Skip to content

Instantly share code, notes, and snippets.

Jean-Christophe jcberthon

Block or report user

Report or block jcberthon

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
Neo23x0 / audit.rules
Last active May 22, 2020
Linux Auditd Best Practice Configuration
View audit.rules
# This gist has been transformed into a github repo
# You can find the most recent version there:
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
maxzinkus /
Last active Sep 14, 2019
Configuring Firefox for security and privacy (as of Oct. 2017)

Configuring/Hardening Firefox for Security and Privacy

Source for some of these

  1. about:config
  • dom.event.clipboardevents.enabled => false
  • clipboard.plainTextOnly => true
  • referer spoofSource => true
  • media.peerconnection
osiyuk / docker-gc
Created Sep 1, 2017
free up disk space after docker garbage
View docker-gc
du -hd 1 $GARBAGE | sort -hrk 1 | head -25
find $GARBAGE -maxdepth 1 -name *-removing -exec rm -rf '{}' \;
ageis /
Last active May 29, 2020
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

mortn / nftables.conf
Last active Jun 28, 2018
nftables router
View nftables.conf
flush ruleset
# filter
table ip filter {
chain input {
type filter hook input priority 0; policy drop;
ct state invalid counter drop comment "drop invalid packets"
ct state {established, related} counter accept comment "accept all connections related to connections made by us"
iifname lo accept comment "accept loopback"
iifname != lo ip daddr counter drop comment "drop connections to loopback not coming from loopback"
maxvt /
Last active May 20, 2020
Infrastructure Secret Management Software Overview

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

nerdalert /
Last active May 26, 2020
Linux NetFilter, IP Tables and Conntrack Diagrams

Linux NetFilter, IP Tables and Conntrack Diagrams


IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at
vjm /
Created Mar 7, 2015
Raspberry Pi ELK Stack
sudo apt-get install -y supervisor
sudo mkdir /usr/share/elasticsearch
cd /usr/share/elasticsearch
sudo wget
sudo wget
sudo wget
sudo tar -zxvf elasticsearch-0.90.0.tar.gz
martinseener /
Last active Jul 26, 2018 - A simple nagios-compatible check for the FREAK vulnerability (CVE 2015-0204)
#!/usr/bin/env bash
# (c) 2015 Martin Seener
# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!
PROGNAME=$(basename $0)
You can’t perform that action at this time.