Amin Khoshnood amnkh

## ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

config setup
    charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,  mgr 4"

conn %default
    keyexchange=ike
    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp

## rc.local
# for ISAKMP (handling of security associations)
iptables -A INPUT -p udp --dport 500 --j ACCEPT
# for NAT-T (handling of IPsec between natted devices)
iptables -A INPUT -p udp --dport 4500 --j ACCEPT
# for ESP payload (the encrypted data packets)
iptables -A INPUT -p esp -j ACCEPT
# for the routing of packets on the server
iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
# internet access
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT

## self-signed-certificate-with-custom-ca.md

      
              1 file
            
          
              421 forks
            
          
              50 comments
            
          
              1349 stars
            
          
                fntlnz
                / self-signed-certificate-with-custom-ca.md
            
            
              Last active
              April 19, 2024 12:30
            
              
                Self Signed Certificate with Custom Root CA
              
          
    Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096

  
## openssl-notes.txt
*** RSA

# Generate self-signed certificate with RSA 4096 key-pair
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout rsakey.pem -out rsacert.pem

# print private and public key
openssl rsa -in rsakey.pem -text -noout

# print certificate
openssl x509 -in rsacert.pem -text -noout

## gsad.service
[Unit]
Description=OpenVAS - Greenbone Security Assistant
After=network.target

[Service]
ExecStart=/usr/local/sbin/gsad --foreground

[Install]
WantedBy=multi-user.target

## port-forwarding.py
#!/usr/bin/env python3
# Tcp Port Forwarding (Reverse Proxy)
# Author : WangYihang <wangyihanger@gmail.com>

'''
 +-----------------------------+         +---------------------------------------------+         +--------------------------------+
 |     My Laptop (Alice)       |         |            Intermediary Server (Bob)        |         |    Internal Server (Carol)     |
 +-----------------------------+         +----------------------+----------------------+         +--------------------------------+
 | $ ssh -p 1022 carol@1.2.3.4 |<------->|    IF 1: 1.2.3.4     |  IF 2: 192.168.1.1   |<------->|       IF 1: 192.168.1.2        |
 | carol@1.2.3.4's password:   |         +----------------------+----------------------+         +--------------------------------+

## remove-expired-index.sh
#!/usr/bin/env bash

#set -x

usage()
{
cat << EOF

remove-expired-index.sh

## README.md

      
              1 file
            
          
              12 forks
            
          
              0 comments
            
          
              25 stars
            
          
                nitefood
                / README.md
            
            
              Last active
              May 8, 2023 00:45
            
              
                ASN/IP/Route/hostname command line lookup tool to map any network to the corresponding ASN and prefix
              
          
    This gist has moved to its own repository HERE
See you there!

  
## nginx-cloudflare.conf
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;

## recognizedish.sh
#!/bin/bash

for i in `ls /sys/class/scsi_device/`
do
	echo 1 > /sys/class/scsi_device/`echo $i | sed 's|:|\:|g'`/device/rescan
done

for i in `ls  /sys/class/scsi_host/`
do
	echo "- - -" > /sys/class/scsi_host/$i/scan
	# ipsec.conf - strongSwan IPsec configuration file

	config setup
	charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"

	conn %default
	keyexchange=ike
	ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
	esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp
	# for ISAKMP (handling of security associations)
	iptables -A INPUT -p udp --dport 500 --j ACCEPT
	# for NAT-T (handling of IPsec between natted devices)
	iptables -A INPUT -p udp --dport 4500 --j ACCEPT
	# for ESP payload (the encrypted data packets)
	iptables -A INPUT -p esp -j ACCEPT
	# for the routing of packets on the server
	iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
	# internet access
	iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
	*** RSA

	# Generate self-signed certificate with RSA 4096 key-pair
	openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout rsakey.pem -out rsacert.pem

	# print private and public key
	openssl rsa -in rsakey.pem -text -noout

	# print certificate
	openssl x509 -in rsacert.pem -text -noout
	[Unit]
	Description=OpenVAS - Greenbone Security Assistant
	After=network.target

	[Service]
	ExecStart=/usr/local/sbin/gsad --foreground

	[Install]
	WantedBy=multi-user.target
	#!/usr/bin/env python3
	# Tcp Port Forwarding (Reverse Proxy)
	# Author : WangYihang <wangyihanger@gmail.com>

	'''
	+-----------------------------+ +---------------------------------------------+ +--------------------------------+
	\| My Laptop (Alice) \| \| Intermediary Server (Bob) \| \| Internal Server (Carol) \|
	+-----------------------------+ +----------------------+----------------------+ +--------------------------------+
	\| $ ssh -p 1022 carol@1.2.3.4 \|<------->\| IF 1: 1.2.3.4 \| IF 2: 192.168.1.1 \|<------->\| IF 1: 192.168.1.2 \|
	\| carol@1.2.3.4's password: \| +----------------------+----------------------+ +--------------------------------+
	set_real_ip_from 103.21.244.0/22;
	set_real_ip_from 103.22.200.0/22;
	set_real_ip_from 103.31.4.0/22;
	set_real_ip_from 104.16.0.0/12;
	set_real_ip_from 108.162.192.0/18;
	set_real_ip_from 131.0.72.0/22;
	set_real_ip_from 141.101.64.0/18;
	set_real_ip_from 162.158.0.0/15;
	set_real_ip_from 172.64.0.0/13;
	set_real_ip_from 173.245.48.0/20;
	#!/bin/bash

	for i in `ls /sys/class/scsi_device/`
	do
	echo 1 > /sys/class/scsi_device/`echo $i \| sed 's\|:\|\:\|g'`/device/rescan
	done

	for i in `ls /sys/class/scsi_host/`
	do
	echo "- - -" > /sys/class/scsi_host/$i/scan