itsuki-hayashi
/ ubuntu-systemd-cryptenroll-tpm.sh
Last active
March 1, 2024 12:07
Systemd TPM Auto LUKS Unlock for Ubuntu 22.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See also: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375 | |
| # See: https://github.com/wmcelderry/systemd_with_tpm2 | |
| # Install dependencies for systemd TPM | |
| sudo apt install libtss2-rc0 | |
| # Check if Ubuntu recognize your TPM chip | |
| systemd-cryptenroll --tpm2-device=list | |
| # Check current LUKS info | |
| sudo cryptsetup luksDump /dev/nvme0n1p3 | |
| # Enroll TPM as unlocker | |
| sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/nvme0n1p3 |
itsuki-hayashi
/ hide-not-mounted-drives-from-ubuntu-dock.sh
Created
July 24, 2023 10:04
Hide not mounted drives from Ubuntu Dock
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gsettings set org.gnome.shell.extensions.dash-to-dock show-mounts-only-mounted true |
itsuki-hayashi
/ rename-files-for-image-set.ps1
Last active
April 16, 2023 15:58
Rename files in image set to simple numbers in a single folder with hash based deduplication (mostly for packing to zip files).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Specify the source directory containing the images | |
| $srcDir = ".\src" | |
| # Specify the destination directory to move the renamed images to | |
| $destDir = ".\dest" | |
| # Get all image files in the source directory and its subfolders | |
| $imageFiles = Get-ChildItem -Path $srcDir -Recurse -Include *.jpg,*.jpeg,*.png,*.gif,*.bmp | Sort-Object @{Expression={[regex]::Match($_.Name, '(\d+)').Groups[1].Value.PadLeft(10,'0')}},FullName | |
| # Get the number of digits needed to represent the count of files in $imageFiles |
itsuki-hayashi
/ proton-mail-enforce-pgp.sieve
Last active
January 24, 2025 00:40
Proton Mail Sieve to enforce PGP encryption on all incoming emails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require ["reject", "imap4flags", "envelope", "extlists"]; | |
| if anyof ( | |
| # Domains for our addresses that we don't want to receive unencrypted emails. | |
| envelope :domain "to" "protonmail.com", | |
| envelope :domain "to" "proton.me", | |
| envelope :domain "to" "pm.me", | |
| envelope :domain "to" "protonmail.ch" | |
| ) { | |
| if allof ( | |
| # Reject unencrypted emails. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Configuration> | |
| <vGPU>Enable</vGPU> | |
| <Networking>Default</Networking> | |
| <AudioInput>Enable</AudioInput> | |
| <VideoInput>Enable</VideoInput> | |
| <ProtectedClient>Enable</ProtectedClient> | |
| <PrinterRedirection>Disable</PrinterRedirection> | |
| <ClipboardRedirection>Default</ClipboardRedirection> | |
| <MappedFolders> | |
| <MappedFolder> |
itsuki-hayashi
/ clevis-auto-unlock.sh
Last active
March 15, 2023 12:47
Enable Clevis Auto Unlock With TPM 2.0 for LUKS Encrypted System Volume on RHEL 8/9 Rocky Linux 8/9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo yum install clevis* | |
| sudo clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_bank":"sha384","pcr_ids":"0,7"}' | |
| sudo dracut --force |
itsuki-hayashi
/ windows10-hardening-auditpol.cmd
Last active
April 19, 2022 06:25
Set audit policy for Windows 10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| auditpol /set /subcategory:{0CCE923F-69AE-11D9-BED3-505054503030} /failure:enable /success:enable | |
| auditpol /get /subcategory:{0CCE923F-69AE-11D9-BED3-505054503030} | |
| auditpol /set /subcategory:{0CCE9237-69AE-11D9-BED3-505054503030} /success:enable | |
| auditpol /get /subcategory:{0CCE9237-69AE-11D9-BED3-505054503030} | |
| auditpol /set /subcategory:{0CCE9235-69AE-11D9-BED3-505054503030} /failure:enable /success:enable | |
| auditpol /get /subcategory:{0CCE9235-69AE-11D9-BED3-505054503030} | |
| auditpol /set /subcategory:{0CCE922D-69AE-11D9-BED3-505054503030} /failure:enable /success:enable | |
| auditpol /get /subcategory:{0CCE922D-69AE-11D9-BED3-505054503030} | |
| auditpol /set /subcategory:{0cce9248-69ae-11d9-bed3-505054503030} /success:enable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| ; See: https://github.com/0x6d69636b/windows_hardening | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell] | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging] | |
| "EnableScriptBlockLogging"=dword:00000001 | |
| "EnableScriptBlockInvocationLogging"=dword:00000001 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription] | |
| "EnableTranscripting"=dword:00000001 |
itsuki-hayashi
/ attack-surface-reduction-rules.ps1
Created
April 18, 2022 16:36
Enable attack surface reduction rules for Windows 10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference | |
| # Block abuse of exploited vulnerable signed drivers 56a863a9-875e-4185-98a7-b882c64b5ce5 | |
| Set-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled | |
| # Block Adobe Reader from creating child processes 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c | |
| Set-MpPreference -AttackSurfaceReductionRules_Ids 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c -AttackSurfaceReductionRules_Actions Enabled | |
| # Block all Office applications from creating child processes d4f940ab-401b-4efc-aadc-ad5f3c50688a | |
| Set-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "conditions": null, | |
| "snoozeUntil": null, | |
| "markFlagged": false, | |
| "skipInbox": false, | |
| "markSpam": false, | |
| "showNotification": false, | |
| "name": "Add Label for Masked Emails", | |
| "discard": false, |