Category: os

# see https://infosec.mozilla.org/guidelines/openssh.html ########## cp /etc/ssh/moduli /etc/ssh/moduli.orig awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli sed -i -e 's/#HostKey/HostKey/g' /etc/ssh/sshd_config sed -i -e 's/#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config sed -i -e 's/#LogLevel INFO/LogLevel VERBOSE/g' /etc/ssh/sshd_config sed -i -e 's/#PrintLastLog yes/PrintLastLog yes/g' /etc/ssh/sshd_config echo KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 >> /etc/ssh/sshd_config echo Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr >> /etc/ssh/sshd_config echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com...

For installing Windows-Updates on servers using command-line here is a two-liner for powershell. Run with elevated privileges 🙂 cd C:\Windows\System32\de-DEcscript.exe .\WUA_SearchDownloadInstall.vbs What i really like on this approach: you can select a single update-package you want to install. As recommended by Microsoft — first install the servicing stack update (SSU): Microsoft strongly recommends you always...

edit ~/.bashrc HISTSIZE=0 >> ~/.bashrcHISTFILESIZE=0 >> ~/.bashrc or for zsh (there is somehow a bug — it seems to me — one entry is still left) HISTSIZE=0 >> ~/.zshrcSAVEHIST=0 >> ~/.zshrc

echo "create a 1GB swapfile"fallocate -l 1G /swapfilechmod 600 /swapfilemkswap /swapfileswapon /swapfileecho "/swapfile swap swap defaults 0 0" >> /etc/fstab

install module echo "define('WP_FAIL2BAN_AUTH_LOG', LOG_AUTH);" >> /var/www/html/wordpress/wp-config.php cp /var/www/html/wordpress/wp-content/plugins/wp-fail2ban/filters.d/wordpress-* /etc/fail2ban/filter.d/ /etc/fail2ban/jail.d/wordpress.conf[wordpress-hard]enabled = true filter = wordpress-hard logpath = /var/log/messages maxretry = 1 port = http,https bantime = 90 [wordpress-soft] enabled = true filter = wordpress-soft logpath = /var/log/messages maxretry = 3 port = http,https bantime = 90EOF fail2ban-client reload

usermod -p ! root yum clean all yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y yum install fail2ban -y systemctl enable firewalld systemctl restart firewalld echo "[sshd]" > /etc/fail2ban/jail.d/sshd.local  echo "enabled = true" >> /etc/fail2ban/jail.d/sshd.local  echo "port = ssh" >> /etc/fail2ban/jail.d/sshd.local  echo "logpath = %(sshd_log)s" >> /etc/fail2ban/jail.d/sshd.local  echo "maxretry = 1" >> /etc/fail2ban/jail.d/sshd.local  echo "bantime = 90" >> /etc/fail2ban/jail.d/sshd.local ...