Skip to content

Instantly share code, notes, and snippets.

Avatar

Adam Ayala swoopsta

View GitHub Profile
View Change Default User On Raspian
The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.
Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure. This article was last updated on 31st May 2020 and tested with Raspbian (Raspios) Buster release 27/5/2020.
The procedure starts with a Raspberry Pi running the latest Raspbian (Raspio) image (Buster), with no other modifications. It should also work with the older Raspbian versions Stretch and Jessie.
Caution for Jessie users: Changing the name of the “pi” might cause a couple of the features of the raspi-config script to stop worki
@swoopsta
swoopsta / Initial Setup of Raspberry Pi.txt
Last active Jan 31, 2021
Initial Setup of Raspberry Pi
View Initial Setup of Raspberry Pi.txt
Assuming:
A brand new raspberry pi
You want to change the default username pi to mypie
You want to adapt also the main group from pi to mypie
You want other things to work out like sudo
Initial Setup for Raspian Hardware and Software
These instructions assume that your Pi will not
have WAN access. There are security options that
should never be facing outside your LAN
View Split Tunnel In An LXC Container
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev
@swoopsta
swoopsta / split_tunnel_VPN.md
Created Jan 13, 2021 — forked from GAS85/split_tunnel_VPN.md
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04
View split_tunnel_VPN.md
View Gravity Email
<html>
<head>
<title>New submission from Upload Documents</title>
</head>
<body>
<table width="99%" border="0" cellpadding="1" cellspacing="0" bgcolor="#EAEAEA"><tr><td>
<table width="100%" border="0" cellpadding="5" cellspacing="0" bgcolor="#FFFFFF">
<tr bgcolor="#EAF2FA">
<td colspan="2">
<font style="font-family: sans-serif; font-size:12px;"><strong>File</strong></font>
View WP Perms
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=www-data
WP_GROUP=www-data
P_ROOT=/home/changeme
View Whitelist Cloudflare
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
View gist:ebd6fbe79ae23bc7b268568728926ae8
<?php
/*
* Template Name: Example Custom Template
* See the codex entry on custom template for more information: http://codex.wordpress.org/Page_Templates#Custom_Page_Template
*
* Add html above or below the_content inside the comments
* Add php snippets as well with their own opening and closing php
*/
global $avia_config, $post;
@swoopsta
swoopsta / pia-port-forwarding.sh
Last active May 12, 2017
PIA Port Forwarding For Transmission
View pia-port-forwarding.sh
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
echo 'Loading port forward assignment information...'
pia_client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` forwarded_port=$(curl "http://209.222.18.222:2000/\?client_id=$pia_client_id" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
else
@swoopsta
swoopsta / routing.sh
Created May 4, 2017
Make VPN loopback failsafe
View routing.sh
#! /bin/bash
VPNIF="tun0"
VPNUSER="vpn"
GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
ip rule add from all fwmark 0x1 lookup $VPNUSER
fi
ip route replace default via $GATEWAYIP table $VPNUSER
ip route append default via 127.0.0.1 dev lo table $VPNUSER