Skip to content

Instantly share code, notes, and snippets.

View mpls's full-sized avatar

mpls

9 followers · 4 following
View GitHub Profile
@mpls
mpls / gist:2a950711c427081ff35439b47b80fcbd
Created May 29, 2017 09:41 — forked from hummus/gist:8592113
aws cli + jq example
wget http://stedolan.github.io/jq/download/linux64/jq
aws ec2 describe-instances --filters "Name=tag:Name,Values=$NAME" \
"Name=instance-state-name,Values=running" \
| jq -r \
".Reservations[] | .Instances[] | .InstanceId" \
aws ec2 describe-volumes --filters \
"Name=status,Values=available" \
| jq -r ".Volumes[] | .VolumeId" \
@mpls
mpls / better-ssh-authorized-keys-management.md
Created February 10, 2017 06:23 — forked from sivel/better-ssh-authorized-keys-management.md
Better SSH Authorized Keys Management

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@mpls
mpls / better-ssh-authorized-keys-management.md
Created February 10, 2017 06:23 — forked from sivel/better-ssh-authorized-keys-management.md
Better SSH Authorized Keys Management

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@mpls
mpls / linux.sh
Created January 17, 2017 07:57 — forked from marcan/linux.sh
Linux kernel initialization, translated to bash
#!/boot/bzImage
# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.
# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name
@mpls
mpls / sysctl.conf
Created December 6, 2016 01:44 — forked from sokratisg/sysctl.conf
Tuned sysctl.conf for use by CentOS/RHEL 6.x or later
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Turn on execshield
# 0 completely disables ExecShield and Address Space Layout Randomization
# 1 enables them ONLY if the application bits for these protections are set to “enable”
# 2 enables them by default, except if the application bits are set to “disable”
# 3 enables them always, whatever the application bits
@mpls
mpls / iptables_rules.sh
Created December 4, 2016 23:47 — forked from virtualstaticvoid/iptables_rules.sh
25 Most Frequently Used Linux IPTables Rules Examples
# Modify this file accordingly for your specific requirement.
# http://www.thegeekstuff.com
# 1. Delete all existing rules
iptables -F
# 2. Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
@mpls
mpls / tmux-cheatsheet.markdown
Created September 9, 2016 06:18 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@mpls
mpls / install-comodo-ssl-cert-for-nginx.rst
Created August 28, 2016 03:29 — forked from bradmontgomery/install-comodo-ssl-cert-for-nginx.rst
Steps to install a Comodo PositiveSSL certificate with Nginx.

Setting up a SSL Cert from Comodo

I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

These are the steps I went through to set up an SSL cert.

Purchase the cert

@mpls
mpls / gist:16b137ef9949596c5af7c0559378f507
Created August 27, 2016 08:23 — forked from ipedrazas/gist:6d6c31144636d586dcc3
Nginx ssl config

The process starts by creating the CSR and the private key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout dotmarks.net.key -out dotmarks.net.csr -subj "/C=GB/ST=London/L=London/O=dotmarks/OU=IT/CN=dotmarks.net"

Generates

  • dotmarks.net.key
  • dotmarks.net.csr
@mpls
mpls / crypto-pi-root.md
Created August 21, 2016 01:26 — forked from pezz/crypto-pi-root.md
Archlinux ARM encrypted root

Intro

Just some FYI, to get started:

  • I'm using a 16 GB Sandisk SD card.
  • I have a model B Pi, 512 MB RAM (not really relevant, thought I'd mention it).
  • Monitor and keyboard connected to the Pi itself, for now.
  • Network working, internet access.