Aysad Kozanoglu AysadKozanoglu

## AWS, digitalocean, scaleway all subnets blocking iptables.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AysadKozanoglu
                / AWS, digitalocean, scaleway all subnets blocking iptables.md
            
            
              Last active
              September 3, 2021 11:03
            
              
                AWS, digitalocean, scaleway all subnets blocking iptables
              
          
    ####SIBIT - systemintegration.berlin / Germany
get by known AWS ip the originAS for whole AWS network
whois 13.125.40.66 | grep "OriginAS"
you would get in the output  originAS like
OriginAS:       AS16509  #--> AWs ripe ORIGIN

  
## AES256_file_encrypter.sh
#!/bin/bash
#####################################################
# Author: Aysad Kozanoglu
#
# OS: Debian / Ubuntu / all derivates of Debian
#
# Usage: file_encrypter.sh enc|dec FILENAME (without Ending .plain or .enc)
# example: ./file_encrypter.sh enc FILENAME
# create first NEW_FILENAME.plain with plain content
#####################################################

## .bashrc_template.sh
# Shorten home dir, cygwin drives, paths that are too long
# (just bourne; no perl, sed, or bashisms!)


HOST='\033[02;36m\]\h'; HOST=' '$HOST
TIME='\033[01;31m\]\t \033[01;32m\]'
LOCATION=' \033[01;34m\]`pwd | sed "s#\(/[^/]\{1,\}/[^/]\{1,\}/[^/]\{1,\}/\).*\(/[^/]\{1,\}/[^/]\{1,\}\)/\{0,1\}#\1_\2#g"`'
BRANCH=' \033[00;33m\]$(git_branch)\[\033[00m\]\n\$ '
PS1=$TIME$USER$HOST$LOCATION$BRANCH
PS2='\[\033[01;36m\]>'

## mailserver_openRelay_check_telnet.sh
```
telnet mail.MailserverDomain.com 25

#Trying 76.33.23.xxx...
#Connected to mail.MailserverDomain.com.
#Escape character is '^]'.
#220 mail.MailserverDomain.com ESMTP Postfix

helo GIVEANYEXISTINGDOMAIN.COM

## redis_server_sample.conf
# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf

# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#

## nginx weak ciphers issue fix.conf
# compile nginx with openssl1.1.1
# params: --with-openssl=/source/openssl-1.1.1g --with-stream --with-threads --with-file-aio --with-http_stub_status_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --sbin-path=/usr/local/sbin --with-http_stub_status_module --with-http_ssl_module --user=www-data --group=www-data

# generate diffie hellman
openssl dhparam -out /etc/cert/dhparams.pem 4096

# add following params in vhost config
ssl_protocols       TLSv1.2;

ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

## nginx_proxy_pass_to_HTTPS
    location / {
                    proxy_pass https://example.de;
                    proxy_http_version 1.1;
                    proxy_set_header Accept-Encoding "";
                    proxy_set_header Cache-Control no-cache;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_ssl_server_name on;
    }

## linux CLI based activity and performance .md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AysadKozanoglu
                / linux CLI based activity and performance .md
            
            
              Last active
              June 4, 2020 14:22
            
              
                linux CLI based activity and performance
              
          
    BCC  - Dynamic Tracing Tools for Linux Performance Monitoring, Networking and More
pyDash - A Web Based Linux Performance Monitoring Tool
Perf - A Performance Monitoring and Analysis Tool for Linux
Collectl - An Advanced All-in-One Performance Monitoring Tool for Linux
Netdata - A Real-Time Performance Monitoring Tool for Linux Systems

  
## iptable-script.sh
 #!/bin/sh


IPT="/sbin/iptables"


# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain

## nginx-rate_limit_flood_protect.conf
# To enable rate limiting simply add the following line to the top-level of your config file:

# 1 request / second
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;

# Then apply it to a location by adding a rate  limiting burst to your server block:

location /account/login/ {
    # apply rate limiting
    limit_req zone=login burst=5;
	#!/bin/bash
	#####################################################
	# Author: Aysad Kozanoglu
	#
	# OS: Debian / Ubuntu / all derivates of Debian
	#
	# Usage: file_encrypter.sh enc\|dec FILENAME (without Ending .plain or .enc)
	# example: ./file_encrypter.sh enc FILENAME
	# create first NEW_FILENAME.plain with plain content
	#####################################################
	# Shorten home dir, cygwin drives, paths that are too long
	# (just bourne; no perl, sed, or bashisms!)


	HOST='\033[02;36m\]\h'; HOST=' '$HOST
	TIME='\033[01;31m\]\t \033[01;32m\]'
	LOCATION=' \033[01;34m\]`pwd \| sed "s#\(/[^/]\{1,\}/[^/]\{1,\}/[^/]\{1,\}/\).*\(/[^/]\{1,\}/[^/]\{1,\}\)/\{0,1\}#\1_\2#g"`'
	BRANCH=' \033[00;33m\]$(git_branch)\[\033[00m\]\n\$ '
	PS1=$TIME$USER$HOST$LOCATION$BRANCH
	PS2='\[\033[01;36m\]>'
	```
	telnet mail.MailserverDomain.com 25

	#Trying 76.33.23.xxx...
	#Connected to mail.MailserverDomain.com.
	#Escape character is '^]'.
	#220 mail.MailserverDomain.com ESMTP Postfix

	helo GIVEANYEXISTINGDOMAIN.COM
	# Redis configuration file example.
	#
	# Note that in order to read the configuration file, Redis must be
	# started with the file path as first argument:
	#
	# ./redis-server /path/to/redis.conf

	# Note on units: when memory size is needed, it is possible to specify
	# it in the usual form of 1k 5GB 4M and so forth:
	#
	# compile nginx with openssl1.1.1
	# params: --with-openssl=/source/openssl-1.1.1g --with-stream --with-threads --with-file-aio --with-http_stub_status_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --sbin-path=/usr/local/sbin --with-http_stub_status_module --with-http_ssl_module --user=www-data --group=www-data

	# generate diffie hellman
	openssl dhparam -out /etc/cert/dhparams.pem 4096

	# add following params in vhost config
	ssl_protocols TLSv1.2;

	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	location / {
	proxy_pass https://example.de;
	proxy_http_version 1.1;
	proxy_set_header Accept-Encoding "";
	proxy_set_header Cache-Control no-cache;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header X-Real-IP $remote_addr;
	proxy_ssl_server_name on;
	}
	#!/bin/sh



	IPT="/sbin/iptables"


	# Flush old rules, old custom tables
	$IPT --flush
	$IPT --delete-chain
	# To enable rate limiting simply add the following line to the top-level of your config file:

	# 1 request / second
	limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;

	# Then apply it to a location by adding a rate limiting burst to your server block:

	location /account/login/ {
	# apply rate limiting
	limit_req zone=login burst=5;