Wireguard with GUI features are:
To set up Wireguard server run docker-compose.yaml:
version: "3.8"
services:
wg-easy:
environment:
# ⚠ Required:
# Change this to your host's public address
- WG_HOST=raspberrypi.local
# Optional:
# - PASSWORD=foobar123
# - WG_PORT=51820
# - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1
# - WG_MTU=1420
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
Source: https://github.com/gregorgodler/wireguard-with-gui, https://github.com/WeeJeWel/wg-easy
]]>
Features:
docker-compose.yml file:
version: "2"
services:
lenpaste:
image: git.lcomrade.su/root/lenpaste:latest
container_name: pastebin
restart: always
environment:
# All parameters are optional
#
# HTTP server
- LENPASTE_ADDRESS=:80 # ADDRES:PORT for HTTP server.
#
# Database settings
- LENPASTE_DB_DRIVER=sqlite3 # Currently supported drivers: 'sqlite3' and 'postgres'.
- LENPASTE_DB_SOURCE=/data/lenpaste.db # DB source.
- LENPASTE_DB_MAX_OPEN_CONNS=25 # Maximum number of connections to the database.
- LENPASTE_DB_MAX_IDLE_CONNS=5 # Maximum number of idle connections to the database.
- LENPASTE_DB_CLEANUP_PERIOD=3h # Interval at which the DB is cleared of expired but not yet deleted pastes.
#
# Search engines
- LENPASTE_ROBOTS_DISALLOW=true # Prohibits search engine crawlers from indexing site using robots.txt file.
#
# Storage limits
- LENPASTE_TITLE_MAX_LENGTH=100 # Maximum length of the paste title. If 0 disable title, if -1 disable length limit.
- LENPASTE_BODY_MAX_LENGTH=20000 # Maximum length of the paste body. If -1 disable length limit. Can't be -1.
- LENPASTE_MAX_PASTE_LIFETIME=unlimited # Maximum lifetime of the paste. Examples: 10m, 1h 30m, 12h, 7w, 30d, 365d.
#
# Rate limits
- LENPASTE_GET_PASTES_PER_5MIN=50 # Maximum number of pastes that can be VIEWED in 5 minutes from one IP. If 0 disable rate-limit.
- LENPASTE_GET_PASTES_PER_15MIN=100 # Maximum number of pastes that can be VIEWED in 15 minutes from one IP. If 0 disable rate-limit.
- LENPASTE_GET_PASTES_PER_1HOUR=500 # Maximum number of pastes that can be VIEWED in 1 hour from one IP. If 0 disable rate-limit.
- LENPASTE_NEW_PASTES_PER_5MIN=15 # Maximum number of pastes that can be CREATED in 5 minutes from one IP. If 0 disable rate-limit.
- LENPASTE_NEW_PASTES_PER_15MIN=30 # Maximum number of pastes that can be CREATED in 15 minutes from one IP. If 0 disable rate-limit.
- LENPASTE_NEW_PASTES_PER_1HOUR=40 # Maximum number of pastes that can be CREATED in 1 hour from one IP. If 0 disable rate-limit.
#
# Information about server admin
- LENPASTE_ADMIN_NAME= # Name of the administrator of this server.
- LENPASTE_ADMIN_MAIL= # Email of the administrator of this server.
#
# WEB interface settings
- LENPASTE_UI_DEFAULT_LIFETIME= # Lifetime of paste will be set by default in WEB interface. Examples: 10min, 1h, 1d, 2w, 6mon, 1y.
- LENPASTE_UI_DEFAULT_THEME=dark # Sets the default theme for the WEB interface. Examples: dark, light.
volumes:
# /data/lenpaste.db - SQLite DB if used.
# /data/about - About this server (TXT file).
# /data/rules - This server rules (TXT file).
# /data/terms - This server "terms of use" (TXT file).
# /data/themes/* - External WEB interface themes.
# /data/lenpasswd - If this file exists, the server will ask for auth to create new pastes.
# File format: USER:PLAIN_PASSWORD on each line.
- "./data:/data"
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
ports:
- "9091:80"
Source: https://github.com/gregorgodler/pastebin, https://git.lcomrade.su/root/lenpaste
Features:
docker-compose.yml file:
version: '3.3'
services:
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: uptime-kuma
volumes:
- ./data:/app/data
ports:
- 9087:3001 # <Host Port>:<Container Port>
restart: always
Source: https://github.com/gregorgodler/uptime-monitor, https://hub.docker.com/r/louislam/uptime-kuma
This is a very lightweight Speedtest implemented in Javascript, using XMLHttpRequest and Web Workers. All modern browsers are supported: IE11, the latest Edge, the latest Chrome, the latest Firefox and the latest Safari. Works with mobile versions too.
Features:
docker-compose.yml file:
services:
speedtest:
image: adolfintel/speedtest
restart: always
container_name: speedtest
ports:
- "9086:80"
Source: https://github.com/gregorgodler/speedtest, https://hub.docker.com/r/adolfintel/speedtest
Portainer consists of a single container that can run on any cluster. It can be deployed as a Linux container or a Windows native container.
docker-compose.yml file:
version: "3"
services:
portainer:
image: portainer/portainer-ce:latest
ports:
- 9443:9443
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
Source: https://github.com/gregorgodler/portainer, https://hub.docker.com/r/portainer/portainer-ce
]]>You can use my docker-compose file or check at https://hub.docker.com/_/nginx. Before deploying grab nginx.conf file with nginx settings.
docker-compose.yml file:
version: '3'
services:
server:
container_name: nginx-static-webserver
image: nginx
restart: always
ports:
- 9085:80
volumes:
- ./data:/srv
- ./nginx.conf:/etc/nginx/conf.d/default.conf
nginx.conf file:
server{
listen 80;
server_name _;
location / {
root /srv;
# Activate the next line if you want to list files
# autoindex on;
}
}
Source: https://hub.docker.com/_/nginx, https://github.com/gregorgodler/nginx-static-webserver
]]>
You can use my docker-compose file to set up WordPress with PHP 7.4., MySQL server and PHPMyAdmin. Before deploying grab the .env file with database parameters.
docker-compose.yml file:
version: '3.3'
services:
db:
image: mysql:latest
volumes:
- ./wordpress.sql:/docker-entrypoint-initdb.d/init.sql # prepopulate database
- db_data:/var/lib/mysql # persist database data inside docker storage
restart: "no"
env_file:
- .env
environment:
DOCKER_COMPOSE_YML_LOCATION: ${PWD}
container_name: mysql_db
phpmyadmin:
image: phpmyadmin/phpmyadmin
restart: "no"
ports:
- "9083:80"
environment:
PMA_HOST: db
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
DOCKER_COMPOSE_YML_LOCATION: ${PWD}
container_name: mysql_phpmyadmin
wordpress:
depends_on:
- db
image: wordpress:php7.4
ports:
- "9084:80"
restart: "no"
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: ${MYSQL_USER}
WORDPRESS_DB_PASSWORD: ${MYSQL_PASSWORD}
WORDPRESS_DB_NAME: ${MYSQL_DATABASE}
DOCKER_COMPOSE_YML_LOCATION: ${PWD}
volumes:
- ./html:/var/www/html
container_name: wordpress
volumes:
db_data: {}
.env file:
MYSQL_ROOT_PASSWORD=DEFINE_MYSQL_ROOT_PASSWORD
MYSQL_DATABASE=DEFINE_MYSQL_DATABASE_NAME
MYSQL_USER=DEFINE_MYSQL_DATABASE_USER
MYSQL_PASSWORD=DEFINE_MYSQL_USER_PASSWORD
Source: https://github.com/gregorgodler/wordpress, https://hub.docker.com/_/mysql, https://hub.docker.com/_/wordpress, https://hub.docker.com/r/phpmyadmin/phpmyadmin
Functionality:
docker-compose.yml file:
version: '2.1' services: flame: image: pawelmalak/flame:latest container_name: flame volumes: - ./data:/app/data - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration feature ports: - 9089:5005 environment: - PASSWORD=DEFINE_YOUR_PASSWORD restart: unless-stopped
Source: https://hub.docker.com/r/pawelmalak/flame, https://github.com/gregorgodler/flame
]]>
First install python, pip, ffmpeg and git:
apt install python python-pip ffmpeg git
Next step is to install youtube_dl:
sudo pip install --upgrade youtube_dl
Lets get python script from git:
git clone https://gist.github.com/benzap/90ff22790bc0a9c6fd2902e91da4baef
This is source code:
[php]
# Requires: youtube_dl module
# Requires: ffmpeg
# Usage:
#
# python youtube2mp3.py <URL>, …
#
# Example:
#
# python youtube2mp3.py https://www.youtube.com/watch?v=dQw4w9WgXcQ
import youtube_dl
import sys
ydl_opts = {
‘format’: ‘bestaudio/best’,
‘postprocessors’: [{
‘key’: ‘FFmpegExtractAudio’,
‘preferredcodec’: ‘mp3’,
‘preferredquality’: ‘192’,
}],
}
if __name__ == “__main__”:
with youtube_dl.YoutubeDL(ydl_opts) as ydl:
filenames = sys.argv[1:]
ydl.download(filenames)
[/php]
Move script from folder 90ff22790bc0a9c6fd2902e91da4baef:
mv 90ff22790bc0a9c6fd2902e91da4baef/youtube2mp3.py .
Now we are ready to fetch mp3:
python youtube2mp3.py https://www.youtube.com/watch?v=PAzZ0jo9MdI
This is my example:
]]>
hamster@wheel:~/Scripts/youtube$ python youtube2mp3.py https://www.youtube.com/watch?v=PAzZ0jo9MdI
[youtube] PAzZ0jo9MdI: Downloading webpage
[youtube] PAzZ0jo9MdI: Downloading video info webpage
[youtube] PAzZ0jo9MdI: Extracting video information
WARNING: "id" field is not a string - forcing string conversion, there is an error in extractor
[download] Destination: Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.webm
[download] 100% of 65.34MiB in 00:01
[ffmpeg] Destination: Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.mp3
Deleting original file Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.webm (pass -k to keep)
python /root/scripts/temperature_logger.py
Python script temperature_logge.py has some more lines:
[php]import os.path
import datetime
import time
from temperusb import TemperHandler
#Set up the temerusb module to read the temperature
th = TemperHandler()
devs = th.get_devices()
format = "%Y-%m-%d %H:%M:%S"
today = datetime.datetime.today()
s = today.strftime(format)
while True:
try:
#If the file is new, we’ll write a header row
header_row = None
if os.path.isfile(‘/root/scripts/temperature_log.csv’) == False:
header_row = ‘datetime,temperature_c\n’
#The temperatures will be logged to this file
f = open(‘/root/scripts/temperature_log.csv’, ‘a’)
#Write the header row if needed
if header_row:
f.write(header_row)
#Write the datetime and temperature
f.write(str(datetime.datetime.now()) + ‘ , ‘ + str(devs[0].get_temperatures()[0][‘temperature_c’]) + ‘\n’)
#Close the file until next time…
f.close()
print s, " – " + str(devs[0].get_temperatures()[0][‘temperature_c’])
#Badly handle any exceptions…
except Exception as e:
print "An error occured…" + str(e)
pass
break
[/php]
This script was running every 10 minutes from July 2016 to the last day of December. Some statistical data about temperature in my cabinet. Average temperature was 21,33 degree, the hottest was on July 22 at 6 PM, it was 31,75 degree. The coldest was in the last day of year 2016 from 9:20 to 11:00, it was only 11,625 degree. Script produced 24.869 lines, that is why I decided to run it only once an hour.
Whole solution was found on web page: http://stuffbabiesneed.com/at-night/raspberry-pi-temperature-logger-raspberry-pi-baby-monitor-part-2/
]]>The server detected a new device (dmesg):
[421796.525432] input: RDing TEMPerV1.4 as /devices/pci0000:00/0000:00:12.0/usb4/4-5/4-5:1.0/0003:0C45:7401.0005/input/input5
First update and install next packages:
apt update
apt install python-usb python-setuptools git screen
Next download and unpack the temper-python package from Github:
wget https://github.com/padelt/temper-python/archive/master.zip
unzip master.zip
Just in case I downloaded the package to my server. Continue with installing the Python module:
cd temper-python-master
sudo python setup.py install
When we are done we can read the temperature from a module:
sudo temper-poll
I get these results:
Found 1 devices
Device #0: 22.6°C 72.6°F
But I plan to read the temperature and save the output in some files, so I can see what was the temperature in the past. Continue in part 2.
]]>
git clone https://github.com/gkbrk/slowloris.git
cd slowloris
python3 slowloris.py example.com
For my blog I’m using CloudFlare DNS, so my IP is hidden behind their DNS servers. But if you know victims IP address or domain is resolving IP address, then you can have fun. But be aware, making this attacks is illegal!
So my web server is victim and my home server it attacker. Victim runs web server Apache 2.4.18 on Ubuntu 16.04. I started slowloris script to attack my web server:
Web server started in a minute processing new threads and web page was down.
This “slow” attack can be prevented using other web servers (during writing this post I found python script to attack NGINX web server) or using providers who protects you from DDOS. Guy at funtoo suggested to use load balancer or block connections with iptables.
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 100 -j DROP
I tried to block Slow Loris attack with iptables, but in the end the web server still had a lot of threads and page was down. Googling about Slow Loris prevention, I found page Bed Against The Wall and writer recommends using mod_antiloris and mod_limitipconn for apache and fail2ban. This will follow in the next step.
]]>Using the numeric in the first sort will give you the desired result:
cat access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20
15 212.XXX.XXX.XXX
2 198.XXX.XXX.XXX
1 216.XXX.XXX.XXX
1 139.XXX.XXX.XXX
10 51.XXX.XXX.XXX
2 37.XXX.XXX.XXX
1 76.XXX.XXX.XXX
1 74.XXX.XXX.XXX
1 51.XXX.XXX.XXX
But sort -n didn’t work, so I added some non numeric character between the counter and the IP address
cat access.log | awk '{ print $1 } ' | sort | uniq -c | sed -r 's/^[ \t]*([0-9]+) (.*)$/\1 --- \2/' | sort -rn
]]>
15 --- 212.XXX.XXX.XXX
10 --- 51.XXX.XXX.XXX
2 --- 37.XXX.XXX.XXX
2 --- 198.XXX.XXX.XXX
1 --- 76.XXX.XXX.XXX
1 --- 74.XXX.XXX.XXX
1 --- 51.XXX.XXX.XXX
1 --- 216.XXX.XXX.XXX
1 --- 139.XXX.XXX.XXX