A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
# to generate your dhparam.pem file, run in the terminal | |
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
THIS GIST WAS MOVED TO TERMSTANDARD/COLORS
REPOSITORY.
PLEASE ASK YOUR QUESTIONS OR ADD ANY SUGGESTIONS AS A REPOSITORY ISSUES OR PULL REQUESTS INSTEAD!
This playbook has been removed as it is now very outdated. |
flush ruleset | |
# filter | |
table ip filter { | |
chain input { | |
type filter hook input priority 0; policy drop; | |
ct state invalid counter drop comment "drop invalid packets" | |
ct state {established, related} counter accept comment "accept all connections related to connections made by us" | |
iifname lo accept comment "accept loopback" | |
iifname != lo ip daddr 127.0.0.1/8 counter drop comment "drop connections to loopback not coming from loopback" |
########################################### | |
# IMPORTANT NOTE: | |
# | |
# As of asuswrt-merlin 380.67 Beta, you | |
# can now configure SSL certificates from | |
# the Webui, making these instructions | |
# unnecessary. | |
########################################### | |
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
# -*- mode: ruby -*- | |
# vi: set ft=ruby : | |
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! | |
VAGRANTFILE_API_VERSION = '2' | |
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| | |
# All Vagrant configuration is done here. The most common configuration | |
# options are documented and commented below. For a complete reference, | |
# please see the online documentation at vagrantup.com. |
# IMPORTANT! | |
# This gist has been transformed into a github repo | |
# You can find the most recent version there: | |
# https://github.com/Neo23x0/auditd | |
# ___ ___ __ __ | |
# / | __ ______/ (_) /_____/ / | |
# / /| |/ / / / __ / / __/ __ / | |
# / ___ / /_/ / /_/ / / /_/ /_/ / | |
# /_/ |_\__,_/\__,_/_/\__/\__,_/ |