markdown for README, delete obsolete scripts

2018-10-09 13:44:32 +02:00 · 2018-10-09 13:44:32 +02:00 · 2f4b4e1a6e
commit 2f4b4e1a6e
parent 3cc03fca0f
5 changed files with 16 additions and 194 deletions
--- a/18
+++ b/18
@ -1,18 +0,0 @@
 What's that all about?
 ----------------------
 This is a part of my scripts which might be useful to others. Scripts marked with "FIXME" need cleanup to get useful.
 License: LGPL
 cleanup-chaos-files.sh		Deletes unneeded files like .DS_Store (for example on a NAS)
 delicious_backup.sh		Use delicious API to backup your bookmarks to an XML file
 find_big_files.sh		(FIXME) Just finds files bigger than n MB and displays them
 helmet.sh			(FIXME) Future Debian system security analyzer	
 iptables.sh			Basic iptables script
 libssl-restart-daemons.sh	Shows daemons affected by an OpenSSL upgrade needing a restart
 lighttpd_restart_oom.sh		A temporary workaround for lighttpd OOM events
 openssl-chk-crt.sh		Recursively searches for OpenSSL certificates and shows validity
 policyd-550.sh			Grep the mail.log for e-mails rejected by policyd-weight and score
 rblcheck.sh			Check if your server is listed on an DNSBL
 tls_stats.sh			If you own a mailserver sending e-mails via TLS, show stats of peers
 www-perms.sh			Analyze your $documentroot for files writable by www user/group
 getiface.sh			Shows which interface would be used to connect to a specific host/IP
--- a/README.md
+++ b/README.md
@ -0,0 +1,16 @@
 What's that all about?
 ----------------------
 This is a part of my scripts which might be useful to others. Scripts marked with "FIXME" need cleanup to get useful.
 License: LGPL
 * cleanup-chaos-files.sh	Deletes unneeded files like .DS_Store (for example on a NAS)
 * delicious_backup.sh		Use delicious API to backup your bookmarks to an XML file
 * find_big_files.sh		(FIXME) Just finds files bigger than n MB and displays them
 * iptables.sh			Basic iptables script
 * libssl-restart-daemons.sh	Shows daemons affected by an OpenSSL upgrade needing a restart
 * openssl-chk-crt.sh		Recursively searches for OpenSSL certificates and shows validity
 * policyd-550.sh		Grep the mail.log for e-mails rejected by policyd-weight and score
 * rblcheck.sh			Check if your server is listed on an DNSBL
 * tls_stats.sh			If you own a mailserver sending e-mails via TLS, show stats of peers
 * www-perms.sh			Analyze your $documentroot for files writable by www user/group
 * getiface.sh			Shows which interface would be used to connect to a specific host/IP
--- a/backupmx_getusers.sh
+++ b/backupmx_getusers.sh
@ -1,28 +0,0 @@
 #!/usr/bin/env bash
 #
 # Fetches all users and aliases from MySQL
 # For import in other backup MX config.
 #
 # Requires a .my.cnf with this content:
 # [client]
 # password=foo
 BACKUPMX_USER=/home/backupmx
 MAIL_ADDR=$(mysql -sN -u root mailserver -e "SELECT email
 					     FROM virtual_users
 					     UNION
 					     SELECT source
 					     FROM virtual_aliases;" | sort | uniq)
 FILE_SUFFIX=$(cat /etc/mailname)
 # Makes a list of all mail addresses (be it real or aliases)
 for i in $MAIL_ADDR; do
 	echo -e "$i\tOK"
 done > $BACKUPMX_USER/relay_recipients_$FILE_SUFFIX
 # Generates list of all domains
 for i in $MAIL_ADDR; do
 	echo $i | cut -d'@' -f2
 done | sort | uniq > $BACKUPMX_USER/domains_$FILE_SUFFIX
 scp -i /root/.ssh/linode $BACKUPMX_USER/*_$FILE_SUFFIX backupmx@mx.lugh.ch:
--- a/helmet.sh
+++ b/helmet.sh
@ -1,121 +0,0 @@
 #!/usr/bin/env bash
 # Author:  Oliver Ladner <oli@lugh.ch>
 # License: LGPL
 #
 # This tool scans a Debian-based system for threats in programs,
 # configurations, permissions etc. and calculates a score to
 # compare different systems.
 #
 # This script runs noninteractive, so you can rely on these return
 # codes:
 # 0	script run ok, nothing serious found
 # 1	OS detection failed/wrong distribution
 # 2	script run ok, critical stuff found
 #
 # Requirements:
 # -
 H_VERSION="0.0.1"
 showhelp() {
 cat << EOF
 Usage: $(basename $0) [OPTION]...
 -h|--help		This information
 -m|--no-md5		Don't check MD5 sums of packages
 -s|--no-ssh		No SSH-related checks
 -v|--verbose		Be verbose
 -V|--version		Show version
 --force-debian		If OS detection fails, assume Debian
 --force-ubuntu		If OS detection fails, assume Ubuntu
 EOF
 }
 # Argument handling
 while [ $# -gt 0 ]; do
 	case $1 in
 		-h|--help) showhelp; exit; shift 1 ;;
 		-V|--version) echo $(basename $0) $H_VERSION; exit; shift 1 ;;
 		-v|--verbose) verb=true; shift 1 ;;
 		-m|--no-md5) md5=false; shift 1 ;;
 		-s|--no-ssh) ssh=false; shift 1 ;;
 		*) showhelp; exit ;;
 	esac
 done
 DEBIANCODES=([3]=woody/sarge [4]=etch [5]=lenny [6]=squeeze [7]=wheezy)
 # Debian is missing lsb_release command
 if [[ $(which lsb_release) ]]; then
 	H_DISTRO=$(lsb_release -s -i)
 	H_RELEASE=$(lsb_release -s -r)
 	H_CODE=$(lsb_release -s -c)
 # FIXME probably a strange check for Debian
 elif [[ $(grep -c '^[[:digit:]]' /etc/debian_version) > 0 ]]; then
 	H_DISTRO=$(awk -F': ' '/Vendor:/ {print $2}' /etc/dpkg/origins/debian)
 	H_RELEASE=$(cat /etc/debian_version)
 	H_CODE=${DEBIANCODES[$(echo $H_RELEASE | cut -b1)]}
 else
 	echo "Not a Debian-based distribution, please install the package lsb-release and send" .
 		  " the output of 'lsb_release -a' to info@lugh.ch."
 	exit 1
 fi
 H_KERNEL=$(uname -r)
 H_ARCH=$(uname -m)
 msg() {
 if [[ "$verb" ]]; then
 	echo $1
 fi	
 }
 check_md5() {
 	# http://kemovitra.blogspot.com/2010/07/checking-integrity-of-debianubuntu.html
 		if [ $md5 ]; then
 			echo "not run"
 		else
 				msg "Copying /var/lib/dpkg/info/*.md5sums to temporary file..."
 				TEMPMD5=$(mktemp -t)
 				cat /var/lib/dpkg/info/*.md5sums | sort > $TEMPMD5 && cd /
 				msg "Running md5sum, searching for 'FAILED' files..."
 				md5sum -c $TEMPMD5 2>&1 | grep ': FAILED' | awk -F':' {'print "/"$1'} && rm $TEMPMD5
 			fi
 }
 check_ssh() {
 	ssh_config_regex="/etc/ssh/ssh*conf*"
 		if [ $ssh ]; then
 			SSHD="not run"
 		else
 			msg "Searching files $ssh_config_regex for PermitRootLogin yes..."
 			if [[ $(grep -i -c 'PermitRootLogin.*yes' $ssh_config_regex) > 0 ]]; then
 				echo "Root login enabled!"
 			else
 				echo "root login disabled"
 			fi
 		fi
 }
 #check_dummy() {
 #	echo "this is a dummy check"
 #	msg "debug text of dummy_check..."
 #}
 #column -t -s':' -c 80 << EOF
 echo "Distribution: $H_DISTRO"
 echo "Release/Codename: $H_RELEASE ($H_CODE)"
 echo "Kernel/Architecture: $H_KERNEL ($H_ARCH)"
 echo -n "md5 check: "
 check_md5
 echo -n "SSH check: "
 check_ssh
 # /usr/bin/printf "\u00A9 2010 Oliver Ladner\n" #unicode ausgabe
 # Define default return code
 exit 0
 # vim: ts=3:sw=3
--- a/lighttpd_restart_oom.sh
+++ b/lighttpd_restart_oom.sh
@ -1,27 +0,0 @@
 #!/usr/bin/env bash
 # Author:  Oliver Ladner <oli@lugh.ch>
 # License: LGPL
 #
 # Monitors if lighttpd uses too much mem, and if so, restarts it
 # 100MB
 MAXRAM=200000
 while true; do
 CHECK=$(ps auxww | grep 'lighttpd -f' | grep -v grep | awk '{print $6}')
 sleep 5
 	if [ $CHECK -gt $MAXRAM ]; then
 		logger "lighttpd OOM ($CHECK KB used)"
 		/etc/init.d/lighttpd stop
 		sleep 15
 		/etc/init.d/lighttpd start
 		sleep 5
 	elif [ -z $CHECK ]; then
 		logger "lighttpd not running, starting"
 		/etc/init.d/lighttpd start
 		sleep 15
 	else
 		logger "lighttpd normal ($CHECK KB used)"
 	fi
 done