g3rhard

These are my notes for connecting to a meraki client vpn from ubuntu 16.04. This configuration assumes you are using a psk for the ipsec auth.

Install the following packages:

apt-get install -y strongswan xl2tpd

Configure strong swan

g3rhard

# save it as /etc/profile.d/ssh-telegram.sh
# or place it in your scripts directory, for example /var/scripts
# and paste in /etc/ssh/sshrc this line:
# /var/scripts/ssh-telegram.sh
# use jq to parse JSON from ipinfo.io
# get jq from here http://stedolan.github.io/jq/
USERID="<target_user_id>"
KEY="<bot_private_key>"
TIMEOUT="10"
URL="https://api.telegram.org/bot$KEY/sendMessage"

g3rhard

# Mediawiki, Bugzilla and mediawiki-bugzilla extension
# test setup
version: '2'
services:
  mysql:
    container_name: mw-bz-mysql
    image: mysql
    volumes:
      - "./data/mysql:/var/lib/mysql"
    restart: always

g3rhard

// Policy template for Linux.
// Uncomment the policies you wish to activate and change their values to
// something useful for your case. The provided values are for reference only
// and do not provide meaningful defaults!
// More information in https://www.chromium.org/administrators/policy-list-3
{
  // Cross-origin HTTP Basic Auth prompts
  //-------------------------------------------------------------------------
  // Controls whether third-party sub-content on a page is allowed to pop-up an
  // HTTP Basic Auth dialog box.  Typically this is disabled as a phishing

g3rhard

Ubuntu setup

Setup instructions for the Ubuntu 16.04 workstations and servers in the laboratory environment. Replace systemctl with Upstart start|stop for Ubuntu 14.04.

Passwordless sudo

sudo tee /etc/sudoers.d/administrator <<EOF
administrator ALL=(ALL) NOPASSWD: ALL
EOF

g3rhard

#!/usr/bin/env bash

## Usage:
## ./migrate.sh $clone_url $project_name $owner_uid
## Migrate a repository to gogs into the user namespace of the token-user
## ./migrate.sh git@mygitlab.com:group/repo.git repo 1
## uid can be a group uid
## NB: for local migration, if your gogs instance is inside docker or vm, you must provide path local relative to container's fs

echo $1;

g3rhard

#!/bin/bash
## Install Gogs v0.11.4 + Nginx Webserver + Mysql
## On Debian, Ubuntu 64Bits
## Author: Nilton OS -- www.linuxpro.com.br
## Version: 3.5

### Tested on Ubuntu 16.04 LTS 64Bits
### Tested on Debian 8/9 64Bits

echo 'install_gogs_ubuntu.sh'

g3rhard

# read more at https://terrty.net/2014/ssl-tls-in-nginx/
# latest version on https://gist.github.com/paskal/628882bee1948ef126dd/126e4d1daeb5244aacbbd847c5247c2e293f6adf
# security test score: https://www.ssllabs.com/ssltest/analyze.html?d=terrty.net
# your nginx version might not have all directives included, test this configuration before using in production against your nginx:
# $ nginx -c /etc/nginx/nginx.conf -t

server {
        # public key, contains your public key and class 1 certificate, to create:
        # (example for startssl)
        # $ (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null

g3rhard

Setup fail2ban (v0.8.11) with ufw and nginx on Ubuntu 14.04

Install fail2ban & ufw

If you haven't already, install fail2ban and ufw:

sudo apt-get install fail2ban ufw

Now make a copy of the fail2ban configuration, and name it jail.local:

g3rhard

###############################################################################
# The MIT License
#
# Copyright 2012-2014 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is