Skip to content

Instantly share code, notes, and snippets.

Avatar

Thermi Thermi

View GitHub Profile
@Thermi
Thermi / copy-and-start.sh
Created Mar 22, 2019
Copy and start script for Supermicro's ipmiview tool. It makes sure you always got the latest version in your home directory.
View copy-and-start.sh
#! /bin/bash
# check and copy files
IPMIVIEWDIR=/opt/ipmiview
USERDIR="$HOME/.local/share/ipmiview/"
if [ "$IPMIVIEWDIR" -nt "$USERDIR" ]
then
OLDDIR="$(pwd)"
mkdir -p "$USERDIR"/BMCSecurity
View gist:e01ef209652305dba1e5a60aee84499c
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -s 87.128.0.0/10 -p tcp --dport 22 -m limit --limit 10/min -j LOG --log-prefix "SSH_TRAFFIC "
-A INPUT -s 87.128.0.0/10 -p tcp --dport 22 -j ACCEPT
@Thermi
Thermi / ipsecTunnelMonitoringScript.py
Created Sep 13, 2018
ipsecTunnelMonitoringScript
View ipsecTunnelMonitoringScript.py
#! /usr/bin/python3 -B
# Copyright (C) 2018 Noel Kuntze <noel.kuntze@thermi.consulting> for VINN Gmbh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
View 0001-Fix-issue-with-the-creation-of-dummy-fips.h-header.patch
From a7fe5e35025227e348eaef5a15fd55f591d77206 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 6 Mar 2018 13:15:35 -0800
Subject: [PATCH] Fix issue with the creation of dummy fips.h header.
---
wolfssl/wolfcrypt/include.am | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
View lab2_alt2.py
#! /bin/python3 -B
from fractions import Fraction
import pprint
class inputCase:
deltaX = 0
recursor = None
def __init__(self, deltaX, recursor):
self.deltaX = deltaX
@Thermi
Thermi / Best Practices.md
Last active Mar 2, 2019
Summary page of the Netfilter related resources
View Best Practices.md

Best Practices:

  1. Don't use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
  2. Set your INPUT and FORWARD policy to DROP.
  3. Don't set your OUTPUT policy to DROP unless you really know what you're doing.
  4. If you're going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
  5. Allow all traffic on lo.
  6. You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
  7. Don't use iptables -L
  8. DON'T USE IPTABLES -L
  9. Use iptables-save instead of iptables -L.
View README.md

A quick run down on iptables rules

What is it?

iptables is a cli frontend to netfilter, the Linux kernel firewall/nat implementation for OSI layer 3 and 4.

Okay, give me more details

  • When you run "iptables", the actual file being executed is "xtables-multi". That is, because the file name "iptables" is symlinked to "xtables-multi".
View 008-Fix-implicit-fallthrough-in-src-options.c
From eefac5786d01f1c3c4660cb218eb380eb19894a7 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel@familie-kuntze.de>
Date: Fri, 21 Jul 2017 16:39:50 +0200
Subject: [PATCH] Fix implicit fallthrough in src/options.c
---
pax-3.4/src/options.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/pax-3.4/src/options.c b/pax-3.4/src/options.c
View replace_neigh_failed.sh
#! /bin/bash
ip neigh | while read -r i
do
if [ `echo "$i" | cut -d " " -f 5` == FAILED ]
then
ip neigh replace `echo "$i" | cut -d " " -f 1-3` nud none
fi
done
View 0001-Fix-compiler-warnings-in-usl_timer.c.patch
From c694a83d871855bf8e26bcb6f7b3d85503753ca9 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel@familie-kuntze.de>
Date: Mon, 19 Jun 2017 17:30:56 +0200
Subject: [PATCH] Fix compiler warnings in usl_timer.c
---
usl/usl_timer.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/usl/usl_timer.c b/usl/usl_timer.c