changeme

yum install zlib zlib-devel pam pam-devel openssl openssl-devel gcc patch make
cd /usr/src
wget http://www.thirdechelon.org/stuff/openssh-6.6p1-hpnssh14v5.diff.gz
wget http://www.thirdechelon.org/stuff/openssh-6.6p1.tar.gz
tar -xzvf openssh-6.1p1.tar.gz
cd openssh-6.1p1
zcat /usr/src/openssh-6.1p1-hpn13v14.diff.gz | patch
./configure –prefix=/usr –sysconfdir=/etc/ssh –with-pam
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.original
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.original

changeme

global 
  daemon
  stats socket /var/run/haproxy.stat mode 600
  log 127.0.0.1   local0
  log 127.0.0.1   local1 notice
  ulimit-n 80020
  pidfile /var/run/haproxy.pid
  
  tune.ssl.default-dh-param 2048
  ssl-default-bind-options no-sslv3

changeme

/bin/bash

#Configure servers
#SERVER1=190.228.29.39
SERVER2=newhostname-or-ip

#Uncomment to hide folder sizes
#FAST="--nofoldersizes" 

#Uncomment to do a dry run (no actual changes)

changeme

# PUEDEN ESTAR EN DISTINTOS ARCHIVOS

#############################################################
# SPAM ASSASSIN
check process spamd with pidfile /var/run/spamd.pid
   group mail
   start program = "/etc/init.d/spamassassin start"
   stop  program = "/etc/init.d/spamassassin stop"
   if cpu usage > 99% for 5 cycles then alert
   if mem usage > 99% for 5 cycles then alert

changeme

add comment="Ejecuta actualizacion OpenDNS" interval=15m name=OpenDNS on-event=OpenDNS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/23/2016 start-time=12:00:00

changeme

# Basado en http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
#
# Adaptarlo para saliente
#
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT

changeme

add comment="Whatsapp Address List" interval=2m name="Whatsapp Blocker" \
    on-event="# Use DNS Entrys and add Address to the Firewall Address-list #\
    \r\
    \n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
    =\"A\") ] do={\r\
    \n :local tmpAddress [/ip dns cache get \$i address];\r\
    \ndelay delay-time=10ms\r\
    \n# prevent script from using all cpu time #\r\
    \n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \"\
    \") do={ \r\

changeme

/ip firewall filter
add action=reject chain=forward comment="Reject MS Telemetry" \
    dst-address-list=MStelemetry reject-with=icmp-network-unreachable

/ip firewall address-list
add address=111.221.29.177 list=MStelemetry
add address=111.221.29.253 list=MStelemetry
add address=131.253.40.37 list=MStelemetry
add address=134.170.30.202 list=MStelemetry
add address=134.170.115.60 list=MStelemetry

changeme

server  {
  listen 443 ssl;
  server_name  sub.domain.com;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/sub.domain.com/privkey.pem;
  location  / {
    proxy_buffering  off;
    proxy_pass  http://[IPADDRESS]:[PORT]/guacamole/;
    proxy_http_version  1.1;

changeme

server  {
  listen 443 ssl;
  server_name  sub.domain.com;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/sub.domain.com/privkey.pem;
  location  / {
    proxy_buffering  off;
    proxy_pass  http://[IPADDRESS]:[PORT]/guacamole/;
    proxy_http_version  1.1;