Skip to content

Latest commit

 

History

History

security

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
ca
ca
 
 
fail2ban-conf
fail2ban-conf
 
 
fail2ban-leanmail
fail2ban-leanmail
 
 
fail2ban-pass2allow
fail2ban-pass2allow
 
 
ip-info @ 6c93b32
ip-info @ 6c93b32
 
 
myattackers-ipsets
myattackers-ipsets
 
 
MYATTACKERS.md
MYATTACKERS.md
 
 
README.md
README.md
 
 
SecureContactForm.md
SecureContactForm.md
 
 
blocklist-de-add.sh
blocklist-de-add.sh
 
 
cert-expiry.sh
cert-expiry.sh
 
 
chroot-smallest.sh
chroot-smallest.sh
 
 
cipher-search.sh
cipher-search.sh
 
 
mk-ca-bundle.pl
mk-ca-bundle.pl
 
 
mk-ca-bundle.url
mk-ca-bundle.url
 
 
myattackers.sh
myattackers.sh
 
 
nod32mirror
nod32mirror
 
 
openssl-install.sh
openssl-install.sh
 
 
password2remember.sh
password2remember.sh
 
 
password2remember_hu.txt
password2remember_hu.txt
 
 
ssl-check
ssl-check
 
 
update-cert.sh
update-cert.sh
 
 

README.md

Security audit

@TODO https://github.com/CISOfy/lynis/

Store secret data in shares

gfshare

apt-get install -y libgfshare-bin

http://www.digital-scurf.org/software/libgfshare

Cipher names correspondence table @Mozilla

Cipher names correspondence table

TLS Names table generator

Detect supported SSL ciphersuites

nmap --script ssl-cert,ssl-enum-ciphers -p 443 <TARGET>

DigiCert (online)

DigiCert® SSL Installation Diagnostics Tool

Qualys SSL Labs (online)

SSL Server Test

OWASP Testing Guide

Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection

SSLyze

SSLyze, Fast and full-featured SSL scanner

cipherscan

cipherscan also analyzes configurations

SSL Breacher

SSL Breacher - Yet Another SSL Test Tool

Settings

Cipherli.st

Strong Ciphers for Apache, nginx and Lighttpd

Mozilla Server side TLS Tools

Server side TLS Tools, doc: Server Side TLS Document

hosts.deny

China

# ASIA/China
sshd: 27.0.0.0/8
sshd: 58.0.0.0/8
sshd: 59.0.0.0/8
sshd: 60.0.0.0/8
sshd: 61.0.0.0/8
sshd: 110.0.0.0/8
sshd: 111.0.0.0/8
sshd: 112.0.0.0/8
sshd: 113.0.0.0/8
sshd: 114.0.0.0/8
sshd: 115.0.0.0/8
sshd: 116.0.0.0/8
sshd: 117.0.0.0/8
sshd: 118.0.0.0/8
sshd: 119.0.0.0/8
sshd: 120.0.0.0/8
sshd: 121.0.0.0/8
sshd: 122.0.0.0/8
sshd: 123.0.0.0/8
sshd: 124.0.0.0/8
sshd: 125.0.0.0/8
sshd: 183.0.0.0/8
sshd: 210.0.0.0/8
sshd: 211.0.0.0/8
sshd: 218.0.0.0/8
sshd: 219.0.0.0/8
sshd: 220.0.0.0/8
sshd: 221.0.0.0/8
sshd: 222.0.0.0/8
sshd: 223.0.0.0/8

CloudFlare IP ranges

CloudFlare API IP banning

mode: block | challenge | whitelist target: country | ip

Value would be an IP, /16 /24 or a 2-letter country code. The notes field can be left empty or removed if you don't want to add any. To block for a specific zone only, just change the API URL to:

https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/firewall/packages/access_rules/rules

Replace YOUR-ZONE-ID with the zone identifier for the zone retrieved via an API GET to https://api.cloudflare.com/client/v4/zones/ with your API details.

curl --data-binary '{"mode":"block","notes":"","configuration":{"value":"1.2.3.4","target":"ip"}}' \
    --compressed -H 'content-type: application/json' \
    --header "X-Auth-Key: API-KEY" --header "X-Auth-Email: EMAIL-ADDRESS" --verbose \
    'https://api.cloudflare.com/client/v4/user/firewall/packages/access_rules/rules'

Incapsula IP ranges

https://incapsula.zendesk.com/hc/en-us/articles/200627570-Restricting-direct-access-to-your-website-Incapsula-s-IP-addresses-

resp_format: json | apache | nginx | iptables | text

curl -k -s --data 'resp_format=apache' 'https://my.incapsula.com/api/integration/v1/ips'

Difference between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”

http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key/20065522#20065522