A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Jean-Christophe jcberthon
plentz
/ nginx.conf
Last active
April 24, 2024 11:15
Best nginx configuration for improved security(and performance)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
ageis
/ systemd_service_hardening.md
Last active
April 19, 2024 23:47
Options for hardening systemd service units
nerdalert
/ Netfilter-IPTables-Diagrams.md
Last active
April 9, 2024 09:18
Linux NetFilter, IP Tables and Conntrack Diagrams
1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
XVilka
/ TrueColour.md
Last active
April 8, 2024 14:02
True Colour (16 million colours) support in various terminal applications and terminals
THIS GIST WAS MOVED TO TERMSTANDARD/COLORS REPOSITORY.
PLEASE ASK YOUR QUESTIONS OR ADD ANY SUGGESTIONS AS A REPOSITORY ISSUES OR PULL REQUESTS INSTEAD!
marktheunissen
/ pedantically_commented_playbook.yml
Last active
March 31, 2024 18:45
— forked from phred/pedantically_commented_playbook.yml
Insanely complete Ansible playbook, showing off all the options
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This playbook has been removed as it is now very outdated. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| flush ruleset | |
| # filter | |
| table ip filter { | |
| chain input { | |
| type filter hook input priority 0; policy drop; | |
| ct state invalid counter drop comment "drop invalid packets" | |
| ct state {established, related} counter accept comment "accept all connections related to connections made by us" | |
| iifname lo accept comment "accept loopback" | |
| iifname != lo ip daddr 127.0.0.1/8 counter drop comment "drop connections to loopback not coming from loopback" |
davidbalbert
/ gist:6815258
Last active
February 29, 2024 16:12
How to install custom SSL certificates on an ASUS RT-N66U running asuswrt-merlin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################### | |
| # IMPORTANT NOTE: | |
| # | |
| # As of asuswrt-merlin 380.67 Beta, you | |
| # can now configure SSL certificates from | |
| # the Webui, making these instructions | |
| # unnecessary. | |
| ########################################### | |
maxvt
/ infra-secret-management-overview.md
Last active
February 28, 2024 20:53
Infrastructure Secret Management Software Overview
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! | |
| VAGRANTFILE_API_VERSION = '2' | |
| Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| | |
| # All Vagrant configuration is done here. The most common configuration | |
| # options are documented and commented below. For a complete reference, | |
| # please see the online documentation at vagrantup.com. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
NewerOlder