From a4f9ea11f35ad85e64d1be045c751217024ad5e5 Mon Sep 17 00:00:00 2001 From: Roy Date: Mon, 23 Jun 2025 21:19:51 +0200 Subject: [PATCH] first commit --- IptablesTool.sh~ | 248 ++++++ Man_tool/change_pass.sh | 19 + Man_tool/command_loop.sh | 31 + Man_tool/uptime_loop.sh | 16 + Man_tool/ww | 1 + OpenShift Stuff/collect_info.sh | 12 + OpenShift Stuff/run_collect_info.sh | 50 ++ OpenShift Stuff/yum_update_tool_openshift.sh | 193 +++++ README.md | 0 WsConfman/confman/hostlist/192.168.2.100 | 2 + WsConfman/confman/hostlist/192.168.2.163 | 2 + WsConfman/confman/managemnt.sh | 60 ++ WsConfman/confman/scripts/first_start.sh | 9 + WsConfman/ks.cfg | 164 ++++ post_install.sh | 380 +++++++++ scripts/IptablesCleanTool.sh | 57 ++ scripts/IptablesTool.sh | 745 ++++++++++++++++++ scripts/IptablesTool2.sh | 743 +++++++++++++++++ scripts/Loop_AddUser3.sh | 17 + scripts/adduser_schrpt.sh | 54 ++ scripts/bashrc | 97 +++ scripts/bashrc.hv | 54 ++ scripts/command_loop.sh | 17 + scripts/count_ip.sh | 12 + scripts/git_prompt_func | 55 ++ scripts/gluster_check.sh | 92 +++ .../gluster_checks/check_gluster_bricks.sh | 23 + scripts/gluster_checks/check_gluster_cron.sh | 24 + scripts/gluster_checks/check_gluster_heal.sh | 25 + scripts/gluster_checks/check_gluster_peer.sh | 23 + scripts/gluster_checks/check_gluster_pod.sh | 15 + scripts/gluster_checks/check_glusterd.sh | 41 + .../copy_gluster_check_to_pod.sh | 12 + .../pod_loop_gluster_heal_status.sh | 20 + .../some_check_gluster_openshift.sh | 58 ++ scripts/host_ssh_test.sh | 19 + scripts/iptables1.sh | 61 ++ scripts/iptables2.sh | 28 + scripts/iptables_Roy.sh | 209 +++++ scripts/loop_a_function.sh | 17 + scripts/looping_within_host_ssh.sh | 10 + scripts/motd | 62 ++ scripts/mount_tool.sh | 181 +++++ scripts/ping_test.sh | 13 + scripts/sc.sh | 11 + scripts/some_thouts.sh | 70 ++ scripts/ssh_loop.sh | 28 + scripts/test_con_server_status.sh | 15 + scripts/test_scripts/gluster_peer_check.sh | 8 + scripts/test_scripts/log_oc_nodes.sh | 6 + scripts/test_scripts/log_oc_pods.sh | 6 + scripts/test_scripts/log_ping_between.sh | 14 + scripts/test_scripts/ping_test.sh | 18 + scripts/test_scripts/test_all.sh | 33 + scripts/test_scripts/uptime_hv.sh | 18 + scripts/test_scripts/uptime_vm.sh | 17 + scripts/test_scripts/virsh_list_hv.sh | 19 + scripts/tools/OS_patching_tool.sh | 194 +++++ scripts/tools/collect_info.sh | 13 + scripts/tools/drain_host.sh | 14 + scripts/tools/just_a_waiting_bar.sh | 32 + scripts/tools/run_collect_info_v2.sh | 54 ++ scripts/tools/uncordon_host.sh | 14 + scripts/uptime_loop.sh | 16 + shell.sh | 94 +++ shell_history_audit.sh | 110 +++ ssh_loops/loop_array.sh | 13 + ssh_loops/loop_array_with_flags.sh | 51 ++ ssh_loops/service_check_loop.sh | 18 + 69 files changed, 4857 insertions(+) create mode 100644 IptablesTool.sh~ create mode 100755 Man_tool/change_pass.sh create mode 100755 Man_tool/command_loop.sh create mode 100755 Man_tool/uptime_loop.sh create mode 100644 Man_tool/ww create mode 100644 OpenShift Stuff/collect_info.sh create mode 100644 OpenShift Stuff/run_collect_info.sh create mode 100644 OpenShift Stuff/yum_update_tool_openshift.sh create mode 100644 README.md create mode 100644 WsConfman/confman/hostlist/192.168.2.100 create mode 100644 WsConfman/confman/hostlist/192.168.2.163 create mode 100755 WsConfman/confman/managemnt.sh create mode 100755 WsConfman/confman/scripts/first_start.sh create mode 100644 WsConfman/ks.cfg create mode 100644 post_install.sh create mode 100644 scripts/IptablesCleanTool.sh create mode 100644 scripts/IptablesTool.sh create mode 100644 scripts/IptablesTool2.sh create mode 100644 scripts/Loop_AddUser3.sh create mode 100644 scripts/adduser_schrpt.sh create mode 100644 scripts/bashrc create mode 100644 scripts/bashrc.hv create mode 100644 scripts/command_loop.sh create mode 100644 scripts/count_ip.sh create mode 100644 scripts/git_prompt_func create mode 100644 scripts/gluster_check.sh create mode 100644 scripts/gluster_checks/check_gluster_bricks.sh create mode 100644 scripts/gluster_checks/check_gluster_cron.sh create mode 100644 scripts/gluster_checks/check_gluster_heal.sh create mode 100644 scripts/gluster_checks/check_gluster_peer.sh create mode 100644 scripts/gluster_checks/check_gluster_pod.sh create mode 100644 scripts/gluster_checks/check_glusterd.sh create mode 100644 scripts/gluster_checks/copy_gluster_check_to_pod.sh create mode 100644 scripts/gluster_checks/pod_loop_gluster_heal_status.sh create mode 100644 scripts/gluster_checks/some_check_gluster_openshift.sh create mode 100644 scripts/host_ssh_test.sh create mode 100644 scripts/iptables1.sh create mode 100644 scripts/iptables2.sh create mode 100644 scripts/iptables_Roy.sh create mode 100644 scripts/loop_a_function.sh create mode 100644 scripts/looping_within_host_ssh.sh create mode 100644 scripts/motd create mode 100644 scripts/mount_tool.sh create mode 100644 scripts/ping_test.sh create mode 100644 scripts/sc.sh create mode 100644 scripts/some_thouts.sh create mode 100644 scripts/ssh_loop.sh create mode 100644 scripts/test_con_server_status.sh create mode 100644 scripts/test_scripts/gluster_peer_check.sh create mode 100644 scripts/test_scripts/log_oc_nodes.sh create mode 100644 scripts/test_scripts/log_oc_pods.sh create mode 100644 scripts/test_scripts/log_ping_between.sh create mode 100644 scripts/test_scripts/ping_test.sh create mode 100644 scripts/test_scripts/test_all.sh create mode 100644 scripts/test_scripts/uptime_hv.sh create mode 100644 scripts/test_scripts/uptime_vm.sh create mode 100644 scripts/test_scripts/virsh_list_hv.sh create mode 100644 scripts/tools/OS_patching_tool.sh create mode 100644 scripts/tools/collect_info.sh create mode 100644 scripts/tools/drain_host.sh create mode 100644 scripts/tools/just_a_waiting_bar.sh create mode 100644 scripts/tools/run_collect_info_v2.sh create mode 100644 scripts/tools/uncordon_host.sh create mode 100644 scripts/uptime_loop.sh create mode 100644 shell.sh create mode 100644 shell_history_audit.sh create mode 100644 ssh_loops/loop_array.sh create mode 100644 ssh_loops/loop_array_with_flags.sh create mode 100644 ssh_loops/service_check_loop.sh diff --git a/IptablesTool.sh~ b/IptablesTool.sh~ new file mode 100644 index 0000000..fc35cda --- /dev/null +++ b/IptablesTool.sh~ @@ -0,0 +1,248 @@ +#!/bin/bash +#(c) Roy Cohen 2012 :roy.cohen@cgi.com +#CGI :George Hintzenweg 89 3068 AX Rotterdam, Netherlands 088 5640000 +#objective :IPtables administarion tool +#last update :23/11/2012 +#version :0.1 + + +# Parameters +IPT=/sbin/iptables + + +echo -e " Welcome" +###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### +checkstatus() + { + opt_checkstatus=1 + while [ $opt_checkstatus != 7 ] + do + clear + #echo -e "\nChoose the Option Bellow!!!\n + echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n" + echo -e " 1. Save the iptables\n + 2. Status of Iptables\n + 3. Start iptables Services\n + 4. Stop iptables Services\n + 5. Restart iptable Services\n + 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n + 7. Go back to Main Menu" + read opt_checkstatus + case $opt_checkstatus in + 1) echo -e "*******************************************************\n" + /etc/init.d/iptables save + echo -e "\n*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 2) echo -e "*******************************************************\n" + /etc/init.d/iptables status + echo -e "*******************************************************" + echo -e "Press Enter key to Continue..." + read temp;; + 3) echo -e "*******************************************************\n" + /etc/init.d/iptables start + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 4) echo -e "*******************************************************\n" + /etc/init.d/iptables stop + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 5) echo -e "*******************************************************\n" + /etc/init.d/iptables restart + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 6) iptables -F + echo -e "*******************************************************" + echo -e "All the Rules from the Iptables are Flushed!!!" + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 7) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + } +###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### +buildfirewall() + { + ##############Chose interface############### + echo -e " Configure a Network Interface or a Destination Networks?\n + 1. A Network Interface + 2. No Network Interface. Destination Networks Only" + read opt_int + case $opt_int in + 1) echo -e "\nPlease Enter a Network Interface." + read interface ;; + 2) interface="NULL" ;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Chain############ + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + *) echo -e "Wrong Option Selected!!!" + esac + + #########Getting Source IP Address########## + #Label + + echo -e " + 1. Firewall using Single Source IP\n + 2. Firewall using Source Subnet\n + 3. Firewall using for All Source Networks\n + 4. Firewall choose a source file contationing ip addesses" + read opt_ip + + case $opt_ip in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + + #5) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + #########Getting Destination IP Address########## + echo -e " + 1. Firewall using Single Destination IP\n + 2. Firewall using Destination Subnet\n + 3. Firewall using for All Destination Networks\n + 4. Firewall using a file" + + read opt_ip + case $opt_ip in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_dest ;; + #5) ip_dest = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Specific Port + 4. Specific Port Number + 5. Using no Protocol" + read proto_ch + case $proto_ch in + 1) proto=TCP ;; + 2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)" + read proto ;; + 3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)" + read proto ;; + 4) echo -e "Enter the Port Number: " + read proto ;; + 5) proto="NULL" ;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "What to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + esac + + +###################Generating the Rule#################### +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +for ipdetails in `cat $ip_source` +do + +if [[ $interface == *eth* ]] ; then + echo -e "\n$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule\n " + gen=1 + else if [ $interface == "NULL"] ; then + echo -e "\n$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule\n " + gen=2 + else if [ $proto == "NULL" ]; then + echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n" + gen=3 + else if [[ $proto == * ]]; then + echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n" + gen=4 +fi +fi +fi +fi +echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno +if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule +else if [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule +else if [ $yesno == 1 ] && [ $gen == 3 ]; then + iptables -A $chain -s $ip_source -d $ip_dest -j $rule +else if [ $yesno == 1 ] && [ $gen == 4 ]; then + iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule +else if [ $yesno == 2 ]; then + + main +fi +fi +fi +fi +fi +} + +main() +{ + ROOT_UID=0 + if [ $UID == $ROOT_UID ]; + then + clear + opt_main=1 + while [ $opt_main != 4 ] + do +echo -e "************************************************************************" +#############Check Whether the iptables installed or not############ + echo -e "\t*****Main Menu*****\n + 1. Check Iptables Package\n + 2. Iptables Services\n + 3. Build Your Firewall with Iptables\n + 4. Exit" + read opt_main + case $opt_main in + 1) echo -e "******************************" + rpm -q iptables + echo -e "******************************" ;; + 2) checkstatus ;; + 3) buildfirewall ;; + 4) exit 0 ;; + *) echo -e "Wrong option Selected!!!" + esac +done +else + echo -e "You Must be the ROOT to Perfom this Task!!!" +fi +} +main +exit 0 \ No newline at end of file diff --git a/Man_tool/change_pass.sh b/Man_tool/change_pass.sh new file mode 100755 index 0000000..a6fcc55 --- /dev/null +++ b/Man_tool/change_pass.sh @@ -0,0 +1,19 @@ +#!/bin/bash +#scrpit to change root password from a csv file +#, + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for csv in $(cat $1) +do + + HOST=$(echo $csv |cut -d "," -f1) + PASS=$(echo $csv |cut -d "," -f2) + +ssh ansible@$HOST "echo root:$PASS |sudo chpasswd" + +done diff --git a/Man_tool/command_loop.sh b/Man_tool/command_loop.sh new file mode 100755 index 0000000..073794f --- /dev/null +++ b/Man_tool/command_loop.sh @@ -0,0 +1,31 @@ +#!/bin/bash + + +#if [ $# -lt 1 ] +#then +# echo "Syntax: ./$(basename $0) " +# exit +#fi + +for csv in $(cat $1) +do + + HOST=$(echo $csv |cut -d "," -f1) + HASH=$(echo $csv |cut -d "," -f2) + +# echo -e $host "root:$HASH/" +echo $HOST "vgs" + + +#scp root@$host:/var/log/glusterfs/glustershd.log . +#ssh -o ConnectTimeout=10 -n root@$host "tail -n 100 /var/log/glusterfs/glustershd.log" > gluster/$host + +done + +#cat gluster/*| grep "All subvolumes are down" | grep "0-vol"|cut -d " " -f7|sort|uniq + + +#cat gluster/*| grep "failed" | grep "0-vol"|cut -d " " -f 7,8|sort|uniq + +#rm gluster/* +#cat bricks_down |sort|uniq diff --git a/Man_tool/uptime_loop.sh b/Man_tool/uptime_loop.sh new file mode 100755 index 0000000..cd494e0 --- /dev/null +++ b/Man_tool/uptime_loop.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +FILE=$1 + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in $(cat ${FILE}) +do + +ssh -o ConnectTimeout=3 -n root@$host "hostname && uptime " + +done diff --git a/Man_tool/ww b/Man_tool/ww new file mode 100644 index 0000000..faf5b77 --- /dev/null +++ b/Man_tool/ww @@ -0,0 +1 @@ +127.0.0.1,DlXOTJUdJ8TdaqXh,$1$xyz$uNKesoUDbo.Uh7Ei3E8cn1 diff --git a/OpenShift Stuff/collect_info.sh b/OpenShift Stuff/collect_info.sh new file mode 100644 index 0000000..934f1ad --- /dev/null +++ b/OpenShift Stuff/collect_info.sh @@ -0,0 +1,12 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host. +#First line of code :09/10/2019 +#last update :11/10/2019 +#version :0.1 +#synatx example of hostfile : contract code must be in uppercase and my contain numbers + +echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'` +echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo` +TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+ | bc) +echo -e "\t,Disks size,\t "$(echo "scale=2; $TOTAL_HDD_SIZE /1024^2" | bc) diff --git a/OpenShift Stuff/run_collect_info.sh b/OpenShift Stuff/run_collect_info.sh new file mode 100644 index 0000000..1511547 --- /dev/null +++ b/OpenShift Stuff/run_collect_info.sh @@ -0,0 +1,50 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl : +#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files. +#First line of code :09/10/2019 +#last update :11/10/2019 +#version :0.1 +#synatx example of hostfile : contract code must be in uppercase and my contain numbers + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi +CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l) + +if [[ $CHECK_CONTACT_CODES -gt 0 ]] + then + echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase" + +else +#clean the results directory +rm /opt/scripts/tools/collect_info/results/* + + for host in $(cat $1) + do + HOST=$(echo $host|cut -d "," -f1) + CONTRACT_LIST=$(echo $host|cut -d "," -f2) + scp -q -p collect_info.sh $HOST:/root + SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh") + if [[ $SSH_OUT == "please install the bc command" ]] + then + echo "please install the bc command on $HOST" && exit 1 + else + printf "%s " "$HOST," >> results/$CONTRACT_LIST + echo $SSH_OUT >> results/$CONTRACT_LIST + fi + done + + +# sun-up the colleced data in to contact code files +for contr_file in $(ls /opt/scripts/tools/collect_info/results/) + do + RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc ) + CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc ) + HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc ) + echo "Total Processors $CPU" > /opt/scripts/tools/collect_info/results/$contr_file + echo "Memory RAM Total in MB $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file + echo "Disk size in GB $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file +done +fi diff --git a/OpenShift Stuff/yum_update_tool_openshift.sh b/OpenShift Stuff/yum_update_tool_openshift.sh new file mode 100644 index 0000000..6b7e4a0 --- /dev/null +++ b/OpenShift Stuff/yum_update_tool_openshift.sh @@ -0,0 +1,193 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :OpenShift patching tool using yum (RHEL and Centos) +#First line of code :04/09/2019 +#last update :06/09/2019 +#version :0.1 +#inspred by /home/freark/bin/batch_upgrade.sh + + +#Check if root is running the script +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi + +# Parameters +NAGIOS_SCRIPT='/nagios_add_downtime_host.sh' +BASE_LOG_DIR=/var/log/batch_upgrade +TIMESTAMP=$(date +%Y%m%d.%H%M) + +#set the master host +read -p "Enter OpenShift master: " OS_MASTER + +#Set node varible +OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1) +COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l) +#TODO what if there are more that one node already driand? +if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then + echo -e "n\ NOTE: There are driand nodes on the cluster\n + Please chack the master node for possible issues" + exit 1 +fi + +###############################OPENSHIFT PACHING BEGINS HERE############################### +#list nodes on the OpenShift Master +function list_nodes() +{ + printf '%s\n' "${OS_NODES_READY[@]}" + set_update_host +} + +#set the hostname for the update +function set_update_host() +{ +echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish" +read -p "Enter OpenShift node: " HOST_TO_UPDATE +} + +#Breack in an error +function pause_on_error { + if [ $1 -ne 0 ] + then + echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue" + read + fi +} + +#Add nagios downtime +function nagios_downtime() +{ + $NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host' + echo "Adding downtime for host $HOST_TO_UPDATE..." + pause_on_error $? +} + +#just a counter, one minute +function time_counter() +{ +count=0 +total=120 + + while [ $count -lt $total ]; do + sleep 0.5 # this is work + count=$(( $count + 1 )) + pd=$(( $count * 60 / $total )) + printf "\r${pd}s" $(( $count * 60 / $total )) + done +} + +#Drain the node +function drain() +{ + echo "Draining $HOST_TO_UPDATE" + ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE" + echo " + ________________________________________________________________________ +< This will take a minute, Just making sure that the node is fully drained > + ------------------------------------------------------------------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/ + ||----w | + || || + + " + time_counter + pause_on_error $? +} + +#Update node +function update() +{ + mkdir -p ${BASE_LOG_DIR} + LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX) + + echo -e "n\I'm now going to update $HOST_TO_UPDATE." + echo "You can follow/check logs in:" + echo ${LOG_DIR} + echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here." + echo "If any fail you MUST check and update these before proceeding!" + echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m" + read + echo "This may take some time..." + echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c " + + #exclude openshift and docker + ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf" + #update command + ssh -t $HOST_TO_UPDATE "sleep 10 && yum update" | tee ${LOG_DIR}/$HOST_TO_UPDATE + # ssh -n $HOST_TO_UPDATE "sleep 10 && yum noninteractive -y update --security" + pause_on_error $? +} + +#reboot node +function reboot_server() +{ +LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX) + + + echo "Restarting server $HOST_TO_UPDATE" + #ANSWER='dummyvalue' + while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do + echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m" + read ANSWER + if [[ "${ANSWER}" == 's' ]]; then + echo "Skipping $HOST_TO_UPDATE" + return 0 + fi + if [[ "${ANSWER}" == 'c' ]]; then + echo "Proceeding to reboot $HOST_TO_UPDATE" + break + fi + done + + timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot" + # no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode + # pause_on_error $? + + # wait until the server is down + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + while [[ $rc == 0 ]] + do + echo "Waiting for $HOST_TO_UPDATE to be down..." + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + sleep 0.5 + done + + echo "Server $HOST_TO_UPDATE appears to be down..." + + # wait until... + # server pings again + + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + while [[ $rc != 0 ]] + do + echo "Waiting for $HOST_TO_UPDATE to be back up..." + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + sleep 5 + done +} + +#uncordon node in the OpenShift master +function uncordon() +{ + echo "------------------------------------" + echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER" + ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE" + list_nodes + pause_on_error $? +} + + +############################### -MAIN RUN- ############################### +list_nodes +nagios_downtime +drain +update +reboot_server +uncordon diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/WsConfman/confman/hostlist/192.168.2.100 b/WsConfman/confman/hostlist/192.168.2.100 new file mode 100644 index 0000000..c80d6b1 --- /dev/null +++ b/WsConfman/confman/hostlist/192.168.2.100 @@ -0,0 +1,2 @@ +first_start +jb{RWfnu diff --git a/WsConfman/confman/hostlist/192.168.2.163 b/WsConfman/confman/hostlist/192.168.2.163 new file mode 100644 index 0000000..b96fa1d --- /dev/null +++ b/WsConfman/confman/hostlist/192.168.2.163 @@ -0,0 +1,2 @@ +first_start +>X1nr0.E diff --git a/WsConfman/confman/managemnt.sh b/WsConfman/confman/managemnt.sh new file mode 100755 index 0000000..b1253be --- /dev/null +++ b/WsConfman/confman/managemnt.sh @@ -0,0 +1,60 @@ +#!/bin/bash +#(c) Roy Cohen 12/06/2017 :roy@wondercohen.nl +#original script :My own work +#objective :Linux workstation configration manger +#last update : +#version + + +#Varibles +CLIENT_ARR=( `sudo tail -50 /var/log/secure | grep "Did not receive identification string from" |cut -d " " -f12| sort | uniq` ) +CLIENT_PATH="$HOME/confman/hostlist/" +CLIENT=(`ls $CLIENT_PATH`) + +# Functions +function add_client { +#Check if the client is known and add the cilent if it is not known in the system +for client in "${CLIENT_ARR[@]}"; do + if [ -f $CLIENT_PATH$client ] ; then + echo "$CLIENT_PATH$client already exists" + else + echo "" > $CLIENT_PATH$client + fi +done +} + +function add_ssh_ECDSA { +#Check if the client is known and add the ssh ECDSA key fingerprint to ~/.ssh/known_hosts +for client in "${CLIENT[@]}"; do + grep "$client" $HOME/.ssh/known_hosts > /dev/null + + if [ $? -eq 0 ] ; then + echo " $client already known at ~/.ssh/known_hosts" + else + ssh-keyscan $client >> ~/.ssh/known_hosts + fi +done + +} + +#ssh root@$CLIENT "md5sum /etc/ssh/sshd_config" +#Check if first_start.sh as run on the client, if not than copy the first_start.sh to the client and run it +function first_start { +#FIST_START=`head -1 $CLIENT_PATH$CLIENT` + +for cilent in "${CLIENT[@]}"; do + head -1 $CLIENT_PATH$cilent | grep first_start > /dev/null + + if [ $? -eq 0 ] ; then + echo "$cilent has allready run first_start" + else + scp ~/confman/scripts/first_start.sh root@$cilent:/root && echo "first_start" > $CLIENT_PATH$cilent + ssh root@$cilent '/root/first_start.sh' >> $CLIENT_PATH$cilent && ssh root@$cilent 'rm /root/first_start.sh' + fi +done +} + +#call funcions +add_client +add_ssh_ECDSA +first_start diff --git a/WsConfman/confman/scripts/first_start.sh b/WsConfman/confman/scripts/first_start.sh new file mode 100755 index 0000000..40228ad --- /dev/null +++ b/WsConfman/confman/scripts/first_start.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +PASS=`< /dev/urandom tr -dc A-Za-z0-9'"<>,./?!@#$%^&(){}[]' | head -c8` +oldPassword="Test2001" +newPassword=$PASS +rootdevice="/dev/sda3" +printf '%s\n' "$oldPassword" "$newPassword" "$newPassword" |sudo cryptsetup luksAddKey $rootdevice +printf '%s\n' "$oldPassword" |sudo cryptsetup luksRemoveKey $rootdevice +echo $newPassword diff --git a/WsConfman/ks.cfg b/WsConfman/ks.cfg new file mode 100644 index 0000000..78f09be --- /dev/null +++ b/WsConfman/ks.cfg @@ -0,0 +1,164 @@ +#version=RHEL7 +# Install OS instead of upgrade +install +cdrom + +# Reboot the machine after the installation is complete +# and attempt to eject the CD/DVD/Bootdisk +#reboot --eject + +# Setup network interfaces via DHCP +network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate + +# Install from an installation tree on a remote server +# Required when using a minimal ISO +#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/ + +# install in text mode +text +#Shut down nd power off the system after the installation has successfully completed. +#poweroff +reboot + +# System keyboard +keyboard us + +xconfig --startxonboot + +# System language +lang en_US.UTF-8 + +#set root pw here (required by KS), remove pw in post +## (Required) Sets the root password so there is no prompt during installation +# Example: encrypted password is "Test2001" +# to generate the hash mkpasswd --method=sha-512 +rootpw Test2001 +authconfig --enableshadow --passalgo=sha512 + +#user +user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test" + +#Block ssh +firewall --enabled --service=ssh +#Dont start firstboot dialoge +firstboot --disabled +eula --agreed + +# SELinux configuration +# By default, selinux is enforcing +#selinux --enforcing +selinux --permissive + +# Services +services --enabled=ntpd,ntpdate + +# Installation logging level +logging --level=debug + +# System timezone +timezone Europe/Amsterdam + +# System bootloader configuration +bootloader --location=mbr --driveorder=sda --append="rhgb quiet" +#Network configuration +network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate + +# Clear the Master Boot Record +zerombr + +# Automatically create partitions, no LVM +#autopart --nolvm + +# Partition clearing information +clearpart --all --initlabel + +# Create primary partitions +part /boot --fstype "ext3" --size=1024 --asprimary +part swap --fstype swap --size=8024 +part pv.01 --size=1 --grow --encrypted --passphrase=Test2001 +#part pv.01 --size=1 --grow + +# Create more logical partitions +volgroup vgroup1 pv.01 +logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240 +logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid" +logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev" +logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev" + +%packages +@base +@core +@desktop-debugging +@fonts +@gnome +@gnome-desktop +@guest-agents +@guest-desktop-agents +@input-methods +@internet-browser +@multimedia +@print-client +@print-server +@x11 +-sysreport + +%end + + +%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log +#!/bin/bash + +set -x + +%end + +%post --log=/var/log/ks.post02.log +#!/bin/bash + +set -x + +# Remove root password +#echo "Removing root password" +#passwd -d root + +# Make sure we have the latest security updates +echo "Updating packages" +/usr/bin/yum clean all +/usr/bin/yum update -y +# Install Node.js and json via EPEL +/usr/bin/yum install -y epel-release +/usr/bin/yum install -y nodejs +/usr/bin/npm install -g json +# Clean up all yum caches +echo "Cleaning up yum caches" +/usr/bin/yum clean all +# Disable kdump +echo "Disabling kdump" +systemctl disable kdump.service +# Ensure we have sane and consistent defaults for ntp.conf +sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf +# For IPv6 +echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf +sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf +# Disable password auth. SSH logon is via ssh key only. A password is being set +# for root via the image manifest per IMAGE-459. +echo "Disabling password auth in sshd_config" +sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config +# Clean up files +echo "Ceaning up build files" +/bin/rm -rf /root/anaconda-ks.cfg +/bin/rm -rf /tmp/.npm/ +/bin/rm -rf /tmp/ks-script* +/bin/rm -rf /var/log/anaconda + +# cronjob +echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root +chmod 600 /var/spool/cron/root + +#ssh key +mkdir /root/.ssh +chmod 700 /root/.ssh +echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys +chmod 600 /root/.ssh/authorized_keys + +%end diff --git a/post_install.sh b/post_install.sh new file mode 100644 index 0000000..0167ba2 --- /dev/null +++ b/post_install.sh @@ -0,0 +1,380 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#Wonder Cohen :The Hague The Netherlands +#objective :Post install script for master node/ansible node +#First line of code :07/Mar/2020 +#last update :15/Nov/2021 +#version :1.0 +#synatx example :./ + + +# VARS +#hostnamectl set-hostname lx-ubt-rtm0-101.wondercohen.org +DEB_OS="/etc/lsb-release" +RHEL_OS="/etc/redhat-release" +MY_IP="" +SOURCE_CONNECTION=$(w -i |tail -n1|cut -d " " -f8) + +#SOURCE_IP=$(last -a | grep "logged in"|awk '{print $10}') +mkdir -p /root/tools + +function install_software(){ +echo "*** Starting install software function ***" +if test -f "$DEB_OS"; then + apt -y install net-tools + apt -y install git bash-completion fail2ban + apt -y update && apt -y upgrade + else + yum install -y vim wget curl net-tools lsof bind-utils epel-release bash-completion git + yum install -y fail2ban + yum install -y aide + yum -y update +fi +} + +function issue_motd(){ +echo "*** Starting /etc/issue ***" +echo -e " + ------------------------------------------------------------------------ +| *** NOTICE TO USERS *** | +| This computer system is the private property of Wonder Cohen | +| It is for authorized use only. | +| | +| Users (authorized or unauthorized) have no explicit or implicit | +| expectation of privacy. | +| | +| Any or all uses of this system and all files on this system may be | +| intercepted, monitored, recorded, copied, audited, inspected, and | +| disclosed to your employer, to authorized site, government, and law | +| enforcement personnel, as well as authorized officials of government | +| agencies, both domestic and foreign. | +| | +| By using this system, the user consents to such interception, | +| monitoring, recording, copying, auditing, inspection, and disclosure | +| at the discretion of such personnel or officials. Unauthorized or | +| improper use of this system may result in civil and criminal penalties | +| and administrative or disciplinary action, as appropriate. By | +| continuing to use this system you indicate your awareness of and | +| consent to these terms and conditions of use. LOG OFF IMMEDIATELY if | +| you do not agree to the conditions stated in this warning. | + ------------------------------------------------------------------------ +You Are Logedin from: $(w -i |tail -n1|cut -d " " -f8) +" >/etc/issue +cat /etc/issue > /etc/issue.net +} + +function tooling(){ +echo "*** Starting Tooling function ***" +if test -f "$DEB_OS"; then +#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" +#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" +echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021 +#!/bin/bash +for ip_to_block in \$(cat /var/log/ufw.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}') +do +ufw reject proto tcp from \$ip_to_block +echo >/var/log/ufw.log +done + " > /root/tools/block_ip.sh + chmod 700 /root/tools/block_ip.sh +# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab + + else + +echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021 +#!/bin/bash +for ip_to_block in \$(cat /var/log/firewall-droppd.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}') +do +firewall-cmd --permanent --add-rich-rule=\"rule family='ipv4' source address='$ip_to_block' drop\" +firewall-cmd --reload +echo > /var/log/firewall-droppd.log +done + " > /root/tools/block_ip.sh + chmod 700 /root/tools/block_ip.sh +# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab +fi +} + +function shell_sh(){ + +echo "*** Starting shell_sh function ***" +mkdir -p /var/log/history/ +chmod 1723 /var/log/history +echo "ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/*" > /etc/sudoers.d/chattr +chmod 440 /etc/sudoers.d/chattr + +echo -e " +#Roy Cohen :roy@wondercohen.nl +#Wonder Cohen :The Hague The Netherlands +#objective :create a historyfile of all user activites also after sudo command +#location :/etc/profile.d/shell.sh +#First line of code :02/Nov/2020 +#last update :15/Nov/2021 +#version :1.0 +#Aditinal info :inspired by a similar script by E. de Wolf version 151119 +#Instructions for installation :cp the contant to /etc/profile.d/shell.sh +# :mkdir /var/log/history/ +# :chmod 1723 /var/log/history +# :Add to sudoers file: ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/* + +#Vars +DATE=\$(date +%Y%m%d%H%M) + +#Users +ACTIVE_USER=\$(whoami) +SOURCE_USER=\$(who -m | awk '{ print \$1 }') +#Path +LOG_LOCATION="/var/log/history/\$\(whoami\)_\$SOURCE_USER.log" + +#timeout logoff +TMOUT=900 +export TMOUT +readonly TMOUT + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +#unlimited +export HISTFILESIZE= +export HISTSIZE= + +export \$SOURCE_USER +export HISTFILE=\$LOG_LOCATION +export HISTIGNORE='' +export HISTCONTROL='ignoreboth' +export HISTTIMEFORMAT=\${HISTTIMEFORMAT:-%F %H:%M:%S } + +shopt -s histappend +export PROMPT_COMMAND=\"history -a; \$PROMPT_COMMAND\" + +readonly HISTFILE +readonly HISTIGNORE +#lock hisroty files Files + [[ ! -f \$LOG_LOCATION ]] && touch \$LOG_LOCATION && chmod 0600 \$LOG_LOCATION && sudo /usr/bin/chattr +a \$LOG_LOCATION +" > /etc/profile.d/shell.sh +chmod +x /etc/profile.d/shell.sh + +} + +function sshd_config(){ +echo "*** Starting Ssh function ***" +echo -e " #ssh config for Wonder Cohen 23-jun-2021 +SyslogFacility AUTHPRIV +PermitRootLogin no +MaxAuthTries 6 +MaxSessions 5 +AuthorizedKeysFile .ssh/authorized_keys +PermitEmptyPasswords no +PasswordAuthentication no +ChallengeResponseAuthentication no +GSSAPIAuthentication yes +GSSAPICleanupCredentials no +UsePAM yes +X11Forwarding yes +PrintMotd no +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS +LogLevel INFO +Protocol 2 +IgnoreRhosts yes +HostbasedAuthentication no +PermitUserEnvironment no +ClientAliveInterval 15m +ClientAliveCountMax 0 +LoginGraceTime 60 +MaxStartups 10:30:60 +AllowTcpForwarding no +Ciphers aes128-ctr,aes192-ctr,aes256-ctr +Banner /etc/issue.net +" > /etc/ssh/sshd_config + +systemctl restart sshd +#mkdir -p /home/rcohen/.ssh/ +#chown rcohen:rcohen /home/rcohen/.ssh/ +#chmod 700 /home/rcohen/.ssh/ +#chmod 600 /home/rcohen/.ssh/authorized_keys +#chown rcohen:rcohen /home/rcohen/.ssh/authorized_keys +} + +function firewall(){ +echo "*** Starting firewalld function ***" + +if test -f "$DEB_OS"; then + systemctl enable ufw + ufw --force enable +else + +systemctl enable firewall +systemctl start firewalld + +echo -e "#firewalld.conf config for Wonder Cohen 23-jun-2021 +DefaultZone=public +MinimalMark=100 +CleanupOnExit=yes +Lockdown=no +IPv6_rpfilter=yes +IndividualCalls=no +LogDenied=all +AutomaticHelpers=system +AllowZoneDrifting=yes +" > /etc/firewalld/firewalld.conf +firewall-cmd --reload + +echo -e "#rsyslog_firewal logging config for Wonder Cohen 23-jun-2021 +:msg,contains,"_DROP" /var/log/firewall-droppd.log +:msg,contains,"_REJECT" /var/log/firewall-droppd.log +& stop +" > /etc/rsyslog.d/firewalld-droppd.conf +systemctl restart rsyslog.service +fi +} + +function firewall_rules(){ +echo "*** Starting firewall_rules function ***" +if test -f "$DEB_OS"; then + ufw allow proto tcp from $MY_IP + + ufw allow proto tcp from $SOURCE_CONNECTION + ufw allow proto tcp from 1/24 + ufw default deny incoming + ufw reload +else +firewall-cmd --set-log-denied=all +firewall-cmd --get-log-denied +firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public +firewall-cmd --permanent --remove-service=cockpit --zone=public +firewall-cmd --permanent --remove-service=ssh --zone=public +firewall-cmd --zone=drop --permanent --add-service=http +firewall-cmd --zone=drop --permanent --add-service=https +firewall-cmd --zone=drop --permanent --add-service=samba-client +firewall-cmd --zone=drop --permanent --add-service=dhcpv6-client +firewall-cmd --zone=drop --permanent --add-service=cockpit +firewall-cmd --zone=drop --permanent --add-service=ssh +firewall-cmd --zone=trusted --permanent --add-source=$MY_IP +firewall-cmd --zone=trusted --permanent --add-source=$SOURCE_CONNECTION +firewall-cmd --reload +fi +} + +function fail2ban(){ +echo "*** Starting Fail2ban function ***" +systemctl enable fail2ban && sudo systemctl start fail2ban +echo -e " +[DEFAULT] +# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s): +bantime = 86400 + +# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds. +findtime = 600 +maxretry = 5 + +# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban +# will not ban a host which matches an address in this list. Several addresses +# can be defined using space (and/or comma) separator. For example, add your +# static IP address that you always use for login such as 103.1.2.3 +#ignoreip = 127.0.0.1/8 ::1 103.1.2.3 + +# Call iptables to ban IP address +banaction = iptables-multiport + +# Enable sshd protection +[sshd] +enabled = true +" > /etc/fail2ban/jail.local +systemctl restart fail2ban +} + +function network_setting(){ +echo "*** Starting Network function ***" +if test -f "$DEB_OS"; then +SET_IP=$(ip -4 a show ens3|grep inet|cut -d "." -f4|cut -d "/" -f1) +HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4) +if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ]; + then + echo -e " +network: + version: 2 + renderer: networkd + ethernets: + ens8: + dhcp4: yes + optional: true + dhcp6: no + addresses: + - + else + echo -e " +network: + version: 2 + renderer: networkd + ethernets: + ens8: + dhcp4: yes + optional: true + dhcp6: no + addresses: + - +fi +netplan apply + +else + +SET_IP=$(ip -4 a show eth0 |grep inet|cut -d "." -f4|cut -d "/" -f1) +HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4) + +if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ]; + then + echo -e " + DEVICE=eth1\n + ONBOOT=yesn\n + NETBOOT=yes\n + BOOTPROTO=static\n + IPADDR=1\n + NETMASK=255.255.255.0\n + ZONE=public\n + " >/etc/sysconfig/network-scripts/ifcfg-eth1 + else + echo -e " + DEVICE=eth1 + ONBOOT=yes + NETBOOT=yes + BOOTPROTO=static + IPADDR=1....$SET_IP + NETMASK=255.255.255.0 + ZONE=public\n + " >/etc/sysconfig/network-scripts/ifcfg-eth1 + fi +systemctl restart network.service +fi +} +#https://kifarunix.com/install-and-configure-aide-on-ubuntu-20-04/ +function aide(){ +echo "*** Starting aide function ***" +apt -y install aide +aideinit +cp /var/lib/aide/aide.db{.new,} +cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf +aide -c /etc/aide/aide.conf -C +echo "0 0 * * * root /usr/sbin/aide -c /etc/aide/aide.conf -C" >> /etc/crontab +} + +function main(){ +HOSTNAME_VAR=$(hostname -f|cut -d "." -f1|cut -d "-" -f4) +if [ "$HOSTNAME_VAR" -ge 99 ]; + then + install_software + issue_motd + sshd_config + shell_sh + firewall + firewall_rules + fail2ban + network_setting + tooling +#aide +else + echo "Please set a valid hostname" +fi +} + +main 2>&1 | tee /root/$(hostname)_$(date +%Y%m%d%H%M).log diff --git a/scripts/IptablesCleanTool.sh b/scripts/IptablesCleanTool.sh new file mode 100644 index 0000000..a512dcb --- /dev/null +++ b/scripts/IptablesCleanTool.sh @@ -0,0 +1,57 @@ +#!/bin/bash +#(c) Roy Cohen 29/11/2012 :roy@wondercohen.nl +#objective :IPtables administering tool that cleans duplicate rules +#last update :29/11/2012 +#version :0.1 + +# Parameters +IPT=/sbin/iptables + + +function check_duplicate() +{ + + + + +} + + +function clean_duplicate() +{ + + +} + + + +function main() +{ + ROOT_UID=0 + if [ $UID == $ROOT_UID ]; + then + clear + OPT_MAIN=1 + while [ $OPT_MAIN != 4 ] + do +echo -e "************************************************************************" +#############Check Whether the iptables installed or not############ + echo -e "\t**********************|Main Menu|***************************\n + 1. Check for Duplicate Rules\n + 2. Clean the Duplicate Rules\n + 3. Save the Iptables\n + 4. Exit" + read OPT_MAIN + case $OPT_MAIN in + 1) check_duplicate ;; + 2) clean_duplicate ;; + 3) exit 0 ;; + *) echo -e "Wrong option Selected!" + esac +done +else + echo -e "You Must be the ROOT to Perfom this Task!" +fi +} +main +exit 0 diff --git a/scripts/IptablesTool.sh b/scripts/IptablesTool.sh new file mode 100644 index 0000000..5e1637c --- /dev/null +++ b/scripts/IptablesTool.sh @@ -0,0 +1,745 @@ +#!/bin/bash +#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl +#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall +#objective :IPtables administering tool +#last update :29/11/2012 +#version :0.2 + + +# Parameters +IPT="/sbin/iptables" +IPTSAVE="/etc/init.d/iptables save" + + +echo -e"" +###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### +function checkstatus() + { + opt_checkstatus=1 + while [ $opt_checkstatus != 7 ] + do + clear + #echo -e "\nChoose the Option Bellow!!!\n + echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n" + echo -e " 1. Save the iptables\n + 2. Status of Iptables\n + 3. Start iptables Services\n + 4. Stop iptables Services\n + 5. Restart iptable Services\n + 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n + 7. Go back to Main Menu" + read opt_checkstatus + case $opt_checkstatus in + 1) echo -e "*******************************************************\n" + /etc/init.d/iptables save + echo -e "\n*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 2) echo -e "*******************************************************\n" + /etc/init.d/iptables status + echo -e "*******************************************************" + echo -e "Press Enter key to Continue..." + read temp;; + 3) echo -e "*******************************************************\n" + /etc/init.d/iptables start + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 4) echo -e "*******************************************************\n" + /etc/init.d/iptables stop + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 5) echo -e "*******************************************************\n" + /etc/init.d/iptables restart + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 6) iptables -F + echo -e "*******************************************************" + echo -e "All the Rules from the Iptables are Flushed!!!" + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 7) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + } +###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### +function buildfirewall() + { + function buildfirewallprogram () + { + ###############Getting the Chain############ + clear + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward + 4. Go back to Main Menu" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + 4) main;; + *) echo -e "Wrong Option Selected!!!" + esac + + + #########Getting Source IP Address########## + #Label + + echo -e "Please the Source IP Address\n + 1. Firewall using Single Source IP + 2. Firewall using Source Subnet + 3. Firewall using for All Source Networks + 4. Firewall choose a source file containing ip addesses + 5. Go back to Main Menu" + read opt_ip_srource + + case $opt_ip_srource in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + 5) main;; + #6) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + + ##############Chose interface############### + echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n + 1. Configure a Network Interface + 2. Configure a Destination Networks Only + 3. Go back to Main Menu" + read opt_int + case $opt_int in + 1) echo -e "\nPlease Enter a Network Interface." + read interface ;; + 2) interface="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + if [ $opt_int == "2" ]; then + #########Getting Destination IP Address########## + echo -e "Please Enter the IP Address of the Destination\n + 1. Firewall using Single Destination IP + 2. Firewall using Destination Subnet + 3. Firewall using for All Destination Networks + 4. Go back to Main Menu" + + read opt_ip_dest + case $opt_ip_dest in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) main;; + *) echo -e "Wrong Option Selected" + esac + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + else + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + fi +} +###################Generating the Rule#################### +buildfirewallprogram + +function generate_rule_single_ip() +{ + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + +echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno + + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + + main + fi + +} + +function generate_rule_multiple_ip() +{ + for ipdetails in `cat $ip_source` + do + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi +done + +echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno + for ipdetails in `cat $ip_source` + do + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + done +} + +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ################################### + +if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then + generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE + echo -e "Press Enter key to Continue..." + read temp + main +else + generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE + echo -e "Press Enter key to Continue..." + read temp + main +fi + +} + +##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE############################### +function delfirewall() +{ + function deleteonerule () + { + echo -e " + 1. Delete one rule + 2. Go back to Main Menu" + read opt_delete_one_rule + + case $opt_delete_one_rule in + 1) echo -e "\nPlease Eneter the Rule." + read one_rule ;; + 2) main;; + *) echo -e "Wrong Option Selected" + esac + echo "$one_rule"| sed 's/-A/-D/g' + echo "Do you want to remove this rule, Yes=1 , No=2" + read yesno + + if [ $yesno == 1 ] ; then + $IPT `echo $one_rule | sed 's/-A/-D/g'` + else + main + fi + } + + function delprogram () + { + ###############Getting the Chain############ + clear + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward + 4. Go back to Main Menu" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + 4) main;; + *) echo -e "Wrong Option Selected!!!" + esac + + #########Getting Source IP Address########## + + echo -e " + 1. Firewall using Single Source IP + 2. Firewall using Source Subnet + 3. Firewall using for All Source Networks + 4. Firewall choose a source file containing ip addesses + 5. Go back to Main Menu" + read opt_ip_srource + + case $opt_ip_srource in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + 5) main;; + #6) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + ##############Chose interface############### + echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n + 1. Configure a Network Interface + 2. Configure a Destination Networks Only + 3. Go back to Main Menu" + read opt_int + case $opt_int in + 1) echo -e "\nPlease Enter a Network Interface." + read interface ;; + 2) interface="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + if [ $opt_int == "2" ]; then + #########Getting Destination IP Address########## + echo -e "Please Enter the IP Address of the Destination\n + 1. Firewall using Single Destination IP + 2. Firewall using Destination Subnet + 3. Firewall using for All Destination Networks + 4. Go back to Main Menu" + + read opt_ip_dest + case $opt_ip_dest in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) main;; + *) echo -e "Wrong Option Selected" + esac + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + else + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + fi + +###################Generating the Rule#################### + + function del_rule_single_ip() + { + + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + + echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" + read yesno + + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + } + + function del_rule_multiple_ip() + { + for ipdetails in `cat $ip_source` + do + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + done + + echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" + read yesno + for ipdetails in `cat $ip_source` + do + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + done + } + +echo "$opt_ip_srource" +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then + del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE +else + del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE +fi + + } +echo -e "\t**********************|Delete your Iptable Menu|***************************\n + 1. Delete a Custum Rule + 2. Delete one Rule + 3. Back to Main Menu" + + read opt_delfirewall + case $opt_delfirewall in + 1) delprogram ;; + 2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;; + 3) main ;; + *) echo -e "Wrong option Selected!!!" +esac + +} + + +function main() +{ + ROOT_UID=0 + if [ $UID == $ROOT_UID ]; + then + clear + opt_main=1 + while [ $opt_main != 6 ] + do +echo -e "************************************************************************" +#############Check Whether the iptables installed or not############ + echo -e "\t**********************|Main Menu|***************************\n + 1. Check Iptables Package\n + 2. Iptables Services\n + 3. Build Your Firewall with Iptables\n + 4. Delete Your Firewall with Iptables\n + 5. EDSN script\n + 6. Exit" + read opt_main + case $opt_main in + 1) echo -e "******************************" + rpm -q iptables + echo -e "******************************" ;; + 2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;; + 3) buildfirewall ;; + 4) delfirewall ;; + 5) sh setIptables_config2.sh 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;; + 6) exit 0 ;; + *) echo -e "Wrong option Selected!!!" + esac +done +else + echo -e "You Must be the ROOT to Perfom this Task!!!" +fi +} +main +exit 0 \ No newline at end of file diff --git a/scripts/IptablesTool2.sh b/scripts/IptablesTool2.sh new file mode 100644 index 0000000..362bd2a --- /dev/null +++ b/scripts/IptablesTool2.sh @@ -0,0 +1,743 @@ +#!/bin/bash +#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl +#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall +#objective :IPtables administering tool +#last update :29/11/2012 +#version :0.2 + + +# Parameters +IPT="/sbin/iptables" +IPTSAVE="/etc/init.d/iptables save" + + +echo -e"" +###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### +function checkstatus() + { + opt_checkstatus=1 + while [ $opt_checkstatus != 7 ] + do + clear + #echo -e "\nChoose the Option Bellow!!!\n + echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n" + echo -e " 1. Save the iptables\n + 2. Status of Iptables\n + 3. Start iptables Services\n + 4. Stop iptables Services\n + 5. Restart iptable Services\n + 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n + 7. Go back to Main Menu" + read opt_checkstatus + case $opt_checkstatus in + 1) echo -e "*******************************************************\n" + /etc/init.d/iptables save + echo -e "\n*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 2) echo -e "*******************************************************\n" + /etc/init.d/iptables status + echo -e "*******************************************************" + echo -e "Press Enter key to Continue..." + read temp;; + 3) echo -e "*******************************************************\n" + /etc/init.d/iptables start + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 4) echo -e "*******************************************************\n" + /etc/init.d/iptables stop + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 5) echo -e "*******************************************************\n" + /etc/init.d/iptables restart + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 6) iptables -F + echo -e "*******************************************************" + echo -e "All the Rules from the Iptables are Flushed!!!" + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 7) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + } +###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### +function buildfirewall() + { + function buildfirewallprogram () + { + ###############Getting the Chain############ + clear + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward + 4. Go back to Main Menu" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + 4) main;; + *) echo -e "Wrong Option Selected!!!" + esac + + + #########Getting Source IP Address########## + #Label + + echo -e "Please the Source IP Address\n + 1. Firewall using Single Source IP + 2. Firewall using Source Subnet + 3. Firewall using for All Source Networks + 4. Firewall choose a source file containing ip addesses + 5. Go back to Main Menu" + read opt_ip_srource + + case $opt_ip_srource in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + 5) main;; + #6) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + + ##############Chose interface############### + echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n + 1. Configure a Network Interface + 2. Configure a Destination Networks Only + 3. Go back to Main Menu" + read opt_int + case $opt_int in + 1) echo -e "\nPlease Enter a Network Interface." + read interface ;; + 2) interface="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + if [ $opt_int == "2" ]; then + #########Getting Destination IP Address########## + echo -e "Please Enter the IP Address of the Destination\n + 1. Firewall using Single Destination IP + 2. Firewall using Destination Subnet + 3. Firewall using for All Destination Networks + 4. Go back to Main Menu" + + read opt_ip_dest + case $opt_ip_dest in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) main;; + *) echo -e "Wrong Option Selected" + esac + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + else + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + fi +} +###################Generating the Rule#################### +buildfirewallprogram + +function generate_rule_single_ip() +{ + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + +echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno + + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + + main + fi + +} + +function generate_rule_multiple_ip() +{ + for ipdetails in `cat $ip_source` + do + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi +done + +echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno + for ipdetails in `cat $ip_source` + do + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + done +} + +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ################################### + +if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then + generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE + echo -e "Press Enter key to Continue..." + read temp + main +else + generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE + echo -e "Press Enter key to Continue..." + read temp + main +fi + +} + +##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE############################### +function delfirewall() +{ + function deleteonerule () + { + echo -e " + 1. Delete one rule + 2. Go back to Main Menu" + read opt_delete_one_rule + + case $opt_delete_one_rule in + 1) echo -e "\nPlease Eneter the Rule." + read one_rule ;; + 2) main;; + *) echo -e "Wrong Option Selected" + esac + echo "$one_rule"| sed 's/-A/-D/g' + echo "Do you want to remove this rule, Yes=1 , No=2" + read yesno + + if [ $yesno == 1 ] ; then + $IPT `echo $one_rule | sed 's/-A/-D/g'` + else + main + fi + } + + function delprogram () + { + ###############Getting the Chain############ + clear + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward + 4. Go back to Main Menu" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + 4) main;; + *) echo -e "Wrong Option Selected!!!" + esac + + #########Getting Source IP Address########## + + echo -e " + 1. Firewall using Single Source IP + 2. Firewall using Source Subnet + 3. Firewall using for All Source Networks + 4. Firewall choose a source file containing ip addesses + 5. Go back to Main Menu" + read opt_ip_srource + + case $opt_ip_srource in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + 5) main;; + #6) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + ##############Chose interface############### + echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n + 1. Configure a Network Interface + 2. Configure a Destination Networks Only + 3. Go back to Main Menu" + read opt_int + case $opt_int in + 1) echo -e "\nPlease Enter a Network Interface." + read interface ;; + 2) interface="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + if [ $opt_int == "2" ]; then + #########Getting Destination IP Address########## + echo -e "Please Enter the IP Address of the Destination\n + 1. Firewall using Single Destination IP + 2. Firewall using Destination Subnet + 3. Firewall using for All Destination Networks + 4. Go back to Main Menu" + + read opt_ip_dest + case $opt_ip_dest in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) main;; + *) echo -e "Wrong Option Selected" + esac + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + else + + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Not using a specific Protocol + 4. Go back to Main Menu" + read proto_ch + case $proto_ch in + 1) proto=tcp ;; + 2) echo -e "Enter the TCP Service Name:" + read proto ;; + 3) proto="NULL" ;; + 4) main;; + *) echo -e "Wrong option Selected!!!" + esac + ###############Getting the Destination Port############# + echo -e "\nConfigure the Destination Port\n + 1. Specific Destination Port + 2. No Destination Port + 3. Go back to Main Menu" + read port_ch + case $port_ch in + 1) echo -e "Enter the Destination Port:" + read port ;; + 2) prot="NULL" ;; + 3) main;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "\nWhat to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log + 5. Go back to Main Menu" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + 5) main;; + esac + fi + +###################Generating the Rule#################### + + function del_rule_single_ip() + { + + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + + echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" + read yesno + + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + } + + function del_rule_multiple_ip() + { + for ipdetails in `cat $ip_source` + do + if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=1 + elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule" + gen=2 + elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule" + gen=3 + elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule" + gen=4 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=5 + elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule" + gen=6 + elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule" + gen=7 + elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then + echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule" + gen=8 + fi + done + + echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2" + read yesno + for ipdetails in `cat $ip_source` + do + if [ $yesno == 1 ] && [ $gen == 1 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 2 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 3 ]; then + $IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 4 ]; then + $IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 5 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 6 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 7 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule + elif [ $yesno == 1 ] && [ $gen == 8 ]; then + $IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule + elif [ $yesno == 2 ]; then + main + fi + done + } + +echo "$opt_ip_srource" +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then + del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE +else + del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log + $IPTSAVE +fi + + } +echo -e "\t**********************|Delete your Iptable Menu|***************************\n + 1. Delete a Custum Rule + 2. Delete one Rule + 3. Back to Main Menu" + + read opt_delfirewall + case $opt_delfirewall in + 1) delprogram ;; + 2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;; + 3) main ;; + *) echo -e "Wrong option Selected!!!" +esac + +} + + +function main() +{ + ROOT_UID=0 + if [ $UID == $ROOT_UID ]; + then + clear + opt_main=1 + while [ $opt_main != 6 ] + do +echo -e "************************************************************************" +#############Check Whether the iptables installed or not############ + echo -e "\t**********************|Main Menu|***************************\n + 1. Check Iptables Package\n + 2. Iptables Services\n + 3. Build Your Firewall with Iptables\n + 4. Delete Your Firewall with Iptables\n + 6. Exit" + read opt_main + case $opt_main in + 1) echo -e "******************************" + rpm -q iptables + echo -e "******************************" ;; + 2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;; + 3) buildfirewall ;; + 4) delfirewall ;; + 6) exit 0 ;; + *) echo -e "Wrong option Selected!!!" + esac +done +else + echo -e "You Must be the ROOT to Perfom this Task!!!" +fi +} +main +exit 0 \ No newline at end of file diff --git a/scripts/Loop_AddUser3.sh b/scripts/Loop_AddUser3.sh new file mode 100644 index 0000000..755641c --- /dev/null +++ b/scripts/Loop_AddUser3.sh @@ -0,0 +1,17 @@ +user1,password1 +user2,password2 +etc.. + +The script: + +for userdetails in `cat /pathto//users.txt` +do + user=`echo $userdetails | cut -f 1 -d ,` + passwd=`echo $userdetails | cut -f 2 -d ,` + echo "useradd -d /user1/kopen3 -p `mkpasswd $passwd` $user" +done + +run the script and redirect the output to a file, e.g: + +./createusers.sh > userscript.sh +chmod +x userscript.sh diff --git a/scripts/adduser_schrpt.sh b/scripts/adduser_schrpt.sh new file mode 100644 index 0000000..37442ba --- /dev/null +++ b/scripts/adduser_schrpt.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +if [ $# -lt 1 ] +then + echo "Syntax: ./`basename $0` " + exit +fi + +# Parameters +USER_DATA_FILE=$1 + +for userdetails in `cat $1` +do + ENVIRONMENT_NAME=`echo $userdetails | cut -f 1 -d:` + ORGANIZARION_NUMBER=`echo $userdetails | cut -f 2 -d:` + PASSWD=`echo $userdetails | cut -f 3 -d:` + USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER} + egrep "^$USER_NAME" /etc/passwd >/dev/null + + if [ $? -eq 0 ]; then + echo "$username exists!" + exit 1 + else + ENCR_PASSWD=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWD) + useradd -m -p $ENCR_PASSWD $USER_NAME + [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!" + fi + else + echo "Only root may add a user to the system" + exit 2 + +done + +USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER} + + +#!/bin/bash +# Script to add a user to Linux system +if [ $(id -u) -eq 0 ]; then + read -p "Enter username : " username + read -s -p "Enter password : " password + egrep "^$username" /etc/passwd >/dev/null + if [ $? -eq 0 ]; then + echo "$username exists!" + exit 1 + else + pass=$(perl -e 'print crypt($ARGV[0], "password")' $password) + useradd -m -p $pass $username + [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!" + fi +else + echo "Only root may add a user to the system" + exit 2 +fi \ No newline at end of file diff --git a/scripts/bashrc b/scripts/bashrc new file mode 100644 index 0000000..81d623e --- /dev/null +++ b/scripts/bashrc @@ -0,0 +1,97 @@ +# /etc/bashrc + +# System wide functions and aliases +# Environment stuff goes in /etc/profile + +# It's NOT a good idea to change this file unless you know what you +# are doing. It's much better to create a custom.sh shell script in +# /etc/profile.d/ to make custom changes to your environment, as this +# will prevent the need for merging in future updates. + +# are we an interactive shell? +if [ "$PS1" ]; then + if [ -z "$PROMPT_COMMAND" ]; then + case $TERM in + xterm*|vte*) + if [ -e /etc/sysconfig/bash-prompt-xterm ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm + elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then + PROMPT_COMMAND="__vte_prompt_command" + else + PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' + fi + ;; + screen*) + if [ -e /etc/sysconfig/bash-prompt-screen ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen + else + PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' + fi + ;; + *) + [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default + ;; + esac + fi + # Turn on parallel history + shopt -s histappend + history -a + # Turn on checkwinsize + shopt -s checkwinsize + [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " + # You might want to have e.g. tty in prompt (e.g. more virtual machines) + # and console windows + # If you want to do so, just add e.g. + # if [ "$PS1" ]; then + # PS1="[\u@\h:\l \W]\\$ " + # fi + # to your custom modification shell script in /etc/profile.d/ directory +fi + +if ! shopt -q login_shell ; then # We're not a login shell + # Need to redefine pathmunge, it get's undefined at the end of /etc/profile + pathmunge () { + case ":${PATH}:" in + *:"$1":*) + ;; + *) + if [ "$2" = "after" ] ; then + PATH=$PATH:$1 + else + PATH=$1:$PATH + fi + esac + } + + # By default, we want umask to get set. This sets it for non-login shell. + # Current threshold for system reserved uid/gids is 200 + # You could check uidgid reservation validity in + # /usr/share/doc/setup-*/uidgid file + if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then + umask 002 + else + umask 022 + fi + + SHELL=/bin/bash + # Only display echos from profile.d scripts if we are no login shell + # and interactive - otherwise just process them to set envvars + for i in /etc/profile.d/*.sh; do + if [ -r "$i" ]; then + if [ "$PS1" ]; then + . "$i" + else + . "$i" >/dev/null + fi + fi + done + + unset i + unset -f pathmunge +fi +# vim:ts=4:sw=4 +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=10000 +HISTFILESIZE=20000 +HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S } + diff --git a/scripts/bashrc.hv b/scripts/bashrc.hv new file mode 100644 index 0000000..a4f9231 --- /dev/null +++ b/scripts/bashrc.hv @@ -0,0 +1,54 @@ +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=10000 +HISTFILESIZE=20000 +HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S } + + +USER=`whoami` +HOSTNAME=`uname -n` + +MEMORY1=`free -t -m | grep "buffers/cache" | awk '{print $3" MB";}'` +MEMORY2=`free -t -m | grep "Mem" | awk '{print $2" MB";}'` +PSA=`ps -Afl | wc -l` + +# time of day +DATE=$(date +"%F %H:%M:%S") + +#System uptime +uptime=`cat /proc/uptime | cut -f1 -d.` +upDays=$((uptime/60/60/24)) +upHours=$((uptime/60/60%24)) +upMins=$((uptime/60%60)) +upSecs=$((uptime%60)) + +#System load +LOAD1=`cat /proc/loadavg | awk {'print $1'}` +LOAD5=`cat /proc/loadavg | awk {'print $2'}` +LOAD15=`cat /proc/loadavg | awk {'print $3'}` + +#Host engine +ENGINE=$(hosted-engine --vm-status|grep "Engine status") + + + + +echo " + - Current time........: $DATE + - Current user........: $USER + - Hostname............: $HOSTNAME + - Release.............: `cat /etc/redhat-release` + - Users...............: Currently `users | wc -w` user(s) logged on + - CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min) + - Memory used.........: $MEMORY1 / $MEMORY2 + - Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB + - Processes...........: $PSA running + - System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds + - Host engine status..: +$ENGINE +==================================== volume status vm =============================== +$(gluster volume status vm clients|grep 'Brick\|Clients') + +==================================== volume status engine =========================== +$(gluster volume status engine clients|grep 'Brick\|Clients') +" + diff --git a/scripts/command_loop.sh b/scripts/command_loop.sh new file mode 100644 index 0000000..153c0cc --- /dev/null +++ b/scripts/command_loop.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +FILE=$1 + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in $(cut -d ":" -f2 ${FILE}) +do + whois $host + +#ssh -n root@$host "vgdisplay" + +done diff --git a/scripts/count_ip.sh b/scripts/count_ip.sh new file mode 100644 index 0000000..c31ad66 --- /dev/null +++ b/scripts/count_ip.sh @@ -0,0 +1,12 @@ +#!/bin/bash +FILE=; + +for ip in $(tail -n 5000 $FILE |cut -d ' ' -f 1 |sort |uniq); +do + { + COUNT=$(grep ^$ip $FILE |wc -l); + if + [[ "$COUNT" -gt "500" ]]; then echo "$COUNT: $ip"; + fi + }; +done diff --git a/scripts/git_prompt_func b/scripts/git_prompt_func new file mode 100644 index 0000000..9baec99 --- /dev/null +++ b/scripts/git_prompt_func @@ -0,0 +1,55 @@ +#https://gist.github.com/halbtuerke/31934 +#parse_git_branch() { +# git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/' +#} +#export PS1="\u@\h \[\033[32m\]\w\[\033[33m\]\$(parse_git_branch)\[\033[00m\] $ " + RED="\[\033[0;31m\]" + YELLOW="\[\033[0;33m\]" + GREEN="\[\033[0;32m\]" + BLUE="\[\033[0;34m\]" + LIGHT_RED="\[\033[1;31m\]" +LIGHT_GREEN="\[\033[1;32m\]" + WHITE="\[\033[1;37m\]" + LIGHT_GRAY="\[\033[0;37m\]" + COLOR_NONE="\[\e[0m\]" + +function parse_git_branch { + + git rev-parse --git-dir &> /dev/null + git_status="$(git status 2> /dev/null)" + branch_pattern="^# On branch ([^${IFS}]*)" + remote_pattern="# Your branch is (.*) of" + diverge_pattern="# Your branch and (.*) have diverged" + if [[ ! ${git_status}} =~ "working directory clean" ]]; then + state="${RED}⚡" + fi + # add an else if or two here if you want to get more specific + if [[ ${git_status} =~ ${remote_pattern} ]]; then + if [[ ${BASH_REMATCH[1]} == "ahead" ]]; then + remote="${YELLOW}↑" + else + remote="${YELLOW}↓" + fi + fi + if [[ ${git_status} =~ ${diverge_pattern} ]]; then + remote="${YELLOW}↕" + fi + if [[ ${git_status} =~ ${branch_pattern} ]]; then + branch=${BASH_REMATCH[1]} + echo " (${branch})${remote}${state}" + fi +} + +function prompt_func() { + previous_return_value=$?; + # prompt="${TITLEBAR}$BLUE[$RED\w$GREEN$(__git_ps1)$YELLOW$(git_dirty_flag)$BLUE]$COLOR_NONE" + prompt="\u@\h \[\033[32m\]\${TITLEBAR}${BLUE}[${LIGHT_GRAY}\w${GREEN}$(parse_git_branch)${BLUE}]${COLOR_NONE}" + if test $previous_return_value -eq 0 + then + PS1="${prompt}# " + else + PS1="${prompt}${RED}#${COLOR_NONE} " + fi +} + +PROMPT_COMMAND=prompt_func \ No newline at end of file diff --git a/scripts/gluster_check.sh b/scripts/gluster_check.sh new file mode 100644 index 0000000..471ce18 --- /dev/null +++ b/scripts/gluster_check.sh @@ -0,0 +1,92 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster checks for Nagios +#First line of code :15/01/2019 +#last update :17/01/2019 +#version :0.1 +#status :Not PRD ready + +#Some general vars +#Server IP adress in the storage network TODO: osg servers +STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}') +#number of active bricks on server acourding to gluster +NUMBER_OF_ACTIVE_BRICKS=$(gluster volume info|grep $STORAGE_IP| wc -l) +#name of active volumes on server acourding to gluster +GLUSTER_ACTIVE_VOLUM_NAMES=$(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3) +#numer of glusterfsd (brick daemon) running processes +GLUSTER_BRICK_NUMBER_PID=$(pidof glusterfsd |wc -w) +#glusterd pid status +GLUSTERD_STAT=$(pidof glusterd &>/dev/null) +#glusterfsd (brick daemon) pid status +GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null) + +######START OF SCRIPT####### + +check_if_glusterd_is_running() { +#check if glusterd is running +if ! $GLUSTERD_STAT &>/dev/null; then + echo "CRITICAL: glusterd management daemon not running" + else + echo "OK: glusterd management daemon is running" +fi +} + +check_if_glusterfsd_is_running() { +# check for glusterfsd (brick daemon) +if ! $GLUSTER_BRICK_STAT; then + echo "CRITICAL: glusterfsd brick daemon not running" + else + echo "OK: glusterfsd brick daemon is running" +fi +} + +check_if_a_brick_is_down() { +# check number of active bricks +if [ "$NUMBER_OF_ACTIVE_BRICKS" == "$GLUSTER_BRICK_NUMBER_PID" ] ; then + echo "OK: all bricks are active" + else + echo "CRITICAL: There is one or more bricks down" +fi +} + +check_heal_status_of_a_volume() { +# get volume heal status and redirect it to a tmp file +for volume in $(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3) +do + echo "volumes, $volume" + gluster v heal $volume info |grep entries|cut -d ":" -f2 +done > /tmp/gluster_monitoring + +OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1) +if [ "$?" -eq 0 ]; then + echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)" + else + echo "OK: no volumes healing at this moment" +fi +echo "" > /tmp/gluster_monitoring +} + + + +#### CALL THE FUNCTIONS ###### +check_if_glusterd_is_running +check_if_glusterfsd_is_running +check_if_a_brick_is_down +check_heal_status_of_a_volume + + +# some logs test +#cat /var/log/glusterfs/glusterd.log|grep "E" |grep "failed" +# oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all + +if [] + + + +OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1) +if [ "$?" -eq 0 ]; then + echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)" + else + echo "OK: no volumes healing at this moment" +fi +echo "" > /tmp/gluster_monitoring diff --git a/scripts/gluster_checks/check_gluster_bricks.sh b/scripts/gluster_checks/check_gluster_bricks.sh new file mode 100644 index 0000000..61b998c --- /dev/null +++ b/scripts/gluster_checks/check_gluster_bricks.sh @@ -0,0 +1,23 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster check bricks for Nagios +#First line of code :15/01/2019 +#last update :28/01/2019 +#version :1.1 + +######START OF SCRIPT####### +IP_OF_DOWN_BRICK=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N/A|N' |grep -v "Y"| grep -B1 "N/A" | grep Brick| uniq | cut -d ":" -f1| cut -d " " -f2) +NUMBER_OF_DOWN_BRICKS=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N'|grep "N/A"| awk '{print $4}'|grep N |wc -l) + +if [[ $(find /tmp -name "brick_status" -mmin +4 -print) ]]; then + echo "WARNING: there was an error during the gluster birck check. please check the output of /root/scripts/check_gluster.sh or the nrpe status" + exit 1 +# check number of active bricks +elif [ "$NUMBER_OF_DOWN_BRICKS" -eq 0 ] ; then + echo "OK: All bricks on are up" + exit 0 + else + echo "CRITICAL: There are one or more bricks down on $IP_OF_DOWN_BRICK" + exit 2 + +fi diff --git a/scripts/gluster_checks/check_gluster_cron.sh b/scripts/gluster_checks/check_gluster_cron.sh new file mode 100644 index 0000000..89203ba --- /dev/null +++ b/scripts/gluster_checks/check_gluster_cron.sh @@ -0,0 +1,24 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :igenerate Gluster output for Nagios checks +#First line of code :15/01/2019 +#last update :28/01/2019 +#version :1.1 +#info: +#This script needs to be added to cron and run every 3 min +#Some general vars +STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}') + +######START OF SCRIPT####### + +#check status of the varous volumes +/usr/sbin/gluster volume status all > /tmp/brick_status +#check peer status +/usr/sbin/gluster peer status > /tmp/peer_status + +# get volume heal status and redirect it to a tmp file +for volume in $(/usr/sbin/gluster volume info|grep $STORAGE_IP | cut -d "/" -f3) +do + echo "volume, $volume" + /usr/sbin/gluster v heal $volume info |grep entries|cut -d ":" -f2 +done > /tmp/gluster_monitoring_heal \ No newline at end of file diff --git a/scripts/gluster_checks/check_gluster_heal.sh b/scripts/gluster_checks/check_gluster_heal.sh new file mode 100644 index 0000000..a22d42e --- /dev/null +++ b/scripts/gluster_checks/check_gluster_heal.sh @@ -0,0 +1,25 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster check heal for Nagios +#First line of code :15/01/2019 +#last update :23/01/2019 +#version :1.0 + +######START OF SCRIPT####### +OUT=$(cat /tmp/gluster_monitoring_heal 2>/dev/null |grep -a -v volume |sed "s/^[ \t]*//"| grep -a -v ^0 > /dev/null 2>&1 ) +EXIT_CODE=$? +if [ -f /tmp/gluster_monitoring_heal ]; then + if [[ $(find /tmp -name "gluster_monitoring_heal" -mmin +4 -print) ]]; then + echo "WARNING: there was an error during the gluster heal check. please check the output of /root/scripts/check_gluster.sh or the nrpe status" + exit 1 + elif [ "$EXIT_CODE" -eq 0 ]; then + echo -e "WARNING: volumes healing at this moment\n$(cat /tmp/gluster_monitoring_heal |sed "s/^[ \t]*//" | grep -a -v ^0)" && rm -f /tmp/gluster_monitoring_heal + exit 1 + else + echo "OK: no volumes healing at this moment" && rm -f /tmp/gluster_monitoring_heal + exit 0 +fi +else + echo "WARNING: there was an error during the gluster heal check please check /tmp/gluster_monitoring_heal" + exit 1 +fi diff --git a/scripts/gluster_checks/check_gluster_peer.sh b/scripts/gluster_checks/check_gluster_peer.sh new file mode 100644 index 0000000..90ebde0 --- /dev/null +++ b/scripts/gluster_checks/check_gluster_peer.sh @@ -0,0 +1,23 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster check peer for Nagios +#First line of code :15/01/2019 +#last update :31/01/2019 +#version :1.0 + +######START OF SCRIPT####### +SATE_OF_DOWN_PEER=$(cat /tmp/peer_status | grep -a Disconnected | wc -l) +IP_OF_DOWN_PEER=$(cat /tmp/peer_status| grep -a -E "Hostname|Disconnected"| grep -a -B1 Disconnected | grep -a Hostname | cut -d ":" -f2| sed "s/^[ \t]*//") + +if [[ $(find /tmp -name "peer_status" -mmin +4 -print) ]]; then + echo "WARNING: there was an error during the gluster peer check. please check the output of /root/scripts/check_gluster.sh or the nrpe status" + exit 1 +# check number of active bricks +elif [ "$SATE_OF_DOWN_PEER" -eq 0 ] ; then + echo "OK: All bricks on are up" + exit 0 + else + echo "CRITICAL: There are one or more peers down on $IP_OF_DOWN_PEER" + exit 2 + +fi \ No newline at end of file diff --git a/scripts/gluster_checks/check_gluster_pod.sh b/scripts/gluster_checks/check_gluster_pod.sh new file mode 100644 index 0000000..12ff7f1 --- /dev/null +++ b/scripts/gluster_checks/check_gluster_pod.sh @@ -0,0 +1,15 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster check from within a pod server heal for Nagios +#First line of code :15/01/2019 +#last update :24/01/2019 +#version :1.0 + +######START OF SCRIPT####### +gluster volume status all > /brick_status + +for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2) +do + echo "volume, $volume" + gluster v heal $volume info |grep entries|cut -d ":" -f2 +done > /gluster_monitoring_heal \ No newline at end of file diff --git a/scripts/gluster_checks/check_glusterd.sh b/scripts/gluster_checks/check_glusterd.sh new file mode 100644 index 0000000..3bbf2fc --- /dev/null +++ b/scripts/gluster_checks/check_glusterd.sh @@ -0,0 +1,41 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Check Gluster deamon state for Nagios +#First line of code :15/01/2019 +#last update :17/01/2019 +#version :1.0 + +#Some general vars +#glusterd pid status +GLUSTERD_STAT=$(pidof glusterd &>/dev/null) +#glusterfsd (brick daemon) pid status +GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null) + + +######START OF SCRIPT####### + +check_if_glusterd_is_running() { +#check if glusterd is running +if ! $GLUSTERD_STAT &>/dev/null; then + echo "CRITICAL: glusterd management daemon not running" + exit 2 + else + echo "OK: glusterd management daemon is running" + exit 0 +fi +} + +check_if_glusterfsd_is_running() { +# check for glusterfsd (brick daemon) +if ! $GLUSTER_BRICK_STAT; then + echo "CRITICAL: glusterfsd brick daemon not running" + exit 2 + else + echo "OK: glusterfsd brick daemon is running" + exit 0 +fi +} + +#### CALL THE FUNCTIONS ###### +check_if_glusterd_is_running +check_if_glusterfsd_is_running \ No newline at end of file diff --git a/scripts/gluster_checks/copy_gluster_check_to_pod.sh b/scripts/gluster_checks/copy_gluster_check_to_pod.sh new file mode 100644 index 0000000..4849853 --- /dev/null +++ b/scripts/gluster_checks/copy_gluster_check_to_pod.sh @@ -0,0 +1,12 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Copy check script to gluster pod for Nagios +#First line of code :15/01/2019 +#last update :31/01/2019 +#version :1.1 + +######START OF SCRIPT####### +POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) +cd /root/scripts/ +oc cp check_gluster_pod.sh glusterfs/$POD:/ +oc exec -n glusterfs $POD /check_gluster_pod.sh && oc cp glusterfs/$POD:gluster_monitoring_heal /tmp && oc cp glusterfs/$POD:brick_status /tmp && oc cp glusterfs/$POD:brick_peer /tmp \ No newline at end of file diff --git a/scripts/gluster_checks/pod_loop_gluster_heal_status.sh b/scripts/gluster_checks/pod_loop_gluster_heal_status.sh new file mode 100644 index 0000000..9094461 --- /dev/null +++ b/scripts/gluster_checks/pod_loop_gluster_heal_status.sh @@ -0,0 +1,20 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster heal status volume check in a pod +#First line of code :15/01/2019 +#last update :31/01/2019 +#version :1.2 +#info: +#This script needs to be added to cron and run every 3 min +#Some general vars +STORAGE_IP=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') + +######START OF SCRIPT####### + + +# get volume heal status and redirect it to a tmp file +for volume in $(/usr/sbin/gluster volume info|grep "Volume Name:" | cut -d ":" -f2) +do + echo "volume, $volume" + /usr/sbin/gluster v heal $volume info|grep "Status:"| grep "not connected" +done diff --git a/scripts/gluster_checks/some_check_gluster_openshift.sh b/scripts/gluster_checks/some_check_gluster_openshift.sh new file mode 100644 index 0000000..bbc33de --- /dev/null +++ b/scripts/gluster_checks/some_check_gluster_openshift.sh @@ -0,0 +1,58 @@ +#!/bin/bash +#Roy Cohen :roy@wondercohen.nl +#objective :Gluster check OSM server heal for Nagios +#First line of code :15/01/2019 +#last update :24/01/2019 +#version :1.0 + +######START OF SCRIPT####### +#gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names + + + +for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2) +do + echo "volume, $volume" + gluster v heal $volume info |grep entries|cut -d ":" -f2 +done + + + +#for volume in $(cat /tmp/volume_names) +#do +# OC="oc rsh -n" +# POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) +# VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2" + #echo "volume, $volume" +# oc rsh -n glusterfs $POD | $VAR1 +#done + oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all + oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) ip -4 addr show + +POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) +oc rsh -n glusterfs $POD gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names + + +for volume in $(cat /tmp/volume_names) +do + OC="oc rsh -n" + POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) + VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2" + echo "volume, $volume" + echo "$OC glusterfs $POD $VAR1" +done + + + /tmp/gluster_monitoring_heal + + +oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2 + +oc rsh -n glusterfs glusterfs-storage-4jq8n gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2 + + +oc cp /tmp/database.sql mysql:/tmp/ + +kubectl cp /:/tmp/foo /tmp/bar + +oc cp glusterfs/glusterfs-storage-4jq8n:gluster_monitoring_heal /tmp \ No newline at end of file diff --git a/scripts/host_ssh_test.sh b/scripts/host_ssh_test.sh new file mode 100644 index 0000000..42bfcbf --- /dev/null +++ b/scripts/host_ssh_test.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +FILE=$1 + +if [ $# -lt 1 ] +then + echo "Syntax: ./`basename $0` " + exit +fi + + +for host in $(cat ${FILE}) +do + +#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname" +#ssh -n root@$host "ps -ef |grep vmtoolsd && hostname " +#ssh -n root@$host "hostname" + +done diff --git a/scripts/iptables1.sh b/scripts/iptables1.sh new file mode 100644 index 0000000..9731668 --- /dev/null +++ b/scripts/iptables1.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Modify script as per your setup +# Usage: Sample firewall script +# --------------------------- +_input=/root/firewall/badips.db +_pub_if="eth1" +IPT=/sbin/iptables + +# Die if file not found +[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; } + +# DROP and close everything +$IPT -P INPUT DROP +$IPT -P OUTPUT DROP +$IPT -P FORWARD DROP + +# Unlimited lo access +$IPT -A INPUT -i lo -j ACCEPT +$IPT -A OUTPUT -o lo -j ACCEPT + +# Allow all outgoing connection but no incoming stuff by default +$IPT -A OUTPUT -o ${_pub_if} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +$IPT -A INPUT -i ${_pub_if} -m state --state ESTABLISHED,RELATED -j ACCEPT + + +### Setup our black list ### +# Create a new chain +$IPT -N droplist + +# Filter out comments and blank lines +# store each ip or subnet in $ip +egrep -v "^#|^$" x | while IFS= read -r ip +do + # Append everything to droplist + $IPT -A droplist -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List " + $IPT -A droplist -i ${_pub_if} -s $ip -j DROP +done <"${_input}" + +# Finally, insert or append our black list +$IPT -I INPUT -j droplist +$IPT -I OUTPUT -j droplist +$IPT -I FORWARD -j droplist + + +# Okay add your rest of $IPT commands here +# Example: open port 53 +#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p udp --dport 53 -j ACCEPT +#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --dport 53 -j ACCEPT + +# Open port 80 +# $IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --destination-port 80 -j ACCEPT + +# Allow incoming ICMP ping pong stuff +# $IPT -A INPUT -i ${_pub_if} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -m limit --limit 30/sec -j ACCEPT +# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 3 -m limit --limit 30/sec -j ACCEPT +# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 5 -m limit --limit 30/sec -j ACCEPT +# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 11 -m limit --limit 30/sec -j ACCEPT + +# drop and log everything else +$IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG +$IPT -A INPUT -j DROP \ No newline at end of file diff --git a/scripts/iptables2.sh b/scripts/iptables2.sh new file mode 100644 index 0000000..7284024 --- /dev/null +++ b/scripts/iptables2.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# syntax of user list file +# sourceIPAdress:DestinationIPAddress:Port + + +if [ $# -lt 1 ] +then + echo "Syntax: ./`basename $0` " + exit +fi + +# Parameters +USER_DATA_FILE=$1 + + +_input=/path/to/text.db +IPT=/sbin/iptables +$IPT -N droplist +egrep -v "^#|^$" x | while IFS= read -r ip +do + $IPT -A droplist -i eth1 -s $ip -j LOG --log-prefix " myBad IP BlockList " + $IPT -A droplist -i eth1 -s $ip -j DROP +done < "$_input" +# Drop it +$IPT -I INPUT -j droplist +$IPT -I OUTPUT -j droplist +$IPT -I FORWARD -j droplist \ No newline at end of file diff --git a/scripts/iptables_Roy.sh b/scripts/iptables_Roy.sh new file mode 100644 index 0000000..e7a424a --- /dev/null +++ b/scripts/iptables_Roy.sh @@ -0,0 +1,209 @@ +#!/bin/bash + + +echo -e "****************Welcome*************" +###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### +checkstatus() + { + opt_checkstatus=1 + while [ $opt_checkstatus != 7 ] + do + clear + #echo -e "\nChoose the Option Bellow!!!\n + echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n" + echo -e " 1. Save the iptables\n + 2. Status of Iptables\n + 3. Start iptables Services\n + 4. Stop iptables Services\n + 5. Restart iptable Services\n + 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n + 7. Go back to Main Menu" + read opt_checkstatus + case $opt_checkstatus in + 1) echo -e "*******************************************************\n" + /etc/init.d/iptables save + echo -e "\n*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 2) echo -e "*******************************************************\n" + /etc/init.d/iptables status + echo -e "*******************************************************" + echo -e "Press Enter key to Continue..." + read temp;; + 3) echo -e "*******************************************************\n" + /etc/init.d/iptables start + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 4) echo -e "*******************************************************\n" + /etc/init.d/iptables stop + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + + 5) echo -e "*******************************************************\n" + /etc/init.d/iptables restart + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 6) iptables -F + echo -e "*******************************************************" + echo -e "All the Rules from the Iptables are Flushed!!!" + echo -e "*******************************************************\n" + echo -e "Press Enter key to Continue..." + read temp;; + 7) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + } +###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### +buildfirewall() + { + ###############Getting the Chain############ + echo -e "Using Which Chain of Filter Table?\n + 1. INPUT + 2. OUTPUT + 3. Forward" + read opt_ch + case $opt_ch in + 1) chain="INPUT" ;; + 2) chain="OUTPUT" ;; + 3) chain="FORWARD" ;; + *) echo -e "Wrong Option Selected!!!" + esac + + #########Getting Source IP Address########## + #Label + + echo -e " + 1. Firewall using Single Source IP\n + 2. Firewall using Source Subnet\n + 3. Firewall using for All Source Networks\n + 4. Firewall choose a source file contationing ip addesses" + read opt_ip + + case $opt_ip in + 1) echo -e "\nPlease Enter the IP Address of the Source" + read ip_source ;; + 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" + read ip_source ;; + 3) ip_source="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_source ;; + + #5) ip_source = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + #########Getting Destination IP Address########## + echo -e " + 1. Firewall using Single Destination IP\n + 2. Firewall using Destination Subnet\n + 3. Firewall using for All Destination Networks\n + 4. Firewall using a file" + + read opt_ip + case $opt_ip in + 1) echo -e "\nPlease Enter the IP Address of the Destination" + read ip_dest ;; + 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" + read ip_dest ;; + 3) ip_dest="0/0" ;; + 4) echo -e "\nPlease Enter the file name." + read ip_dest ;; + #5) ip_dest = "NULL" ;; + *) echo -e "Wrong Option Selected" + esac + ###############Getting the Protocol############# + echo -e " + 1. All Traffic of TCP + 2. Specific TCP Service + 3. Specific Port + 4. Using no Protocol" + read proto_ch + case $proto_ch in + 1) proto=TCP ;; + 2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)" + read proto ;; + 3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)" + read proto ;; + 4) proto="NULL" ;; + *) echo -e "Wrong option Selected!!!" + esac + + #############What to do With Rule############# + echo -e "What to do with Rule? + 1. Accept the Packet + 2. Reject the Packet + 3. Drop the Packet + 4. Create Log" + read rule_ch + case $rule_ch in + 1) rule="ACCEPT" ;; + 2) rule="REJECT" ;; + 3) rule="DROP" ;; + 4) rule="LOG" ;; + esac +###################Generating the Rule#################### +echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" +read temp +echo -e "The Generated Rule is \n" +if [ $proto == "NULL" ]; then + echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n" + gen=1 +else + echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n" + gen=2 +fi +echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2" +read yesno +if [ $yesno == 1 ] && [ $gen == 1 ]; then + iptables -A $chain -s $ip_source -d $ip_dest -j $rule +else if [ $yesno == 1 ] && [ $gen == 2 ]; then + iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule +else if [ $yesno == 1 ] && [$gen == 2]; then + iptables -A $chain -s $(grep -hvE "^#|^$" $ip_source) -d $(grep -hvE "^#|^$" $ip_dest) -p $proto -j $rule +else if [ $yesno == 3 ]; then + + + main +fi +fi +fi +fi +} + +main() +{ + ROOT_UID=0 + if [ $UID == $ROOT_UID ]; + then + clear + opt_main=1 + while [ $opt_main != 4 ] + do +echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n" +#############Check Whether the iptables installed or not############ + echo -e "\t*****Main Menu*****\n + 1. Check Iptables Package\n + 2. Iptables Services\n + 3. Build Your Firewall with Iptables\n + 4. Exit" + read opt_main + case $opt_main in + 1) echo -e "******************************" + rpm -q iptables + echo -e "******************************" ;; + 2) checkstatus ;; + 3) buildfirewall ;; + 4) exit 0 ;; + *) echo -e "Wrong option Selected!!!" + esac +done +else + echo -e "You Must be the ROOT to Perfom this Task!!!" +fi +} +main +exit 0 \ No newline at end of file diff --git a/scripts/loop_a_function.sh b/scripts/loop_a_function.sh new file mode 100644 index 0000000..4317024 --- /dev/null +++ b/scripts/loop_a_function.sh @@ -0,0 +1,17 @@ +#!/bin/bash +#loop a function + +FILE="../servers" + +uptime_ost () +{ +for host in $(cat ${FILE}) +do +ssh -o ConnectTimeout=3 -n root@$host "uptime" >> uptime_$host +done +} + +while true ;do + uptime_ost; + sleep 5 +done > /dev/null 2>&1 diff --git a/scripts/looping_within_host_ssh.sh b/scripts/looping_within_host_ssh.sh new file mode 100644 index 0000000..9b85dd2 --- /dev/null +++ b/scripts/looping_within_host_ssh.sh @@ -0,0 +1,10 @@ +#!/bin/bash +FILE=$1 + for host in $(cat $FILE); do + if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then + echo -e " $host must be mounted as binformd user\n" + else + ssh $host 'for i in $(hostname && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a celeraUmnt${DATE} + fi + done + diff --git a/scripts/motd b/scripts/motd new file mode 100644 index 0000000..037b7b9 --- /dev/null +++ b/scripts/motd @@ -0,0 +1,62 @@ +#/usr/local/bin/dynmotd +#!/bin/bash +USER=$(whoami) +HOSTNAME=$(uname -n) + +MEMORY1=$(free -t -h | grep "Mem" | awk '{print $3;}') +MEMORY2=$(free -h | grep "Mem" | awk '{print $2;}') +PSA=$(ps -Afl | wc -l) + +# time of day +DATE=$(date +"%F %H:%M:%S") + + +#System uptime +uptime=$(cat /proc/uptime | cut -f1 -d.) +upDays=$((uptime/60/60/24)) +upHours=$((uptime/60/60%24)) +upMins=$((uptime/60%60)) +upSecs=$((uptime%60)) + +#System load +LOAD1=`cat /proc/loadavg | awk {'print $1'}` +LOAD5=`cat /proc/loadavg | awk {'print $2'}` +LOAD15=`cat /proc/loadavg | awk {'print $3'}` + +#Host engine +ENGINE=$(hosted-engine --vm-status|grep "Engine status") + +RUNNING_VMS=$(virsh -r list | awk '{print$2 " "$3}'|grep -v "Name State"| column -t) + +#Some Colors +BRED='\033[1;31m' +RED='\033[0;31m' +NC='\033[0m' # No Color +#has the server been rebooted indicator +if [ $upDays -eq "0" ]; then + echo -e "${BRED}SERVER HAS BEEN REBOOTED $upHours hours AGO ${NC}"; +fi + +echo " +- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds +- Current time........: $DATE +- Current user........: $USER +- Hostname............: $HOSTNAME +- Release.............: `cat /etc/redhat-release` +- Users...............: Currently `users | wc -w` user(s) logged on +- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min) +- Memory used.........: $MEMORY1 of $MEMORY2 +- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB +- Processes...........: $PSA running +- VM's on this HV.....: +$RUNNING_VMS + +- Host engine status..: +$ENGINE + +==================================== volume status vm =============================== +$(gluster volume status vm clients|grep 'Brick\|Clients') + +==================================== volume status engine =========================== +$(gluster volume status engine clients|grep 'Brick\|Clients') +" diff --git a/scripts/mount_tool.sh b/scripts/mount_tool.sh new file mode 100644 index 0000000..318c7c4 --- /dev/null +++ b/scripts/mount_tool.sh @@ -0,0 +1,181 @@ +#!/bin/bash +#(c) Roy Cohen 29/03/2014 :roy@wondercohen.nl +#objective :Mount and Umount mounts on remote server +#last update :10/05/2014 +#version :0.3 + +if [ $# -lt 1 ] +then + echo "Syntax error must be : ./`basename $0` " + exit +fi +clear +# Parameter +DATE=`/bin/date +%H\u%M-%d-%b-%Y` +FILE=$1 +# Variables +LOGDIR="$HOME/celera/logs/" + +check(){ + opt_checkstatus=1 + while [ $opt_checkstatus != 6 ] + do + clear + echo -e "\n\t*****Checks for mount on servers*****\n + 1. Check all mounts via mtab\n + 2. Check Celera mounts via mtab\n + 3. Check all mounts via fstab\n + 4. Check Celera mounts via fstab\n + 5. Check Noauto mounts in fstab\n + 6. Go back to Main Menu" + + read opt_checkstatus + case $opt_checkstatus in + 1) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allMtab${DATE} + done + read temp;; + + 2) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraMtab_${DATE} + done + read temp;; + + 3) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allFstab${DATE} + done + read temp;; + + 4) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraFstab${DATE} + done + read temp;; + + 5) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allNoautoFstab${DATE} + done + read temp;; + + 6) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + +} + +mount() +{ + opt_checkstatus=1 + while [ $opt_checkstatus != 4 ] + do + clear + echo -e "\n\t***** Mount on servers *****\n + 1. Mount all via fstab\n + 2. Mount only Celera via fstab\n + 3. Mount all noauto via fstab\n + 4. Go back to Main Menu" + + read opt_checkstatus + case $opt_checkstatus in + 1) + for host in $(cat $FILE); do + if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then + echo -e " $host must be mounted as binformd user\n" | tee -a ${LOGDIR}binformd${DATE} + else + ssh $host mount -a 2>&1 | tee -a ${LOGDIR}mountAll${DATE} + fi + done + read temp;; + + 2) + for host in $(cat $FILE); do + if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then + echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE} + else + ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}celeraMnt${DATE} + fi + done + read temp;; + + 3) + for host in $(cat $FILE); do + if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then + echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE} + else + ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoMnt${DATE} + fi + done + read temp;; + + 4) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + +} + + +umount() +{ + opt_checkstatus=1 + while [ $opt_checkstatus != 3 ] + do + clear + echo -e "\n\t***** UnMount on servers *****\n + 1. UnMount all via fstab\n + 2. UnMount only Celera via fstab\n + 3. Go back to Main Menu" + + read opt_checkstatus + case $opt_checkstatus in + 1) + for host in $(cat $FILE); do + echo "are you sure? if so change the script" + #ssh $host umount -a 2>&1 | tee -a ${LOGDIR}umountAll${DATE} + done + read temp;; + + 2) + for host in $(cat $FILE); do + ssh $host 'for i in $(hostname && echo "**Mounts that were unmounted**" && cat /etc/fstab | grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do umount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoUmnt${DATE} + done + read temp;; + + 3) main;; + *) echo -e "Wrong Option Selected!!!" + esac + done + +} + + + +main() +{ + opt_main=1 + while [ $opt_main != 4 ] + do +echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n" +#############Check Mounts ############ + echo -e "\t*****Main Menu*****\n + 1. Checks mounts\n + 2. Mount\n + 3. Umount\n + 4. Exit" + read opt_main + case $opt_main in + 1) check ;; + 2) mount ;; + 3) umount ;; + 4) exit 0 ;; + *) echo -e "Wrong option Selected!!!" + esac +done +} +main +exit 0 diff --git a/scripts/ping_test.sh b/scripts/ping_test.sh new file mode 100644 index 0000000..b84917d --- /dev/null +++ b/scripts/ping_test.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +for host in $(cat $1) +do + + if ping -c 1 -w 5 $host &>/dev/null ; then + + echo "$host is up" + +fi + +done + diff --git a/scripts/sc.sh b/scripts/sc.sh new file mode 100644 index 0000000..614ea33 --- /dev/null +++ b/scripts/sc.sh @@ -0,0 +1,11 @@ +#tail -n 30 /u01/env/$1/tibco/tra/$1/application/logs/CARinboxBulk-Process_Archive.log |grep OutOfMemoryError |wc -l +#!/bin/bash +cd out/ +for h in $(ls /u01/zbx/agt/bin/OutOfMemory_log_checks/) +do +cd /u01/zbx/agt/bin/OutOfMemory_log_checks/ +mv $h.log.sh $h.sh +#touch $h.sh +#echo -e "#!/bin/bash\ntail -n 30 /u01/env/\$1/tibco/tra/\$1/application/logs/$h |grep OutOfMemoryError |wc -l" > $h.sh + +done diff --git a/scripts/some_thouts.sh b/scripts/some_thouts.sh new file mode 100644 index 0000000..8a9e096 --- /dev/null +++ b/scripts/some_thouts.sh @@ -0,0 +1,70 @@ +$opt_int $proto_ch $port_ch +if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then +1 1 1 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch +elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then +1 2 1 -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch +elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then +1 3 2 -A $chain -s $ip_source -i $interface --dport $port -j $rule_ch +elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then +1 1 2 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch +elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then +2 1 1 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch +elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then +2 2 1 -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch +elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then +2 3 2 -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule_ch +elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then +2 1 2 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch +fi + + +-A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch ($opt_int = 1 $proto_ch=2 $port_ch=2) +-A $chain -s $ip_source -i $interface --dport 443 -j $rule_ch ($opt_int = 1 $proto_ch=3 NO PROTOC) +-A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch ($opt_int = 2 $proto_ch=2) +-A $chain -s $ip_source -d $ip_dest --dport 443 -j $rule_ch ($opt_int = 2 $proto_ch=3 NO PROTOC) + + +RULE="-A$chain$ipdetails$ip_dest$proto$port$rule" + for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$12$14}'|grep "^-") + do + if [ "$RULE" == "$FILE" ] ; then + echo "this Rule -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule exsists" + read temp + + -A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp -m tcp --dport 443 -j ACCEPT + -A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp --dport 443 -j ACCEPT + + + awk '{print $1$2$3$4$5$6$7$8$9$10$11$12$13$14$15}' + for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$8$12$14}'|grep "^-") + do + RULE="-A$chain$ipdetails$interface$ip_dest$proto$port$rule" + if [ "$RULE" == "$FILE" ] ; then + echo -e "This Rule \"-D $chain -s $ip_source -i $interface -p $proto --dport $port\" -j $rule exsists" + echo -e "\nGo Back to Build Your Firewall program Or to Main Menu\n + 1. Back to Build Your Firewall with Iptables + 2. Go back to Main Menu" + read back_to + case $back_to in + 1) buildfirewall;; + 2) main;; + *) echo -e "Wrong option Selected!!!" + esac + + + + + for duplicate_iptables in `(cat /etc/sysconfig/iptables | sort | uniq | grep "^-")` + do + echo "iptables $duplicate_iptables" + done + + while read -r duplicate_iptables + do + iptables $duplicate_iptables + done < /etc/sysconfig/iptables | grep "^-" + + cat /etc/sysconfig/iptables | xargs -n1 -i{} grep '^{}$' ngfilelist.txt + + + \ No newline at end of file diff --git a/scripts/ssh_loop.sh b/scripts/ssh_loop.sh new file mode 100644 index 0000000..bc174b3 --- /dev/null +++ b/scripts/ssh_loop.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +FILE=$1 + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in $(cat ${FILE}) +do + +#scp bashrc root@$host:/etc/ + +#echo $IP + + +#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname" +ssh -n root@$host "hostname" +#ssh -n root@$host "hostname" + +#add to known hosts +#ssh-keyscan -H $host >> ~/.ssh/known_hosts + +done + +#IPADDR="10.2.2." diff --git a/scripts/test_con_server_status.sh b/scripts/test_con_server_status.sh new file mode 100644 index 0000000..526d59b --- /dev/null +++ b/scripts/test_con_server_status.sh @@ -0,0 +1,15 @@ +#!/bin/bash +#Roy Cohen +# Test server conection to GW and whire the date and upteme to a logfile + +status=$(ps -ef | grep test_con_server_status.sh | grep -v grep |wc -l) +if [ "$status" -ge 3 ] ; + then + exit + else + while true + do + nc -z 10.2.1.1 22 && echo $(date && uptime) >> /var/log/custom/$HOSTNAME + sleep 5 + done +fi diff --git a/scripts/test_scripts/gluster_peer_check.sh b/scripts/test_scripts/gluster_peer_check.sh new file mode 100644 index 0000000..6a1ba93 --- /dev/null +++ b/scripts/test_scripts/gluster_peer_check.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +HOST=$1 +TIME=$(date) +while echo -e "\n**$TIME**" >> gluster_peer_$HOST ;do + ssh -o ConnectTimeout=3 -n root@$HOST "gluster peer status" + sleep 5; +done >> gluster_peer_$HOST.log 2>&1 diff --git a/scripts/test_scripts/log_oc_nodes.sh b/scripts/test_scripts/log_oc_nodes.sh new file mode 100644 index 0000000..170f441 --- /dev/null +++ b/scripts/test_scripts/log_oc_nodes.sh @@ -0,0 +1,6 @@ +for (( ; ; )) +do + date >> oc_node_status.log + oc get nodes -o wide >> oc_node_status.log + sleep 2 +done diff --git a/scripts/test_scripts/log_oc_pods.sh b/scripts/test_scripts/log_oc_pods.sh new file mode 100644 index 0000000..3f0c015 --- /dev/null +++ b/scripts/test_scripts/log_oc_pods.sh @@ -0,0 +1,6 @@ +for (( ; ; )) +do + date >> oc_pod_status.log + oc get pods --all-namespaces -o wide >> oc_pod_status.log + sleep 10 +done diff --git a/scripts/test_scripts/log_ping_between.sh b/scripts/test_scripts/log_ping_between.sh new file mode 100644 index 0000000..2f302b3 --- /dev/null +++ b/scripts/test_scripts/log_ping_between.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +FROM_SERVER=$1 +TO_SERVER=$2 +LOG_FILE="ping_${FROM_SERVER}_to_${TO_SERVER}.log" + +for (( ; ; )) +do + date >> $LOG_FILE + ssh -o ConnectTimeout=1 -o ConnectionAttempts=1 \ + ${FROM_SERVER} ping ${TO_SERVER} | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' >> $LOG_FILE + echo "Disconnected from server..." >> $LOG_FILE + sleep 10 +done diff --git a/scripts/test_scripts/ping_test.sh b/scripts/test_scripts/ping_test.sh new file mode 100644 index 0000000..971bf28 --- /dev/null +++ b/scripts/test_scripts/ping_test.sh @@ -0,0 +1,18 @@ +#!/bin/bash +HOSTS=(host1 +host2 +) + +uptime_mv () +{ +for host in "${HOSTS[@]}" ; +do + PONG=$(ping -c 1 $host) +echo "$(date) $PONG" >> ping_$host.log & +done +} + +while true ;do + uptime_mv ; + sleep 1 +done diff --git a/scripts/test_scripts/test_all.sh b/scripts/test_scripts/test_all.sh new file mode 100644 index 0000000..4388458 --- /dev/null +++ b/scripts/test_scripts/test_all.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +function cleanup { + # Your cleanup code here + echo "My pid is: $$ ?" + echo "Pids to kill: $(pgrep -P $$)" + pkill -P $$ +} +trap cleanup EXIT + +# Now the real work: + +# Things to measure: +# - availability of loadbalancer (log_haproxy.sh) +# - availability of webconsole and master APIs (log_master_api.sh) +# - state of nodes (log_oc_nodes.sh) +# - state of pods (log_oc_pods.sh) +# - availability of servers +# - pings between servers (log_ping_between.sh) + +mkdir $1 +cd $1 + +#../log_haproxy.sh & +#../log_master_api.sh & +#../log_oc_nodes.sh & +#../log_oc_pods.sh & +../uptime_hv.sh & +../virsh_list_hv.sh & +../uptime_vm.sh & +../gluster_peer_check.sh & +wait + diff --git a/scripts/test_scripts/uptime_hv.sh b/scripts/test_scripts/uptime_hv.sh new file mode 100644 index 0000000..c343795 --- /dev/null +++ b/scripts/test_scripts/uptime_hv.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +HOSTS=( + +) + +uptime_ost () +{ +for host in "${HOSTS[@]}" ; +do +ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log +done +} + +while true ;do + uptime_ost; + sleep 5 +done > /dev/null 2>&1 diff --git a/scripts/test_scripts/uptime_vm.sh b/scripts/test_scripts/uptime_vm.sh new file mode 100644 index 0000000..a38a92f --- /dev/null +++ b/scripts/test_scripts/uptime_vm.sh @@ -0,0 +1,17 @@ +#!/bin/bash +HOSTS=(host1 +host2 +) + +uptime_mv () +{ +for host in "${HOSTS[@]}" ; +do +ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log +done +} + +while true ;do + uptime_mv ; + sleep 5 +done > /dev/null 2>&1 diff --git a/scripts/test_scripts/virsh_list_hv.sh b/scripts/test_scripts/virsh_list_hv.sh new file mode 100644 index 0000000..a0be82f --- /dev/null +++ b/scripts/test_scripts/virsh_list_hv.sh @@ -0,0 +1,19 @@ +#!/bin/bash +HOSTS=( +host1 +host2 +) + +virsh_test () +{ +for host in "${HOSTS[@]}" ; +do +echo $(date) >> virsh_$host +ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "virsh -r list" >> virsh_$host.log +done +} + +while true ;do + virsh_test; + sleep 5 +done > /dev/null 2>&1 diff --git a/scripts/tools/OS_patching_tool.sh b/scripts/tools/OS_patching_tool.sh new file mode 100644 index 0000000..5589bcf --- /dev/null +++ b/scripts/tools/OS_patching_tool.sh @@ -0,0 +1,194 @@ +#!/bin/bash +#Roy Cohen :roy@proteon.com +#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag +#objective :OpenShift pathing tool using yum (RHEL and Centos) +#First line of code :04/09/2019 +#last update :06/09/2019 +#version :0.1 +#inspred by /home/freark/bin/batch_upgrade.sh + + +#Check if root is running the script +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi + +# Parameters +NAGIOS_SCRIPT='/opt/proteon-scripts/minions/nagios/generic/nagios_add_downtime_host.sh' +BASE_LOG_DIR=/var/log/batch_upgrade +TIMESTAMP=$(date +%Y%m%d.%H%M) + +#set the master host +read -p "Enter OpenShift master: " OS_MASTER + +#Set node varible +OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1) +COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l) +#TODO what if there are more that one node already driand? +if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then + echo -e "n\ NOTE: There are driand nodes on the cluster\n + Please chack the master node for possible issues" + exit 1 +fi + +###############################OPENSHIFT PACHING BEGINS HERE############################### +#list nodes on the OpenShift Master +function list_nodes() +{ + printf '%s\n' "${OS_NODES_READY[@]}" + set_update_host +} + +#set the hostname for the update +function set_update_host() +{ +echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish" +read -p "Enter OpenShift node: " HOST_TO_UPDATE +} + +#Breack in an error +function pause_on_error { + if [ $1 -ne 0 ] + then + echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue" + read + fi +} + +#Add nagios downtime +function nagios_downtime() +{ + $NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host' + echo "Adding downtime for host $HOST_TO_UPDATE..." + pause_on_error $? +} + +#just a counter, one minute +function time_counter() +{ +count=0 +total=120 + + while [ $count -lt $total ]; do + sleep 0.5 # this is work + count=$(( $count + 1 )) + pd=$(( $count * 60 / $total )) + printf "\r${pd}s" $(( $count * 60 / $total )) + done +} + +#Drain the node +function drain() +{ + echo "Draining $HOST_TO_UPDATE" + ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE" + echo " + ________________________________________________________________________ +< This will take a minute, Just making sure that the node is fully drained > + ------------------------------------------------------------------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/ + ||----w | + || || + + " + time_counter + pause_on_error $? +} + +#Update node +function update() +{ + mkdir -p ${BASE_LOG_DIR} + LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX) + + echo -e "n\I'm now going to update $HOST_TO_UPDATE." + echo "You can follow/check logs in:" + echo ${LOG_DIR} + echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here." + echo "If any fail you MUST check and update these before proceeding!" + echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m" + read + echo "This may take some time..." + echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c " + + #exclude openshift and docker + ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf" + #update command + ssh -t $HOST_TO_UPDATE "sleep 10 && yum update --security" | tee ${LOG_DIR}/$HOST_TO_UPDATE + pause_on_error $? +} + +#reboot node +function reboot_server() +{ +LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX) + + + echo "Restarting server $HOST_TO_UPDATE" + #ANSWER='dummyvalue' + while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do + echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m" + read ANSWER + if [[ "${ANSWER}" == 's' ]]; then + echo "Skipping $HOST_TO_UPDATE" + return 0 + fi + if [[ "${ANSWER}" == 'c' ]]; then + echo "Proceeding to reboot $HOST_TO_UPDATE" + break + fi + done + + timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot" + # no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode + # pause_on_error $? + + # wait until the server is down + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + while [[ $rc == 0 ]] + do + echo "Waiting for $HOST_TO_UPDATE to be down..." + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + sleep 0.5 + done + + echo "Server $HOST_TO_UPDATE appears to be down..." + + # wait until... + # server pings again + + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + while [[ $rc != 0 ]] + do + echo "Waiting for $HOST_TO_UPDATE to be back up..." + ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true + rc=$? + sleep 5 + done +} + +#uncordon node in the OpenShift master +function uncordon() +{ + echo "------------------------------------" + echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER" + ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE" + list_nodes + pause_on_error $? +} + + +############################### -MAIN RUN- ############################### + +list_nodes +nagios_downtime +drain +update +reboot_server +uncordon diff --git a/scripts/tools/collect_info.sh b/scripts/tools/collect_info.sh new file mode 100644 index 0000000..8f456e4 --- /dev/null +++ b/scripts/tools/collect_info.sh @@ -0,0 +1,13 @@ +#!/bin/bash +#Roy Cohen :roy@proteon.com +#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag +#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host. +#First line of code :09/10/2019 +#last update :11/10/2019 +#version :0.1 +#synatx example of hostfile : contract code must be in uppercase and my contain numbers + echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'` + echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo` + TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+) + SUM_HDD=$(echo $(($TOTAL_HDD_SIZE)) | awk '{ byte =$1 /1024**2 ; print byte}') + echo -e "\t,Disks size,\t "$(echo $SUM_HDD) \ No newline at end of file diff --git a/scripts/tools/drain_host.sh b/scripts/tools/drain_host.sh new file mode 100644 index 0000000..ae7d744 --- /dev/null +++ b/scripts/tools/drain_host.sh @@ -0,0 +1,14 @@ +#!/bin/bash +OS_MASTER=$1 +HOSTS=($(cat $2)) + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in "${HOSTS[@]}" +do + ssh -n root@$1 "oc adm drain --ignore-daemonsets $host" +done diff --git a/scripts/tools/just_a_waiting_bar.sh b/scripts/tools/just_a_waiting_bar.sh new file mode 100644 index 0000000..1314439 --- /dev/null +++ b/scripts/tools/just_a_waiting_bar.sh @@ -0,0 +1,32 @@ +#!/bin/bash +HOST_TO_UPDATE=Host1 +OS_MASTER=Master1 + +function time_counter() +{ +count=0 +total=120 + + while [ $count -lt $total ]; do + sleep 0.5 # this is work + count=$(( $count + 1 )) + pd=$(( $count * 60 / $total )) + printf "\r${pd}s" $(( $count * 60 / $total )) + done +} + + + echo "Draining $HOST_TO_UPDATE" + echo "ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"" + echo " + ________________________________________________________________________ +< This will take a minute, Just making sure that the node is fully drained > + ------------------------------------------------------------------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/\/ + ||----w | + || || + + " + time_counter \ No newline at end of file diff --git a/scripts/tools/run_collect_info_v2.sh b/scripts/tools/run_collect_info_v2.sh new file mode 100644 index 0000000..22f33c3 --- /dev/null +++ b/scripts/tools/run_collect_info_v2.sh @@ -0,0 +1,54 @@ +#!/bin/bash +#Roy Cohen :roy@proteon.com +#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag +#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files. +#First line of code :09/10/2019 +#last update :11/10/2019 +#version :0.1 +#synatx example of hostfile : contract code must be in uppercase and my contain numbers + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi +CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l) + +if [[ $CHECK_CONTACT_CODES -gt 0 ]] + then + echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase" + +else +#clean the results directory +rm /opt/scripts/tools/collect_info/results/* + +#collect data from remote server + for host in $(cat $1) + do + HOST=$(echo $host|cut -d "," -f1) + CONTRACT_LIST=$(echo $host|cut -d "," -f2) + scp -q -p collect_info.sh $HOST:/root + SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh") + printf "%s " "$HOST," >> results/$CONTRACT_LIST + echo $SSH_OUT >> results/$CONTRACT_LIST + done 2>/opt/scripts/tools/collect_info/results/error.log + + +# sums-up the colleced data in to contact code files +for contr_file in $(ls /opt/scripts/tools/collect_info/results/) + do + RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc ) + CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc ) + HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc ) + echo "Total Processors, $CPU" > /opt/scripts/tools/collect_info/results/$contr_file + echo "Memory RAM Total in MB, $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file + echo "Disk size in GB, $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file +done +fi + +#cat all the contracts +for contr in $(ls /opt/scripts/tools/collect_info/results/) + do + echo "----$contr---" + cat /opt/scripts/tools/collect_info/results/$contr + done diff --git a/scripts/tools/uncordon_host.sh b/scripts/tools/uncordon_host.sh new file mode 100644 index 0000000..46663dd --- /dev/null +++ b/scripts/tools/uncordon_host.sh @@ -0,0 +1,14 @@ +#!/bin/bash +OS_MASTER=$1 +HOSTS=($(cat $2)) + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in "${HOSTS[@]}" +do + ssh -n root@$1 "oc adm uncordon $host" +done diff --git a/scripts/uptime_loop.sh b/scripts/uptime_loop.sh new file mode 100644 index 0000000..ab96254 --- /dev/null +++ b/scripts/uptime_loop.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +FILE=$1 + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in $(cat ${FILE}) +do + +ssh -n root@$host "hostname && uptime && virsh -r list" + +done diff --git a/shell.sh b/shell.sh new file mode 100644 index 0000000..9d27f19 --- /dev/null +++ b/shell.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash + +# Wonder Cohen - The Hague The Netherlands +# shell_history_audit.sh – put in /etc/profile.d +# Logs every interactive-bash command (including within sudo) to /var/log/history +# Author: Roy Cohen Last-update: 2025-06-23 + +### Installation notes: +## Create the script +# /etc/profile.d/shell_history_audit.sh + +## Create log directory and group +# sudo groupadd -f historylog +# sudo mkdir -p /var/log/history +# sudo chown root:historylog /var/log/history +# sudo chmod 1770 /var/log/history + +## Create the error log +# sudo touch /var/log/history_audit_errors.log +# sudo chown root:historylog /var/log/history_audit_errors.log +# sudo chmod 666 /var/log/history_audit_errors.log + +## Secure script +# sudo chmod 644 /etc/profile.d/shell_history_audit.sh +# sudo chown root:root /etc/profile.d/shell_history_audit.sh + +## Make log files append-only (optional) +# sudo find /var/log/history -type f -exec chattr +a {} \; +# +## Sudo environment setting +# visudo +# Defaults env_keep += "HISTFILE HISTTIMEFORMAT" +# + +############################################################################## +# Config – change these once +HISTDIR="/var/log/history" +AUDITGROUP="historylog" # group allowed to read the logs +LOG_MODE=0640 # -rw-r----- root:historylog +DIR_MODE=1770 # drwxrwx--T root:historylog +AUTO_LOGOUT=3600 # seconds +ERRLOG="/var/log/history_audit_errors.log" + +############################################################################## +# Skip for non-interactive shells +[[ $- != *i* ]] && return + +############################################################################## +# Auto-logout +readonly TMOUT="$AUTO_LOGOUT" +export TMOUT + +############################################################################## +# Determine source user (for sudo tracking) +if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then + SRC="$SUDO_USER" +else + SRC=$(logname 2>/dev/null || echo "$USER") +fi + +LOGFILE="$HISTDIR/${USER}_${SRC}.log" + +############################################################################## +# Create logfile if directory is writable and it doesn't exist +if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then + touch "$LOGFILE" # we have permission + chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true + chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true +fi +############################################################################## +# Check group membership (user must be in $AUDITGROUP) +if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then + logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped." + return 0 +fi +############################################################################## +# Activate history logging only when logfile exists & is writable +if [[ -w "$LOGFILE" ]]; then + export HISTFILE="$LOGFILE" + export HISTSIZE= + export HISTFILESIZE= + export HISTIGNORE='' + export HISTCONTROL='ignoreboth' + export HISTTIMEFORMAT='%F %T ' + + shopt -s histappend + case "${PROMPT_COMMAND:-}" in + *history\ -a*) : ;; + *) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;; + esac +else + # Log error (optional) + echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true +fi \ No newline at end of file diff --git a/shell_history_audit.sh b/shell_history_audit.sh new file mode 100644 index 0000000..8ff6de8 --- /dev/null +++ b/shell_history_audit.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash + +# SPDX-License-Identifier: GPL-3.0-or-later +# Copyright © 2025 Roy Cohen + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the “Software”), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED + +# Wonder Cohen - The Hague The Netherlands +# shell_history_audit.sh – put in /etc/profile.d +# Logs every interactive-bash command (including within sudo) to /var/log/history +# Last-update: 2025-06-23 + +### Installation notes: +## Create the script +# /etc/profile.d/shell_history_audit.sh + +## Create log directory and group +# sudo groupadd -f historylog +# sudo mkdir -p /var/log/history +# sudo chown root:historylog /var/log/history +# sudo chmod 1770 /var/log/history + +## Create the error log +# sudo touch /var/log/history_audit_errors.log +# sudo chown root:historylog /var/log/history_audit_errors.log +# sudo chmod 666 /var/log/history_audit_errors.log + +## Secure script +# sudo chmod 644 /etc/profile.d/shell_history_audit.sh +# sudo chown root:root /etc/profile.d/shell_history_audit.sh + +## Make log files append-only (optional) +# sudo find /var/log/history -type f -exec chattr +a {} \; +# +## Sudo environment setting +# visudo +# Defaults env_keep += "HISTFILE HISTTIMEFORMAT" +# + +############################################################################## +# Config – change these once +HISTDIR="/var/log/history" +AUDITGROUP="historylog" # group allowed to read the logs +LOG_MODE=0640 # -rw-r----- root:historylog +DIR_MODE=1770 # drwxrwx--T root:historylog +AUTO_LOGOUT=3600 # seconds +ERRLOG="/var/log/history_audit_errors.log" + +############################################################################## +# Skip for non-interactive shells +[[ $- != *i* ]] && return + +############################################################################## +# Auto-logout +readonly TMOUT="$AUTO_LOGOUT" +export TMOUT + +############################################################################## +# Determine source user (for sudo tracking) +if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then + SRC="$SUDO_USER" +else + SRC=$(logname 2>/dev/null || echo "$USER") +fi + +LOGFILE="$HISTDIR/${USER}_${SRC}.log" + +############################################################################## +# Create logfile if directory is writable and it doesn't exist +if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then + touch "$LOGFILE" # we have permission + chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true + chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true +fi +############################################################################## +# Check group membership (user must be in $AUDITGROUP) +if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then + logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped." + return 0 +fi +############################################################################## +# Activate history logging only when logfile exists & is writable +if [[ -w "$LOGFILE" ]]; then + export HISTFILE="$LOGFILE" + export HISTSIZE= + export HISTFILESIZE= + export HISTIGNORE='' + export HISTCONTROL='ignoreboth' + export HISTTIMEFORMAT='%F %T ' + + shopt -s histappend + case "${PROMPT_COMMAND:-}" in + *history\ -a*) : ;; + *) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;; + esac +else + # Log error (optional) + echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true +fi \ No newline at end of file diff --git a/ssh_loops/loop_array.sh b/ssh_loops/loop_array.sh new file mode 100644 index 0000000..e53e41f --- /dev/null +++ b/ssh_loops/loop_array.sh @@ -0,0 +1,13 @@ +#!/bin/bash +#find only derctoris older then 10 days +DIR_NAME=($(find /opt/backup/database/ -maxdepth 1 -type d -ctime +10)) + +for dir in "${DIR_NAME[@]}" +do + echo "tar -cvPf $dir.tgz $dir --remove-files" + +done + + +#this will tar and remove + #tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files \ No newline at end of file diff --git a/ssh_loops/loop_array_with_flags.sh b/ssh_loops/loop_array_with_flags.sh new file mode 100644 index 0000000..3f0a8d5 --- /dev/null +++ b/ssh_loops/loop_array_with_flags.sh @@ -0,0 +1,51 @@ +#!/bin/bash +#find only directories older then 10 days + +#this will tar and remove + #tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files + + while test $# -gt 0; do + case "$1" in + -h|--help) + echo "$package - attempt to capture frames" + echo " " + echo "$package [options] application [arguments]" + echo " " + echo "options:" + echo "-h, --help show brief help" + echo "--days=<1-n> specify an action to use" + echo "-o, --output-dir=DIR specify a directory to store output in" + exit 0 + ;; + -a) + shift + DIR_NAME=($(find /var/log -maxdepth 1 -type d -mtime +10)) + if test $# -gt 0; then + export PROCESS=$1 + else + for dir in "${DIR_NAME[@]}" + do + echo "tar -czPf $dir.tar.gz $dir --remove-files" + done + exit 1 + fi + shift + ;; + --days*) + DIR_NAME=($(find /var/log/ -maxdepth 1 -type d -mtime +$2)) + if test $# -gt 0; then + export PROCESS=$1 + else + for dir in "${DIR_NAME[@]}" + do + echo "tar -czPf $dir.tar.gz $dir --remove-files" + done + exit 1 + + shift + ;; + *) + break + ;; + esac +done \ No newline at end of file diff --git a/ssh_loops/service_check_loop.sh b/ssh_loops/service_check_loop.sh new file mode 100644 index 0000000..1cc74ce --- /dev/null +++ b/ssh_loops/service_check_loop.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# This script will check the runing services for every host you provide in a source file. +# Example of running ./service_check_loop.sh + +HOSTNAME=($(cat $1)) + +if [ $# -lt 1 ] +then + echo "Syntax: ./$(basename $0) " + exit +fi + +for host in "${HOSTNAME[@]}" +do +printf "%s " "$host," +SSH_OUT=$(ssh -n root@$host "netstat -pnltu|cut -d "/" -f2|sed '/^$/d'|sort|uniq"|tr '\n' ',') +echo $SSH_OUT +done |tee -a /tmp/$1.log