A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Franz Skale fskale
WJWH
/ gist:f3a196e65fdabd6eace5f89da430600e
Created
October 1, 2021 14:16
Server that does no syscalls for handling connections
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Extremely hacky server program that will send a standard response | |
| // to every client that connects, then closes the connection. Will | |
| // issue no system calls (as measured by `strace`) after initial setup | |
| // no matter how many requests are served. | |
| // Yes, this program is sorely lacking in error checking. It's a toy | |
| // and not meant to be taken seriously. | |
| // compile with gcc no_syscall_server.c -luring |
fskale
/ s3-backup.pl
Last active
September 4, 2019 10:18
S3 incremental Backup using Mojolicious Non-Blocking I/O (concurrent) (Check Script for required modules) supports Amazon and Hitachi S3 storages (no warranty !)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| package S3::Backup; | |
| use Mojo::Base -base; | |
| use Carp qw(carp croak); | |
| use POSIX qw(strftime ceil floor); | |
| use Fcntl qw(O_WRONLY O_APPEND O_CREAT); | |
| use Fcntl ':mode'; | |
| #set utf8 output encoding explicitly | |
| binmode( STDOUT, ":encoding(utf8)" ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OpenSSH_8.0p1, OpenSSL 1.1.1b 26 Feb 2019 | |
| debug1: Reading configuration data /home/rsp9u/.ssh/config | |
| debug1: /home/rsp9u/.ssh/config line 1: Applying options for raspi | |
| debug1: Reading configuration data /etc/ssh/ssh_config | |
| debug2: resolve_canonicalize: hostname 192.168.63.10 is address | |
| debug2: ssh_connect_direct | |
| debug1: Connecting to 192.168.63.10 [192.168.63.10] port 50022. | |
| debug1: Connection established. | |
| debug1: identity file /home/rsp9u/.ssh/id_rsa type 0 | |
| debug1: identity file /home/rsp9u/.ssh/id_rsa-cert type -1 |
jamesfreeman959
/ selinux-funcs-el7.txt
Last active
February 16, 2022 09:46
Useful SELinux Functions based on http://dev.gentoo.org/~swift/blog/01/selinux-funcs.txt but modified to be EL7 specific
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sefindif - Find interface definitions that have a string that matches the | |
| # given regular expression | |
| sefindif() { | |
| REGEXP="$1"; | |
| pushd /usr/share/selinux/devel/include > /dev/null 2>&1; | |
| for FILE in */*.if; | |
| do | |
| awk "/(interface\(|template\()/ { NAME=\$NF; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; print };" ${FILE} | sed -e "s:^:${FILE}\: :g"; | |
| done | |
| popd > /dev/null 2>&1; |
ageis
/ systemd_service_hardening.md
Last active
May 4, 2024 15:57
Options for hardening systemd service units
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* --- Usage --- */ | |
| g++ server.c -o server | |
| g++ client.c -o client | |
| ./server | |
| ./client 127.0.0.1 | |
| /* --- server.c --- */ | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <arpa/inet.h> |