This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sample /etc/hosts file | |
# see http://unix.stackexchange.com/questions/13046/format-of-etc-hosts-on-linux-different-from-windows | |
# IPv4 | |
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 | |
# IPv6 | |
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 | |
# put your IP address and your hostname and aliases below | |
1.2.3.4 myserver.mydomain.example myserver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# customized Apache configuration | |
# add this to the end of /etc/httpd/conf/httpd.conf | |
# or put it in a separate file such as /etc/httpd/conf.d/apex.conf | |
# disable sensitive version info | |
ServerSignature Off | |
ServerTokens Prod | |
# standard alias for Apex image files | |
Alias /i/ "/var/www/apex/images/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
<Location "/ords"> | |
# to use IP filtering with the RESTRICT_DEV_HEADER instance setting in APEX | |
<If "-R '1.2.3.4'"> | |
# this is a trusted IP address | |
RequestHeader unset X-MyCompany-Public-Client | |
</If> | |
<Else> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- run as SYS or a user with APEX_ADMINISTRATOR_ROLE | |
begin | |
-- note: this does not work, as the REMOTE_ADDR variable will be 127.0.0.1 when using Apache as proxy | |
--apex_instance_admin.set_parameter ('RESTRICT_IP_RANGE', '1.2.3.4'); | |
-- this solution requires this header to be set in Apache VirtualHost, based on whether the client IP is trusted or not | |
apex_instance_admin.set_parameter ('RESTRICT_DEV_HEADER', 'X-MyCompany-Public-Client'); | |
commit; | |
end; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# see http://oracle-base.com/articles/linux/linux-firewall.php | |
# Set the default policies to allow everything while we set up new rules | |
# Prevents cutting yourself off when running from remote SSH | |
iptables -P INPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
iptables -P OUTPUT ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Oracle XE requires a swap file of at least twice the size of physical memory | |
# see https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-6 | |
# check current swap file | |
swapon -s | |
# check available space | |
df | |
# setup 2GB swap file | |
dd if=/dev/zero of=/swapfile bs=1024 count=2048k |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a new keystore | |
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore foobar_com.jks -dname "CN=foobar.com,OU=IT, O=FooBar Inc, L=FooCity, ST=FooState, C=NO" | |
# create a certificate signing request (CSR) to send to the certificate authority (CA) | |
keytool -certreq -alias server -file foobar_com.csr -keystore foobar_com.jks | |
# now go and buy a SSL certificate, using the CSR file | |
# you should get a certificate file in .crt format back | |
# install the received certificate (example uses files received from GoDaddy) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"version": "2.0.0", | |
// Run sqlplus via a batch file | |
"windows": { | |
"command": "./_run_sqlplus.bat" | |
}, | |
"osx": { | |
"command": "./_run_sqlplus.sh" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"version": "0.1.0", | |
// The command is a shell script | |
"isShellCommand": true, | |
// Run sqlplus via a batch file | |
"windows": { | |
"command": "_run_sqlplus.bat" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# shell script hardening | |
set -euf -o pipefail | |
# | |
# Lets Encrypt Certificate Generator | |
# https://calomel.org/lets_encrypt_client.html | |
# lets_encrypt.sh v0.07 | |
# |
NewerOlder