ok suricata is obvious

https://github.com/stamparm/maltrail
https://github.com/future-architect/vuls
https://suricata.io/

https://arkime.com


can be done as unbound config too…

https://hblock.molinero.dev/


https://onionshare.org/


another dumb idea of mine is a smtp server u put on mx weight 100 and also listens on 53 as a rbl server…ur weight 0 smtp simply has this guy in his main.conf as smtpd restriction or something..

https://www.cowrie.org/


and so i still dunno why postfix dun have built in blackhole address.. i specify a specific email address, u send to it…ill block u…as in. ill add u to a blacklist that none of my users will ever receive mail from again…
its like when u monitor for connections at port 70 n drop their ip…
is this a antivirus?!?!?! i m so lost

Compare our Scanners


https://www.archerysec.com/

https://github.com/bhdresh/Dejavu

doesnt run in 1 go :(

apt-get remove -y docker docker-engine docker.io containerd runc

sleep 3

apt-get install -y curl apt-transport-https ca-certificates curl software-properties-common ; sleep 1 ; curl -O https://download.docker.com/linux/ubuntu/gpg ; sleep 1 ; apt-key add gpg ; sleep 1 ; apt-key fingerprint 0EBFCD88 ; sleep 3

add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu \
xenial \
stable”

sleep 3

apt-get update

apt-get install -y docker-ce docker-ce-cli containerd.io ; sleep 3 ; systemctl start docker ; sleep 1 ; systemctl enable docker ; sleep 3

usermod -aG docker some$user

sleep 1

su – some$user

docker run hello-world

zswap

echo lz4 >> /etc/initramfs-tools/modules
echo lz4_compress >> /etc/initramfs-tools/modules
echo z3fold >> /etc/initramfs-tools/modules


#GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”
GRUB_CMDLINE_LINUX_DEFAULT=”zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=50 zswap.zpool=z3fold”

update-initramfs -u

update-grub

log2ram…

$ echo "deb http://packages.azlux.fr/debian/ buster main" | sudo tee /etc/apt/sources.list.d/azlux.list
$ wget -qO - https://azlux.fr/repo.gpg.key | sudo apt-key add -
$ sudo apt update
$ sudo apt install log2ram

/etc/log2ram.conf

  • SIZE – This parameter defines how much space you want to allocate in the RAM to store log files. The default value is 40M.
  • USE_RSYNC – If you want to synchronize the contents of RAM using rsync program, just set this parameter value as true. By default, Log2ram uses “cp” command to copy contents of tmpfs to disk.
  • MAIL – This parameter is used to notify error messages. You can also disable the error system mail if there is not enough place on RAM. To disable it, simply set its value as false.
  • ZL2R – This parameter enables zram compatibility in your system. It is disabled by default. To enable this option, check this link.

winrm for ansible. remember to open 5985, maybe 5986

a. upgrade powershell to 3.0 or above…

$url = “https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1”

$file = “$env:temp\Upgrade-PowerShell.ps1”

$username = “admin”

$password = “the usual”

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

Version can be 3.0, 4.0 or 5.1

&$file -Version 5.1 -Username $username -Password $password -Verbose

Set-ExecutionPolicy -ExecutionPolicy Restricted -Force

$reg_winlogon_path = “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”

Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0

Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -ErrorAction SilentlyContinue

Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -ErrorAction SilentlyContinue

b. some kind of memory hotfix for ps 3.0

$url = “https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1”

$file = “$env:temp\Install-WMF3Hotfix.ps1”

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

powershell.exe -ExecutionPolicy ByPass -File $file -Verbose

c. actually enable winrm

$url = “https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1”

$file = “$env:temp\ConfigureRemotingForAnsible.ps1”

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

powershell.exe -ExecutionPolicy ByPass -File $file

on aggregate..

  1. when we ask the belgians n dutch to dig islands of sand off cambodia indonesia malaysia why nobody suggest put aussie sand back?
  2. when we tear down an old building its essentially a concrete quarry. man made rock with steel bars inside… do we crush it to aggregate size as new aggregate(n recycle the steel i imagine)? or put inside wire cages n use for sea reclamation? else all that man-made rock go where?
  3. he say something like 40% of concrete is pre cast now. how about use industrial waste water for casting n curing? once my man-made rock forms, the toxic shit is locked inside forever?