manchot0

#!/bin/bash
  
baseDir="/path"

# On compte le nombre d'archive presente dans le dossier
NbArchive=$(ls -A $baseDir | wc -l)
# Si il y a plus de 15 archives, on supprime la plus ancienne
while [ "$NbArchive" -gt 15 ];do
   # On recupere l'archive la plus ancienne
   Old_backup=$(ls -lrt $baseDir | head -n 2 | tail -n 1 | cut -d ":" -f 2 | cut -d " " -f 2)

manchot0

#clean recursively all files older than 180 days in the given path

$filterDate = (Get-Date).AddDays(-180).Date

Get-ChildItem E:\DIR_PATH -Directory | ForEach-Object {

   Get-ChildItem $_.FullName -Recurse | Where {$_.lastwriteTime.Date -le $filterDate } |  Remove-Item  

 }

manchot0

User=
Group=
UMask=
RuntimeDirectory=
RuntimeDirectoryMode=

CPUQuota=100%

PrivateTmp=true

manchot0

https://www.base64decode.org/
https://cryptii.com/pipes/base64-to-hex
https://www.url-encode-decode.com/

manchot0

from http.server import HTTPServer, BaseHTTPRequestHandler
from io import BytesIO
from json import dumps

""" The HTTP request handler """
class RequestHandler(BaseHTTPRequestHandler):

  def _send_cors_headers(self):
      """ Sets headers required for CORS """
      self.send_header("Access-Control-Allow-Origin", "*")

manchot0

#template to construct the path where to save the logs received
#/srv/log/192.168.xx.xx/year-month/day/$.logpath
#$.logpath is set in the "RemoteLogProcess" ruleset
template(name="RemoteLogSavePath" type="list") {
    constant(value="/srv/log/")
    property(name="fromhost-ip")
    constant(value="/")
    property(name="timegenerated" dateFormat="year")
    constant(value="-")
    property(name="timegenerated" dateFormat="month")

manchot0

https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
http://matthieukeller.com/2016/12/lets-encrypt-certificate-for-offline-servers-with-ovh-dns.html
https://ungeek.fr/letsencrypt-api-ovh/
https://certbot.eff.org/docs/using.html#certbot-command-line-options

https://github.com/certbot/certbot
https://github.com/antoiner77/letsencrypt.sh-ovh

/etc/letsencrypt/configs/\*.domain.xxx.conf
---------------------------------------------------------------------------------------------------

manchot0

IPtables DDOS protection :

In my config i assume the server is not a router and already profit from some filtering by the hosting company on shitty 
networks.

I have tested this on ubuntu server 18.04 with the kernel 4.15.0-36-generic.

Protect from malformed packet, ACK FIN RST attack and SYN-flood.
Flood which profit of TCP-KEEPALIVE (so there a no SYN packet) should be handled by the web server (rate-limit in nginx for
exemple). Connlimit can also be helpfull to limit the number of connexion per ip.

manchot0

https://github.com/jnv/ansible-role-unattended-upgrades
https://github.com/geerlingguy/ansible-role-firewall
https://github.com/geerlingguy/ansible-role-apache
https://github.com/geerlingguy/ansible-role-backup
https://github.com/geerlingguy/ansible-role-kibana
https://github.com/geerlingguy/ansible-role-postfix
https://github.com/geerlingguy/ansible-role-pimpmylog
https://github.com/geerlingguy/ansible-role-ansible
https://github.com/geerlingguy/ansible-newrelic

manchot0

https://nginx.org/en/docs/http/load_balancing.html
https://www.linode.com/docs/uptime/loadbalancing/use-nginx-as-a-front-end-proxy-and-software-load-balancer/
http://blog.martinfjordvald.com/2011/02/nginx-primer-2-from-apache-to-nginx/
http://www.ramkitech.com/2012/11/tomcat-clustering-series-part-3-session.html
http://www.ramkitech.com/2012/10/tomcat-clustering-series-simple-load.html
https://www.foulquier.info/tutoriaux/mise-en-place-dun-cluster-heartbeat-apache
https://www.nginx.com/resources/admin-guide/content-caching/
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching
https://www.digitalocean.com/community/tutorials/how-to-use-floating-ips-on-digitalocean#how-to-implement-an-ha-setup
https://www.nginx.com/resources/deployment-guides/load-balance-apache-tomcat/