diff --git a/cave_washmachine.sh b/cave_washmachine.sh new file mode 100755 index 0000000..5ace6c6 --- /dev/null +++ b/cave_washmachine.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +# +# Streams microphone in to rtsp://10.7.1.12:8085/stream.sdp +cvlc -vvv alsa://hw:0,0 --sout '#transcode{acodec=mp3,ab=128}:rtp{dst=10.7.1.12,port=1234,sdp=rtsp://10.7.1.12:8085/stream.sdp}' diff --git a/mysqlstats.sh b/mysqlstats.sh new file mode 100755 index 0000000..42960d2 --- /dev/null +++ b/mysqlstats.sh @@ -0,0 +1,2 @@ +#/usr/bin/env bash +mysql -e 'SELECT table_schema AS "database", ROUND(SUM(data_length + index_length) / 1024 / 1024,2) AS "size MB" FROM information_schema.TABLES GROUP BY table_schema ORDER BY `size MB` DESC;' diff --git a/netstat.sh b/netstat.sh new file mode 100755 index 0000000..0fa6115 --- /dev/null +++ b/netstat.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# ugliest netstat pwnage. + +MY_UID=$(id -g) + +if [ $MY_UID -gt 0 ]; then + echo "You must be root, running limited version without -p" + netstat -tlen | grep LISTEN | awk '{print $4}' | sed 's/:::/:/g' | cut -d ":" -f2 +else + netstat -tlpen | grep LISTEN | awk '{print $4 ":" $9}' | sed 's/:::/:/g' | cut -d ":" -f2-3 | sed 's/\//:/g' | cut -d ":" -f1,3 +fi diff --git a/rbl_expire.sh b/rbl_expire.sh new file mode 100755 index 0000000..d3f784b --- /dev/null +++ b/rbl_expire.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# +# Expire old RBL records + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" +maxage=96 # in hours + +if [ $listtype -eq 4 ]; then + egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi + done +fi + +# FIXME: ipv6 regex needed +if [ $listtype -eq 6 ]; then + : +fi diff --git a/rbl_generate.sh b/rbl_generate.sh new file mode 100755 index 0000000..5bab221 --- /dev/null +++ b/rbl_generate.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash +# +# Add new IPs to the RBL based on these detection methods: +# - undetected spam +# - fail2ban banned IPs +# +# $1 parameter tells if it goes to an IPv4 or IPv6 list + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" + +function dnsq { + if [ $listtype == "4" ]; then + echo "$(dig +short $1)" + elif [ $listtype == "6" ]; then + echo "$(dig +short AAAA $1)" + else + echo "unknown, fix it" + fi +} + +static_white=( +$(dnsq lugh.ch) +$(dnsq ipv6.lugh.ch) +$(dnsq oxi.ch) +$(dnsq mail.zephry.ch) +$(dnsq moni-und-oli.ch) +) +static_black=( +$(dnsq www.uceprotect.net) +$(dnsq rsync-mirrors.uceprotect.net) +$(dnsq www.backscatterer.org) +$(dnsq unimatrix.admins.ws) +) +fail2ban_chains=( +fail2ban-dovecot +fail2ban-sasl +fail2ban-ssh +fail2ban-ssh-ddos +fail2ban-tumgreyspf +fail2ban-apache-digest +) +ban_ip=() + +# Get currently banned IPs from fail2ban chains +iptables_banned=( +$(for chain in ${fail2ban_chains[@]}; do + /sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0' +done | sort | uniq) +) + +# Get SPAM mails sent to specific address +spamtrap=( +$(grep ' -> ' /var/log/mail.log | awk -F'[][]' '{print $6}') +) + +if [ $listtype -eq 4 ]; then + testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782" +elif [ $listtype -eq 6 ]; then + testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782" +fi + +if [ ! -s $rblfile ]; then +cat << HEREDOC > $rblfile +# Automatically generated at $(date) by $0 $1 + +# Test entry http://www.ietf.org/rfc/rfc5782.txt +$testentry + +:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details +# Whitelist +$(printf "!%s # 0\n" "${static_white[@]}") + +# Blacklist +$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") + +# Recent temporary listings +HEREDOC +fi + +# fail2ban (IPv4 only) +if [ $listtype -eq 4 ]; then + for ip in ${iptables_banned[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi + done +fi + +# SPAM +for ip in ${spamtrap[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + # IPv4 or IPv6 switch + if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then + if [ $listtype -eq 6 ]; then + geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi + else + if [ $listtype -eq 4 ]; then + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi + fi + fi +done + +# Generate user friendly web-viewable list +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt +echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt + +for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do + newtime=$(date -d @$(echo $timestamp)) + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt + +done + +# Concatenate IPv4 and IPv6 lists together +cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt diff --git a/varnish_ban.sh b/varnish_ban.sh new file mode 100755 index 0000000..4a82c76 --- /dev/null +++ b/varnish_ban.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# Ban (purge) all on localhost +varnishadm -T localhost:6082 "ban req.url ~ ." -S /etc/varnish/secret