A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ systemd_service_hardening.md
Last active
April 27, 2024 09:46
Options for hardening systemd service units
Find the instruction in the link below https://www.raspberrypi.org/documentation/installation/installing-images/README.md
$ sudo apt-get -y install lxde-core lxterminal lxappearance xinit lightdm ntfs-3g python-pexpect vim figlet git-core firmware-ralink hostapd isc-dhcp-server lighttpd samba samba-common-bin php5-common php5-cgi php5 php5-mysql screen fbi ttf-mscorefonts-installer mediainfo gparted php5-cli iptables xtightvncviewer imagemagick dosfstools exfat-utils exfat-fuse hfsplus hfsprogs hfsutils xdotool expect expect-dev avahi-daemon libavahi-compat-libdnssd-dev feh libjpeg8 libjpeg8-dev libao-dev avahi-utils libavahi-compat-libdnssd-dev libva-dev youtube-dl python-smbus mpg321 mpg123 libreoffice-impress rc-gui python-pip iceweasel python-dev python-dbus xpdf x11-xserver-utils libncurses5-dev shellinabox tk okular usbmount libgstreamer0.10-0 libgstreamer0.10-dev gstreamer0.10-tools gstr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Latency Comparison Numbers (~2012) | |
| ---------------------------------- | |
| L1 cache reference 0.5 ns | |
| Branch mispredict 5 ns | |
| L2 cache reference 7 ns 14x L1 cache | |
| Mutex lock/unlock 25 ns | |
| Main memory reference 100 ns 20x L2 cache, 200x L1 cache | |
| Compress 1K bytes with Zippy 3,000 ns 3 us | |
| Send 1K bytes over 1 Gbps network 10,000 ns 10 us | |
| Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD |
MawKKe
/ cryptsetup-with-luks2-and-integrity-demo.sh
Last active
April 25, 2024 09:14
dm-crypt + dm-integrity + dm-raid = awesome!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Author: Markus (MawKKe) ekkwam@gmail.com | |
| # Date: 2018-03-19 | |
| # | |
| # | |
| # What? | |
| # | |
| # Linux dm-crypt + dm-integrity + dm-raid (RAID1) | |
| # |
dojoe
/ dkms-module-signing.md
Last active
April 24, 2024 18:50
Make DKMS sign kernel modules on installation, with full script support and somewhat distro independent
On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.
These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking, a passphrase around your signing key, and support for compressed modules.
dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.
- Create a directory under
/root, say/root/module-signing, put the three scripts below in there and make them executable:chmod u+x one-time-setup sign-modules dkms-sign-module
crojewsk
/ skl_hdadmic-howto.md
Last active
April 3, 2024 08:21
Enabling HDA (dsp) plus DMIC audio configuration on Skylake and Kabylake platforms
cabal95
/ vm-backup.sh
Created
July 25, 2015 17:53
I use this script to backup my QEMU/KVM/libVirt virtual machines. The script requires KVM 2.1+ since it uses the live blockcommit mode. This means the data in the snapshot disk is rolled back into the original instead of the other way around. Script does NOT handle spaces in paths.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| BACKUPDEST="$1" | |
| DOMAIN="$2" | |
| MAXBACKUPS="$3" | |
| if [ -z "$BACKUPDEST" -o -z "$DOMAIN" ]; then | |
| echo "Usage: ./vm-backup <backup-folder> <domain> [max-backups]" | |
| exit 1 |
johntyree
/ getBlockLists.sh
Last active
March 9, 2024 12:32
Make one large blocklist from the bluetack lists on iblocklist.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # Download lists, unpack and filter, write to stdout | |
| curl -s https://www.iblocklist.com/lists.php \ | |
| | sed -n "s/.*value='\(http:.*=bt_.*\)'.*/\1/p" \ | |
| | xargs wget -O - \ | |
| | gunzip \ | |
| | egrep -v '^#' |
NewerOlder