tcely

# Determine the OS version across the various forks using %{dist} detail from the building machine's kernel release.
# Versions 6 & 7 started including including the architecture in the kernel **release** field. We have to deal with that stupidity too.
%define osVersion %(uname -r | awk -F '.' '{for (i=NF; i > 0; i--) if ($i !~ /^(x86_64|i[36]86)$/) { print gensub(/^[^0-9]+/, "", "", $i); exit; }}')

# I wish redhat-release provided the major number, but that only started with 7 from what I've found. Even after adding a number to the redhat-release provide, they started using 7.0, just to make things difficult.

# Add conflicts as appropriate for the various RedHat major versions.
%if 0%{?osVersion} == 5
Conflicts: upstart, systemd
%endif

tcely

#!/bin/bash
# Inspiration from: http://askubuntu.com/questions/126817/how-to-disable-alt-f1-alt-f2-shortcuts

unset -v _key _value _schema
_schema='org.gnome.desktop.wm.keybindings'

while IFS= read -r _key; do
    _value="$(gsettings get "$_schema" "$_key")"
    while [[ "$_value" =~ \''<Alt>F'[1-9]\' ]] || [[ "$_value" =~ \''<Alt>F1'[0-2]\' ]]; do
        #_value="$(sed -e "s/\(, \)\?${BASH_REMATCH[0]}\(, \)\?//;s/''/', '/;" <<<"$_value")"

tcely

if [ -s ~/.bashrc ]; then
    . ~/.bashrc
fi

# Additions to fix the lack of confirmation when keys are added from the Keychain
if [ -s ~/.ssh/ssh-agent.pid ]; then
    . ~/.ssh/ssh-agent.pid
    if [ -n "$SSH_AGENT_PID" ] && ! kill -0 "$SSH_AGENT_PID" &>/dev/null; then
        rm -f ~/.ssh/ssh-agent.pid
        unset -v SSH_AGENT_PID

tcely

#!/bin/bash
## SecurityCenter Backup Script
#
# This script is intended to create backups of all of the SecurityCenter data
# on a daily/weekly/monthly/etc. basis.  This is intended to be run as a cronjob
# and expect the SysAdmin to have configured the root@localhost mail alias to
# route through their email system in-case of errors.  An example of how to run
# this as a cronjob is below:
#
# 1 45 * * * root /opt/scripts/backups/sc-backup.sh

tcely

#!/usr/bin/env python

import io, os, sys

from argparse import ArgumentParser
from calendar import timegm
from time import gmtime, localtime, mktime, strftime, strptime

def touchUTCString(t):
    return timegm(strptime(t, '%a, %d %b %Y %H:%M:%S %Z'))

tcely

#!/bin/sh

iptables -F SSH_PORT_LIMIT || iptables -N SSH_PORT_LIMIT

iptables -A SSH_PORT_LIMIT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A SSH_PORT_LIMIT -p tcp -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-upto 10/hour --hashlimit-burst 15 --hashlimit-name ssh -j ACCEPT
iptables -A SSH_PORT_LIMIT -j LOG --log-level info --log-prefix 'ssh-port-limit: '
iptables -A SSH_PORT_LIMIT -p tcp -j REJECT --reject-with tcp-reset
iptables -A SSH_PORT_LIMIT -j DROP

tcely

#!/bin/sh

docker run --rm -it perl:5-threaded \
  perl -e 'print(q{Enter pass phrase: }); system("stty -echo"); chomp($pt = <>); system("stty echo"); print(qq{\n}, crypt($pt, q{$1$YCCaQNAP$}), qq{\n});'

tcely

Keybase proof

I hereby claim:

• I am tcely on github.
• I am tcely (https://keybase.io/tcely) on keybase.
• I have a public key ASCepDrTFuNbJ51KamisH6cg9iNJN90f5vFYyIQYJ4nTWgo

To claim this, I am signing this object:

tcely

#!/bin/bash

conditional_get_etag() {
  local _url _file _tmpdir
  local _awk_program='/^ETag:/ {$1=""; printf "If-None-Match: %s", substr($0, 2, length($0)-2); exit;}'

  for _url; do
    if [ '--file=' = "${_url:0:7}" ]; then
      _file="${_url:7}"
      continue

tcely

As I originally outlined in this comment there is a work around for the problem of having shared credentials and keys on the various backup "clients" so that they push their contents to your restic server.

I have implemented this solution, but it took a fair amount of work. I am putting this work up for bounty, so if you are interested please contact me to arrange payment and when the goal is reached, I will send my solution to everyone who chipped in.

Thank you very much!