Skip to content

Instantly share code, notes, and snippets.

View precurse's full-sized avatar

Andrew Klaus precurse

9 followers · 18 following
  • Canada
View GitHub Profile
@lizthegrey
lizthegrey / attributes.rb
Last active February 24, 2024 14:11
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@ralphholz
ralphholz / zeek-2.6-on-linux-with-pfring.md
Last active January 16, 2020 21:23

Installing zeek (bro) on Linux in single-host cluster mode with pfring

I am documenting how I installed zeek (bro) on my Linux machine, which has 36 cores (72 with hyperthreading), using pfring to distribute the load.

NICs and drivers

My monitoring interfaces are enp134s0f0 and enp216s0f0. Driver is i40e. This driver is supported by pfring, according to https://www.ntop.org/guides/pf_ring/zc.html.

Install openssl

zeek does not yet support OpenSSL's 1.1 API, so we need an older openssl than shipped with Ubuntu 18.0.4.1:

@baszoetekouw
baszoetekouw / manip.php
Created July 4, 2017 09:20
OpenConext Attribute manipulation to reconstruct sHO+uid from ePPN
# This attribute manipulation reconstructs a uid and schacHomeOrg
# from an EPPN
$attr_eppn_saml1 = "urn:mace:dir:attribute-def:eduPersonPrincipalName";
$attr_eppn_saml2 = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6";
$attr_uid = "urn:mace:dir:attribute-def:uid";
$attr_sho = "urn:mace:terena.org:attribute-def:schacHomeOrganization";
if ( isset($attributes)
and ($attributes !== FALSE)
@J-Gras
J-Gras / add-json.bro
Last active February 6, 2020 16:54
Additional JSON logging for Bro.
##! Additional JSON-logging for Bro.
module Log;
export {
## Enables JSON-logfiles for all active streams
const enable_all_json = T &redef;
## Streams not to generate JSON-logfiles for
const exclude_json: set[Log::ID] = { } &redef;
## Streams to generate JSON-logfiles for
@samsch
samsch / README.md
Created January 21, 2016 16:38
How to set PDO MySQL SSL Constants in Symfony

I created this because I was frusterated by having to change the integer values when the environments changed for my projects. A simple update of PHP 5.6 (I think it was PHP 5.6.16 to 5.6.17) changed the integer values, which are usually what is suggested to be used in parameters.yml or config.yml.

By using the constants, you don't have to worry about stupid stuff like that. (Since that's what they were designed for.)

@zhuowei
zhuowei / fastboot_commands.txt
Last active September 21, 2023 07:59
Huawei Nexus 6P Angler fastboot commands
List grabbed from running `strings` on the bootloader; it's probably incomplete.
Most of these commands are untested, and all of them sound like they can seriously break your phone. Be careful.
Tested: (all on a bootloader unlocked device)
fastboot oem uart enable: changes "Console" on the bootloader screen to say "ttyHSL0,115200,n8";
probably enables serial messages; haven't checked since I don't know where the Nexus 6P's uart is
fastboot oem ramdump enable: changes "Download mode" on the bootloader screen to say "ENABLED" instead of "DISABLED".
@sivel
sivel / better-ssh-authorized-keys-management.md
Last active May 3, 2024 14:20
Better SSH Authorized Keys Management

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@mattiaslundberg
mattiaslundberg / arch-linux-install
Last active March 29, 2024 08:38
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
# Set swedish keymap
@jboner
jboner / latency.txt
Last active May 24, 2024 12:40
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD