Romel Vera RomelSan

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                RomelSan
                / keybase.md
            
            
              Created
              February 23, 2017 22:48
            
              
                Keybase
              
          
    Keybase proof

I hereby claim:

I am romelsan on github.
I am romel (https://keybase.io/romel) on keybase.
I have a public key ASD7DbdEmxcIYcbwCQna5T58VtETEYd9ZAOfxzVwhvXeSAo

To claim this, I am signing this object:

  
## SMB Security v0.3.ps1
# SMB Security v0.3
# By Romel Vera (https://www.github.com/RomelSan)
# Enforce SMB v3 basic security
# License: MIT
# Build: December 8, 2017

# Check SMB Server Configuration:
Get-SmbServerConfiguration |
select EnableSMB1Protocol, EnableSMB2Protocol, EncryptData, RejectUnencryptedAccess, RequireSecuritySignature

## SMB Check v0.3.ps1
# SMB Check v0.3
# By Romel Vera (https://www.github.com/RomelSan)
# This tool checks and enforces SMB v3 basic security
# License: MIT
# Build: December 8, 2017

#===========================================================================
# Check Admin
#===========================================================================
function Test-IsAdmin {

## Powershell-Certificates-BRIEF.ps1
#-------------------------------------------------------------------------------------
# Create Self signed root certificate
# -dnsname -DnsName domain.example.com,anothersubdomain.example.com
# -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com"
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 4096 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `

## raspberry-pi4.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              2 stars
            
          
                RomelSan
                / raspberry-pi4.md
            
            
              Last active
              October 1, 2023 22:10
            
              
                First things to do with a Raspberry Pi 4 (Raspbian Lite)
              
          
    First things to do with a Raspberry Pi 4 (Raspbian Lite)

Initial Changes


Change User Password
Change Hostname
Enable SSH
Change Time-Zone

sudo timedatectl
Memory Spit

sudo raspi-config


## ssh.txt
* start the SSH service with systemctl

sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl restart sshd

* Allow Or Deny SSH Access To A Particular User Or Group In Linux
sudo nano /etc/ssh/sshd_config

* Add or edit the following line:

## RouterOS 6 Syntax.xml
<NotepadPlus>
    <UserLang name="RouterOS" ext="rsc" udlVersion="2.1">
        <Settings>
            <Global caseIgnored="yes" allowFoldOfComments="no" foldCompact="no" forcePureLC="0" decimalSeparator="0" />
            <Prefix Keywords1="no" Keywords2="no" Keywords3="yes" Keywords4="no" Keywords5="no" Keywords6="no" Keywords7="no" Keywords8="no" />
        </Settings>
        <KeywordLists>
            <Keywords name="Comments">00# 01 02 03 04</Keywords>
            <Keywords name="Numbers, prefix1"></Keywords>
            <Keywords name="Numbers, prefix2"></Keywords>

## qos_tree.rsc
# Mikrotik Personal Queue Tree based on Priority for devices

# Mark in Mangle (Global Internet, Devices Download, Devices Upload)
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Internet Download" in-interface=ether10-Internet new-connection-mark=Internet_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Internet_conn new-packet-mark=Internet passthrough=no

add action=mark-connection chain=forward comment="Main Camera Download" dst-address=192.168.0.10 new-connection-mark=Camera_Conn_FW packet-mark=Internet passthrough=yes
add action=mark-packet chain=forward connection-mark=Camera_Conn_FW new-packet-mark="Camera_Download" passthrough=no

## win10uefi.ps1
# Minimum size of USB stick 6GB

# Set here the path of your ISO file
$iso = 'C:\Users\localuser\Downloads\en_win10.iso'

# Clean ! will clear any plugged-in USB stick!!
Get-Disk | Where BusType -eq 'USB' |
Clear-Disk -RemoveData -Confirm:$true -PassThru

# Convert GPT

## ListPrivilegedServices.ps1
# List privileged services that don't come with Windows 10

# Exclusion List for Win10 built in
$exclusion = @('AppVClient', 'ClickToRunSvc', 'COMSysApp', 'diagnosticshub.standardcollector.service',
           'msiserver', 'ose', 'perceptionsimulation', 'SecurityHealthService', 'Sense',
           'SensorDataService', 'SgrmBroker', 'Spooler', 'ssh-agent', 'TieringEngineService',
           'TrustedInstaller', 'UevAgentService', 'vds', 'VSS', 'wbengine', 'WinDefend', 'wmiApSrv',
            'WSearch', 'SamSs')

# Get Service List with LocalSystem and Startmode Auto and does not contain svchost.exe (Also exclude the ones from the list)
	# SMB Security v0.3
	# By Romel Vera (https://www.github.com/RomelSan)
	# Enforce SMB v3 basic security
	# License: MIT
	# Build: December 8, 2017

	# Check SMB Server Configuration:
	Get-SmbServerConfiguration \|
	select EnableSMB1Protocol, EnableSMB2Protocol, EncryptData, RejectUnencryptedAccess, RequireSecuritySignature
	# SMB Check v0.3
	# By Romel Vera (https://www.github.com/RomelSan)
	# This tool checks and enforces SMB v3 basic security
	# License: MIT
	# Build: December 8, 2017

	#===========================================================================
	# Check Admin
	#===========================================================================
	function Test-IsAdmin {
	#-------------------------------------------------------------------------------------
	# Create Self signed root certificate
	# -dnsname -DnsName domain.example.com,anothersubdomain.example.com
	# -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com"
	$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
	-Subject "CN=P2SRootCert" `
	-KeyExportPolicy Exportable `
	-HashAlgorithm sha256 -KeyLength 4096 `
	-CertStoreLocation "Cert:\CurrentUser\My" `
	-KeyUsageProperty Sign `
	* start the SSH service with systemctl

	sudo systemctl enable ssh
	sudo systemctl start ssh
	sudo systemctl restart sshd

	* Allow Or Deny SSH Access To A Particular User Or Group In Linux
	sudo nano /etc/ssh/sshd_config

	* Add or edit the following line:
	<NotepadPlus>
	<UserLang name="RouterOS" ext="rsc" udlVersion="2.1">
	<Settings>
	<Global caseIgnored="yes" allowFoldOfComments="no" foldCompact="no" forcePureLC="0" decimalSeparator="0" />
	<Prefix Keywords1="no" Keywords2="no" Keywords3="yes" Keywords4="no" Keywords5="no" Keywords6="no" Keywords7="no" Keywords8="no" />
	</Settings>
	<KeywordLists>
	<Keywords name="Comments">00# 01 02 03 04</Keywords>
	<Keywords name="Numbers, prefix1"></Keywords>
	<Keywords name="Numbers, prefix2"></Keywords>
	# Mikrotik Personal Queue Tree based on Priority for devices

	# Mark in Mangle (Global Internet, Devices Download, Devices Upload)
	/ip firewall mangle
	add action=mark-connection chain=prerouting comment="Internet Download" in-interface=ether10-Internet new-connection-mark=Internet_conn passthrough=yes
	add action=mark-packet chain=prerouting connection-mark=Internet_conn new-packet-mark=Internet passthrough=no

	add action=mark-connection chain=forward comment="Main Camera Download" dst-address=192.168.0.10 new-connection-mark=Camera_Conn_FW packet-mark=Internet passthrough=yes
	add action=mark-packet chain=forward connection-mark=Camera_Conn_FW new-packet-mark="Camera_Download" passthrough=no
	# Minimum size of USB stick 6GB

	# Set here the path of your ISO file
	$iso = 'C:\Users\localuser\Downloads\en_win10.iso'

	# Clean ! will clear any plugged-in USB stick!!
	Get-Disk \| Where BusType -eq 'USB' \|
	Clear-Disk -RemoveData -Confirm:$true -PassThru

	# Convert GPT
	# List privileged services that don't come with Windows 10

	# Exclusion List for Win10 built in
	$exclusion = @('AppVClient', 'ClickToRunSvc', 'COMSysApp', 'diagnosticshub.standardcollector.service',
	'msiserver', 'ose', 'perceptionsimulation', 'SecurityHealthService', 'Sense',
	'SensorDataService', 'SgrmBroker', 'Spooler', 'ssh-agent', 'TieringEngineService',
	'TrustedInstaller', 'UevAgentService', 'vds', 'VSS', 'wbengine', 'WinDefend', 'wmiApSrv',
	'WSearch', 'SamSs')

	# Get Service List with LocalSystem and Startmode Auto and does not contain svchost.exe (Also exclude the ones from the list)