Skip to content

Instantly share code, notes, and snippets.

Avatar

Komsan Kamsamur maprangzth

View GitHub Profile
@maprangzth
maprangzth / freeipa-openvpn.md
Created May 22, 2020 — forked from rechner/freeipa-openvpn.md
FreeIPA setup for OpenVPN logins
View freeipa-openvpn.md

This article proved to be a decent starting point, but I was particularly interested in allowing password-based logins to OpenVPN using a username/password backed by FreeIPA (opposed to client certificates) as the identity provider.

  • IPA join your VPN machine: ipa-client-install --mkhomedir
  • Get a kerberos ticket: kinit
  • Create a Kerberos service principle and HBAC rule for openvpn access:
ipa service-add openvpn/`hostname`
  • Create new hbacrule in console, mark host as the VPN host, and whatever group you want to restrict access to:
@maprangzth
maprangzth / install.md
Created Apr 11, 2020 — forked from hjgraca/install.md
Install Jekyll in WLS2
View install.md

First let's update everything I am running all commands as sudo but you run with the level you want

sudo apt-get update -y && sudo apt-get upgrade -y

Now let's install Ruby

@maprangzth
maprangzth / profile.json
Created Apr 10, 2020 — forked from shanselman/profile.json
Windows Terminal Profile
View profile.json
{
"defaultProfile": "{7d04ce37-c00f-43ac-ba47-992cb1393215}",
"initialRows": 30,
"initialCols": 120,
"alwaysShowTabs": true,
"showTerminalTitleInTitlebar": true,
"experimental_showTabsInTitlebar": true,
"requestedTheme": "dark",
"profiles": [
{
@maprangzth
maprangzth / sharing-ssh-session-with-tmate.md
Last active Mar 25, 2020
Sharing SSH-Session with "tmate"
View sharing-ssh-session-with-tmate.md

Sharing SSH-Session with "tmate"

Disclaimer

  1. ผู้เขียนไม่มีส่วนรับผิดชอบต่อความผิดพลาดใด ๆ ที่อันจะเกิดขึ้นจากแชร์ session แบบ read-write กรุณารับผิดชอบด้วยตัวเอง!
  2. หากไม่รู้จักว่า tmux คืออะไรให้เปิด Google ครับ ท่านผู้นำบอกมา!!

tmate คืออะหยัง?

View syslog-ng.conf
@version:3.2
# ===============================================================================================
# Configuration file for syslog-ng, customized for remote logging
# ===============================================================================================
# Options
# Note about $HOST / HOST
# Description: The name of the source host where the message originates from.
# If the message traverses several hosts and the chain_hostnames() option is on, the first host in the chain is used.
# If the keep_hostname() option is disabled (keep_hostname(no)), the value of the $HOST macro will be the DNS hostname of the host that sent the message to syslog-ng OSE (that is, the DNS hostname of the last hop). In this case the $HOST and $HOST_FROM macros will have the same value.
@maprangzth
maprangzth / iptables.grok
Created Nov 7, 2019 — forked from Caligatio/iptables.grok
iptables Grok Pattern
View iptables.grok
# GROK Custom Patterns (add to patterns directory and reference in GROK filter for iptables events):
# GROK Patterns for iptables Logging Format
#
# Created 6 Aug 2016 by Brian Turek <brian.turek@gmail.com>
# Most of this was taken from another source but now I cannot find it for credit
#
# Usage: Use the IPTABLES pattern
NETFILTERMAC %{MAC:dest_mac}:%{MAC:src_mac}:%{ETHTYPE:ethtype}
ETHTYPE (?:(?:[A-Fa-f0-9]{2}):(?:[A-Fa-f0-9]{2}))
View kafka-generate-ssl3.sh
#!/bin/bash
#Step 1
#Generate server keystore and client keystore
keytool -keystore kafka.server.keystore.jks -alias localhost -validity 365 -genkey
keytool -keystore kafka.client.keystore.jks -alias localhost -validity 365 -genkey
#Step 2
#Create CA
openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
#Add generated CA to the trust store
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert
View self-signed-certificate-with-custom-ca.md

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@maprangzth
maprangzth / Netfilter-IPTables-Diagrams.md
Created Sep 12, 2019 — forked from nerdalert/Netfilter-IPTables-Diagrams.md
Linux NetFilter, IP Tables and Conntrack Diagrams
View Netfilter-IPTables-Diagrams.md

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

@maprangzth
maprangzth / iptables.sh
Created Sep 12, 2019 — forked from Tristor/iptables.sh
Simple IPtables script for an OpenVPN server
View iptables.sh
#!/bin/bash
# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
You can’t perform that action at this time.