- Discussion of key strenths of vyatta, and firewalls in general
- Link to the open-source VyOS version and the commercial Vyatta project
- Talk about Softlayer choices specifically -- why softlayer version is insecure / finnicky with SSL & PPTP options, limitations & cost of the Fortigate appliance
Yegor G. yegorg
yegorg
/ text.md
Created
November 12, 2015 05:19
— forked from awinder/text.md
Vyatta Blog Post Outline
yegorg
/ instructions.md
Created
November 12, 2015 05:18
— forked from jiphex/instructions.md
Static OpenVPN between two hosts
So you've got two boxes, separated by some kind of network that you're not in control of, and you'd like to encrypt traffic between them. You're not going to have multiple clients connecting to each other, just these two boxes.
As of OpenVPN 2, it's possible to configure the hosts in peer-to-peer mode, with static keying, meaning that the actual VPN setup is super easy:
- Install OpenVPN (>=2) on both boxes, the standard Wheezy version is fine.
- Generate a static key as follows:
openvpn --genkey --secret /path/to/somewhere/secret.key - Copy the secret key to both boxes over a secure channel (e.g SSH)
- Create /etc/openvpn/p2p.conf on both boxes as show in box1.vpn.cnf and box2.vpn.cnf below
yegorg
/ nginx-ubuntu-install-latest
Created
November 12, 2015 05:12
install nginx latest ver on ubuntu/debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -O nginx_signing.key http://nginx.org/keys/nginx_signing.key | |
| sudo apt-key add nginx_signing.key | |
| echo "deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx | |
| deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx" >> /etc/apt/sources.list | |
| apt-get update | |
| apt-get install nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $modload imtcp | |
| $InputTCPServerRun 10514 | |
| # $ActionQueueType LinkedList # use asynchronous processing | |
| # $ActionQueueFileName srvrfwd # set file name, also enables disk mode | |
| # $ActionResumeRetryCount -1 # infinite retries on insert failure | |
| # $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down | |
| # *.notice @@logserver.local:10514 | |
| auth,authpriv.* -/var/log/auth.log |
yegorg
/ kibana.json
Created
November 11, 2015 08:46
— forked from untergeek/kibana.json
Simple Kibana dashboard for collectd stats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Collectd: Blackbox", | |
| "services": { | |
| "query": { | |
| "list": { | |
| "0": { | |
| "query": "plugin:\"load\"", | |
| "alias": "Load", | |
| "color": "#7EB26D", | |
| "id": 0, |
yegorg
/ keepalived.conf
Created
November 11, 2015 05:35
— forked from mrlesmithjr/keepalived.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vrrp_script chk_haproxy { | |
| script "killall -0 haproxy" # verify the pid existance | |
| interval 2 # check every 2 seconds | |
| weight 2 # add 2 points of prio if OK | |
| } | |
| vrrp_instance VI_1 { | |
| interface eth0 # interface to monitor | |
| state MASTER | |
| virtual_router_id 51 # Assign one ID for this route |
yegorg
/ KVM_etc_network_interfaces
Created
November 11, 2015 05:34
— forked from mrlesmithjr/KVM_etc_network_interfaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file describes the network interfaces available on your system | |
| # and how to activate them. For more information, see interfaces(5). | |
| # The loopback network interface | |
| auto lo | |
| iface lo inet loopback | |
| # The primary network interface | |
| auto eth0 |
yegorg
/ iptables_cluster.sh
Created
November 11, 2015 05:31
— forked from mrlesmithjr/iptables_cluster.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # check for iptables-persistent package and install if not already installed | |
| script_name="iptablesrules.sh" | |
| # change user to the account you wish to use on the remote nodes | |
| user="root" | |
| tee $script_name <<EOF | |
| if apt-get -qq install iptables-persistent; then | |
| echo "Successfully detected iptables-persistent" | |
| else |
yegorg
/ readme.md
Created
November 11, 2015 03:15
— forked from ashrithr/readme.md
Installing ELK on a single machine
yegorg
/ osx-for-hackers.sh
Created
November 11, 2015 03:14
— forked from ashrithr/osx-for-hackers.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Some things taken from here | |
| # https://github.com/mathiasbynens/dotfiles/blob/master/.osx | |
| # Set the colours you can use | |
| black='\033[0;30m' | |
| white='\033[0;37m' | |
| red='\033[0;31m' | |
| green='\033[0;32m' |