Skip to content

Instantly share code, notes, and snippets.

View hwdsl2's full-sized avatar

Lin Song hwdsl2

1.5k followers · 23 following
View GitHub Profile
@sturadnidge
sturadnidge / tmux-1.8-on-CentOS-6.x.txt
Last active May 10, 2021 18:31
Install tmux 1.8 on CentOS 6.x minimal (64bit)
# download latest libevent2 and tmux sources, and extract them somewhere
# (thx bluejedi for tip on latest tmux URL)
#
# at the time of writing:
# https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
# http://sourceforge.net/projects/tmux/files/latest/download?source=files
#
# install deps
yum install gcc kernel-devel make ncurses-devel
@ckirsch
ckirsch / gpgmulti
Last active October 21, 2022 12:33
Symmetrically encrypt multiple files with GnuPG
#!/bin/bash
###############################################################################
## name : gpgmulti.sh (original by Nick Montpetit)
## purpose : symmetrically encrypts/decrypts multiple files using GnuPG
## usage : gpgmulti.sh [-c] file_pattern
###############################################################################
# encrypt all non-gpg files recursively:
# find . -type f -not -name .DS_Store -not -name "*.gpg" -print0 | xargs -0 -o gpgmulti.sh -c
@yorkxin
yorkxin / README.md
Last active October 27, 2020 12:17
Amazon S3 Redirect Rules Generator

Amazon S3 Redirect Rules Generator

A Ruby script to generate simple Amazon S3 Redirection Rules XML file.

Update: There is an app for that now! Use Amazon S3 Redirector (Web app) and you can generate the XML without any knowledge about Ruby. Thanks to @rainforestapp. BTW, It's open source too.

Dependencies

  • Nokogiri
@plentz
plentz / nginx.conf
Last active April 3, 2025 19:20
Best nginx configuration for improved security(and performance)
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@mgarratt
mgarratt / example.com.conf
Created October 18, 2013 22:01
Ghost Blog
upstream ghost_upstream {
server 127.0.0.1:2368;
keepalive 64;
}
server {
listen 80;
server_name example.com www.example.com;
@vvo
vvo / ghost-performance-nginx-config.conf
Last active May 6, 2023 23:17
# sets the proxy cache path location, max size 2g
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:100m inactive=24h max_size=2g;
# transfers the `Host` header to the backend
proxy_set_header Host $host;
# uses the defined STATIC cache zone
proxy_cache STATIC;
# cache 200 10 minutes, 404 1 minute, others status codes not cached
@yetithefoot
yetithefoot / stuns
Last active January 20, 2025 15:25 — forked from zziuni/stuns
STUN+TURN servers list
{url:'stun:stun01.sipphone.com'},
{url:'stun:stun.ekiga.net'},
{url:'stun:stun.fwdnet.net'},
{url:'stun:stun.ideasip.com'},
{url:'stun:stun.iptel.org'},
{url:'stun:stun.rixtelecom.se'},
{url:'stun:stun.schlund.de'},
{url:'stun:stun.l.google.com:19302'},
{url:'stun:stun1.l.google.com:19302'},
{url:'stun:stun2.l.google.com:19302'},
@dergachev
dergachev / setuid-root-backdoor.md
Last active September 2, 2024 12:08
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

@dotike
dotike / try_or_die.sh
Last active July 18, 2023 20:23
3 finger claw technique for POSIX shell programming. Three one-line functions which greatly enhance shell programming, enabling reliable UNIX-style programming in an extremely concise fashion.
#!/bin/sh
##############################################################################
# This code known is distributed under the following terms:
#
# Copyright (c) 2013 Isaac (.ike) Levy <[email protected]>.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@mtigas
mtigas / nginx.conf
Last active March 20, 2025 14:14
Nginx configuration for securedrop.propublica.org. (Based on Ubuntu 13.10 / Nginx 1.4.1 default config.)
# This configuration file is provided on an "as is" basis,
# with no warranties or representations, and any use of it
# is at the user's own risk.
#
# You will need to edit domain name information, IP addresses for
# redirection (at the bottom), SSL certificate and key paths, and
# the "Public-Key-Pins" header. Search for any instance of "TODO".
user www-data;
worker_processes 4;