weeheavy/scripts
1
0
Fork 0
Code Pull requests Activity

Merge branch 'master' of dev.lugh.ch:/var/www/git/scripts

Browse source
This commit is contained in:
Oliver Ladner 2018-08-22 23:07:38 +02:00
commit c6cc3c8b93
12 changed files with 218 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

59
archive/virusscan.sh
View file

@ -1,59 +0,0 @@
#!/usr/bin/env bash
#
# Scans NAS for viruses and alerts users
# Uses avira and clamav ATM
USERS="foo@example.org"
SCANDIR="/mnt/nas_movies /mnt/nas_music /mnt/nas_p2p /mnt/nas_software /mnt/nas_upload"
LOGFILE="/root/virus_scan_$(date +%d_%m_%Y).log"
SCANNER=( "avscan -s --batch --log-file=$LOGFILE $SCANDIR"
"clamscan -r -i -l $LOGFILE $SCANDIR"
)
LOGGER=$(which logger)
for i in $(seq 1 $(echo ${#SCANNER[*]})); do
LOG_NAME="$(basename $0)_$i_$(date +%d_%m_%Y)_XXXXXX"
mktemp -t $LOG_NAME
done
# Logging
function logit() {
case $2 in
error)
$LOGGER -si $(basename $0): $1
;;
*)
$LOGGER -i $(basename $0): $1
;;
esac
}
# Mount all noauto things from /etc/fstab
for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do
if ! mount $i 2>/dev/null; then logit "Failed mounting $i" "error"; fi
done
# Run all scanners
COUNTER=0
for foo in "${SCANNER[@]}"; do
TEMPFILE=$(find /tmp -type f -name $LOG_NAME)
echo "**********************" > $TEMPFILE
echo "* $COUNTER. scanner running with: $foo" >> $TEMPFILE
echo "**********************" >> $TEMPFILE
$foo
sleep 2
done
# Merge all temporary logfiles
cat /root/avscan.log /root/clamscan.log > $LOGFILE
# Send e-mail
mail -s "NAS antivirus check" $USERS < $LOGFILE
# Unmount all noauto things from /etc/fstab
sleep 3
for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do
if ! umount $i 2>/dev/null; then logit "Failed unmounting $i" "error"; fi
done

4
cave_washmachine.sh Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/env bash
#
# Streams microphone in to rtsp://10.7.1.12:8085/stream.sdp
cvlc -vvv alsa://hw:0,0 --sout '#transcode{acodec=mp3,ab=128}:rtp{dst=10.7.1.12,port=1234,sdp=rtsp://10.7.1.12:8085/stream.sdp}'

26
delicious_backup.sh
View file

@ -1,26 +0,0 @@
#!/usr/bin/env bash
# Author: Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Fetches all your delicious bookmarks
# and validates the XML before saving.
# Requires xmlstarlet
DEL_USER=foo
DEL_PASS=bar
API_URL=api.del.icio.us/v1/posts/all
BKP_FILE=/home/username/deliciousbackup.xml
# When no backup exists, just do it
if [ ! -f $BKP_FILE ]; then
curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE
else
curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE.tmp
if [ $(xmlstarlet validate $BKP_FILE.tmp > /dev/null 2>&1; echo $?) -gt 0 ]; then
rm $BKP_FILE.tmp
echo "Downloaded XML file not valid. Previous backup preserved."
# if XML is valid, move to final destination
else
mv $BKP_FILE.tmp $BKP_FILE
fi
fi

8
iptables-show-recent.sh
View file

@ -7,9 +7,13 @@
# - iptables with rules for the "recent" module
# - Shell cmds: geoiplookup
top=30
echo "Top $top recent IP addresses:"
echo -e "Count\tIP\t\tCountry"
for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do
IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //')
if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi
COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'})
echo -e "$COUNT\t$ip\t($IP)"
done | sort -rn
echo -e "$COUNT\t$ip\t$IP"
done | sort -rn | head -$top

9
mail_failed_login.sh Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
# Author: Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Displays a summary of failed IMAP login attempts by country
postfix_logfile='/var/log/mail.log'
for ip in $(grep 'auth failed' $postfix_logfile | awk {'print $17'} | sed 's/,//' | awk -F'=' {'print $2'} | sort -n | uniq); do geoiplookup $ip; done | sort | uniq -c | sort -n | tail -10

10
mail_get_sender_ip.sh Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
# Extracts the IP address from the first 'Received:' header
dir="$1"
if [ -z $dir ]; then
echo "Usage: $(basename $0) <path-to-mailbox>"
exit 1
fi
for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'

2
mysqlstats.sh Executable file
View file

@ -0,0 +1,2 @@
#/usr/bin/env bash
mysql -e 'SELECT table_schema AS "database", ROUND(SUM(data_length + index_length) / 1024 / 1024,2) AS "size MB" FROM information_schema.TABLES GROUP BY table_schema ORDER BY `size MB` DESC;'

12
netstat.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
#
# ugliest netstat pwnage.
MY_UID=$(id -g)
if [ $MY_UID -gt 0 ]; then
echo "You must be root, running limited version without -p"
netstat -tlen | grep LISTEN | awk '{print $4}' | sed 's/:::/:/g' | cut -d ":" -f2
else
netstat -tlpen | grep LISTEN | awk '{print $4 ":" $9}' | sed 's/:::/:/g' | cut -d ":" -f2-3 | sed 's/\//:/g' | cut -d ":" -f1,3
fi

29
rbl_expire.sh Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
#
# Expire old RBL records
listtype=$1
if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
echo "first parameter is mandatory and must be either 4 or 6."
exit 1
fi
rblfile="/var/lib/rbldns/listv$listtype"
maxage=96 # in hours
if [ $listtype -eq 4 ]; then
egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
if [ "$timestamp" -gt "0" ]; then
expiration=$(echo "$(date +%s)-$timestamp" | bc)
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
#echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
fi
fi
done
fi
# FIXME: ipv6 regex needed
if [ $listtype -eq 6 ]; then
:
fi

127
rbl_generate.sh Executable file
View file

@ -0,0 +1,127 @@
#!/usr/bin/env bash
#
# Add new IPs to the RBL based on these detection methods:
# - undetected spam
# - fail2ban banned IPs
#
# $1 parameter tells if it goes to an IPv4 or IPv6 list
listtype=$1
if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
echo "first parameter is mandatory and must be either 4 or 6."
exit 1
fi
rblfile="/var/lib/rbldns/listv$listtype"
function dnsq {
if [ $listtype == "4" ]; then
echo "$(dig +short $1)"
elif [ $listtype == "6" ]; then
echo "$(dig +short AAAA $1)"
else
echo "unknown, fix it"
fi
}
static_white=(
$(dnsq lugh.ch)
$(dnsq ipv6.lugh.ch)
$(dnsq oxi.ch)
$(dnsq mail.zephry.ch)
$(dnsq moni-und-oli.ch)
)
static_black=(
$(dnsq www.uceprotect.net)
$(dnsq rsync-mirrors.uceprotect.net)
$(dnsq www.backscatterer.org)
$(dnsq unimatrix.admins.ws)
)
fail2ban_chains=(
fail2ban-dovecot
fail2ban-sasl
fail2ban-ssh
fail2ban-ssh-ddos
fail2ban-tumgreyspf
fail2ban-apache-digest
)
ban_ip=()
# Get currently banned IPs from fail2ban chains
iptables_banned=(
$(for chain in ${fail2ban_chains[@]}; do
/sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0'
done | sort | uniq)
)
# Get SPAM mails sent to specific address
spamtrap=(
$(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}')
)
if [ $listtype -eq 4 ]; then
testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782"
elif [ $listtype -eq 6 ]; then
testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782"
fi
if [ ! -s $rblfile ]; then
cat << HEREDOC > $rblfile
# Automatically generated at $(date) by $0 $1
# Test entry http://www.ietf.org/rfc/rfc5782.txt
$testentry
:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
# Whitelist
$(printf "!%s # 0\n" "${static_white[@]}")
# Blacklist
$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
# Recent temporary listings
HEREDOC
fi
# fail2ban (IPv4 only)
if [ $listtype -eq 4 ]; then
for ip in ${iptables_banned[@]}; do
if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
# Add IP
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
fi
done
fi
# SPAM
for ip in ${spamtrap[@]}; do
if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
# Add IP
# IPv4 or IPv6 switch
if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then
if [ $listtype -eq 6 ]; then
geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi
else
if [ $listtype -eq 4 ]; then
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi
fi
fi
done
# Generate user friendly web-viewable list
echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt
echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do
newtime=$(date -d @$(echo $timestamp))
sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt
done
# Concatenate IPv4 and IPv6 lists together
cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt

16
treesize.sh Executable file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
dir=${1:-.}
du -k --max-depth=1 $dir | sort -nr | awk '
BEGIN {
split("KB,MB,GB,TB", Units, ",");
}
{
u = 1;
while ($1 >= 1024) {
$1 = $1 / 1024;
u += 1
}
$1 = sprintf("%.1f %s", $1, Units[u]);
print $0;
}
'

3
varnish_ban.sh Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bash
# Ban (purge) all on localhost
varnishadm -T localhost:6082 -S /etc/varnish/secret "ban req.http.host ~ $1"