1
mirror of git://git.acid.vegas/random.git synced 2024-12-04 13:36:39 +00:00

more stuff get fucked ok

This commit is contained in:
Dionysus 2023-09-12 16:44:54 -04:00
parent a43d747cfd
commit 2d44ba5000
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
19 changed files with 426 additions and 186 deletions

73
archlinux/arch Executable file
View File

@ -0,0 +1,73 @@
#!/bin/sh
set -xev
GIT_URL="https://raw.githubusercontent.com/acidvegas/archlinux/master"
RPI=0
setup_initial() {
systemctl stop sshd && systemctl disable sshd
history -c && export HISTFILESIZE=0 && export HISTSIZE=0 && unset HISTFILE
[ -f /root/.bash_history ] && rm /root/.bash_history
passwd
[ $RPI -eq 1 ] && userdel -r alarm
useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas wheel && passwd acidvegas
timedatectl set-timezone America/New_York && timedatectl set-ntp true
echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
}
setup_wifi() {
echo "wildwest" > /etc/hostname
echo -e "[Match]\nName=wlan0\n\n[Network]\nDHCP=ipv4\nMulticastDNS=yes\n#Address=10.0.0.200/24\nGateway=10.0.0.1" > /etc/systemd/network/25-wireless.network
echo -e "[Resolve]\nDNS=8.8.4.4 8.8.8.8 2001:4860:4860::8888 2001:4860:4860::8844\nFallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001\nMulticastDNS=yes\nDNSSEC=no\nCache=yes" > /etc/systemd/resolved.conf
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf && chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
systemctl start systemd-networkd && systemctl enable systemd-networkd
systemctl start systemd-resolved && systemctl enable systemd-resolved
systemctl start wpa_supplicant@wlan0 && systemctl enable wpa_supplicant@wlan0
}
setup_pacman() {
MI="Include = /etc/pacman.d/mirrorlist"
echo -e "[options]\nArchitecture = auto\nColor\nCheckSpace\nHoldPkg = pacman glibc\nParallelDownloads = 10\nSigLevel = Required DatabaseOptional\nLocalFileSigLevel = Optional\nRemoteFileSigLevel = Required\n\n" > /etc/pacman.conf
echo -e "[core-testing]\n$MI\n\n[core]\n$MI\n\n[extra-testing]\n$MI\n\n[extra]\n$MI\n\n" >> /etc/pacman.conf
[ $RPI -eq 0 ] && echo -e "[multilib-testing]\n$MI\n\n[multilib]\n$MI" >> /etc/pacman.conf
[ $RPI -eq 1 ] && echo -e "[community]\n$MI\n\n[alarm]\n$MI\n\n[aur]\n$MI" >> /etc/pacman.conf
pacman-key --init
[ $RPI -eq 1 ] && pacman-key --populate archlinuxarm && echo 'Server = http://mirror.archlinuxarm.org/$arch/$repo' > /etc/pacman.d/mirrorlist
[ $RPI -eq 0 ] && pacman-key --populate archlinux
pacman -Syyu
pacman -S checkbashisms gcc go make patch pkg-config python python-pip
pacman -S asciiquarium cmatrix hollywood tty-solitaire
pacman -S abduco curl fzf git man nano ncdu progress rsync sudo tor unzip weechat which yank
pacman -S bandwhich exa glow gping gpm
pacman -S alsa-utils alsa-lib alsa-firmware libpulse pulseaudio cmus id3v2 mps-youtube python-eyed3 youtube-dl # TODO: check these
pacman -S dmenu dunst firefox scrot unclutter xclip
pacman -S acpi xorg-xbacklight xorg-xinit xorg-xrandr xorg-server xorg-xsetroot
pacman -S fakeroot xorg-font-util xorg-mkfontscale xorg-mkfontdir
[ $RPI -eq 1 ] && pacman -S xf86-video-fbdev
[ $RPI -eq 0 ] && pacman -S xf86-video-intel mesa lib32-mesa
#[ $RPI -eq 0 ] && pacman -S nvidia nvidia-utils lib32-nvidia-utils
[ $RPI -eq 1 ] && systemctl start gpm && systemctl enable gpm
}
setup_configs() {
if [ $RPI -eq 1 ]; then
sed -i 's/^console=tty1/console=tty3/' /boot/cmdline.txt && echo "quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_level=3 logo.nologo consoleblank=0" >> /boot/cmdline.txt
echo -e "avoid_warnings=1\ndisable_splash=1\ndtparam=act_led_trigger=none\ndtparam=act_led_activelow=on\ndtparam=audio=on" > /boot/config.txt
wget -O /etc/fstab $GIT_URL/etc/fstab
fi
wget -O /etc/issue $GIT_URL/etc/issue
wget -O /etc/sudoers.d/sudoers.lecture $GIT_URL/etc/sudoers.d/sudoers.lecture
echo -e "set boldtext\nset minibar\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE\nln /dev/null ~/.bash_history -sf" >> /etc/profile
echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
echo -e "Defaults lecture = always\nDefaults lecture_file = /etc/sudoers.d/sudoers.lecture\nroot ALL=(ALL) ALL\n%wheel ALL=(ALL) ALL" > /etc/sudoers
echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
mkdir -p /etc/systemd/system/systemd-logind.service.d && echo -e "[Service]\nSupplementaryGroups=proc" > /etc/systemd/system/systemd-logind.service.d/hidepid.conf
[ $RPI -eq 1 ] && echo "FONT=ohsnap6x11r" > /etc/vconsole.conf
}
setup_initial
setup_wifi
setup_pacman
setup_configs

11
archlinux/arm Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# required: dosfstools
set -xev
echo -e "o\nn\np\n1\n\n+100M\nt\nc\nn\np\n2\n\n\nw\n" | fdisk -w always -W always /dev/sda
mkdir boot root
mkfs.vfat /dev/sda1 && mount /dev/sda1 boot
mkfs.ext4 /dev/sda2 && mount /dev/sda2 root
wget -O archlinuxarm.tar.gz http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-armv7-latest.tar.gz
bsdtar -xpf archlinuxarm.tar.gz -C root && sync
mv root/boot/* boot
umount boot root && rm -r archlinuxarm.tar.gz boot root

9
archlinux/fstab Normal file
View File

@ -0,0 +1,9 @@
# NOTE: This fstab file was made for a Raspberry Pi runnning Arch Linux ARM
# <file system> <dir> <type> <options> <dump> <pass>
/dev/mmcblk0p1 /boot vfat ro,noatime,nodev,noexec,nosuid 0 2
/dev/mmcblk0p2 / ext4 rw,noatime,data=ordered,commit=60 0 1
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=proc 0 0
tmpfs /dev/shm tmpfs rw,noatime,nodev,noexec,nosuid 0 0
tmpfs /tmp tmpfs rw,mode=0755,noatime,nodev,nosuid,size=100m 0 0
tmpfs /var/log tmpfs rw,mode=0755,noatime,nodev,noexec,nosuid,size=25m 0 0
tmpfs /run tmpfs rw,mode=0755,noatime,nodev,nosuid,size=25m 0 0

34
archlinux/x86 Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# arch linxu x86 helper - developed by acidvegas (https://git.acid.vegas/archlinux)
MNT="sda"
DEV="wlan0"
lspci -v | grep -A1 -e VGA -e 3D
iwctl --passphrase PASSWORD station $DEV connect SSID
#fdisk # convert mbr to gpt
mkfs.ext4 /dev/${MNT}p2
#mkswap /dev/swap_partition
mkfs.fat -F 32 /dev/${MNT}p1
mount /dev/${MNT}p2 /mnt
mount --mkdir /dev/${MNT}p1 /mnt/boot
#swapon /dev/swap_partition
pacstrap -K /mnt base linux linux-firmware # Microcodes: amd-ucode intel-ucode
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo "wildwest" > /etc/hostname
passwd
bootctl install
systemctl enable systemd-boot-update.service
mkdir -p /etc/pacman.d/hooks
echo -e "[Trigger]\nType = Package\nOperation = Upgrade\nTarget = systemd\n\n[Action]\nDescription = Gracefully upgrading systemd-boot...\nWhen = PostTransaction\nExec = /usr/bin/systemctl restart systemd-boot-update.service" > /etc/pacman.d/hooks/95-systemd-boot.hook
echo -e "title Arch Linux\n\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd /initramfs-linux.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch.conf
echo -e "title Arch Linux (fallback initramfs)\n\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd /initramfs-linux-fallback.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch-fallback.conf
exit
umount -R /mnt

32
bash.bashrc Normal file
View File

@ -0,0 +1,32 @@
[[ $- != *i* ]] && return
shopt -s checkwinsize
export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
# color
alias diff='diff --color=auto'
alias dir='dir --color=auto'
alias egrep='egrep --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias ip='ip -color=auto'
alias ls='ls --color=auto'
alias ncdu='ncdu --color dark -rr'
alias vdir='vdir --color=auto'
# rewrites
alias pip='pip3'
alias python='python3'
alias wget='wget -q --show-progress'
# random
alias ..="cd ../"
alias up="sudo apt-get update && sudo apt-get upgrade && sudo apt autoremove"
if [ $(id -u) == "0" ]; then
export PS1="\e[31m\u@\h\e[0m \e[33m\w \e[0m: "
else
export PS1="\e[38;5;41m\u@\h\e[0m \e[38;5;69m\w \e[0m: "
fi

12
btkb Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
pacman -S bluez bluez-utils
systemctl enable bluetooth && sudo systemctl start bluetooth
sed -i 's/#AutoEnable=false/AutoEnable=true/' /etc/bluetooth/main.conf
bluetoothctl power on # possible bluetoothctl -- <cmd>
bluetoothctl agent KeyboardOnly
bluetoothctl pairable on
bluetoothctl scan on
bluetoothctl pair CC:C5:0A:20:91:5B
bluetoothctl trust CC:C5:0A:20:91:5B
bluetoothctl connect CC:C5:0A:20:91:5B
bluetoothctl scan off

View File

@ -12,21 +12,23 @@ nodes = {
'Miami' : '48' 'Miami' : '48'
} }
for node in nodes: while True:
data = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode() for node in nodes:
packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U) data = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode()
print(f'Servers in \033[34m{node}\033[0m:') packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U)
for server in packages: print(f'Servers in \033[34m{node}\033[0m:')
name = server.split('</h3>')[0].ljust(18) for server in packages:
price = server.split('</span>')[1].split('<span ')[0].ljust(10) name = server.split('</h3>')[0].ljust(18)
features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0] price = server.split('</span>')[1].split('<span ')[0].ljust(10)
for item in ('<li>','</li>','<b>','</b>'): features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0]
features = features.replace(item,'') for item in ('<li>','</li>','<b>','</b>'):
features = features.ljust(39) features = features.replace(item,'')
stock = server.split()[-1] features = features.ljust(39)
if stock == '0': stock = server.split()[-1]
stock = f'\033[31m{stock}\033[0m' if stock == '0':
else: stock = f'\033[31m{stock}\033[0m'
stock = f'\033[32m{stock}\033[0m' else:
print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}') stock = f'\033[32m{stock}\033[0m'
print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
time.sleep(300)

View File

@ -102,4 +102,4 @@ confusable = {
} }
for i in range(30): for i in range(30):
print(confuse('IRC.SUPERNETS.ORG #SUPERBOWL GET FUCKED')) print(confuse('facebook'))

View File

@ -1,27 +1,13 @@
#!/bin/sh #!/bin/sh
interface=eth0 while true; do
dumpdir=/tmp/ pkt_old=$(grep eth0: /proc/net/dev | cut -d ':' -f2 | awk '{ print $2 }')
email="admin@domain.tld"
subject="DDoS Notification: `hostname`"
sender="admin@domain.tld"
while /bin/true; do
pkt_old=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
sleep 1 sleep 1
pkt_new=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'` pkt_new=$(grep eth0: /proc/net/dev | cut -d ':' -f2 | awk '{ print $2 }')
pkt=$(( $pkt_new-$pkt_old )) pkt=$(( $pkt_new - $pkt_old ))
echo -ne "\r$pkt packets/s\033[0K" echo -ne "\r$pkt packets/s\033[0K"
if [ $pkt -gt 5000 ]; then if [ $pkt -gt 5000 ]; then
filename=$dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap echo "\nDDoS detected"
tcpdump -n -s0 -c 2000 > $filename tcpdump -n -s0 -c 5000 -w /home/acidvegas/dumps/dump.$(date +"%Y%m%d-%H%M%S").cap
echo "`date` Packets dumped, sleeping now."
sleep 1
data=`cat $filename`
sendmail -F $sender -it <<END_MESSAGE
To: $email
Subject: $subject
`cat $filename`
END_MESSAGE
echo "sendmail complete"
sleep 300 sleep 300
fi fi
done done

110
docs/elkstack.md Normal file
View File

@ -0,0 +1,110 @@
# ELK Stack
> Elasticsearch, Logstash, & Kibana
This is just a little write-up on my research in deploying the ELK stack.
## Prerequisites
```shell
sudo apt-get install -y gpg apt-transport-https`
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update && sudo apt-get install elasticsearch kibana logstash
sudo certbot certonly --standalone --preferred-challenges http -d elastic.domain.org
```
## Setup Elasticsearch
* Copy your certificates to `/etc/elasticsearch/certs`:
```shell
mkdir -p /etc/elasticsearch/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/elasticsearch/certs/fullchain.pem
sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem /etc/elasticsearch/certs/privkey.pem
sudo chmod -R 777 /etc/elasticsearch/certs/
```
* Edit your `/etc/elasticsearch/elasticsearch.yml` and change the follow options:
```yaml
cluster.name: BeeHive
node.name: gibson
network.host: 0.0.0.0
bootstrap.memory_lock: true
xpack.security.audit.enabled: true
xpack.security.http.ssl:
enabled: true
key: /etc/elasticsearch/ssl/privkey.pem
certificate: /etc/elasticsearch/ssl/fullchain.pem
```
* System changes:
```shell
sudo su
ulimit -n 65535
ulimit -u 4096
echo "elasticsearch - nofile 65535" > /etc/security/limits.conf
mkdir -p /etc/systemd/system/elasticsearch.service.d/
echo "[Service]\nLimitMEMLOCK=infinity" > /etc/systemd/system/elasticsearch.service.d/override.conf
sudo swapoff -a
sudo sysctl -w vm.swappiness=1 # Add these
sudo sysctl -w vm.max_map_count=262144 # to /etc/systctl.conf
sudo sysctl -w net.ipv4.tcp_retries2=5 #
```
* Set the password for Kibana:
`./usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system`
`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token --scope kibana # Save this for when we access Kibana the first time`
`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node # enrollment token for a new node`
## Setup Kibana
* Copy your certificates to `/etc/kibana/certs`:
```shell
mkdir -p /etc/kibana/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/kibana/certs/fullchain.pem
sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem /etc/kibana/certs/privkey.pem
```
* Edit your `/etc/kibana/kibana.yml` and change the follow options:
```yaml
server.host: "0.0.0.0"
server.publicBaseUrl: "https://elastic.domain.org"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/fullchain.pem
server.ssl.key: /etc/kibana/certs/privkey.pem
elasticsearch.hosts: ["https://elastic.domain.org:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "changeme" # Use the password from the reset command we did earlier
```
## Setup Logstash
* Copy your certificates to `/etc/logstash/certs`:
```shell
mkdir -p /etc/logstash/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/logstash/certs/cacert.pem
```
* Edit your `/etc/logstash/logstash.yml` and change the follow options:
```yaml
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["https://elastic.domain.org:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "changeme"
cacert => "/etc/logstash/cacert.pem"
}
}
```
* `logstash-plugin install logstash-input-irc`
## Start the ELK stack:
```shell
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
sudo systemctl enable kibana.service && sudo systemctl start kibana.service
sudo systemctl enable logstash.service && sudo systemctl start logstash.service
```

View File

@ -1,44 +0,0 @@
#!/usr/bin/env python
import ipaddress
donotscan = {
'0.0.0.0/8', # "This" network
'10.0.0.0/8', # Private networks
'100.64.0.0/10', # Carrier-grade NAT - RFC 6598
'127.0.0.0/8', # Host loopback
'169.254.0.0/16', # Link local
'172.16.0.0/12', # Private networks
'192.0.0.0/24', # IETF Protocol Assignments
'192.0.0.0/29', # DS-Lite
'192.0.0.170/32', # NAT64
'192.0.0.171/32', # DNS64
'192.0.2.0/24', # Documentation (TEST-NET-1)
'192.88.99.0/24', # 6to4 Relay Anycast
'192.168.0.0/16', # Private networks
'198.18.0.0/15', # Benchmarking
'198.51.100.0/24', # Documentation (TEST-NET-2)
'203.0.113.0/24', # Documentation (TEST-NET-3)
'240.0.0.0/4', # Reserved
'255.255.255.255/32', # Limited Broadcast
'6.0.0.0/8', # Army Information Systems Center
'7.0.0.0/8', # DoD Network Information Center
'11.0.0.0/8', # DoD Intel Information Systems
'21.0.0.0/8', # DDN-RVN
'22.0.0.0/8', # Defense Information Systems Agency
'26.0.0.0/8', # Defense Information Systems Agency
'28.0.0.0/8', # DSI-North
'29.0.0.0/8', # Defense Information Systems Agency
'30.0.0.0/8', # Defense Information Systems Agency
'33.0.0.0/8', # DLA Systems Automation Center
'55.0.0.0/8', # DoD Network Information Center
'205.0.0.0/8', # US-DOD
'214.0.0.0/8', # US-DOD
'215.0.0.0/8' # US-DOD
}
total = ipaddress.IPv4Network('0.0.0.0/0').num_addresses
print(f'Total IPv4 Addresses : {total:,}')
for i in donotscan:
total -= ipaddress.IPv4Network(i).num_addresses
print(f'Total After Clean : {total:,}')

45
iptables.sh Normal file
View File

@ -0,0 +1,45 @@
### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
### 5: Block spoofed packets ###
/sbin/iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
### 6: Drop ICMP (you usually don't need this protocol) ###
/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
### 7: Drop fragments in all chains ###
/sbin/iptables -t mangle -A PREROUTING -f -j DROP
### 8: Limit connections per source IP ###
/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
### 9: Limit RST packets ###
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
### 10: Limit new TCP connections per second per source IP ###
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP

View File

@ -7,25 +7,25 @@ import os
log_file=True # Set to False for console logging only log_file=True # Set to False for console logging only
# Set up logging # Set up logging
sh = logging.StreamHandler() def setup_logger():
sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p')) sh = logging.StreamHandler()
if log_file: sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p'))
if not os.path.exists('logs'): if log_file:
os.makedirs('logs') if not os.path.exists('logs'):
fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8') os.makedirs('logs')
fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p')) fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8')
logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh)) fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p'))
del fh logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh))
else: del fh
logging.basicConfig(level=logging.NOTSET, handlers=(sh,)) else:
finally: logging.basicConfig(level=logging.NOTSET, handlers=(sh,))
del sh del sh
# Logging examples # Logging examples
setup_logger()
logging.debug('This message should go to the log file') logging.debug('This message should go to the log file')
logging.info('So should this') logging.info('So should this')
logging.critical('ok') logging.critical('ok')
logging.warning('And this, too') logging.warning('And this, too')
logging.error('And non-ASCII stuff, too, like Øresund and Malmö') logging.error('And non-ASCII stuff, too, like Øresund and Malmö')
logging.shutdown()
logging.shutdown()

5
logs/debug.log Normal file
View File

@ -0,0 +1,5 @@
2023-07-23 12:57 AM | DEBUG | logga.py.<module>.26 | This message should go to the log file
2023-07-23 12:57 AM | INFO | logga.py.<module>.27 | So should this
2023-07-23 12:57 AM | CRITICAL | logga.py.<module>.28 | ok
2023-07-23 12:57 AM | WARNING | logga.py.<module>.29 | And this, too
2023-07-23 12:57 AM | ERROR | logga.py.<module>.30 | And non-ASCII stuff, too, like Øresund and Malmö

View File

@ -1,62 +0,0 @@
#!/bin/env bash
# Author: perp
# Description: Scrape free proxies
URLS=(
# SOCKS5
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks5&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=socks5"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks5.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks5.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks5.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks5.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks5.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks5.txt"
# SOCKS4
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks4&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=socks4"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks4.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks4.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks4.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks4.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks4.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks4.txt"
# HTTP
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=http&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=http"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/http.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-http.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/http.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/http.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/http.txt"
# HTTPS
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=https&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=https"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-https.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/https.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/https.txt"
# MIXED
"https://raw.githubusercontent.com/sunny9577/proxy-scraper/master/proxies.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/http.txt"
)
# Remove proxies file
rm -f -- proxies.txt
# Go through each URL
for URL in "${URLS[@]}";
do
# Curl & append to file
echo "Downloading from $URL"
curl -s $URL >> proxies.txt &
done
wait
# Sort the uniques
sort -u -o proxies.txt proxies.txt
echo "Finished downloading proxies"

View File

@ -1,27 +0,0 @@
# stagit
> static git page generator
## Information
This is basically a pure shell script clone of [stagit](https://git.2f30.org/stagit/).
It is meant to be hosted on [Github](https://github.com) using [Github Pages](https://pages.github.com) with a [Custom Domain](https://help.github.com/en/articles/using-a-custom-domain-with-github-pages).
It also has support for hosting on [Gitlab](https://gitlab.com) using [Gitlab Pages](https://docs.gitlab.com/ee/user/project/pages/) with a [Custom Domain](https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/)
## Settings
| Setting | Default | Description |
| ---------------- | -------------- | ------------------------------------------------------------------ |
| CLONE_URL | remote | base url for cloning repositories *(remote = remote.origin.url)* |
| CNAME | empty | create a CNAME file with a custom domain *(empty = do not create)* |
| MAX_COMMITS | 100 | maximum number of commits to show (0 = all) |
| MAX_COMMIT_MSG | 100 | maximum characters in a commit message to display *(0 = all)* |
| MAX_COMMIT_LINES | 999 | maximum number of lines to show in a commit *(0 = all)* |
| REPO_DIR | $HOME/git | directory containing repositories |
| TITLE | "Repositories" | title used on homepage |
| WWW_DIR | $HOME/www | directory to output to |
If the `CLONE_URL` was set to `https://github.com/acidvegas/` for example, then it will display as `git clone https://github.com/acidvegas/REPO_NAME.git` on all repository indexes, otherwise if you leave it as `remote` it will just parse the remote url *(`git config --get remote.origin.url`)* for that repository. For those using the `remote` option, remote urls from Github/Gitlab that use SSH will be converted to an HTTPS url. This applies to Github/Gitlab remote urls only, so if you cloned your repositories with SSH, then people may not be able to clone your repositories!
The `CNAME` option is optional if you are planning on using a custom domain with Github pages. See [here](https://help.github.com/en/articles/troubleshooting-custom-domains#github-repository-setup-errors) for more information.
Lastly, stagit will ignore the `$REPO_DIR/mirrors` directory by default. To make stagit include this directory, remove `-path $REPO_DIR/mirrors -prune` from the `find` command in the source.

36
termux Executable file
View File

@ -0,0 +1,36 @@
#!bin/sh
# termux helper - developed by acidvegas (https://git.acid.vegas/archlinux)
set -xev
passwd
termux-setup-storage
pkg upgrade
pkg install abduco cmatrix gcc git exa make man nano ncdu oath-toolkit openssh python python-pip rsync tor wget
wget https://github.com/64BitAsura/ohsnap-ttf/raw/master/ohsnap6x11r.icons.ttf /data/data/com.termux/files/home/.termux/font.ttf
termux-reload-settings
echo "\nE N T E R T H E V O I D\n\n" > $PREFIX/etc/motd
echo "set boldtext\nset minibar\nnset nohelp\net nonewlines\nset nowrap\nset quickblank\nset tabsize 4\ninclude \"/usr/share/nano/*.nanorc\"" > $PREFIX/etc/nanorc
{
echo "export LC_CTYPE=en_US.UTF-8"
echo "export LC_ALL=en_US.UTF-8"
echo "export GPG_TTY=$(tty)"
echo "# colors"
echo "alias diff='diff --color=auto'"
echo "alias grep='grep --color=auto'"
echo "alias ip='ip -color=auto'"
echo "alias ls='ls --color=auto'"
echo "# rewrites"
echo "alias exa='exa -aghl --git'"
echo "alias ssh-add='ssh-add -t 1h'"
echo "alias su='su -l'"
echo "# random"
echo "alias ..='cd ../'"
echo "alias busy=\"cat /dev/urandom | hexdump -C | grep 'ca fe'\""
echo "alias musync=\"rsync -vcahz --delete-before pi:music/ $HOME/storage/music\""
echo "alias updatemux=\"pkg update && pkg clean\""
echo "export PS1=\"\e[38;5;237m\T\e[0m \e[38;5;69m\w \e[0m: \""
} > ~/.bashrc
echo "shortcut.create-session=ctrl + t\n\nshortcut.next-session=ctrl + 2\nshortcut.previous-session=ctrl + 1\nshortcut.rename-session=ctrl + n\nbell-character=ignore" > $HOME/.termux/termux.properties

18
vps Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
apt-get update && apt-get upgrade
echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
localectl set-locale LANG=en_US.UTF-8
echo -e "set boldtext\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE" >> /etc/profile
echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
apt-get install cmake curl firehol gcc git htop make nano ncdu python3 python-pip screen sudo tor tmate
apt-get install build-essential pkg-config gdb libssl-dev libpcre2-dev libargon2-0-dev libsodium-dev libc-ares-dev libcurl4-openssl-dev
useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas sudo && passwd acidvegas
mkdir $HOME/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/fz4INjgCmSZOUiE9HL3+YRalyF/ptk1+qybcBCwUp" > $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh && chown -R acidvegas $HOME/.ssh && chmod 400 $HOME/.ssh/authorized_keys
mkdir $HOME/build
mkdir $HOME/.scripts && wget -O $HOME/.scipts/ddosmonit https://github.com/acidvegas/random/blob/master/ddosmonit && screen -S ddosmonit sudo ./.scripts/ddosmonit