a little about GitHub - optimized for happiness - work when - where you want - reduce unnecessary processes - results - asynchronous - multidevice 1% 20% 49% 30% sf US world wanderers
bro do you even chat? - GitHub lives in chat - async (searchable, read back, push notifications) - multi device (laptop, tablet, phone) - collaborative - so we built tools around it
what is hubot? - node.js based chat bot - coffeescript based actions+ - redis based "brain"+ - chat via shell & campfire+ - deployable on unix, windows, & heroku+
how GitHub uses hubot - deploy & monitor servers via puppet - deploy & monitor code via capistrano & jenkins ci - monitor systems via nagios - update GitHub's status site - manage ops pager alerts from pager duty - remember things about people - look up funny pictures
–Ryan Tomayko “This was always my main motivation with Hubot - teaching by doing by making things visible. It's an extremely powerful teaching technique.”
goal: adapt chatops for ir - automate common ir tasks - make it easier to collaborate with other incident responders for improved response and teaching - untie ir from a desk - learn some new technologies
we already were - /firewall - manipulate host firewalls - /host-fw-port - manipulate the firewall on host - /nagios - interact with nagios - /pstree - show process tree on host - /puppet - manipulate a puppet agent - /whois - show info about an addr - /logs - get application logs from a given service - /twitter - posting to & monitoring twitter - secret stuff i can’t share but i promise is awesome…
rhodey - not everyone writes coffeescript & security types love python - creates a local REST api for building new VTR services - built using flask - mostly an example framework at the moment, but PRs are welcome
why rhodey - some things are easier to write in python - take advantage of already available python libraries for incident response - allows local actions - gives control of networking & protects from third party snooping
–Doug McIlroy “This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.”
dfir whiskey lounge - campfire based chat - built off a digital ocean vps - heroku (1 dyno) + redis to go brain - flint for osx & ios - we call him “Woodhouse”
takeaway - it’s better to respond together than alone - Hubot can help you automate, collaborate, mobilize, & beautify - coffeescript has a couple core patterns that make it easy to build new scripts
sroberts
gl_tsukasa
bengo4com
lemon
devopstaiwan
kawajiritakayuki
claudioed
shinrinakamura
soudai
mixi_engineers
whywaita
lapis2411
bonotake
scottboms
holman
chrislema
morganepeng
swwweet
mza
gr2m
bkeepers
reverentgeek
mthomps
roundedbygravity
malarkey