Skip to content

Instantly share code, notes, and snippets.

View malikshi's full-sized avatar
🏠
Working from home

Malik Al malikshi

🏠
Working from home
View GitHub Profile
@bmaupin
bmaupin / build-openssl.sh
Last active December 11, 2023 20:24
Build openssl (with SSLv2/3 support for security testing)
#!/bin/bash
# Cache sudo password
sudo -v
# Get latest OpenSSL 1.0.2 version from https://openssl.org/source/
# v1.1.0 seems to have removed SSLv2/3 support
openssl_version=1.0.2k
# Install build dependencies
@Manouchehri
Manouchehri / cloudflare.sh
Last active May 15, 2024 02:55
Allow CloudFlare only
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
@alonisser
alonisser / iptables-persistent no input
Last active April 17, 2024 10:59
Installing iptables-persistent on ubuntu without manual input
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
sudo apt-get -y install iptables-persistent
@denji
denji / nginx-tuning.md
Last active May 17, 2024 04:16
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@thoward
thoward / iptables-udp-flood.txt
Created August 8, 2013 00:04
Prevent UDP flood
# Outbound UDP Flood protection in a user defined chain.
iptables -N udp-flood
iptables -A OUTPUT -p udp -j udp-flood
iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN
iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: '
iptables -A udp-flood -j DROP
@Mins
Mins / mysql_secure.sh
Last active February 16, 2024 00:03
Automating mysql_secure_installation
#!/bin/bash
aptitude -y install expect
// Not required in actual script
MYSQL_ROOT_PASSWORD=abcd1234
SECURE_MYSQL=$(expect -c "
set timeout 10
@earthgecko
earthgecko / bash.generate.random.alphanumeric.string.sh
Last active April 2, 2024 15:59
shell/bash generate random alphanumeric string
#!/bin/bash
# bash generate random alphanumeric string
#
# bash generate random 32 character alphanumeric string (upper and lowercase) and
NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
# bash generate random 32 character alphanumeric string (lowercase only)
cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1
@jappy
jappy / dos2unix.sh
Created March 10, 2012 18:03
Shell script to convert files with CRLF to LF (Mac/Linux)
#! /bin/sh
for x
do
echo "Converting $x"
tr -d '\015' < "$x" > "tmp.$x"
mv "tmp.$x" "$x"
done