Hodgegoblin

## check_user_lastseen
#!/bin/bash
# check_user_lastseen - report on users who have not logged in for a while
# Purpose:
# This script tries to find idle accounts and any orphaned homedirs
# Currently is Linux biased but capacity for portability is there
# Author:       Rawiri Blundell
# Copyright:    See provided LICENCE file
###############################################################################
# Source the config mapping library
# Provides variables "${thisHost}", "${thisJob}" and

## Set up Shadowsocks server on Raspberry Pi.markdown

      
              1 file
            
          
              2 forks
            
          
              3 comments
            
          
              21 stars
            
          
                QuLk
                / Set up Shadowsocks server on Raspberry Pi.markdown
            
            
              Last active
              February 20, 2024 00:38
            
              
                Set up Shadowsocks server on Raspberry Pi
              
          
    Set up Shadowsocks server on Raspberry Pi

By QuLk @ 2018.7.12
Refer:

https://medium.freecodecamp.org/running-your-own-openvpn-server-on-a-raspberry-pi-8b78043ccdea  

https://www.reddit.com/r/China/comments/8hp0kr/shadowsocks_server_on_raspberry_pi/  

https://www.linuxbabe.com/linux-server/setup-your-own-shadowsocks-server-on-debian-ubuntu-centos
This article uses RASPBERRY PI 3 MODEL B, OS version: Raspbian GNU/Linux 9 (stretch).

  
## windows_hardening.cmd
::
::#######################################################################
::
:: Change file associations to protect against common ransomware attacks
:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
:: ---------------------
ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"

## inputs.conf
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
blacklist3 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)"
blacklist4 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)"

## props.conf
[WinEventLog:Security]
#Returns most of the space savings XML would provide
SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
SEDCMD-clean3-blank_ipv6 = s/::ffff://g
SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g

## setupiisforsslperfectforwardsecrecy_v17.ps1
# Copyright 2019, Alexander Hass
# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
#
# After running this script the computer only supports:
# - TLS 1.2
#
# Version 3.0.1, see CHANGELOG.txt for changes.

Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
Write-Host '--------------------------------------------------------------------------------'

## migrate-to-sso.sh
#!/bin/bash

splunk_home=/opt/splunk/etc
my_users=$splunk_home/apps/my_domain/lookups/my_users.csv
users=$splunk_home/users
authfile=$splunk_home/new-auths.txt

# Clear the auth file
: > $authfile

## wifi.py
# -*- coding: utf-8 -*-

import wifi


def Search():
    wifilist = []

    cells = wifi.Cell.all('wlan0')
	#!/bin/bash
	# check_user_lastseen - report on users who have not logged in for a while
	# Purpose:
	# This script tries to find idle accounts and any orphaned homedirs
	# Currently is Linux biased but capacity for portability is there
	# Author: Rawiri Blundell
	# Copyright: See provided LICENCE file
	###############################################################################
	# Source the config mapping library
	# Provides variables "${thisHost}", "${thisJob}" and
	::
	::#######################################################################
	::
	:: Change file associations to protect against common ransomware attacks
	:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
	:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
	:: ---------------------
	ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
	ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
	ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
	[WinEventLog://Security]
	disabled = 0
	start_from = oldest
	current_only = 0
	evt_resolve_ad_obj = 1
	checkpointInterval = 5
	blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
	blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
	blacklist3 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool\|splunkd\|splunk\|splunk\-(?:MonitorNoHandle\|admon\|netmon\|perfmon\|powershell\|regmon\|winevtlog\|winhostinfo\|winprintmon\|wmi\|optimize))\.exe)"
	blacklist4 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool\|splunkd\|splunk\|splunk\-(?:MonitorNoHandle\|admon\|netmon\|perfmon\|powershell\|regmon\|winevtlog\|winhostinfo\|winprintmon\|wmi\|optimize))\.exe)"
	[WinEventLog:Security]
	#Returns most of the space savings XML would provide
	SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
	SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
	SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
	SEDCMD-clean3-blank_ipv6 = s/::ffff://g
	SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
	SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
	SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
	SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g
	# Copyright 2019, Alexander Hass
	# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
	#
	# After running this script the computer only supports:
	# - TLS 1.2
	#
	# Version 3.0.1, see CHANGELOG.txt for changes.

	Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
	Write-Host '--------------------------------------------------------------------------------'
	#!/bin/bash

	splunk_home=/opt/splunk/etc
	my_users=$splunk_home/apps/my_domain/lookups/my_users.csv
	users=$splunk_home/users
	authfile=$splunk_home/new-auths.txt

	# Clear the auth file
	: > $authfile
	# -- coding: utf-8 --

	import wifi


	def Search():
	wifilist = []

	cells = wifi.Cell.all('wlan0')