Luis Jesús Díaz drconopoima

## signing-vbox-kernel-modules.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                drconopoima
                / signing-vbox-kernel-modules.md
            
            
              Created
              October 25, 2023 21:50
                — forked from reillysiemens/signing-vbox-kernel-modules.md
            
              
                Signing VirtualBox Kernel Modules
              
          
    Signing VirtualBox Kernel Modules

These are the steps I followed enable VirtualBox on my laptop without
disabling UEFI Secure Boot. They're nearly identical to the process described
on [Øyvind Stegard's blog][blog], save for a few key details. The images here
are borrowed from the [Systemtap UEFI Secure Boot Wiki][systemtap].

Install the VirtualBox package (this might be different for your platform).
src='https://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo'


## Arch Secure Laptop Install.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                drconopoima
                / Arch Secure Laptop Install.md
            
            
              Created
              April 30, 2023 19:09
                — forked from Th3Whit3Wolf/Arch Secure Laptop Install.md
            
              
                My install instruction for a secure Arch Linux (sway) laptop workstation 
              
          
    What's Cool


Encrypted root partition

AES-256 bit cipher
Argon2id variant for PBKDF
Sha3-512 bit hash


rEFInd bootloader

With dreary theme
Optimal Settings (optimized for aesthetics, and boot time)


Boot into backups thanks to refind-btrfs


## Xray-performance-up.sh
#!/usr/bin/env bash

wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh


## Add sysctl config
echo 'fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000

## .travis.yml
language: rust
cache: cargo
rust:
  - stable
before_cache: |
  cargo install cargo-tarpaulin
before_script:
- rustup component add rustfmt
- rustup component add clippy
- cargo install cargo-audit

## config.yml
version: 2
jobs:
  build-and-test:
    docker:
      - image: circleci/rust
    environment:
      # Fail the build if there are warnings
      RUSTFLAGS: '-D warnings'
    steps:
      - checkout

## audit-on-push.yml
name: Security audit
on:
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
jobs:
  security_audit:
    runs-on: ubuntu-latest
    steps:

## .gitlab-ci.yml
image: "rust:latest"

default:
  before_script:
    - rustc --version
    - cargo --version

stages:
  - test

## generate_ca.sh
#!/bin/bash
mkdir ~/SSLCA/root/
cd ~/SSLCA/root/
openssl genrsa -aes256 -out rootca.key 2048
openssl req -sha256 -new -x509 -days 1826 -key rootca.key -out rootca.crt
touch certindex
echo 1000 > certserial
echo 1000 > crlnumber
echo '
[ ca ]

## openssl_root.cnf
# OpenSSL Root CA configuration file
# Copy to /root/ca/openssl_root.cnf

[ ca ]
default_ca = CA_default

[ CA_default ]
# Directory and file locations.
dir               = /root/ca
certs             = $dir/certs

## generate-internal-ca.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                drconopoima
                / generate-internal-ca.md
            
            
              Created
              March 14, 2022 20:52
                — forked from brightzheng100/generate-internal-ca.md
            
              
                How-to: Generate Internal CA
              
          
    Create your CA database to keep track of signed certificates

$ mkdir private certs cnf csr crl
$ touch index.txt
$ echo 1000 > serial

Create Your OpenSSL Config File
	#!/usr/bin/env bash

	wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh


	## Add sysctl config
	echo 'fs.file-max = 51200
	net.core.rmem_max = 67108864
	net.core.wmem_max = 67108864
	net.core.netdev_max_backlog = 250000
	language: rust
	cache: cargo
	rust:
	- stable
	before_cache: \|
	cargo install cargo-tarpaulin
	before_script:
	- rustup component add rustfmt
	- rustup component add clippy
	- cargo install cargo-audit
	version: 2
	jobs:
	build-and-test:
	docker:
	- image: circleci/rust
	environment:
	# Fail the build if there are warnings
	RUSTFLAGS: '-D warnings'
	steps:
	- checkout
	name: Security audit
	on:
	push:
	paths:
	- '**/Cargo.toml'
	- '**/Cargo.lock'
	jobs:
	security_audit:
	runs-on: ubuntu-latest
	steps:
	image: "rust:latest"

	default:
	before_script:
	- rustc --version
	- cargo --version

	stages:
	- test
	#!/bin/bash
	mkdir ~/SSLCA/root/
	cd ~/SSLCA/root/
	openssl genrsa -aes256 -out rootca.key 2048
	openssl req -sha256 -new -x509 -days 1826 -key rootca.key -out rootca.crt
	touch certindex
	echo 1000 > certserial
	echo 1000 > crlnumber
	echo '
	[ ca ]
	# OpenSSL Root CA configuration file
	# Copy to /root/ca/openssl_root.cnf

	[ ca ]
	default_ca = CA_default

	[ CA_default ]
	# Directory and file locations.
	dir = /root/ca
	certs = $dir/certs