diff --git a/archive/virusscan.sh b/archive/virusscan.sh deleted file mode 100755 index f058610..0000000 --- a/archive/virusscan.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env bash -# -# Scans NAS for viruses and alerts users -# Uses avira and clamav ATM -USERS="foo@example.org" -SCANDIR="/mnt/nas_movies /mnt/nas_music /mnt/nas_p2p /mnt/nas_software /mnt/nas_upload" -LOGFILE="/root/virus_scan_$(date +%d_%m_%Y).log" -SCANNER=( "avscan -s --batch --log-file=$LOGFILE $SCANDIR" - "clamscan -r -i -l $LOGFILE $SCANDIR" - ) -LOGGER=$(which logger) - - -for i in $(seq 1 $(echo ${#SCANNER[*]})); do - LOG_NAME="$(basename $0)_$i_$(date +%d_%m_%Y)_XXXXXX" - mktemp -t $LOG_NAME -done - -# Logging -function logit() { - case $2 in - error) - $LOGGER -si $(basename $0): $1 - ;; - *) - $LOGGER -i $(basename $0): $1 - ;; - esac -} - -# Mount all noauto things from /etc/fstab -for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do - if ! mount $i 2>/dev/null; then logit "Failed mounting $i" "error"; fi -done - -# Run all scanners - -COUNTER=0 -for foo in "${SCANNER[@]}"; do - TEMPFILE=$(find /tmp -type f -name $LOG_NAME) - - echo "**********************" > $TEMPFILE - echo "* $COUNTER. scanner running with: $foo" >> $TEMPFILE - echo "**********************" >> $TEMPFILE - $foo - sleep 2 -done - -# Merge all temporary logfiles -cat /root/avscan.log /root/clamscan.log > $LOGFILE - -# Send e-mail -mail -s "NAS antivirus check" $USERS < $LOGFILE - -# Unmount all noauto things from /etc/fstab -sleep 3 -for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do - if ! umount $i 2>/dev/null; then logit "Failed unmounting $i" "error"; fi -done diff --git a/cave_washmachine.sh b/cave_washmachine.sh new file mode 100755 index 0000000..5ace6c6 --- /dev/null +++ b/cave_washmachine.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +# +# Streams microphone in to rtsp://10.7.1.12:8085/stream.sdp +cvlc -vvv alsa://hw:0,0 --sout '#transcode{acodec=mp3,ab=128}:rtp{dst=10.7.1.12,port=1234,sdp=rtsp://10.7.1.12:8085/stream.sdp}' diff --git a/delicious_backup.sh b/delicious_backup.sh deleted file mode 100755 index 2fc5985..0000000 --- a/delicious_backup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# Author: Oliver Ladner -# License: LGPL -# -# Fetches all your delicious bookmarks -# and validates the XML before saving. -# Requires xmlstarlet - -DEL_USER=foo -DEL_PASS=bar -API_URL=api.del.icio.us/v1/posts/all -BKP_FILE=/home/username/deliciousbackup.xml - -# When no backup exists, just do it -if [ ! -f $BKP_FILE ]; then - curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE -else - curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE.tmp - if [ $(xmlstarlet validate $BKP_FILE.tmp > /dev/null 2>&1; echo $?) -gt 0 ]; then - rm $BKP_FILE.tmp - echo "Downloaded XML file not valid. Previous backup preserved." - # if XML is valid, move to final destination - else - mv $BKP_FILE.tmp $BKP_FILE - fi -fi diff --git a/iptables-show-recent.sh b/iptables-show-recent.sh index 2c5edec..b276b30 100755 --- a/iptables-show-recent.sh +++ b/iptables-show-recent.sh @@ -7,9 +7,13 @@ # - iptables with rules for the "recent" module # - Shell cmds: geoiplookup +top=30 + +echo "Top $top recent IP addresses:" +echo -e "Count\tIP\t\tCountry" for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //') if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'}) - echo -e "$COUNT\t$ip\t($IP)" -done | sort -rn + echo -e "$COUNT\t$ip\t$IP" +done | sort -rn | head -$top diff --git a/mail_failed_login.sh b/mail_failed_login.sh new file mode 100755 index 0000000..b1ac7cf --- /dev/null +++ b/mail_failed_login.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Author: Oliver Ladner +# License: LGPL +# +# Displays a summary of failed IMAP login attempts by country + +postfix_logfile='/var/log/mail.log' + +for ip in $(grep 'auth failed' $postfix_logfile | awk {'print $17'} | sed 's/,//' | awk -F'=' {'print $2'} | sort -n | uniq); do geoiplookup $ip; done | sort | uniq -c | sort -n | tail -10 diff --git a/mail_get_sender_ip.sh b/mail_get_sender_ip.sh new file mode 100755 index 0000000..06a9a16 --- /dev/null +++ b/mail_get_sender_ip.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +# Extracts the IP address from the first 'Received:' header +dir="$1" + +if [ -z $dir ]; then + echo "Usage: $(basename $0) " + exit 1 +fi +for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' diff --git a/mysqlstats.sh b/mysqlstats.sh new file mode 100755 index 0000000..42960d2 --- /dev/null +++ b/mysqlstats.sh @@ -0,0 +1,2 @@ +#/usr/bin/env bash +mysql -e 'SELECT table_schema AS "database", ROUND(SUM(data_length + index_length) / 1024 / 1024,2) AS "size MB" FROM information_schema.TABLES GROUP BY table_schema ORDER BY `size MB` DESC;' diff --git a/netstat.sh b/netstat.sh new file mode 100755 index 0000000..0fa6115 --- /dev/null +++ b/netstat.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# ugliest netstat pwnage. + +MY_UID=$(id -g) + +if [ $MY_UID -gt 0 ]; then + echo "You must be root, running limited version without -p" + netstat -tlen | grep LISTEN | awk '{print $4}' | sed 's/:::/:/g' | cut -d ":" -f2 +else + netstat -tlpen | grep LISTEN | awk '{print $4 ":" $9}' | sed 's/:::/:/g' | cut -d ":" -f2-3 | sed 's/\//:/g' | cut -d ":" -f1,3 +fi diff --git a/rbl_expire.sh b/rbl_expire.sh new file mode 100755 index 0000000..d3f784b --- /dev/null +++ b/rbl_expire.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# +# Expire old RBL records + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" +maxage=96 # in hours + +if [ $listtype -eq 4 ]; then + egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi + done +fi + +# FIXME: ipv6 regex needed +if [ $listtype -eq 6 ]; then + : +fi diff --git a/rbl_generate.sh b/rbl_generate.sh new file mode 100755 index 0000000..5bab221 --- /dev/null +++ b/rbl_generate.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash +# +# Add new IPs to the RBL based on these detection methods: +# - undetected spam +# - fail2ban banned IPs +# +# $1 parameter tells if it goes to an IPv4 or IPv6 list + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" + +function dnsq { + if [ $listtype == "4" ]; then + echo "$(dig +short $1)" + elif [ $listtype == "6" ]; then + echo "$(dig +short AAAA $1)" + else + echo "unknown, fix it" + fi +} + +static_white=( +$(dnsq lugh.ch) +$(dnsq ipv6.lugh.ch) +$(dnsq oxi.ch) +$(dnsq mail.zephry.ch) +$(dnsq moni-und-oli.ch) +) +static_black=( +$(dnsq www.uceprotect.net) +$(dnsq rsync-mirrors.uceprotect.net) +$(dnsq www.backscatterer.org) +$(dnsq unimatrix.admins.ws) +) +fail2ban_chains=( +fail2ban-dovecot +fail2ban-sasl +fail2ban-ssh +fail2ban-ssh-ddos +fail2ban-tumgreyspf +fail2ban-apache-digest +) +ban_ip=() + +# Get currently banned IPs from fail2ban chains +iptables_banned=( +$(for chain in ${fail2ban_chains[@]}; do + /sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0' +done | sort | uniq) +) + +# Get SPAM mails sent to specific address +spamtrap=( +$(grep ' -> ' /var/log/mail.log | awk -F'[][]' '{print $6}') +) + +if [ $listtype -eq 4 ]; then + testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782" +elif [ $listtype -eq 6 ]; then + testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782" +fi + +if [ ! -s $rblfile ]; then +cat << HEREDOC > $rblfile +# Automatically generated at $(date) by $0 $1 + +# Test entry http://www.ietf.org/rfc/rfc5782.txt +$testentry + +:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details +# Whitelist +$(printf "!%s # 0\n" "${static_white[@]}") + +# Blacklist +$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") + +# Recent temporary listings +HEREDOC +fi + +# fail2ban (IPv4 only) +if [ $listtype -eq 4 ]; then + for ip in ${iptables_banned[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi + done +fi + +# SPAM +for ip in ${spamtrap[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + # IPv4 or IPv6 switch + if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then + if [ $listtype -eq 6 ]; then + geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi + else + if [ $listtype -eq 4 ]; then + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi + fi + fi +done + +# Generate user friendly web-viewable list +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt +echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt + +for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do + newtime=$(date -d @$(echo $timestamp)) + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt + +done + +# Concatenate IPv4 and IPv6 lists together +cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt diff --git a/treesize.sh b/treesize.sh new file mode 100755 index 0000000..e0eb502 --- /dev/null +++ b/treesize.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +dir=${1:-.} +du -k --max-depth=1 $dir | sort -nr | awk ' + BEGIN { + split("KB,MB,GB,TB", Units, ","); + } + { + u = 1; + while ($1 >= 1024) { + $1 = $1 / 1024; + u += 1 + } + $1 = sprintf("%.1f %s", $1, Units[u]); + print $0; + } + ' diff --git a/varnish_ban.sh b/varnish_ban.sh new file mode 100755 index 0000000..544b0ee --- /dev/null +++ b/varnish_ban.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# Ban (purge) all on localhost +varnishadm -T localhost:6082 -S /etc/varnish/secret "ban req.http.host ~ $1"