sestatus sudo sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config sestatus (mode from config file should now be disabled) reboot
The Docker Bench for Security is a script that checks for all the automatable tests included in the CIS Docker 1.6 Benchmark. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post.
We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.
[root@my ~]# systemctl enable cockpit.socket [root@my ~]# systemctl start cockpit.socket [root@my ~]# pwconv [root@my ~]# passwd myuser # visit http://<ipaddress>:9090 in a browser
- http://wiki.centos.org/SpecialInterestGroup/Atomic/Download [centos atomic amis]
- http://www.projectatomic.io/blog/2014/11/testing-kubernetes-with-an-atomic-host/ *
CentOS 7 x86_64 Devel AtomicHost EBS HVM 20150306_01 – ami-a522b0d2
CentOS 7 (x86_64) with Updates HVM – ami-e4ff5c93
See which apps have access to your Google account. Quickly revoke unwanted apps. Good for testing OAuth2.
yum install -y centos-release-SCL yum install -y ruby193 source /opt/rh/ruby193/enable echo "source /opt/rh/ruby193/enable" | sudo tee -a /etc/profile.d/ruby193.sh
apt-get install linux-headers-$(uname -r)
md5deep -r -l . > filelist.txt sort < filelist.txt > filelist_sorted.txt
First command will render all hashes for all files
Second will sort the list so as you scroll you will easily spot duplicates with their paths.
m5deep is in most apt-get and yum repos.
If you’re getting bombarded with brute force login attempts. Below will install DenyHosts as a daemon that will with default settings scan your /var/log/secure for failed login attempts. It is initially set to 5 failed attempts and then IP ends up in the hosts.deny file. You should get a good long look a the .cfg file to understand full capabilities. (For example running against Apache logs for web attacks)
wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz tar -zxvf DenyHosts-2.6.tar.gz cd DenyHosts-2.6 python setup.py install cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts chkconfig --add denyhosts service denyhosts start tail -f /etc/hosts.deny /var/log/secure
The Root Zone Database represents the delegation details of top-level domains, including gTLDs such as .com, and country-code TLDs such as .uk.
Registrars List (UK)
== in bashrc alias wanip='dig +short myip.opendns.com @resolver1.opendns.com' == example $ wanip 188.8.131.52
# Handle 404 errors server.error-handler-404 = "/index.php" # Rewrite rules url.rewrite-final = ( # Exclude some directories from rewriting "^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0", # Exclude .php files at root from rewriting "^/(.*.php)" => "$0", # Handle permalinks and RSS feeds "^/(.*)$" => "/index.php/$1" )
This way you don’t have to worry about escaping anything.
$command = @' cmd.exe /C c:\windows\system32\ntbackup.exe backup "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\chameme.bks" /n "1file.bkf1 created 06/09/2013 at 09:36" /d "Set created 06/09/2013 at 09:36" /v:no /r:no /rs:no /hc:off /m normal /j chameme /l:s /f "\\fs1\Exchange Backups$\1file.bkf" '@ Invoke-Expression -Command:$command
until !!; do :; done