Centos 7 disable SELinux

By polfilm,
sestatus
sudo sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config
sestatus (mode from config file should now be disabled)
reboot

Docker Bench for Security

By polfilm,

The Docker Bench for Security is a script that checks for all the automatable tests included in the CIS Docker 1.6 Benchmark. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post.

We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.

https://github.com/docker/docker-bench-security

Docker Hadoop Spark Setup

By polfilm,

CentOS 7 x86_64 Devel AtomicHost EBS HVM 20150306_01 – ami-a522b0d2
CentOS 7 (x86_64) with Updates HVM – ami-e4ff5c93

Google Application Permissions

By polfilm,

See which apps have access to your Google account. Quickly revoke unwanted apps. Good for testing OAuth2.

https://security.google.com/settings/security/permissions

Ruby 193 on Centos 6.6

By polfilm,
yum install -y centos-release-SCL
yum install -y ruby193
source /opt/rh/ruby193/enable
echo "source /opt/rh/ruby193/enable" | sudo tee -a /etc/profile.d/ruby193.sh

File Duplicates Recursive in Linux

By polfilm,
md5deep -r -l . > filelist.txt
sort < filelist.txt > filelist_sorted.txt

First command will render all hashes for all files
Second will sort the list so as you scroll you will easily spot duplicates with their paths.
m5deep is in most apt-get and yum repos.

DenyHosts

By polfilm,

If you’re getting bombarded with brute force login attempts. Below will install DenyHosts as a daemon that will with default settings scan your /var/log/secure for failed login attempts. It is initially set to 5 failed attempts and then IP ends up in the hosts.deny file. You should get a good long look a the .cfg file to understand full capabilities. (For example running against Apache logs for web attacks)

wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control
cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
service denyhosts start 
tail -f /etc/hosts.deny /var/log/secure

Root Zone Database

By polfilm,

The Root Zone Database represents the delegation details of top-level domains, including gTLDs such as .com, and country-code TLDs such as .uk.

http://data.iana.org/TLD/tlds-alpha-by-domain.txt

Registrars List (UK)
http://www.nominet.org.uk/uk-domain-names/registering-uk-domain/choosing-registrar/list-registrars

Lighttpd rewrite rules for WordPress sites

By polfilm,
  # Handle 404 errors
  server.error-handler-404 = "/index.php"
 
  # Rewrite rules
  url.rewrite-final = (
 
    # Exclude some directories from rewriting
    "^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0",
 
    # Exclude .php files at root from rewriting
    "^/(.*.php)" => "$0",
 
    # Handle permalinks and RSS feeds
    "^/(.*)$" => "/index.php/$1"
  )

Bat Command from Powershell

By polfilm,

This way you don’t have to worry about escaping anything.

$command = @'
cmd.exe /C c:\windows\system32\ntbackup.exe backup "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\chameme.bks" /n "1file.bkf1 created 06/09/2013 at 09:36" /d "Set created 06/09/2013 at 09:36" /v:no /r:no /rs:no /hc:off /m normal /j chameme /l:s /f "\\fs1\Exchange Backups$\1file.bkf"
'@

Invoke-Expression -Command:$command