Kevin M. Gallagher ageis

## onion-svc-v3-client-auth.sh
#!/bin/bash

# needs openssl 1.1+
# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html
#   (but something else that decodes the base64 and re-encodes the raw key bytes
#    to base32 is probably fine too)

##### generate a key

openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem

## linux.sh
#!/boot/bzImage

# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.

# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name

## pgpgrep.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-

import sys
import subprocess
import argparse
import re
import mailbox
import email.utils
import os

## grsec-debian-digitalocean.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              12 stars
            
          
                ageis
                / grsec-debian-digitalocean.md
            
            
              Last active
              October 17, 2021 00:54
            
          
    Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.
We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".
Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.
Install dependencies:

  
## openpgp-card-guide.md

      
              1 file
            
          
              8 forks
            
          
              9 comments
            
          
              54 stars
            
          
                ageis
                / openpgp-card-guide.md
            
            
              Last active
              December 11, 2023 09:36
            
              
                Quick GPG Smartcard Guide
              
          
    ⚠️ Content below I now consider obsolete. My latest guide is now located here: Technical guide for using YubiKey series 4 for GPG and SSH. Please consult that resource instead.


Quick GPG Smartcard Guide


## anonymous
The Goals of this Gist are to:
[1] Increase the GnuPG key size limit beyond 4096 bits.
[2] Provide configuration files that maximize security and anonymity.

For now, the ideal configuration files have been provided.
The Debian_Linux_GnuPG_Compiler.bash script works to build GnuPG with the 4096 bit key size limit raised.

Please provide input. Feedback and changes welcome.

## nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

## ssl.rules
# Basically the nginx configuration I use at konklone.com.
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
#
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author.
#
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

server {

## langoliers.rb
require "rubygems"
require "twitter"
require "json"

# things you must configure
TWITTER_USER = "your_username"
MAX_AGE_IN_DAYS = 1 # anything older than this is deleted

# get these from dev.twitter.com
CONSUMER_KEY = "your_consumer_key"
	#!/bin/bash

	# needs openssl 1.1+
	# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html
	# (but something else that decodes the base64 and re-encodes the raw key bytes
	# to base32 is probably fine too)

	##### generate a key

	openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem
	#!/boot/bzImage

	# Linux kernel userspace initialization code, translated to bash
	# (Minus floppy disk handling, because seriously, it's 2017.)
	# Not 100% accurate, but gives you a good idea of how kernel init works
	# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
	# Based on Linux 4.10-rc2.

	# Note: pretend chroot is a builtin and affects the current process
	# Note: kernel actually uses major/minor device numbers instead of device name
	#!/usr/bin/python3
	# -- coding: utf-8 --

	import sys
	import subprocess
	import argparse
	import re
	import mailbox
	import email.utils
	import os
	The Goals of this Gist are to:
	[1] Increase the GnuPG key size limit beyond 4096 bits.
	[2] Provide configuration files that maximize security and anonymity.

	For now, the ideal configuration files have been provided.
	The Debian_Linux_GnuPG_Compiler.bash script works to build GnuPG with the 4096 bit key size limit raised.

	Please provide input. Feedback and changes welcome.
	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
	# Basically the nginx configuration I use at konklone.com.
	# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
	#
	# To provide feedback, please tweet at @konklone or email eric@konklone.com.
	# Comments on gists don't notify the author.
	#
	# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
	# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

	server {
	require "rubygems"
	require "twitter"
	require "json"

	# things you must configure
	TWITTER_USER = "your_username"
	MAX_AGE_IN_DAYS = 1 # anything older than this is deleted

	# get these from dev.twitter.com
	CONSUMER_KEY = "your_consumer_key"