Merge branch 'master' of dev.lugh.ch:/var/www/git/scripts

archive/virusscan.sh

@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-#
-# Scans NAS for viruses and alerts users
-# Uses avira and clamav ATM
-USERS="foo@example.org"
-SCANDIR="/mnt/nas_movies /mnt/nas_music /mnt/nas_p2p /mnt/nas_software /mnt/nas_upload"
-LOGFILE="/root/virus_scan_$(date +%d_%m_%Y).log"
-SCANNER=(	"avscan -s --batch --log-file=$LOGFILE $SCANDIR"
-		"clamscan -r -i -l $LOGFILE $SCANDIR"
-	)
-LOGGER=$(which logger)
-
-
-for i in $(seq 1 $(echo  ${#SCANNER[*]})); do
-	LOG_NAME="$(basename $0)_$i_$(date +%d_%m_%Y)_XXXXXX"
-	mktemp -t $LOG_NAME
-done
-
-# Logging
-function logit() {
-	case $2 in
-		error)
-			$LOGGER -si $(basename $0): $1
-			;;
-		*)
-			$LOGGER -i $(basename $0): $1
-			;;
-	esac
-}
-
-# Mount all noauto things from /etc/fstab
-for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do
-        if ! mount $i 2>/dev/null; then logit "Failed mounting $i" "error"; fi
-done
-
-# Run all scanners
-
-COUNTER=0
-for foo in "${SCANNER[@]}"; do
-	TEMPFILE=$(find /tmp -type f -name $LOG_NAME)
-
-	echo "**********************" > $TEMPFILE
-	echo "* $COUNTER. scanner running with: $foo" >> $TEMPFILE
-	echo "**********************" >> $TEMPFILE
-	$foo
-	sleep 2
-done
-
-# Merge all temporary logfiles
-cat /root/avscan.log /root/clamscan.log > $LOGFILE
-
-# Send e-mail
-mail -s "NAS antivirus check" $USERS < $LOGFILE
-
-# Unmount all noauto things from /etc/fstab
-sleep 3
-for i in $(grep 'nfs.*noauto' /etc/fstab | awk '{print $2}'); do
-        if ! umount $i 2>/dev/null; then logit "Failed unmounting $i" "error"; fi
-done

cave_washmachine.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+#
+# Streams microphone in to rtsp://10.7.1.12:8085/stream.sdp
+cvlc -vvv alsa://hw:0,0 --sout '#transcode{acodec=mp3,ab=128}:rtp{dst=10.7.1.12,port=1234,sdp=rtsp://10.7.1.12:8085/stream.sdp}'

delicious_backup.sh

@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-# Author:  Oliver Ladner <oli@lugh.ch>
-# License: LGPL
-#
-# Fetches all your delicious bookmarks
-# and validates the XML before saving.
-# Requires xmlstarlet
-
-DEL_USER=foo
-DEL_PASS=bar
-API_URL=api.del.icio.us/v1/posts/all
-BKP_FILE=/home/username/deliciousbackup.xml
-
-# When no backup exists, just do it
-if [ ! -f $BKP_FILE ]; then
-	curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE
-else
-	curl -s https://$DEL_USER:$DEL_PASS@$API_URL > $BKP_FILE.tmp
-	if [ $(xmlstarlet validate $BKP_FILE.tmp > /dev/null 2>&1; echo $?) -gt 0 ]; then
-		rm $BKP_FILE.tmp
-		echo "Downloaded XML file not valid. Previous backup preserved."
-	# if XML is valid, move to final destination
-	else
-		mv $BKP_FILE.tmp $BKP_FILE
-	fi
-fi

iptables-show-recent.sh

@@ -7,9 +7,13 @@
 # - iptables with rules for the "recent" module 
 # - Shell cmds: geoiplookup
 
+top=30
+
+echo "Top $top recent IP addresses:"
+echo -e "Count\tIP\t\tCountry"
 for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do
 	IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //')
 	if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi
 	COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'})
-	echo -e "$COUNT\t$ip\t($IP)"
+	echo -e "$COUNT\t$ip\t$IP"
-done | sort -rn
+done | sort -rn | head -$top

mail_failed_login.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# Author:  Oliver Ladner <oli@lugh.ch>
+# License: LGPL
+#
+# Displays a summary of failed IMAP login attempts by country
+
+postfix_logfile='/var/log/mail.log'
+
+for ip in $(grep 'auth failed' $postfix_logfile | awk {'print $17'} | sed 's/,//' | awk -F'=' {'print $2'} | sort -n | uniq); do geoiplookup $ip; done | sort | uniq -c | sort -n | tail -10

mail_get_sender_ip.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+# Extracts the IP address from the first 'Received:' header
+dir="$1"
+
+if [ -z $dir ]; then
+	echo "Usage: $(basename $0) <path-to-mailbox>"
+	exit 1
+fi
+for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'

mysqlstats.sh

@@ -0,0 +1,2 @@
+#/usr/bin/env bash
+mysql -e 'SELECT table_schema AS "database", ROUND(SUM(data_length + index_length) / 1024 / 1024,2) AS "size MB" FROM information_schema.TABLES GROUP BY table_schema ORDER BY `size MB` DESC;'

netstat.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+# ugliest netstat pwnage.
+
+MY_UID=$(id -g)
+
+if [ $MY_UID -gt 0 ]; then
+        echo "You must be root, running limited version without -p"
+        netstat -tlen | grep LISTEN | awk '{print $4}' | sed 's/:::/:/g' | cut -d ":" -f2
+else
+        netstat -tlpen | grep LISTEN | awk '{print $4 ":" $9}' | sed 's/:::/:/g' | cut -d ":" -f2-3 | sed 's/\//:/g' | cut -d ":" -f1,3
+fi

rbl_expire.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+#
+# Expire old RBL records
+
+listtype=$1
+if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
+        echo "first parameter is mandatory and must be either 4 or 6."
+        exit 1
+fi
+rblfile="/var/lib/rbldns/listv$listtype"
+maxage=96 # in hours
+
+if [ $listtype -eq 4 ]; then
+	egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
+		if [ "$timestamp" -gt "0" ]; then
+	        	expiration=$(echo "$(date +%s)-$timestamp" | bc)
+	
+	        	if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
+	        	        #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
+	        	        sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
+	        	fi
+		fi
+	done
+fi
+
+# FIXME: ipv6 regex needed
+if [ $listtype -eq 6 ]; then
+	:
+fi

rbl_generate.sh

@@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+#
+# Add new IPs to the RBL based on these detection methods:
+# - undetected spam
+# - fail2ban banned IPs
+#
+# $1 parameter tells if it goes to an IPv4 or IPv6 list
+
+listtype=$1
+if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
+	echo "first parameter is mandatory and must be either 4 or 6."
+	exit 1
+fi
+rblfile="/var/lib/rbldns/listv$listtype"
+
+function dnsq {
+	if [ $listtype == "4" ]; then
+		echo "$(dig +short $1)"
+	elif [ $listtype == "6" ]; then
+		echo "$(dig +short AAAA $1)"
+	else
+		echo "unknown, fix it"
+	fi	
+}
+
+static_white=(
+$(dnsq lugh.ch)
+$(dnsq ipv6.lugh.ch)
+$(dnsq oxi.ch)
+$(dnsq mail.zephry.ch)
+$(dnsq moni-und-oli.ch)
+)
+static_black=(
+$(dnsq www.uceprotect.net)
+$(dnsq rsync-mirrors.uceprotect.net)
+$(dnsq www.backscatterer.org)
+$(dnsq unimatrix.admins.ws)
+)
+fail2ban_chains=(
+fail2ban-dovecot
+fail2ban-sasl
+fail2ban-ssh
+fail2ban-ssh-ddos
+fail2ban-tumgreyspf
+fail2ban-apache-digest
+)
+ban_ip=()
+
+# Get currently banned IPs from fail2ban chains
+iptables_banned=(
+$(for chain in ${fail2ban_chains[@]}; do
+	/sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0'
+done | sort | uniq)
+)
+
+# Get SPAM mails sent to specific address
+spamtrap=(
+$(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}')
+)
+
+if [ $listtype -eq 4 ]; then
+	testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782"
+elif [ $listtype -eq 6 ]; then
+	testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782"
+fi
+
+if [ ! -s $rblfile ]; then
+cat << HEREDOC > $rblfile
+# Automatically generated at $(date) by $0 $1
+
+# Test entry http://www.ietf.org/rfc/rfc5782.txt
+$testentry
+
+:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
+# Whitelist
+$(printf "!%s # 0\n" "${static_white[@]}")
+
+# Blacklist
+$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
+
+# Recent temporary listings
+HEREDOC
+fi
+
+# fail2ban (IPv4 only)
+if [ $listtype -eq 4 ]; then
+	for ip in ${iptables_banned[@]}; do
+		if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
+			# Add IP
+			geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+			printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
+		fi
+	done
+fi
+
+# SPAM
+for ip in ${spamtrap[@]}; do
+	if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
+		# Add IP
+		# IPv4 or IPv6 switch
+		if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then
+			if [ $listtype -eq 6 ]; then
+				geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+				printf "%s # $(date +%s) # SPAM mail to trap address #         %s\n" "$ip" "$geoip" >> $rblfile
+			fi
+		else
+			if [ $listtype -eq 4 ]; then
+				geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+				printf "%s # $(date +%s) # SPAM mail to trap address #         %s\n" "$ip" "$geoip" >> $rblfile
+			fi
+		fi
+	fi
+done
+
+# Generate user friendly web-viewable list
+echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt
+echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
+cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
+
+for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do
+	newtime=$(date -d @$(echo $timestamp))
+	sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt
+
+done
+
+# Concatenate IPv4 and IPv6 lists together
+cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt

treesize.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+dir=${1:-.}
+du -k --max-depth=1 $dir | sort -nr | awk '
+     BEGIN {
+        split("KB,MB,GB,TB", Units, ",");
+     }
+     {
+        u = 1;
+        while ($1 >= 1024) {
+           $1 = $1 / 1024;
+           u += 1
+        }
+        $1 = sprintf("%.1f %s", $1, Units[u]);
+        print $0;
+     }
+     '

varnish_ban.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+# Ban (purge) all on localhost
+varnishadm -T localhost:6082 -S /etc/varnish/secret "ban req.http.host ~ $1"