Daniel Krusky dkrusky
dkrusky
/ install-and-secure-linux-with-csf.sh
Last active
February 28, 2020 15:54
Consolidates CSF paramaters into a single script which will download any required runtimes for your distro, detect and enable ipv6 firewall, and install and configure CSF. Tested on Debian and CentOS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| CSF="/etc/csf/csf.conf" | |
| # set the values as you wish them to be set in the running version of csf | |
| RESTRICT_UI='2' | |
| RESTRICT_SYSLOG='3' | |
| LF_SPI='1' | |
| TCP_IN='25,80,110,443,465,587,995,2083' | |
| TCP_OUT='20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703' | |
| UDP_IN='33434:33523' |
dkrusky
/ windows-server-perfect-tls-ssl-rating-ssllabs.ps1
Last active
July 7, 2016 12:26
Modified powershell script (must run as administrator) to pre-configure the box for A+ rating on ssllabs.com . Only support for TLS 1.2 is enabled due to lack of support in SCHANNEL for TLS fallback. You still need to setup HPKP, Strict-Security, and OCSP in IIS per site.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2014, Alexander Hass - Modified by MicroVB ( https://www.microvb.com ) | |
| # http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 | |
| # | |
| # Version 1.5 | |
| # - Disabled remaining problematic ciphers that do not supply forward secrecy | |
| # - Disabled TLS 1.0 from server SCHANNEL requests | |
| # - Disabled TLS 1.1 from server SCHANNEL requests | |
| # - Enabled secure renegotiation | |
| # - Moved cipher suite and protocol variables to the top of this file to make editing easier | |
| # - 3DES has been disabled. |
NewerOlder