Amin Khoshnood amnkh

This gist has moved to its own repository HERE

See you there!

Create Root CA (Done once)

Last update: Nov 2025.

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl ecparam -genkey -name secp384r1 | openssl ec -aes256 -out rootCA.key

	#!/bin/bash

	for i in `ls /sys/class/scsi_device/`
	do
	echo 1 > /sys/class/scsi_device/`echo $i \| sed 's\|:\|\:\|g'`/device/rescan
	done

	for i in `ls /sys/class/scsi_host/`
	do
	echo "- - -" > /sys/class/scsi_host/$i/scan

	set_real_ip_from 103.21.244.0/22;
	set_real_ip_from 103.22.200.0/22;
	set_real_ip_from 103.31.4.0/22;
	set_real_ip_from 104.16.0.0/12;
	set_real_ip_from 108.162.192.0/18;
	set_real_ip_from 131.0.72.0/22;
	set_real_ip_from 141.101.64.0/18;
	set_real_ip_from 162.158.0.0/15;
	set_real_ip_from 172.64.0.0/13;
	set_real_ip_from 173.245.48.0/20;

-#!/usr/bin/env bash
-#set -x
-usage()
-{
-cat << EOF
-remove-expired-index.sh

	#!/usr/bin/env python3
	# Tcp Port Forwarding (Reverse Proxy)
	# Author : WangYihang <[email protected]>

	'''
	+-----------------------------+ +---------------------------------------------+ +--------------------------------+
	\| My Laptop (Alice) \| \| Intermediary Server (Bob) \| \| Internal Server (Carol) \|
	+-----------------------------+ +----------------------+----------------------+ +--------------------------------+
	\| $ ssh -p 1022 [email protected] \|<------->\| IF 1: 1.2.3.4 \| IF 2: 192.168.1.1 \|<------->\| IF 1: 192.168.1.2 \|
	\| [email protected]'s password: \| +----------------------+----------------------+ +--------------------------------+

	[Unit]
	Description=OpenVAS - Greenbone Security Assistant
	After=network.target

	[Service]
	ExecStart=/usr/local/sbin/gsad --foreground

	[Install]
	WantedBy=multi-user.target

	*** RSA

	# Generate self-signed certificate with RSA 4096 key-pair
	openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout rsakey.pem -out rsacert.pem

	# print private and public key
	openssl rsa -in rsakey.pem -text -noout

	# print certificate
	openssl x509 -in rsacert.pem -text -noout

	# for ISAKMP (handling of security associations)
	iptables -A INPUT -p udp --dport 500 --j ACCEPT
	# for NAT-T (handling of IPsec between natted devices)
	iptables -A INPUT -p udp --dport 4500 --j ACCEPT
	# for ESP payload (the encrypted data packets)
	iptables -A INPUT -p esp -j ACCEPT
	# for the routing of packets on the server
	iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
	# internet access
	iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT

	# ipsec.conf - strongSwan IPsec configuration file

	config setup
	charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"

	conn %default
	keyexchange=ike
	ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
	esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp