jult
/ hostsupdater.sh
Last active Feb 1, 2019
grab and sort hosts to block for dnsmasq (this existed way before pihole)
View hostsupdater.sh
| #!/bin/bash | |
| # We create a new /tmp/block file first, then append to it | |
| # the 'sleep 1's are inserted because we suffered from slow/delayed disk cache writes | |
| # which often caused this script to skip or not entirely finish pasting lists | |
| wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt > /tmp/block | |
| sleep 1 | |
| wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts >> /tmp/block | |
| sleep 1 |
jult
/ blockpeers.sh
Last active Mar 25, 2021
blocking p2p peer snoopers and evil corp (for Tixati IP filter and such)
View blockpeers.sh
| #!/bin/sh | |
| # This script runs every other night at 04:56 CET on a webserver I maintain | |
| # Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz ) | |
| # And much smaller, stripped of BS; https://jult.net/bloc.txt | |
| # For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!! | |
| # And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz ) | |
| # Download open block-lists, unpack, filter: | |
| curl -s https://www.iblocklist.com/lists.php | grep -A 2 Bluetack | xargs wget -qO - --limit-rate=500k | gunzip -f | egrep -v '^#' > /tmp/xbp |
jult
/ encback.sh
Last active Jan 16, 2019
Back-up files from server to server using ssh/rsync, and encrypt heavily using openssl before transfer because of insecure remote machine owned by other(s)
View encback.sh
| #!/bin/sh | |
| # backup files files from server to server using ssh/rsync | |
| # encrypt heavily using openssl before transfer to less secure location | |
| # create the files | |
| tar -zcpf /somepath/etc.tar.gz -C / etc | |
| # tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l | |
| mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql |
View wp_perms.sh
| #!/bin/sh | |
| WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username) | |
| WP_GROUP=psaserv # <-- wordpress group | |
| WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default | |
| WS_GROUP=psacln # <-- webserver group | |
| # reset to safe defaults | |
| find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; | |
| find ${WP_ROOT} -type d -exec chmod 2755 {} \; |
View cors.conf
| # fonts only: | |
| location ~* \.(eot|ttf|woff|woff2)$ { | |
| add_header Access-Control-Allow-Origin *; | |
| } | |
| # all crossed, just remove the POST Methods if you don't want writes on the resource: | |
| location ~* { | |
| if ($request_method = 'OPTIONS') { | |
| add_header 'Access-Control-Allow-Origin' '*'; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
View update-blocklist.sh
| #!/bin/bash | |
| IP_TMP=/tmp/ip.tmp | |
| IP_BLACKLIST=/etc/ip-blacklist.conf | |
| IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp | |
| IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional | |
| list="chinese nigerian russian lacnic exploited-servers" | |
| BLACKLISTS=( | |
| "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs | |
| # "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes, who would refuse those accessing your server? | |
| # "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies |
View main.cf
| # this is most of my /etc/postfix/main.cf file: | |
| inet_protocols = all | |
| inet_interfaces = all | |
| recipient_delimiter = + | |
| smtpd_banner = Blah ESMTP | |
| empty_address_recipient = admin |
jult
/ .stglobalignore
Last active Mar 29, 2021
syncthing ignore file(s) .stglobalignore and .stignore
View .stglobalignore
| // .stglobalignore | |
| // These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc. | |
| // Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment! | |
| // *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced. | |
| // Decided to stop categorizing these. Sorting them Lexicographically from now on. Ignores are case sensitive. | |
| $RECYCLE.BIN | |
| $WINDOWS.~BT | |
| *.!Sync |
View TLS
| # version 2020 feb 24 | |
| ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/yardomain.org/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/yardomain.org/chain.pem; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
| ssl_prefer_server_ciphers off; |
View rc.local
| #!/bin/sh | |
| echo never > /sys/kernel/mm/transparent_hugepage/enabled | |
| echo noop > /sys/block/vda/queue/scheduler | |
| echo 0 > /sys/block/vda/queue/rotational | |
| echo 0 > /sys/block/vda/queue/rq_affinity | |
| echo 9000 > /proc/sys/vm/dirty_expire_centisecs | |
| echo 9000 > /proc/sys/vm/dirty_writeback_centisecs | |
| ethtool --offload ens3 tx-checksum-ip-generic off |
OlderNewer