From d8ed9aecf1e8dacfd5c4ca4e3bd4e97cead9d65c Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Sun, 21 Sep 2014 16:14:58 +0200 Subject: [PATCH 01/15] added varnish ban script (rudimentary) --- varnish_ban.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 varnish_ban.sh diff --git a/varnish_ban.sh b/varnish_ban.sh new file mode 100755 index 0000000..4a82c76 --- /dev/null +++ b/varnish_ban.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# Ban (purge) all on localhost +varnishadm -T localhost:6082 "ban req.url ~ ." -S /etc/varnish/secret From 8042d2cc2506f666f5fc0d8daecbfe0accfff274 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 25 Sep 2014 21:33:29 +0200 Subject: [PATCH 02/15] laundry for the lazy --- cave_washmachine.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100755 cave_washmachine.sh diff --git a/cave_washmachine.sh b/cave_washmachine.sh new file mode 100755 index 0000000..5ace6c6 --- /dev/null +++ b/cave_washmachine.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +# +# Streams microphone in to rtsp://10.7.1.12:8085/stream.sdp +cvlc -vvv alsa://hw:0,0 --sout '#transcode{acodec=mp3,ab=128}:rtp{dst=10.7.1.12,port=1234,sdp=rtsp://10.7.1.12:8085/stream.sdp}' From 72eb89db562dfd004f8e6f6a8660576c45b47c34 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 26 Mar 2015 19:55:39 +0100 Subject: [PATCH 03/15] added RBL generate/expire scripts --- rbl_expire.sh | 17 ++++++++++++ rbl_generate.sh | 72 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100755 rbl_expire.sh create mode 100755 rbl_generate.sh diff --git a/rbl_expire.sh b/rbl_expire.sh new file mode 100755 index 0000000..c5c532c --- /dev/null +++ b/rbl_expire.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# +# Expire old RBL records + +maxage=48 # in hours +rblfile="/var/lib/rbldns/list" + +egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi +done diff --git a/rbl_generate.sh b/rbl_generate.sh new file mode 100755 index 0000000..31a5be1 --- /dev/null +++ b/rbl_generate.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# Add new IPs to the RBL based on these detection methods: +# - undetected spam +# - fail2ban banned IPs + +rblfile="/var/lib/rbldns/list" +static_white=( +$(dig +short lugh.ch) +$(dig +short oxi.ch) +$(dig +short mail.zephry.ch) +) +static_black=( +$(dig +tcp +short www.uceprotect.net) +$(dig +tcp +short rsync-mirrors.uceprotect.net) +$(dig +tcp +short www.backscatterer.org) +$(dig +tcp +short unimatrix.admins.ws) +) +fail2ban_chains=( +fail2ban-dovecot +fail2ban-sasl +fail2ban-ssh +fail2ban-tumgreyspf +fail2ban-turbine +fail2ban-apache-digest +) +ban_ip=() + +# Get currently banned IPs from fail2ban chains +iptables_banned=( +$(for chain in ${fail2ban_chains[@]}; do + /sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0' +done | sort | uniq) +) + + +if [ ! -s $rblfile ]; then +cat << HEREDOC > $rblfile +# Automatically generated at $(date) by $0 +:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details +# Whitelist +$(printf "!%s # 0\n" "${static_white[@]}") + +# Blacklist +$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") + +# Recent temporary listings +HEREDOC +fi + +for ip in ${iptables_banned[@]}; do + if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi +done + +# Generate user friendly web-viewable list +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt + +for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do + newtime=$(date -d @$(echo $timestamp)) + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt + +done + +#for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do +# geoip=$(geoiplookup $location | sed 's/.*Edition: //') +# sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt +#done From 8cd6159c4a3bd26a08ca4059e3298798a7d6f7d6 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 26 Mar 2015 19:56:11 +0100 Subject: [PATCH 04/15] new netstat script --- netstat.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100755 netstat.sh diff --git a/netstat.sh b/netstat.sh new file mode 100755 index 0000000..0fa6115 --- /dev/null +++ b/netstat.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# ugliest netstat pwnage. + +MY_UID=$(id -g) + +if [ $MY_UID -gt 0 ]; then + echo "You must be root, running limited version without -p" + netstat -tlen | grep LISTEN | awk '{print $4}' | sed 's/:::/:/g' | cut -d ":" -f2 +else + netstat -tlpen | grep LISTEN | awk '{print $4 ":" $9}' | sed 's/:::/:/g' | cut -d ":" -f2-3 | sed 's/\//:/g' | cut -d ":" -f1,3 +fi From 72b95957f3eae09243b2e5858d779ac12d331c22 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Fri, 27 Mar 2015 11:39:27 +0100 Subject: [PATCH 05/15] add mysql stats script --- mysqlstats.sh | 2 ++ 1 file changed, 2 insertions(+) create mode 100755 mysqlstats.sh diff --git a/mysqlstats.sh b/mysqlstats.sh new file mode 100755 index 0000000..42960d2 --- /dev/null +++ b/mysqlstats.sh @@ -0,0 +1,2 @@ +#/usr/bin/env bash +mysql -e 'SELECT table_schema AS "database", ROUND(SUM(data_length + index_length) / 1024 / 1024,2) AS "size MB" FROM information_schema.TABLES GROUP BY table_schema ORDER BY `size MB` DESC;' From d22b81512729aab0b0e1c17803a4aa1837ba38bf Mon Sep 17 00:00:00 2001 From: root Date: Sun, 12 Apr 2015 15:10:34 +0200 Subject: [PATCH 06/15] rbl: several updates: - update fail2ban chains - generate test entry - catch spam trap mails resp. IP addresses --- rbl_generate.sh | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/rbl_generate.sh b/rbl_generate.sh index 31a5be1..6875dd1 100755 --- a/rbl_generate.sh +++ b/rbl_generate.sh @@ -20,8 +20,8 @@ fail2ban_chains=( fail2ban-dovecot fail2ban-sasl fail2ban-ssh +fail2ban-ssh-ddos fail2ban-tumgreyspf -fail2ban-turbine fail2ban-apache-digest ) ban_ip=() @@ -33,10 +33,18 @@ $(for chain in ${fail2ban_chains[@]}; do done | sort | uniq) ) +# Get SPAM mails sent to specific address +spamtrap=( +$(grep ' -> ' /var/log/mail.log | awk -F'[][]' '{print $6}') +) if [ ! -s $rblfile ]; then cat << HEREDOC > $rblfile # Automatically generated at $(date) by $0 + +# Test entry http://www.ietf.org/rfc/rfc5782.txt +127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782 + :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details # Whitelist $(printf "!%s # 0\n" "${static_white[@]}") @@ -48,25 +56,31 @@ $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") HEREDOC fi +# fail2ban for ip in ${iptables_banned[@]}; do if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then # Add IP geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) - printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi +done + +# SPAM +for ip in ${spamtrap[@]}; do + if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile fi done # Generate user friendly web-viewable list -echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt -cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt +echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do newtime=$(date -d @$(echo $timestamp)) sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt done - -#for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do -# geoip=$(geoiplookup $location | sed 's/.*Edition: //') -# sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt -#done From 5eae4ecb43e3f4cdd1fd5c874d0b6ac20d323b82 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Wed, 27 May 2015 08:36:29 +0200 Subject: [PATCH 07/15] rbl: sanity checks, fix IPv6 geoip lookup, extend duration to 4 days --- rbl_expire.sh | 4 ++-- rbl_generate.sh | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/rbl_expire.sh b/rbl_expire.sh index c5c532c..e590c13 100755 --- a/rbl_expire.sh +++ b/rbl_expire.sh @@ -2,7 +2,7 @@ # # Expire old RBL records -maxage=48 # in hours +maxage=96 # in hours rblfile="/var/lib/rbldns/list" egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do @@ -10,7 +10,7 @@ egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' expiration=$(echo "$(date +%s)-$timestamp" | bc) if [ "$expiration" -gt "$(($maxage * 3600))" ]; then - #echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" fi fi diff --git a/rbl_generate.sh b/rbl_generate.sh index 6875dd1..786dd0a 100755 --- a/rbl_generate.sh +++ b/rbl_generate.sh @@ -58,7 +58,7 @@ fi # fail2ban for ip in ${iptables_banned[@]}; do - if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then # Add IP geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile @@ -67,9 +67,14 @@ done # SPAM for ip in ${spamtrap[@]}; do - if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then # Add IP - geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + # IPv4 or IPv6 switch + if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then + geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + else + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + fi printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile fi done From 523bf67d5cb2aecab817add63277fd6c6acc98a5 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Sat, 27 Jun 2015 13:00:25 +0200 Subject: [PATCH 08/15] add IPv6 support to RBL scripts --- rbl_expire.sh | 32 ++++++++++++------ rbl_generate.sh | 88 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 84 insertions(+), 36 deletions(-) diff --git a/rbl_expire.sh b/rbl_expire.sh index e590c13..d3f784b 100755 --- a/rbl_expire.sh +++ b/rbl_expire.sh @@ -2,16 +2,28 @@ # # Expire old RBL records +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" maxage=96 # in hours -rblfile="/var/lib/rbldns/list" -egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do - if [ "$timestamp" -gt "0" ]; then - expiration=$(echo "$(date +%s)-$timestamp" | bc) +if [ $listtype -eq 4 ]; then + egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi + done +fi - if [ "$expiration" -gt "$(($maxage * 3600))" ]; then - #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" - sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" - fi - fi -done +# FIXME: ipv6 regex needed +if [ $listtype -eq 6 ]; then + : +fi diff --git a/rbl_generate.sh b/rbl_generate.sh index 786dd0a..5bab221 100755 --- a/rbl_generate.sh +++ b/rbl_generate.sh @@ -3,18 +3,38 @@ # Add new IPs to the RBL based on these detection methods: # - undetected spam # - fail2ban banned IPs +# +# $1 parameter tells if it goes to an IPv4 or IPv6 list + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" + +function dnsq { + if [ $listtype == "4" ]; then + echo "$(dig +short $1)" + elif [ $listtype == "6" ]; then + echo "$(dig +short AAAA $1)" + else + echo "unknown, fix it" + fi +} -rblfile="/var/lib/rbldns/list" static_white=( -$(dig +short lugh.ch) -$(dig +short oxi.ch) -$(dig +short mail.zephry.ch) +$(dnsq lugh.ch) +$(dnsq ipv6.lugh.ch) +$(dnsq oxi.ch) +$(dnsq mail.zephry.ch) +$(dnsq moni-und-oli.ch) ) static_black=( -$(dig +tcp +short www.uceprotect.net) -$(dig +tcp +short rsync-mirrors.uceprotect.net) -$(dig +tcp +short www.backscatterer.org) -$(dig +tcp +short unimatrix.admins.ws) +$(dnsq www.uceprotect.net) +$(dnsq rsync-mirrors.uceprotect.net) +$(dnsq www.backscatterer.org) +$(dnsq unimatrix.admins.ws) ) fail2ban_chains=( fail2ban-dovecot @@ -38,12 +58,18 @@ spamtrap=( $(grep ' -> ' /var/log/mail.log | awk -F'[][]' '{print $6}') ) +if [ $listtype -eq 4 ]; then + testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782" +elif [ $listtype -eq 6 ]; then + testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782" +fi + if [ ! -s $rblfile ]; then cat << HEREDOC > $rblfile -# Automatically generated at $(date) by $0 +# Automatically generated at $(date) by $0 $1 # Test entry http://www.ietf.org/rfc/rfc5782.txt -127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782 +$testentry :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details # Whitelist @@ -56,14 +82,16 @@ $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") HEREDOC fi -# fail2ban -for ip in ${iptables_banned[@]}; do - if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then - # Add IP - geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) - printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile - fi -done +# fail2ban (IPv4 only) +if [ $listtype -eq 4 ]; then + for ip in ${iptables_banned[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi + done +fi # SPAM for ip in ${spamtrap[@]}; do @@ -71,21 +99,29 @@ for ip in ${spamtrap[@]}; do # Add IP # IPv4 or IPv6 switch if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then - geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + if [ $listtype -eq 6 ]; then + geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi else - geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + if [ $listtype -eq 4 ]; then + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi fi - printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile fi done # Generate user friendly web-viewable list -echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt -echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt -cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt +echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt -for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do +for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do newtime=$(date -d @$(echo $timestamp)) - sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt done + +# Concatenate IPv4 and IPv6 lists together +cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt From 1c7a253553d81058f1a62174737c16ec48441944 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Tue, 10 Nov 2015 17:57:19 +0100 Subject: [PATCH 09/15] add treesize disk usage script --- treesize.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 treesize.sh diff --git a/treesize.sh b/treesize.sh new file mode 100755 index 0000000..dd107ac --- /dev/null +++ b/treesize.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +du -k --max-depth=1 | sort -nr | awk ' + BEGIN { + split("KB,MB,GB,TB", Units, ","); + } + { + u = 1; + while ($1 >= 1024) { + $1 = $1 / 1024; + u += 1 + } + $1 = sprintf("%.1f %s", $1, Units[u]); + print $0; + } + ' From 733ef9e41271e72e50181a11a6061e89ed73c3cd Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Sat, 5 Dec 2015 21:02:23 +0100 Subject: [PATCH 10/15] optional path for treesize --- treesize.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/treesize.sh b/treesize.sh index dd107ac..e0eb502 100755 --- a/treesize.sh +++ b/treesize.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash -du -k --max-depth=1 | sort -nr | awk ' +dir=${1:-.} +du -k --max-depth=1 $dir | sort -nr | awk ' BEGIN { split("KB,MB,GB,TB", Units, ","); } From e4b8dc7c0bdc887b2d638b5b51b1a2cba006bb40 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 12 Jan 2017 20:02:56 +0100 Subject: [PATCH 11/15] delete obsolete scripts, and archive --- archive/virusscan.sh | 59 -------------------------------------------- delicious_backup.sh | 26 ------------------- 2 files changed, 85 deletions(-) delete mode 100755 archive/virusscan.sh delete mode 100755 delicious_backup.sh diff --git a/archive/virusscan.sh b/archive/virusscan.sh deleted file mode 100755 index f058610..0000000 --- a/archive/virusscan.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env bash -# -# Scans NAS for viruses and alerts users -# Uses avira and clamav ATM -USERS="foo@example.org" -SCANDIR="/mnt/nas_movies /mnt/nas_music /mnt/nas_p2p /mnt/nas_software /mnt/nas_upload" -LOGFILE="/root/virus_scan_$(date +%d_%m_%Y).log" -SCANNER=( "avscan -s --batch --log-file=$LOGFILE $SCANDIR" - "clamscan -r -i -l $LOGFILE $SCANDIR" - ) -LOGGER=$(which logger) - - -for i in $(seq 1 $(echo ${#SCANNER[*]})); do - LOG_NAME="$(basename $0)_$i_$(date +%d_%m_%Y)_XXXXXX" - mktemp -t $LOG_NAME -done - -# Logging -function logit() { - case $2 in - error) - $LOGGER -si $(basename $0): $1 - ;; - *) - $LOGGER -i $(basename $0): $1 - ;; - esac -} - -# Mount all noauto things from /etc/fstab -for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do - if ! mount $i 2>/dev/null; then logit "Failed mounting $i" "error"; fi -done - -# Run all scanners - -COUNTER=0 -for foo in "${SCANNER[@]}"; do - TEMPFILE=$(find /tmp -type f -name $LOG_NAME) - - echo "**********************" > $TEMPFILE - echo "* $COUNTER. scanner running with: $foo" >> $TEMPFILE - echo "**********************" >> $TEMPFILE - $foo - sleep 2 -done - -# Merge all temporary logfiles -cat /root/avscan.log /root/clamscan.log > $LOGFILE - -# Send e-mail -mail -s "NAS antivirus check" $USERS < $LOGFILE - -# Unmount all noauto things from /etc/fstab -sleep 3 -for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do - if ! umount $i 2>/dev/null; then logit "Failed unmounting $i" "error"; fi -done diff --git a/delicious_backup.sh b/delicious_backup.sh deleted file mode 100755 index 2fc5985..0000000 --- a/delicious_backup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash -# Author: Oliver Ladner -# License: LGPL -# -# Fetches all your delicious bookmarks -# and validates the XML before saving. -# Requires xmlstarlet - -DEL_USER=foo -DEL_PASS=bar -API_URL=api.del.icio.us/v1/posts/all -BKP_FILE=/home/username/deliciousbackup.xml - -# When no backup exists, just do it -if [ ! -f $BKP_FILE ]; then - curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE -else - curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE.tmp - if [ $(xmlstarlet validate $BKP_FILE.tmp > /dev/null 2>&1; echo $?) -gt 0 ]; then - rm $BKP_FILE.tmp - echo "Downloaded XML file not valid. Previous backup preserved." - # if XML is valid, move to final destination - else - mv $BKP_FILE.tmp $BKP_FILE - fi -fi From 5e16fcd9c2a120636e7dc62827881e63680f0eb5 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 12 Jan 2017 20:04:32 +0100 Subject: [PATCH 12/15] make varnish_ban.sh more flexible --- varnish_ban.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/varnish_ban.sh b/varnish_ban.sh index 4a82c76..544b0ee 100755 --- a/varnish_ban.sh +++ b/varnish_ban.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash # Ban (purge) all on localhost -varnishadm -T localhost:6082 "ban req.url ~ ." -S /etc/varnish/secret +varnishadm -T localhost:6082 -S /etc/varnish/secret "ban req.http.host ~ $1" From b50c37b3efa4cd8a3b5ff8907f68ca49641c13f9 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 12 Jan 2017 21:45:05 +0100 Subject: [PATCH 13/15] beef up iptables-show-recent, limit output --- iptables-show-recent.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/iptables-show-recent.sh b/iptables-show-recent.sh index 2c5edec..b276b30 100755 --- a/iptables-show-recent.sh +++ b/iptables-show-recent.sh @@ -7,9 +7,13 @@ # - iptables with rules for the "recent" module # - Shell cmds: geoiplookup +top=30 + +echo "Top $top recent IP addresses:" +echo -e "Count\tIP\t\tCountry" for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //') if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'}) - echo -e "$COUNT\t$ip\t($IP)" -done | sort -rn + echo -e "$COUNT\t$ip\t$IP" +done | sort -rn | head -$top From 635ba3e91b6eead24773e596d0cf487672a39195 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Thu, 12 Jan 2017 21:47:27 +0100 Subject: [PATCH 14/15] mail_get_sender_ip.sh: find (probably) original sender IP based on mail header --- mail_get_sender_ip.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100755 mail_get_sender_ip.sh diff --git a/mail_get_sender_ip.sh b/mail_get_sender_ip.sh new file mode 100755 index 0000000..06a9a16 --- /dev/null +++ b/mail_get_sender_ip.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +# Extracts the IP address from the first 'Received:' header +dir="$1" + +if [ -z $dir ]; then + echo "Usage: $(basename $0) " + exit 1 +fi +for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' From 2ab23816802b52ce742a9a954ceec9bd83418597 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Fri, 28 Apr 2017 20:21:08 +0200 Subject: [PATCH 15/15] add failed IMAP login script --- mail_failed_login.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100755 mail_failed_login.sh diff --git a/mail_failed_login.sh b/mail_failed_login.sh new file mode 100755 index 0000000..b1ac7cf --- /dev/null +++ b/mail_failed_login.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Author: Oliver Ladner +# License: LGPL +# +# Displays a summary of failed IMAP login attempts by country + +postfix_logfile='/var/log/mail.log' + +for ip in $(grep 'auth failed' $postfix_logfile | awk {'print $17'} | sed 's/,//' | awk -F'=' {'print $2'} | sort -n | uniq); do geoiplookup $ip; done | sort | uniq -c | sort -n | tail -10