Skip to content

Instantly share code, notes, and snippets.


Major Hayden major

View GitHub Profile
valeriansaliou / iptables-http-dos-shield.txt
Last active Jul 19, 2020
HTTP/HTTPS DOS shield w/ IPTables
View iptables-http-dos-shield.txt
# Those rules protect HTTP/HTTPS services for both IPv4 and IPv6 sources as such:
# 1. Prevent a /32 IPv4 or /64 IPv6 to open more than 10 HTTPS?/TCP connections per second (the limit is high, but this still shield against some attacks) — DROP TCP packets in this case, to avoid generating egress traffic sending a RST
# 2. Limit ingress bandwidth to HTTPS? services to 32KB/sec (adjust to your needs, in my case it is used to shield a WebSocket backend against incoming WebSocket message floods)
# 3. Limit the number of simultaneous ongoing connections to HTTPS? to 40 (also, high limit, adjust to your needs)
# The protections those rules offer:
# 1. Prevent crypto-DOS (ie. a client that proceed too many key exchanges and thus exhaust server CPU)
# 2. Prevent WebSocket floodings (eg. I use this for Socket.IO, which has no efficient way to rate-limit received messages before they get parsed)
# 3. Prevent ephemeral TCP port exhaustion due to a client holding too many TCP connections
# 4. Prevent IPv6 rotation attac
View Fedora 20, Uwsgi, nginx, django, python3
# This is a step by step tutorial on how to run uwsgi in emperor mode,
# behind nginx on Fedora 20. I'll add to the tutorial as time goes on.
# SeLinux will likely be a pain (even in permissive mode), so please see my comment on how to fix it.
sudo yum upgrade
sudo yum install nano yum-utils gcc uwsgi-plugin-python3 nginx
yum-builddep python3-psycopg2
marktheunissen / pedantically_commented_playbook.yml
Last active Oct 9, 2021 — forked from phred/pedantically_commented_playbook.yml
Insanely complete Ansible playbook, showing off all the options
View pedantically_commented_playbook.yml
This playbook has been removed as it is now very outdated.
gsandie / Better
Created Feb 3, 2012 — forked from jordansissel/Better
Strip package scripts from .deb packages (postinst, postrm, preinst, prerm)
View Better

The best way to use this tool is to hook apt's use of dpkg to run it before doing any package installs.

In your apt.conf, put this:

DPkg::Pre-Install-Pkgs {"xargs -rL1 bash /path/to/ 2>&1 | logger -t stripdeb"}

Then, a demo:

% sudo apt-get install mysql-server-5.1
rjnienaber /
Created Feb 18, 2011
Script to build an organizational chart from Active Directory
Copyright (c) 2011, Richard Nienaber
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
The name of 'Richard Nienaber' may not be used to endorse or promote products derived from this software without specific prior written permission.