tchamberlin

How to manage Python via pyenv and pipx on Fedora 39

You want to:

• not break system Python
• use multiple, modern versions of Python simultaneously
• easily install applications (e.g. black, ruff, pylint) in isolated environments
• keep applications up to date
• easily upgrade Python

This guide covers two tools to help with the above:

jaygooby

# log4j jndi exploit CVE-2021-44228 filter
# Save this file as /etc/fail2ban/filter.d/log4j-jndi.conf
# then copy and uncomment the [log4j-jndi] section 
# to /etc/fail2ban/jail.local
#
# jay@gooby.org
# https://jay.gooby.org/2021/12/13/a-fail2ban-filter-for-the-log4j-cve-2021-44228
# https://gist.github.com/jaygooby/3502143639e09bb694e9c0f3c6203949
# Thanks to https://gist.github.com/kocour for a better regex
#

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

mandeepsmagh

Assuming you have followed all the steps to install / setup WSL2 -> https://docs.microsoft.com/en-us/windows/wsl/install-win10

**Tested on Ubuntu 20.04**

Step 1 - Find out default gateway and DNS servers
- Navigate to `Control Panel\Network and Internet\Network Connections`
- Right click on relevant connection type WiFi or Ethernet and select `Status`
- Status screen will be displayed, click on `Details` button
- Network Connection details screen will be displayed
- Note down `IPv4 default gateway` and `IPv4 DNS Servers` if available

cutiful

Detecting the real IP of a Cloudflare'd Mastodon instance

NB: This will not work for instances that proxy outgoing requests!

Reading the docs

I wanted to find a way to detect the real IP address of a Mastodon/Pleroma/Misskey/etc instance hosted behind Cloudflare. How to do that? Well, it's federated, which means I can probably get it to send a request to a server of mine! And how to do that? I tried reading the ActivityPub spec. The following caught my attention:

Servers should not trust client submitted content, and federated servers also should not trust content received from a server other than the content's origin without some form of verification.

AugustoCiuffoletti

Living without the Ubuntu mini.iso (in VirtualBox)

The mini.iso for the Ubuntu distribution is legacy since version 20.04LTS (Focal Fossa). This is a bad news for those (like me) that formerly used this distribution to produce lightweight virtual machines for development, teaching, testing, etc. A distribution of the mini.iso for Ubuntu 20.04 is indeed still available here, but there is no guarantee that its availability will continue after Focal Fossa. An askubuntu post on the topic (there are several) is here.

So I decided to find a way to do without the mini.iso, and I wrote this script that takes to the ''tasksel'' step starting from a cloud image in the ubuntu repository. You have many options here about the image format to use: I refer to the .ova file that you find in fo

nil0x42

Awesome Github OSINT

nil0x42's tips & tricks

📜 get-github-followers-twitter.py

• Scrape twitter account of all github followers of target user on GitHub

📜 get-github-stargazers-twitter.py

• Scrape twitter account of all stargazers of target project on GitHub

nd3w

How to Install Nginx, MariaDB, PHP-FPM on Ubuntu 20.04

This is a way to install and set up Nginx, MariaDB and PHP-FPM on Ubuntu 20.04.

NOTE: This has been prepared for ease of use in mind, not security, mostly in development machine. Please do not use these instructions to setup on a public server environment. Use other proper manuals instead.

$ sudo apt update

Nginx

rordi

Change root password in MariaDB Docker container running with docker-compose

Override the entrypoint in docker-compose.yml for the MariaDB Docker container by adding:

entrypoint: mysqld_safe --skip-grant-tables --user=mysql

The start up the Docker Compose stack:

$> docker-compose up -d

DDRBoxman

sudo install_name_tool -change @rpath/../bin/libobs.0.dylib @executable_path/../Frameworks/libobs.0.dylib /Library/Application\ Support/obs-studio/plugins/StreamDeckPlugin/bin/StreamDeckPlugin.so

sudo install_name_tool -change @rpath/../bin/libobs-frontend-api.dylib @executable_path/../Frameworks/libobs-frontend-api.dylib /Library/Application\ Support/obs-studio/plugins/StreamDeckPlugin/bin/StreamDeckPlugin.so

sudo install_name_tool -change @rpath/QtWidgets @executable_path/../Frameworks/QtWidgets.framework/Versions/5/QtWidgets /Library/Application\ Support/obs-studio/plugins/StreamDeckPlugin/bin/StreamDeckPlugin.so

sudo install_name_tool -change @rpath/QtGui @executable_path/../Frameworks/QtGui.framework/Versions/5/QtGui /Library/Application\ Support/obs-studio/plugins/StreamDeckPlugin/bin/StreamDeckPlugin.so

sudo install_name_tool -change @rpath/QtCore @executable_path/../Frameworks/QtCore.framework/Versions/5/QtCore /Library/Application\ Support/obs-studio/plugins/StreamDeckPlugin/bin/StreamDeckPlugin