From 4f7b8491d83e1f9b967eace8b1ecd3665434e611 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Sun, 21 May 2023 17:35:15 +0200 Subject: [PATCH] Adde snippits --- Linux/BashRC | 121 ++++++++++++++++++++++++++++++++ Linux/Lag_Selectord.sh | 54 ++++++++++++++ Linux/PasswordQuest.sh | 72 +++++++++++++++++++ Linux/SetupDkimPostfix.md | 92 ++++++++++++++++++++++++ Linux/sftpSpliting.sh | 43 ++++++++++++ Windows/CreateScheduledTask.ps1 | 14 ++++ Windows/Img-Choco-PGS.list | 1 + 7 files changed, 397 insertions(+) create mode 100644 Linux/BashRC create mode 100644 Linux/Lag_Selectord.sh create mode 100644 Linux/PasswordQuest.sh create mode 100644 Linux/SetupDkimPostfix.md create mode 100644 Linux/sftpSpliting.sh create mode 100644 Windows/CreateScheduledTask.ps1 create mode 100644 Windows/Img-Choco-PGS.list diff --git a/Linux/BashRC b/Linux/BashRC new file mode 100644 index 0000000..a8dd412 --- /dev/null +++ b/Linux/BashRC @@ -0,0 +1,121 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +CUSTOMUSER= +CUSTOMHOST= + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1000 +HISTFILESIZE=2000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]$CUSTOMUSER@$CUSTOMHOST\[\033[00m\]:\[\033[01;34m\]\W\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}$CUSTOMUSER@$CUSTOMHOST:\W\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}$CUSTOMUSER@$CUSTOMHOST: \W\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +# some more ls aliases +alias ll='ls -alF' +alias la='ls -A' +alias l='ls -CF' + +# Add an "alert" alias for long running commands. Use like so: +# sleep 10; alert +alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +export HISTTIMEFORMAT="%d/%m/%y %T " diff --git a/Linux/Lag_Selectord.sh b/Linux/Lag_Selectord.sh new file mode 100644 index 0000000..0897ab0 --- /dev/null +++ b/Linux/Lag_Selectord.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Purpose: Demonstrate usage of select and case with toggleable flags to indicate choices +# 2013-05-10 - Dennis Williamson + +choice () { + local choice=$1 + if [[ ${opts[choice]} ]] # toggle + then + opts[choice]= + else + opts[choice]=+ + fi +} + +PS3='Please enter your choice: ' +while : +do + clear + options=("Option 1 ${opts[1]}" "Option 2 ${opts[2]}" "Option 3 ${opts[3]}" "Done") + select opt in "${options[@]}" + do + case $opt in + "Option 1 ${opts[1]}") + choice 1 + break + ;; + "Option 2 ${opts[2]}") + choice 2 + break + ;; + "Option 3 ${opts[3]}") + choice 3 + break + ;; + "Option 4 ${opts[4]}") + choice 4 + break + ;; + "Done") + break 2 + ;; + *) printf '%s\n' 'invalid option';; + esac + done +done + +printf '%s\n' 'Options chosen:' +for opt in "${!opts[@]}" +do + if [[ ${opts[opt]} ]] + then + printf '%s\n' "Option $opt" + fi +done diff --git a/Linux/PasswordQuest.sh b/Linux/PasswordQuest.sh new file mode 100644 index 0000000..13ea8d5 --- /dev/null +++ b/Linux/PasswordQuest.sh @@ -0,0 +1,72 @@ +function PasswordQuest { +passdiaone=$(whiptail --nocancel --passwordbox "Please enter your password (Requires 8 chars, uper & lower case, special and numerical)" 11 91 --title "Config" 3>&1 1>&2 2>&3) +if [ -z $passdiaone ]; then PasswordQuest; fi +if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then + PasswordCheck +else + whiptail --ok-button Done --msgbox " Password is invalid!" 10 30 + unset passdiaone + PasswordQuest +fi +} + +function PasswordCheck { +#Checking password +passdiatwo=$(whiptail --nocancel --passwordbox " Please re-enter your password" 11 82 --title "Config" 3>&1 1>&2 2>&3) +if [ -z $passdiatwo ]; then + PasswordCheck + else + if [ $passdiaone != $passdiatwo ]; then + whiptail --ok-button Done --msgbox " Password does not match!" 10 30 + PasswordQuest + else + echo "Pass okay" + password="$passdiaone" + unset passdiaone passdiatwo + fi +fi +} + + + +function LegacyPasswordQuest { +echo "Enter password (Requires: 8 chars, 1 capital and 1 num)" +read -s passdiaone +if [ -z $passdiaone ]; then LegacyPasswordQuest; fi +if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then + LegacyPasswordCheck +else + echo " Password is invalid!" + unset passdiaone + LegacyPasswordQuest +fi +} + +function LegacyPasswordCheck { +#Checking password +echo "Please re-enter your password" +read -s passdiatwo +if [ -z $passdiatwo ]; then + LegacyPasswordCheck +else + if [ $passdiaone != $passdiatwo ]; then + echo "Password does not match!" + LegacyPasswordQuest + else + echo "Pass okay" + password="$passdiaone" + unset passdiaone passdiatwo + fi +fi +} + + +##Uncomment for Legacy +#LegacyPasswordQuest + +##Uncomment for Whiptail +#PasswordQuest + + +#Retrun +echo "$password" \ No newline at end of file diff --git a/Linux/SetupDkimPostfix.md b/Linux/SetupDkimPostfix.md new file mode 100644 index 0000000..8e50bbc --- /dev/null +++ b/Linux/SetupDkimPostfix.md @@ -0,0 +1,92 @@ +# Setup postfix to add DKIM Signature to mails send by system + +## Prerequisites +* Postfix (configured using Web-V2 if possible) + +## Setup +``` +apt install opendkim opendkim-tools -y +adduser postfix opendkim +sudo --user opendkim mkdir /etc/opendkim/keys/ +sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/ -d -s vps +chown opendkim:opendkim /etc/opendkim/keys -R +mkdir /var/spool/postfix/opendkim +sudo chown opendkim:postfix /var/spool/postfix/opendkim +``` + +## Configuration +### File: /etc/default/opendkim REPLACE +Replace existing `RUNDIR` with the following +``` +RUNDIR=/var/spool/postfix/var/run/opendkim +``` +### File:/etc/opendkim.conf +Add the following to the file +``` +Canonicalization relaxed/simple +KeyTable refile:/etc/opendkim/KeyTable +SigningTable refile:/etc/opendkim/SigningTable +ExternalIgnoreList refile:/etc/opendkim/TrustedHosts +InternalHosts refile:/etc/opendkim/TrustedHosts +``` + +### File: /etc/opendkim/TrustedHosts +Add the following to the file +``` +127.0.0.1 +::1 +localhost + + + +``` + +### File: /etc/opendkim/KeyTable +Add the following to the file +``` +vps._domainkey. :vps:/etc/opendkim/keys//vps.private +``` + +### File: /etc/opendkim/SigningTable +Add the following to the file +``` +*@ vps._domainkey. +``` + +### File: /etc/postfix +Add the following to the file +``` +milter_default_action = accept +milter_protocol = 2 +smtpd_milters = unix:/var/run/opendkim/opendkim.sock +non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock +``` + +## Reload and restart services +``` +bash /lib/opendkim/opendkim.service.generate +systemctl daemon-reload +systemctl restart opendkim postfix +``` + +## DNS +### SPF on host name +###SPF on Domain +### Key on Domain +Get public key `cat /etc/opendkim/keys//vps.txt` +Output example: + +``` +#Record Name Record Type +# V V +vps._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P" + "w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" ) ; ----- DKIM key vps for Test.com +``` +Warning: the key is spit in two parts, combine these in to one (as shown below) + +Create a dns record as vps._domainkey with folling content +Example: +``` +v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB; +``` diff --git a/Linux/sftpSpliting.sh b/Linux/sftpSpliting.sh new file mode 100644 index 0000000..29c0dca --- /dev/null +++ b/Linux/sftpSpliting.sh @@ -0,0 +1,43 @@ +### +#Declarring vars for testing +domain=Domain.exp +### + +#Pre-confiuring Env +webname=$(sed -e 's/\.[a-z]*$//' <<< $domain) +webname=$(sed 's/\./-/g' <<< $webname) +apt install bindfs -y + + +#creating SFTP-user +groupadd $webname +useradd $webname -g $webname +mkdir -p /home/$webname/.ssh +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOtJ4ZiLi+SntA3m54oEJjlA8bE73gggkhGjOaVHsLNo6YmKtZlPaxwWiGvoATv4Vm41WWxKbUWbYGHVTe8DusqKpf/JCgB1r/8rQe828qwaEGXWGxta1Ykq+ndDeBLFGhVp0nNdcnND5HIwarEW4zhBDXUMzYw7IBxPYb48tVIobs/yPN6nSWT2G8FX7XDJNifS+ThVLnCHHS3i/uio8b8jz1oT2s6UH09EBwxg99+0yVaSQV2q8CthDZ8rSgz8pAhQ6FwVfUd9c/PQjtbUSQStvKvr3muv5Q8UnzAvKiO83rsM91aDwv0E6kqpB77BrkpfQXOJNDmdqlnsa2AlkL ICTMaatwerk@Key" >> /home/$webname/.ssh/authorized_keys +chown -R $webname:$webname /home/$webname + + +#creating folder and setting mount +mkdir -p /web/$webname/html +chmod 755 /web +chmod 755 /web/$webname +chown $webname:$webname /web/$webname/html +mkdir -p /var/www/$domain +chown www-data:www-data /var/www/$domain +echo "bindfs#/var/www/$domain /web/$webname/html fuse force-user=${webname},force-group=${webname},create-for-user=www-data,create-for-group=www-data,create-with-perms=0770,chgrp-ignore,chown-ignore,chmod-ignore 0 0" >> /etc/fstab + + +#Configuring sshd for SFTP only user +sed -i 's/Subsystem\s*sftp\s*\/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/g' /etc/ssh/sshd_config +cat <> /etc/ssh/sshd_config +#Begin of $webname + Match User $webname + ChrootDirectory /web/$webname + ForceCommand internal-sftp + X11Forwarding no + AllowTcpForwarding no +#End of $webname +EOF +service sshd restart + +mount -a \ No newline at end of file diff --git a/Windows/CreateScheduledTask.ps1 b/Windows/CreateScheduledTask.ps1 new file mode 100644 index 0000000..747d35a --- /dev/null +++ b/Windows/CreateScheduledTask.ps1 @@ -0,0 +1,14 @@ +############################################################### +# @description: # +# Used to create a new ScheduledTask # +# The task will run as System, wil wake up from sleep # +# and will run if system is on bateriess # +# # +# @author: Bram Prieshof # +############################################################### + +$action = New-ScheduledTaskAction -Execute -Argument "" +$trigger = New-ScheduledTaskTrigger -At 18:00 -Daily +$options = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -WakeToRun +$principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest +Register-ScheduledTask -TaskName AutoPowerOff -Trigger $trigger -Action $action -Settings $options -Principal $principal \ No newline at end of file diff --git a/Windows/Img-Choco-PGS.list b/Windows/Img-Choco-PGS.list new file mode 100644 index 0000000..9b3f10e --- /dev/null +++ b/Windows/Img-Choco-PGS.list @@ -0,0 +1 @@ +7zip bulk-crap-uninstaller caesium.install firefox gimp handbrake inkscape libreoffice-fresh notepadplusplus paint.net pdfsam.install pnggauntlet.install vlc vscode.install xnconvert.install choco install googlechrome pswindowsupdate \ No newline at end of file