Welcome to my world
#!/bin/bash SNAP=/usr/local/bin/cv4pve-autosnap SNAP_KEEP_DAILY=10 SNAP_HOST=10.10.10.10 $SNAP --host=$SNAP_HOST --username=root@pam --password='topsecret' --vmid=all snap --label='_daily_' --keep=$SNAP_KEEP_DAILY
net config server /autodisconnect:-1
VBS Script
Function getAvailableLanguageVariantsForPage(callingPageGuid)
dim XMLString
dim resXML
dim xmlDoc
dim xmlNodeList
dim i
XMLString = "<IODATA loginguid='" & session("LoginGuid") & "' sessionkey='" & session("SessionKey") & "'>" & _
"<PROJECT>" & _
"<LANGUAGEVARIANTS action='pageavailable' pageguid='"&callingPageGuid&"' />" & _
"</PROJECT>" & _
"</IODATA>"
resXML = objIO.ServerExecuteXml(XMLString, sError)
Set xmlDoc = server.CreateObject( "Msxml2.DOMDocument.4.0" )
xmlDoc.loadXML( resXML )
Set xmlNodeList = xmlDoc.getElementsByTagName( "LANGUAGEVARIANT" )
For i = 0 To( xmlNodeList.Length - 1 )
strAvailableInLanguageVariant = strAvailableInLanguageVariant & xmlNodeList.Item(i).getAttribute( "guid" )
' strAvailableInLanguageVariantName = xmlNodeList.Item(i).getAttribute( "language" )
Next
Set xmlDoc = Nothing
Set xmlNodeList = Nothing
End Function
<%!! Escape:HtmlEncode(Context:CurrentIndex.Page.Elements.GetElement(hdl_headline).Value.PadRight(Int:15).Substring(Int:0, Int:15).Trim().Remove(Int:1, Int:3).ToUpper().Equals(String:test).ToString().Length.ToString()) !!%>
<%!! Escape:Text(<%att_med_pdf_filename%>.Substring(Escape:Text(<%att_med_pdf_filename%>).LastIndexOf(.)) !!%>
I got the following error message after compiling apache against the latest OpenSSL version.
Cannot load modules/mod_fcgid.so into server: undefined symbol: ap_unixd_setup_child
It looks like a compiler error that happened, but it isn’t. In fact, there are two options why there is this error message appears.
One mod_unixd isn’t loaded or loaded after mod_fcgid. Two mod_fcgid can’t create a directory for the socket or the socket itself. aka file permissions.
That error message could be much better. It is misleading. This error does not happen on Windows. It comes from the old Unix philosophy: “Everything is a file”. This lead to a ton of code in the kernels. Even more, code exists for block devices in /dev. All that symlinks and magic directories. I wonder when “Everything is a file” will have exceptions everyone agrees on.
Choosing the right cipher for your server.
The wanted options:
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \ grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \ grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"
The Output
TLS 1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS 1.2 ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
At last POLY over AES for speed, and ECDSA over RSA also for speed.
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
This was done with the current latest OpenSSL version 1.1.1l
Only for the completeness, GCM is Galois/Counter Mode[2]
[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode
I don’t know why, but the admins tend to disable hibernate via group policies from time to time. It is pretty simple to enable, but you need admin permissions.
This script first forces UAC and then enables hibernation.
@echo off
:: BatchGotAdmin
:-------------------------------------
REM --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
echo Requesting administrative privileges...
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
powercfg.exe /hibernate on
preg_match_all match the regexp in all the $html string and output everything as
an array in $result. “i” option is used to make it case insensitive
preg_match_all('/<img[^>]+>/i',$html, $result);
print_r($result);
Get the metadata
$img = array();
foreach( $result as $img_tag)
{
preg_match_all('/(alt|title|src)=("[^"]*")/i',$img_tag, $img[$img_tag]);
}
print_r($img);
Here you go.
How to do things with iptables. Safety first: How to reset everything.
sudo iptables -F sudo iptables -X sudo iptables -t nat -F sudo iptables -t nat -X sudo iptables -t mangle -F sudo iptables -t mangle -X
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql
The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.
Blocking an IP range
sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP
Disallow NTP queries
sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp
Block timestamp
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP