updates

Author: ddpbsd

_sources/db/index.rst.txt

@@ -6,10 +6,10 @@ databases
 Contents:
 
 .. toctree::
-   :maxdepth: 2
+   :maxdepth: 1
 
+   sql
    mysql/index
    postgresql/index
    sqlite
-   sql/index
 

_sources/db/mysql/index.rst.txt

@@ -1,15 +1,15 @@
-
 =====
 MySQL
 =====
 
+I should switch this to mariadb, but haven't had a need to use it lately.
+Add it to the todo!
+
 Contents:
 
 .. toctree::
    :maxdepth: 2
 
    defaults
-   duplicates
-   timediff
-   userlist
+   mysql_misc
 

_sources/db/mysql/mysql_misc.rst.txt

@@ -0,0 +1,26 @@
+mysql | find duplicates
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   SELECT name, COUNT(*) c FROM table GROUP BY name HAVING c > 1;
+
+mysql | do a timediff
+^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   SELECT TIMEDIFF('2007-12-31 10:02:00','2007-12-30 12:01:01');
+   -- result: 22:00:59.
+
+
+   SELECT TIMESTAMPDIFF(SECOND,'2007-12-30 12:01:01','2007-12-31 10:02:00');
+   -- result: 79259  the difference in seconds with the time.
+
+mysql | get a list of users
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   SELECT User FROM mysql.user;
+

_sources/db/postgresql/defaults.rst.txt

@@ -0,0 +1,9 @@
+postgresql | pg_hba.conf location
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+On ubuntu:
+
+.. code-block:: console
+
+   /etc/postgresql/9.5/main/pg_hba.conf
+

_sources/db/postgresql/index.rst.txt

@@ -6,7 +6,7 @@ PostgreSQL
 .. toctree::
    :maxdepth: 2
 
-   simplestuff
-   userlist
-   stuff
+   defaults
+   postgresql_stuff
+   rocky9
 

_sources/db/postgresql/postgresql_stuff.rst.txt

@@ -0,0 +1,86 @@
+
+postgresql | list databases
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   \l
+
+postgresql | list tables
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   \dt
+
+
+postgresql | connect to db
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+
+   \c DB_NAME
+
+
+postgresql | date minus a couple of days
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Using date and interval is weird.
+`interval '2 days'` actually means yesterday.
+Today is the first day, yesterday is the second.
+
+.. code-block:: console
+
+   date > now() - interval '2 days'
+
+postgresql | convert epoch to timestamp
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   SELECT timestamp 'epoch' + (hosts.firstseen) * interval '1 second' AS first  FROM hosts;
+
+postgresql | create a list of database users
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   \du
+
+postgresql | create user
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   CREATE ROLE ansibledb LOGIN;
+
+postgresql | create database
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   CREATE DATABASE ansibledb WITH OWNER='ansibledb';
+
+postgresql | timestamps as unix epoch
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   SELECT extract(epoch FROM timestamp) FROM sensors;
+
+postgresql | change a user's password
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   ALTER USER my_user_name with password 'my_secure_password';
+
+
+postgresql | epoch to timestamp
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   select to_timestamp(field) from table;
+

_sources/db/postgresql/rocky9.rst.txt

@@ -0,0 +1,29 @@
+
+
+install
+^^^^^^^
+
+.. code-block:: console
+
+   # dnf install postgresql-server
+
+init
+^^^^
+
+Will initialize a db in `/var/lib/pgsql/data`
+
+.. code-block:: console
+
+   # postgresql-setup --initdb
+
+Unfortunately it does a shitty job of dealing with passwords.
+
+Put the super user password in a file and try:
+
+.. code-block:: console
+
+   env PGSETUP_INITDB_OPTIONS="-A scram-sha-256 --pwfile=/PATH/TO/FILE" postgresql-setup --initdb
+
+The `--pwprompt` option doesn't seem to work as this is a wrapper around `initdb(1)`.
+
+

_sources/db/sql.rst.txt

@@ -0,0 +1,40 @@
+===
+sql
+===
+
+sql | count the number of times each domain is entered, sort by count, and display descending
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   SELECT domain, count(*) FROM dump WHERE domain IS NOT NULL GROUP BY domain ORDER BY count DESC;
+
+sql | as above, but csv
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   COPY(SELECT domain, count(*) FROM dump WHERE domain IS NOT NULL GROUP BY domain ORDER BY count DESC) TO STDOUT WITH CSV;
+
+sql | count password length
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: sql
+
+   SELECT char_length(password) AS length, count(*) AS count FROM dump WHERE password IS NOT null GROUP BY length ORDER BY count DESC;
+
+
+sql | multiple SELECT statements
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This will output `filename|COUNT` for all distinct filenames in the `syscheck` table.
+
+.. code-block:: console
+
+   SELECT filename,count(*) FROM syscheck WHERE filename IN (SELECT DISTINCT filename FROM syscheck) GROUP BY filename;
+
+sql | ORDER BY date
+^^^^^^^^^^^^^^^^^^^
+
+If the date is in a good format (`YYYY-mm-dd HH:mm:ss` or similar), an `ORDER BY date_field DESC LIMIT 1` is enough to get the latest entry by date.
+

_sources/db/sqlite.rst.txt

@@ -2,8 +2,10 @@
 sqlite
 ======
 
-import from cli
-^^^^^^^^^^^^^^^
+sqlite | import from cli
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+The table will need to have the same number of columns as the csv file.
 
 .. code-block:: console
 

_sources/elk/agent/discover.rst.txt

@@ -5,7 +5,7 @@ agent logs discovery
 interesting fields
 ^^^^^^^^^^^^^^^^^^
 
-`agent.id`i & `elastic_agent.id` - A UUID value that can be found in the agent description in fleet.
+`agent.id` & `elastic_agent.id` - A UUID value that can be found in the agent description in fleet.
 
 `agent.name` - The agent's name (possibly fqdn).
 
@@ -18,6 +18,9 @@ interesting fields
 `event.module` - Maybe the integration?
 
 
+search for agent in fleet
+^^^^^^^^^^^^^^^^^^^^^^^^^
 
+Use the field `local_metadata.host.hostname` to search for an agent in the fleet interface.