OpenSnitch – a Linux firewall for applications – interactive outbound connections filtering.
https://www.linux-magazine.com/index.php/Issues/2022/259/OpenSnitch
https://github.com/evilsocket/opensnitch
Linux Application Firewall
December 4th, 2024A Bash web server
December 4th, 2024Nice oneliners which may be useful to show some console output via HTTP.
An example of showing the iptables FORWARD chain:
while true ; do echo -e "HTTP/1.1 200 OK\n\n $(sudo iptables -L FORWARD -vn --line-numbers)" | nc -l -p 8080 -q 1; done
Then go to http://ip.add.re.ss:8080 and you will see the output as a web page. In case of adding new rules renew the webpage and you will see the newly added rules.
To report file system disk space usage:
while true ; do echo -e "HTTP/1.1 200 OK\n\n $(df -h)" | nc -l -p 8080 -q 1; done
More info: https://www.linux-magazine.com/Issues/2021/250/Bash-Web-Server/(offset)/3/(tagID)/92#
Slackware Tagfiles
October 12th, 2024Found some old notes concerning tagfiles. This all is for Slackware 14, but mainly should be useful for newer versions as well, though may have differences, I haven’t checked and compared. See below…
Read the rest of this entry »opensips: getting media IP
June 9th, 2024To get the IP address from the SDP part of incoming INVITE:
$(rb{sdp.line,c}{s.select,2, })
http://lists.opensips.org/pipermail/users/2024-June/048189.html
NetBSD 10: httpd with PHP support
April 24th, 2024pkgin install bozohttpd-20240126 php-8.3.4
By default httpd is run under _httpd user. To start from command line and specify another user (e.g. nobody) type:
/usr/libexec/httpd -b -U nobody -C .php /usr/pkg/libexec/cgi-bin/php /var/www/
To start httpd automatically, edit /etc/rc.conf (not /etc/rc.local , not /etc/defaults/rc.conf):
httpd=YES
httpd_flags="-b"
httpd_flags="-C .php /usr/pkg/libexec/cgi-bin/php"
httpd_wwwuser="nobody" # this is a separate variable,
# you may read 'man 5 rc.conf' about it
# and about other variables
Ubuntu 20.04 remove old unused kernels
April 13th, 2024https://askubuntu.com/a/1253348
Check what current kernel You are running:
uname -a
Linux blackhole 5.6.13-050613-lowlatency #202005141310 SMP PREEMPT Thu May 14 13:17:41 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
So, this system runs 5.6.13-050613-lowlatency kernel.
List all installed kernels in Your OS:
dpkg --list | egrep -i --color 'linux-image|linux-headers|linux-modules' | awk '{ print $2 }'
linux-headers-5.6.11-050611
linux-headers-5.6.11-050611-lowlatency
linux-headers-5.6.13-050613
linux-headers-5.6.13-050613-lowlatency
linux-image-unsigned-5.6.11-050611-lowlatency
linux-image-unsigned-5.6.13-050613-lowlatency
linux-modules-5.6.11-050611-lowlatency
linux-modules-5.6.13-050613-lowlatency
Uninstall kernels You don’t need:
sudo apt purge linux-headers-5.6.11-050611 linux-headers-5.6.11-050611-lowlatency linux-image-unsigned-5.6.11-050611-lowlatency linux-modules-5.6.11-050611-lowlatency
flameshot
March 10th, 2024flameshot – a good alternative for Deepin Screenshot which seems to be unavailable in *buntu 23.10
OpenSIPS dispatching algorithms
February 20th, 2024Just some explanation of dispatcher module argorithms.
hash over callid
– ensures that all requests within a dialog goes to same boxhash over from uri
– ensures that all requests from same user goes to same boxhash over to uri
– ensures that registrations of an AoR goes to same boxhash over request-uri
– ensures that requests to same destination are processes by same box#hash over config variable
– for different needs
NetBSD useful links
February 20th, 2024https://netbsd.org/docs/guide/en/chap-boot.html#chap-boot-keyboard-layout
https://netbsd.org/docs/guide/en/chap-boot.html#chap-boot-system-time
https://netbsd.org/docs/guide/en/chap-boot.html#chap-boot-mount-cdrom
https://netbsd.org/docs/guide/en/chap-boot.html#chap-boot-pkgsrc
https://netbsd.org/docs/misc/index.html#wifi
https://netbsd.org/docs/misc/index.html#package-management
https://netbsd.org/docs/misc/index.html#installing-rootcerts
https://netbsd.org/docs/misc/index.html#managing-services
https://netbsd.org/docs/misc/index.html#run-on-startup
https://netbsd.org/docs/misc/index.html#viewing-disks
https://netbsd.org/docs/guide/en/chap-rmmedia.html#using-usb-flash-drives
https://netbsd.org/docs/guide/en/chap-rmmedia.html#cdrom
https://netbsd.org/docs/guide/en/chap-rmmedia.html#cdrom-users
https://netbsd.org/docs/guide/en/chap-rmmedia.html#vnconfig
NPF: NetBSD Packet Filter:
https://rmind.github.io/npf/nat.html
https://github.com/rmind/npf/tree/master/docs
3nmp (like LAMP)
https://wiki.netbsd.org/tutorials/services/3nmp/
how to install a lamp server
https://wiki.netbsd.org/pkgsrc/how_to_install_a_lamp_server/
setting up blocklistd (like fail2ban)
https://wiki.netbsd.org/tutorials/setting_up_blocklistd/
the netbsd system manager’s manual
https://wiki.netbsd.org/tutorials/the_netbsd_system_manager__39__s_manual/
tuning netbsd for performance
https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/
fail2ban, wordpress, lighttpd
February 20th, 2024/etc/fail2ban/jail.local:
# WordPress Jail
[wordpress-auths]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/lighttpd/access.log
/etc/fail2ban/filter.d/botsearch-common.conf:
[Init]
# Block is the actual non-found directories to block
block = \/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*
# These are just convient definitions
# that assist the blocking of stuff that
# isn't installed
webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
wordpress = wp-(login|signup|admin)\.php