A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
aras-p
/ preprocessor_fun.h
Last active
April 28, 2024 15:25
Things to commit just before leaving your job
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Just before switching jobs: | |
| // Add one of these. | |
| // Preferably into the same commit where you do a large merge. | |
| // | |
| // This started as a tweet with a joke of "C++ pro-tip: #define private public", | |
| // and then it quickly escalated into more and more evil suggestions. | |
| // I've tried to capture interesting suggestions here. | |
| // | |
| // Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_, | |
| // @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant, |
ViktorNova
/ rotate-video.sh
Created
August 8, 2016 21:33
Rotate a video with FFmpeg (100% lossless, and quick)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $INPUTVIDEO='input.mp4' | |
| $OUTPUTVIDEO='output.mp4' | |
| ffmpeg -i $INPUTVIDEO -metadata:s:v rotate="-90" -codec copy $OUTPUTVIDEO |
ageis
/ systemd_service_hardening.md
Last active
May 4, 2024 15:57
Options for hardening systemd service units
timvisee
/ falsehoods-programming-time-list.md
Last active
May 5, 2024 19:57
Falsehoods programmers believe about time, in a single list
This is a compiled list of falsehoods programmers tend to believe about working with time.
Don't re-invent a date time library yourself. If you think you understand everything about time, you're probably doing it wrong.
- There are always 24 hours in a day.
- February is always 28 days long.
- Any 24-hour period will always begin and end in the same day (or week, or month).
sed -E -f solver.sed input where input is a file containing the maze.
For best results, resize your terminal to match the height of the maze. To disable animations, delete the lines containing p.
The solver assumes the following:
- The maze only contains the characters
# \nSE - Every line has the same number of characters
- There is only one start (
S) and end (E)
pfitzseb
/ changeREPLmodule.jl
Last active
September 23, 2021 09:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using REPL | |
| using REPL.LineEdit | |
| # basically the same as Base's `display_error`, just with different frames removed | |
| function display_error(io, err, st) | |
| ind = findfirst(frame -> frame.file == Symbol(@__FILE__) && frame.func == :repleval, st) | |
| st = st[1:(ind == nothing ? end : ind - 2)] | |
| printstyled(io, "ERROR: "; bold=true, color=Base.error_color()) | |
| showerror(IOContext(io, :limit => true), err, st) | |
| println(io) | |
| end |
z3dm4n
/ systemd-run-as-atd-replacement.md
Last active
November 2, 2023 13:47
Using systemd-run as atd replacement to run jobs at scheduled times
$ sudo systemd --version
systemd 237
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid
$ sudo systemd-run --property=WorkingDirectory=/foo/bar --property=TimeoutSec=5min --on-active="10min" command args
Running timer as unit: run-1.timer
Will run service as unit: run-1.service
$ sudo systemctl list-timers
Neo23x0
/ log4j_rce_detection.md
Last active
January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
May 4, 2024 18:20
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
laundmo
/ compose-check.py
Last active
December 23, 2022 07:45
Check which docker-compose services were changed since last "up" and which containers need to be restarted
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # This code is available under the MIT license: https://opensource.org/licenses/MIT | |
| from pathlib import Path | |
| import subprocess | |
| import json | |
| from dataclasses import dataclass | |
| from typing import List, Optional |
OlderNewer