GAS85

• Based on https://techwombat.com/enable-http2-apache-ubuntu-16-04/

• This totorial is for an older Ubuntu 16.04, for a Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831 and for a Ubuntu 20.04 please read here* --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c

Requirements

• A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
• For Ubuntu 18.04 please read here --> https://gist.github.com/GAS85/8dadbcb3c9a7ecbcb6705530c1252831
• A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

yonglai

---
- name: Install docker
  gather_facts: No
  hosts: default

  tasks:
    - name: Install yum utils
      yum:
        name: yum-utils
        state: latest

jamiekurtz

#!/usr/bin/env bash

# This script can add given users as SSH users. Use the following environment variables:
#   SSH_USERS="name1 name2 name3"
#   SSH_KEY_name1="ssh key for name1"
#   SSH_KEY_name2="ssh key for name2"
#   SSH_KEY_name3="ssh key for name3"

# You can set MYAPP on line 22 to any arbitrary string

mattia-beta

### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP

### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

### 3: Drop SYN packets with suspicious MSS value ###
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP

### 4: Block packets with bogus TCP flags ###

kgriffs

import re

# RFC 4122 states that the characters should be output as lowercase, but
#   that input is case-insensitive. When validating input strings,
#   include re.I or re.IGNORECASE per below:

def _create_pattern(version):
    return re.compile(
        (
            '[a-f0-9]{8}-' +

joecampo

If you're not familiar: What is fail2ban? fail2ban is an awesome linux service/monitor that scans log files (e.g. auth.log for SSH) for potentially malicious behavior. Once fail2ban is tripped it will ban users for a specified duration by adding rules to Iptables. If you're unfamiliar with fail2ban Chris Fidao has a wonderful (& free!) series about security including setting up fail2ban here.

Recently Laravel released a new feature in 5.1 to throttle authentication attempts by simply adding a trait to your authentication controller. The Laravel throttle trait uses the inputted username, and IP address to throttle attempts. I love seeing this added to a framework out of the box, but what about some of our other apps not built on Laravel? Like a WordPress login? Or even an open API etc.? Ultimately,

rxaviers

People

:bowtie:	😄 :smile:	😆 :laughing:
😊 :blush:	😃 :smiley:	☺️ :relaxed:
😏 :smirk:	😍 :heart_eyes:	😘 :kissing_heart:
😚 :kissing_closed_eyes:	😳 :flushed:	😌 :relieved:
😆 :satisfied:	😁 :grin:	😉 :wink:
😜 :stuck_out_tongue_winking_eye:	😝 :stuck_out_tongue_closed_eyes:	😀 :grinning:
😗 :kissing:	😙 :kissing_smiling_eyes:	😛 :stuck_out_tongue:

grenade

#!/bin/bash

# generate new personal ed25519 ssh key
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "rob thijssen <rthijssen@gmail.com>"

# generate new host cert authority (host_ca) ed25519 ssh key
# used for signing host keys and creating host certs
ssh-keygen -t ed25519 -f manta_host_ca -C manta.network

eval "$(ssh-agent -s)"

piscisaureus

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = git@github.com:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this:

kamermans

#!/bin/bash

JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
  fail2ban-client status $JAIL
done