Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Julius Thyssen jult

🏠
Working from home
View GitHub Profile
@jult
jult / hostsupdater.sh
Last active Feb 1, 2019
grab and sort hosts to block for dnsmasq (this existed way before pihole)
View hostsupdater.sh
#!/bin/bash
# We create a new /tmp/block file first, then append to it
# the 'sleep 1's are inserted because we suffered from slow/delayed disk cache writes
# which often caused this script to skip or not entirely finish pasting lists
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt > /tmp/block
sleep 1
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts >> /tmp/block
sleep 1
@jult
jult / blockpeers.sh
Last active Mar 25, 2021
blocking p2p peer snoopers and evil corp (for Tixati IP filter and such)
View blockpeers.sh
#!/bin/sh
# This script runs every other night at 04:56 CET on a webserver I maintain
# Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz )
# And much smaller, stripped of BS; https://jult.net/bloc.txt
# For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!!
# And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz )
# Download open block-lists, unpack, filter:
curl -s https://www.iblocklist.com/lists.php | grep -A 2 Bluetack | xargs wget -qO - --limit-rate=500k | gunzip -f | egrep -v '^#' > /tmp/xbp
@jult
jult / encback.sh
Last active Jan 16, 2019
Back-up files from server to server using ssh/rsync, and encrypt heavily using openssl before transfer because of insecure remote machine owned by other(s)
View encback.sh
#!/bin/sh
# backup files files from server to server using ssh/rsync
# encrypt heavily using openssl before transfer to less secure location
# create the files
tar -zcpf /somepath/etc.tar.gz -C / etc
# tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l
mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql
@jult
jult / wp_perms.sh
Last active Jul 5, 2017
wordpress permissions hell
View wp_perms.sh
#!/bin/sh
WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username)
WP_GROUP=psaserv # <-- wordpress group
WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default
WS_GROUP=psacln # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 2755 {} \;
@jult
jult / cors.conf
Last active Jul 11, 2016
nginx example config for Cross-origin resource sharing
View cors.conf
# fonts only:
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
# all crossed, just remove the POST Methods if you don't want writes on the resource:
location ~* {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@jult
jult / update-blocklist.sh
Last active Mar 7, 2020
iptables blocklist script (using ipset hash..)
View update-blocklist.sh
#!/bin/bash
IP_TMP=/tmp/ip.tmp
IP_BLACKLIST=/etc/ip-blacklist.conf
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional
list="chinese nigerian russian lacnic exploited-servers"
BLACKLISTS=(
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
# "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes, who would refuse those accessing your server?
# "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies
@jult
jult / main.cf
Last active Feb 14, 2019
current postfix and some related config (partly managed by ISPconfig)
View main.cf
# this is most of my /etc/postfix/main.cf file:
inet_protocols = all
inet_interfaces = all
recipient_delimiter = +
smtpd_banner = Blah ESMTP
empty_address_recipient = admin
@jult
jult / .stglobalignore
Last active Mar 29, 2021
syncthing ignore file(s) .stglobalignore and .stignore
View .stglobalignore
// .stglobalignore
// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
// Decided to stop categorizing these. Sorting them Lexicographically from now on. Ignores are case sensitive.
$RECYCLE.BIN
$WINDOWS.~BT
*.!Sync
@jult
jult / TLS
Last active Dec 7, 2020
My nginx include for TLS A+ rating at ssllabs.com/ssltest using nginx/1.14.* and openssl 1.1.1*
View TLS
# version 2020 feb 24
ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yardomain.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/yardomain.org/chain.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
@jult
jult / rc.local
Last active Apr 13, 2018
tweaks for a KVM guest VPS in /etc/rc.local with commands for Debian/Ubuntu linux server with enough free RAM (4GB+)
View rc.local
#!/bin/sh
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs
ethtool --offload ens3 tx-checksum-ip-generic off