbs
def generate_password(length):
import string, random
myset = string.ascii_lowercase + string.ascii_uppercase + string.digits
password = "".join([random.choice(myset) for i in range(length)])
return password
def create_mysql_user(prefix, local_port, user, password, length, dbs):
mydb = mysql.connector.connect(
host="127.0.0.1",
user=user,
password=password,
port=local_port,
auth_plugin='mysql_native_password'
)
mycursor = mydb.cursor()
mpassword = generate_password(length)
muser = "{}".format(prefix)
mycursor.execute("SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '{}')".format(muser))
result = mycursor.fetchall()[0]
mycursor = mydb.cursor()
if result[0] == 1:
click.echo("User {} already exists bro".format(muser))
else:
mycursor.execute("CREATE USER '{}'@'%' IDENTIFIED BY '{}';".format(muser, mpassword))
# give prevs
for d in dbs:
mycursor.execute("GRANT ALL PRIVILEGES ON `{}`.* TO '{}'@'%';".format(d, muser))
mycursor.execute("FLUSH PRIVILEGES;")
mydb.close()
return mpassword, muser
@click.command()
@click.option('--sshuser', default="ubuntu", help='Username of root')
@click.option('--sshpassword', help='Password of root', prompt='Password of user')
@click.option('--sshport', help='SSh port', prompt='SSh port')
@click.option('--mysqluser', default="root", help='Username of root')
@click.option('--mysqlpassword', default="ubuntu", help='Username of root')
@click.option('--mysqlip', default="127.0.0.1", help='Username of root')
@click.option('--sship', prompt='Server to deploy databases to',
help='Enter IP address to create databases on')
@click.option('--project', prompt='Project name',
help='Enter project name')
@click.option('--mysqlport', prompt='Mysql port number',
help='Mysql port number', default=3306)
@click.option('--plen', prompt='Generated password length',
help='Enter password length', default=10)
def main(sshuser, sshpassword, sship, project, mysqlport, plen, mysqluser, mysqlpassword, mysqlip, sshport):
server = ssh_tunnel(sship, sshuser, sshpassword, mysqlport, sshport)
lb_port = server.local_bind_port
dbs = create_mysql_databases(project, lb_port, mysqluser, mysqlpassword)
try:
mpassword, muser = create_mysql_user(project, lb_port, mysqluser, mysqlpassword, plen, dbs)
except Exception as e:
print(e)
server.stop()
exit(0)
click.echo("{}:{}".format(muser, mpassword))
server.stop()
exit(0)
if __name__ == '__main__':
main()
I manage a SIEM for work, and regularly my company adds new client servers, to automate deploying filebeat and auditbeat agents, I just use ansible playbooks for that, saves me tones of time.
It’s pretty simple really I just use geerlingguy roles:
---
- hosts: ansible
become: yes
become_user: root
roles:
- geerlingguy.filebeat
- geerlingguy.auditbeat
I also just have another playbook to allow servers in the SIEM firewall (I use ufw, it just comes with debian)
---
- hosts: xxxxxxxx
become: yes
become_user: root
tasks:
- name: allow access to kibana
ufw:
rule: allow
src: '{{ item }}'
port: 5601
loop:
- xx.xxx.xxx.xxx
- name: allow acces to elasticsearch
ufw:
rule: allow
src: '{{ item }}'
port: 9200
loop:
- xx.xxx.xxx.xxx