gburd

confirm () {
    # call with a prompt string or use a default
    read -r -p "${1:-Would you like to continue? [y/N]} " response
    case $response in
        [yY][eE][sS]|[yY]) 
            true
            ;;
        *)
            false
            ;;

gburd

su USER --shell /bin/bash --command "ulimit -n"

You need to edit /etc/pam.d/common-session* and add the following line to the end:

session required pam_limits.so

# cat /etc/security/limits.d/90-nproc.conf
*          soft    nproc     8192
root       soft    nproc     unlimited
*          soft    nofile    102400

gburd

# Set the local clock.
date -r$((16#`printf "\xb%-47.s"|nc -uw1 time.nist.gov 123|xxd -s40 -l4 -p`-2208988800))

gburd

crypto:start().
<<Mac:160/integer>> = crypto:hmac(sha, <<"hello">>, <<"world">>).
%% <<138,58,132,188,208,208,6,94,151,241,117,211,112,68,124,125,2,224,9,115>>
lists:flatten(io_lib:format("~40.16.0b", [Mac])). 
%% "8a3a84bcd0d0065e97f175d370447c7d02e00973"

gburd

#!/bin/bash

confirm () {
   # call with a prompt string or use a default
   read -r -p "${1:-Would you like to continue? [y/N]} " response
   case $response in
       [yY][eE][sS]|[yY])
           true
           ;;
       *)

gburd

#!/usr/bin/env sh

sudo update-alternatives --install \
        /usr/bin/llvm-config       llvm-config      /usr/bin/llvm-config-3.6  200 \
--slave /usr/bin/llvm-ar           llvm-ar          /usr/bin/llvm-ar-3.6 \
--slave /usr/bin/llvm-as           llvm-as          /usr/bin/llvm-as-3.6 \
--slave /usr/bin/llvm-bcanalyzer   llvm-bcanalyzer  /usr/bin/llvm-bcanalyzer-3.6 \
--slave /usr/bin/llvm-cov          llvm-cov         /usr/bin/llvm-cov-3.6 \
--slave /usr/bin/llvm-diff         llvm-diff        /usr/bin/llvm-diff-3.6 \
--slave /usr/bin/llvm-dis          llvm-dis         /usr/bin/llvm-dis-3.6 \

gburd

# Iptables Firewall configuration script
# Allows HTTP, HTTPS, SSH, SMTP
# SSH Port easy customization
# Allows Local Loopback
# Allows specific ICMP
# Allows DNS Query and Response
# Blocks bad source
# Blocks non local Loopback
# DOS Protection and reporting
# DOS SYN Flood

gburd

# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

gburd

# Ensure that Google Chrome's script terminates subprocesses (like 'cat') properly
( if ! grep -q 'trap \"trap - SIGTERM && kill -- -$$\" SIGINT SIGTERM EXIT' /opt/google/chrome/google-chrome
  then
      LINE=$(( $(awk '$0 ~ "exec 2" {print NR}' /opt/google/chrome/google-chrome) + 1))
      /bin/ed /opt/google/chrome/google-chrome <<EOF
${LINE}i
trap "trap - SIGTERM && kill -- -\$\$" SIGINT SIGTERM EXIT
.
w
q

gburd

Hardening flags enabled by default

format Adds the -Wformat -Wformat-security -Werror=format-security compiler options. At present, this warns about calls to printf and scanf functions where the format string is not a string literal and there are no format arguments, as in printf(foo). This may be a security hole if the format string came from untrusted input and contains %n.

stackprotector Adds the -fstack-protector-strong --param ssp-buffer-size=4 compiler options. This adds safety checks against stack overwrites rendering many potential code injection attacks into aborting situations. In the best case this turns code injection vulnerabilities into denial of service or into non-issues (depending on the application).

fortify Adds the -O2 -D_FORTIFY_SOURCE=2 compiler options. During code generation the compiler knows a great deal of information about buffer sizes (where possible), and attempts to replace insecure unlimited length buffer function calls with length-limited ones. This is especially useful for