Post Mortem Archive Permalink
A resource maintained by the fabulous Dan Luu
Posts by Tag
- Security 5
- Linux 4
- Bash 4
- Python 4
- Cisco 4
- Debian 2
- standard 2
- Puppet 2
- BGP 2
- voicemail 1
- Proxychains 1
- JSON 1
- Regex 1
- Jekyll 1
- update 1
- MySQL 1
- IOS 1
- IAM 1
- KVM 1
- virsh 1
- dA 1
- time 1
- SRE 1
- DDOS 1
- Snort 1
- PCAP 1
- SUP 1
- devops 1
- Statsd 1
- Graphite 1
- Internet 1
- Incident Response 1
- IR 1
Security
Seeking Help On The Internet
Getting help and soliciting feedback on the Internet essential reading:
Simple Site Loadtesting
Throwing some load at your setup and seeing how it reacts.
Using Snort on a PCAP file
Grabbing tcpdump output during a crisis can be hard to remember. Ideally, snort is running as as service inline or at least continually. Sometimes things hap...
Syn Flood Testing
Launching a SYN flood. Everyone know DDOS attacks happen and of these SYN floods may be the simplest to organize for attackers. As a defender you don’t want...
Linux
Bash Troubleshooting Boilerplate
I have a bash script that is being called multiple times instead of once. I need to track down where it is being called from.
Halting a KVM guest with virsh
KVM is great but I’m making a note so I remember because this command gives me pause every time. When a new VM has no OS or doesn’t make it past the bootloa...
Puppet Core Dump Control
If you have crashes you can enable core dumps via Puppet
Proxychains
Some commands do not natively support a proxy (RE: telnet). Other times it is just easier to do a one-off instance rather than mess with environment setting...
Bash
Bash Troubleshooting Boilerplate
I have a bash script that is being called multiple times instead of once. I need to track down where it is being called from.
MySQL non-default DB cleanup
Show me my non-default databases
Bash to run for date of lastest Puppet update
When was this host last updated via puppet?
Read JSON in Bash with Python
Getting JSON from a flat file in a shell script
Python
Python monitoring end-to-end with Diamond, Statsd and Graphite
If you stayed late at the DevOpsKC meetup last night you have may have caught me giving this talk about getting a monitoring system going using python from e...
Debian Package from Python Project using stdeb
One of the things I do often is download projects from github. Pypi (py-pee-eye) is nice and so is pip, but I like to have one reference for packages on a ho...
Basic Python Regex Extraction
When dealing with totally unstructured data sometimes it is necessary to go full regex.
Read JSON in Bash with Python
Getting JSON from a flat file in a shell script
Cisco
Beginning IOS BGP Configuration
This configuration is Cisco based but JunOS isn’t too far of a stretch in my experience. First off: you need your ASN. You need your address block. Your add...
Beginning BGP
I remember hearing a lot of conflicting information about BGP when I first started doing network admin stuff. A lot of time BGP is part of an HA strategy and...
IOS Granular Permissions
If you have tiered levels of administrators, or you want to create an account for automation purposes best practice is to define a custom security level in I...
Convert Cisco Octets to Mbps
Depending on the type of counter you want to track you can use one of the two SNMP following OIDs ‘64’ bit counter => oid => ‘.1.3.6.1.2.1.31.1.1.1’ ...
Debian
Debian Package from Python Project using stdeb
One of the things I do often is download projects from github. Pypi (py-pee-eye) is nice and so is pip, but I like to have one reference for packages on a ho...
Settings a modular MOTD in Debian
Granular control over Debian MOTDMOTD should be used for more than welcome messages
standard
Specialty Packet Capture
Situations where it’s useful to analyze traffic: Don’t have access to the logs Want to look at traffic somewhere upstream like an LB Something is mak...
Basic Python JSON REST API Client Example
JSON REST API’s are increasingly common and useful. A basic client example for using something like nagios api import sys import os import urllib import js...
Puppet
Puppet Core Dump Control
If you have crashes you can enable core dumps via Puppet
Bash to run for date of lastest Puppet update
When was this host last updated via puppet?
BGP
Beginning IOS BGP Configuration
This configuration is Cisco based but JunOS isn’t too far of a stretch in my experience. First off: you need your ASN. You need your address block. Your add...
Beginning BGP
I remember hearing a lot of conflicting information about BGP when I first started doing network admin stuff. A lot of time BGP is part of an HA strategy and...
voicemail
Newby Voicemail
My second day at a job in 2007 I showed up early. I came in the unlocked front doors and I set off an insane alarm.
Proxychains
Proxychains
Some commands do not natively support a proxy (RE: telnet). Other times it is just easier to do a one-off instance rather than mess with environment setting...
JSON
Read JSON in Bash with Python
Getting JSON from a flat file in a shell script
Regex
Basic Python Regex Extraction
When dealing with totally unstructured data sometimes it is necessary to go full regex.
Jekyll
Examining Pxe Boot
I have a host with MAC 00:30:48:60:f3:ca. This host is configured to look for a PXE server, but was not matching the correct profile.
update
Examining Pxe Boot
I have a host with MAC 00:30:48:60:f3:ca. This host is configured to look for a PXE server, but was not matching the correct profile.
MySQL
MySQL non-default DB cleanup
Show me my non-default databases
IOS
IOS Granular Permissions
If you have tiered levels of administrators, or you want to create an account for automation purposes best practice is to define a custom security level in I...
IAM
IOS Granular Permissions
If you have tiered levels of administrators, or you want to create an account for automation purposes best practice is to define a custom security level in I...
KVM
Halting a KVM guest with virsh
KVM is great but I’m making a note so I remember because this command gives me pause every time. When a new VM has no OS or doesn’t make it past the bootloa...
virsh
Halting a KVM guest with virsh
KVM is great but I’m making a note so I remember because this command gives me pause every time. When a new VM has no OS or doesn’t make it past the bootloa...
dA
deviantART Registrar Name.com Compromised
So name.com was hacked and deviantart.com was one of the credentials dumped from their DB. How do I know? Name.com Tells Customers To Change Password Due To...
time
Time Machine?
SRE: “When does it need to be done?” PM: “Next week at the latest.” SRE: “OK, we spend from now to next week working on a time machine. If we ha...
SRE
Time Machine?
SRE: “When does it need to be done?” PM: “Next week at the latest.” SRE: “OK, we spend from now to next week working on a time machine. If we ha...
DDOS
Syn Flood Testing
Launching a SYN flood. Everyone know DDOS attacks happen and of these SYN floods may be the simplest to organize for attackers. As a defender you don’t want...
Snort
Using Snort on a PCAP file
Grabbing tcpdump output during a crisis can be hard to remember. Ideally, snort is running as as service inline or at least continually. Sometimes things hap...
PCAP
Using Snort on a PCAP file
Grabbing tcpdump output during a crisis can be hard to remember. Ideally, snort is running as as service inline or at least continually. Sometimes things hap...
SUP
SUP Intro DevOpsKC
I walked through these slides demonstrating the simple tool sup.py I wrote at the devops kc meetup. Sup can be used in place of ping/tcping/httping on some o...
devops
SUP Intro DevOpsKC
I walked through these slides demonstrating the simple tool sup.py I wrote at the devops kc meetup. Sup can be used in place of ping/tcping/httping on some o...
Statsd
Python monitoring end-to-end with Diamond, Statsd and Graphite
If you stayed late at the DevOpsKC meetup last night you have may have caught me giving this talk about getting a monitoring system going using python from e...
Graphite
Python monitoring end-to-end with Diamond, Statsd and Graphite
If you stayed late at the DevOpsKC meetup last night you have may have caught me giving this talk about getting a monitoring system going using python from e...
Internet
Seeking Help On The Internet
Getting help and soliciting feedback on the Internet essential reading:
Incident Response
Post Mortem Archive Permalink
A resource maintained by the fabulous Dan Luu
IR
21 Musings From Incident Response
These are my personal anecdotal conclusions and I totally appreciate it may not line up with anyone else’s. This is US centric, as that is my experience, a...