A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
skygunner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function cache_image($image_url){ | |
| //replace with your cache directory | |
| $image_path = 'path/to/cache/dir/'; | |
| //get the name of the file | |
| $exploded_image_url = explode("/",$image_url); | |
| $image_filename = end($exploded_image_url); | |
| $exploded_image_filename = explode(".",$image_filename); | |
| $extension = end($exploded_image_filename); | |
| //make sure its an image |
ageis
/ systemd_service_hardening.md
Last active
January 6, 2026 11:51
Options for hardening systemd service units
lokhman
/ ubuntu-hardening.md
Last active
December 4, 2025 22:23
List of things for hardening Ubuntu
The list of actions listed below was taken mostly from Book Of Zeus with minor modifications and did the job well for Ubuntu version, which was available at that moment (May 2016). This gist was created for internal use and was never meant to be discovered by the web, although Google managed to find and index this page, which was a great surprise for me. Please check the original source for the updated information (links are provided in most of the sections), and read the comments below: they provide more details about the usage experience.
http://bookofzeus.com/harden-ubuntu/initial-setup/system-updates/
Keeping the system updated is vital before starting anything on your system. This will prevent people to use known vulnerabilities to enter in your system.
If you don't want to build Squid from scratch, you can simply Setup a Squid anonymous proxy
Please note that this whole manual refers to the version 3.5.23 of Squid. You probably would have to adapt some commands to the version you will actually download.
DavideMontersino
/ private-fork.md
Last active
September 27, 2025 23:26
How to fork to a private gitlab instance
Theory:
your git repository can have more than one remote server; In this case we want to have two:
- one for our private repository on gitlab (will be the default one, called
origin) - one to be connected to the source repo on github, to be able to pull new changes (will be called
upstream)
How to make a private fork from github to gitlab
Kiwibp
/ Facebook-Marketplace-Selenium.py
Created
June 8, 2018 17:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #facebook marketplace | |
| from selenium import webdriver | |
| from time import sleep | |
| from selenium.webdriver.common.keys import Keys | |
| from selenium.webdriver.support.ui import WebDriverWait | |
| from selenium.webdriver.common.by import By | |
| from selenium.webdriver.support import expected_conditions as EC | |
| from pymongo import MongoClient | |
| class App: |
ckerr
/ bittorrent-client-tests.md
Created
September 20, 2019 22:21
BitTorrent Client Performance Tests
Performance Constrained by Low-Speed 300 KB/s Down, 39 KB/s Up ADSL Provisioning
Benchmarks conducted 18-19, 22-24, 26-28 February; 01-07, 15-22 March 2010
| BitTorrent Client | Time to Download ubuntu-9.10-desktop i386.iso |
Memory Use While Downloading | User CPU (MM:SS) | Sys CPU (MM:SS) | Engine | GUI |
|---|---|---|---|---|---|---|
| BitTornado 0.3.18 1st run | 53:33 | 19.3 MiB | 2:15 | 0:53 | Built-in | Curses |
aek
/ RedisSessionStore
Created
July 9, 2015 16:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class RedisSessionStore(SessionStore): | |
| def __init__(self, expire = 1800, key_prefix=''): | |
| SessionStore.__init__(self) | |
| self.redis = redis.Redis(tools.config.get('redis_host', 'localhost'), | |
| int(tools.config.get('redis_port', 6379)), | |
| int(tools.config.get('redis_dbindex', 1)), | |
| password=tools.config.get('redis_pass', None)) | |
| self.path = session_path() | |
| self.expire = expire | |
| self.key_prefix = key_prefix |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # @authors Rodrigo Gomes link: https://serverfault.com/questions/766901/how-temporarily-block-an-ip-address-making-too-many-hits-on-the-server-with-ipta | |
| iptables -N BLOCK_IP | |
| iptables -N SYN_CHECK | |
| iptables -N DOS_CHECK | |
| iptables -N SYN_ATTACK | |
| iptables -N DOS_ATTACK | |
| # first checks if the IP is already blocked |
Belphemur
/ build_nginx.sh
Last active
November 13, 2022 13:05
— forked from MattWilcox/build_nginx.sh
Compiling Nginx with LibreSSL (and http2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # names of latest versions of each package | |
| export NGINX_VERSION=1.15.5 | |
| export VERSION_NGINX=nginx-$NGINX_VERSION | |
| export VERSION_LIBRESSL=libressl-2.8.1 | |
| export VERSION_PCRE=pcre-8.42 | |
| #export NPS_VERSION=1.9.32.10 | |
| #export VERSION_PAGESPEED=v${NPS_VERSION}-beta | |
NewerOlder