This isn’t my picture I found it on reddit.

Disable ADMIN user Before doing this bit you may wish to check that the new user you added works for everything you need it to. Those things might include: ssh to [email protected] Log in on web interface at https://192.168.1.22/ Various ipmitool commands like querying power status:$ ipmitool -I lanplus -H 192.168.1.22 -U somename -a power status Password: Chassis power is on If all of that is okay then you can disable ADMIN:

Add the following to the http in /etc/nginx/nginx.conf. This tells nginx where the actually IP is coming from instead of showing as cloudflare. # CF set real ip set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; # use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; This is the reverse proxy file /etc/nginx/sites-available/plex.

I found these scripts years ago and decided to use them. I might as well share them First the ipset and iptables need to be installed apt install iptables ipset Now we need to create the ipset lists ipset create drop hash:net ipset create allowHTTPS hash:net ipset create allowSSH hash:net ipset create directHTTPS hash:net ipset create google hash:net script to update files and countries. If you go to the ipdeny site you can find which countries you can add.

If using Debian 10 you’ll have to use the github VSL. I just started using it, I will update if there’s issues. HERE’S the link. Now we need to make the module be loaded. mkdir /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem cd root/usr/src/iomemory-vsl-3.2.16 cp iomemory-vsl.ko /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem Now we need to add it to be loaded on bootup nano /etc/modules Paste iomemory_vsl into the /etc/modules file. `` First go to LINK and download the needed items I also have a copy that I downloaded HERE.

As root echo "deb http://ftp.debian.org/debian stretch main contrib" >> /etc/apt/sources.list apt update apt upgrade -y reboot Now we are going to install the linux headers for the current linux version apt install linux-headers-$(uname -r) Now we are going to install zfs itself. This is going to take a while apt install zfs-dkms

I just did this on Debian 9, it might work on older versions and more than likely Ubuntu Do everything as root: sudo su - Install vlan package: apt-get install vlan Load 8021q module: modprobe 8021q Add 8021q module at bootup: echo 8021q | sudo tee -a /etc/modules Make sure it is in the file: cat /etc/modules Now we need to edit the interfaces file: nano /etc/network/interfaces There will probably be something like below

When cloning using clonezilla I notice sometimes if the PC was using UEFI it wouldn’t clone. After some googleing I was able to find a post that mentioned you had to manually copy over the bootloader. It is very simple to do. Once booted into CloneZilla you enter shell instead of the normal start. Once in the shell you’re going to become root. sudo su. Once you’re root you going to type the following command.

create public and private keys. You can just hit enter or change the options. ssh-keygen -t rsa Now we need to copy our public key to the servers authorized keys cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" Now once you’ve completed teh above you should just be able to ssh to the remote host. If you want to be able to ssh as root.

First we are going to become root sudo su Next we are going to join the realm. This should installed everything needed after you run the command below realm join domain.com --user domainadmin Permit all users to log in. realm permit --all Add user group as root nano /etc/sudoers Paste into above file %groupname@domain ALL=(ALL:ALL) ALL Allow sssd to create user directory nano /etc/pam.d/common-session Paste into above file session optional pam_mkhomedir.

for f in *; do cd $f; mv * ..; cd ..; rmdir $f; done find . -type f ! -iname "*.mp4" ! -iname "*.jpg" ! -iname "*.wmv" ! -iname "*.mkv" ! -iname "*.mpg" ! -iname "*.avi" ! -iname "*.m4v" sed 's#^#what to add to begging of line#' oldfile > newfile sed 's#$#text to add to end of line#' oldfile > newfile mkvmerge -o <output>.mkv –default-track 0 –language 0:eng <subtitles>.srt input find .

Over the weekend I got attacked. I realized the cause of this was because I rebooted my server and the docker IPTables rules overwrote the IPTables-Persistent rules I had. After realizing this was the case I uninstalled docker since I wasn’t using it and while I was making firewall changes I set up ipset to block most foreign countries. I also removed IPTables-Persistent and instead just added the post up to the /etc/network/interfacespost-up ipset restore < /etc/iptables/ipset.

How I installed KodExplorer. This is running on Debian 8.1. Things might be different on whatever OS/Version you’re running. I am by no means a pro. This is pieced together from everything I’ve learned. You first have to install nginx and php apt install ngnix php5-fpm git if it’s a newer version of debian or ubuntu you might have to run apt install php7-fpm mkdir -p /etc/nginx/ssl/site.com cd /etc/nginx/ssl/site.com Fill out the info the next step asks.

I was running into an issue where when people would go to the IP of my server or a domain was pointed at my server and the domain wasn’t configured in NGINX it would for some reason redirect to one of my domains when I didn’t want it to. Below is the config block that I added to a file. This make NGINX return a 403 error when accessing the server via IP or an reconfigured domain.