This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# to generate your dhparam.pem file, run in the terminal | |
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# needs openssl 1.1+ | |
# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html | |
# (but something else that decodes the base64 and re-encodes the raw key bytes | |
# to base32 is probably fine too) | |
##### generate a key | |
openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require "rubygems" | |
require "twitter" | |
require "json" | |
# things you must configure | |
TWITTER_USER = "your_username" | |
MAX_AGE_IN_DAYS = 1 # anything older than this is deleted | |
# get these from dev.twitter.com | |
CONSUMER_KEY = "your_consumer_key" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Goals of this Gist are to: | |
[1] Increase the GnuPG key size limit beyond 4096 bits. | |
[2] Provide configuration files that maximize security and anonymity. | |
For now, the ideal configuration files have been provided. | |
The Debian_Linux_GnuPG_Compiler.bash script works to build GnuPG with the 4096 bit key size limit raised. | |
Please provide input. Feedback and changes welcome. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/boot/bzImage | |
# Linux kernel userspace initialization code, translated to bash | |
# (Minus floppy disk handling, because seriously, it's 2017.) | |
# Not 100% accurate, but gives you a good idea of how kernel init works | |
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st> | |
# Based on Linux 4.10-rc2. | |
# Note: pretend chroot is a builtin and affects the current process | |
# Note: kernel actually uses major/minor device numbers instead of device name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Basically the nginx configuration I use at konklone.com. | |
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com | |
# | |
# To provide feedback, please tweet at @konklone or email eric@konklone.com. | |
# Comments on gists don't notify the author. | |
# | |
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites. | |
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration. | |
server { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# -*- coding: utf-8 -*- | |
import sys | |
import subprocess | |
import argparse | |
import re | |
import mailbox | |
import email.utils | |
import os |
It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.
We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".
Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.
Install dependencies: