concise7113/Bash_Scrips
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Roy
2025-06-23 21:19:51 +02:00
commit a4f9ea11f3
69 changed files with 4857 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
scripts/IptablesCleanTool.sh Normal file
View File

@ -0,0 +1,57 @@
#!/bin/bash
#(c) Roy Cohen 29/11/2012 :roy@wondercohen.nl
#objective :IPtables administering tool that cleans duplicate rules
#last update :29/11/2012
#version :0.1
# Parameters
IPT=/sbin/iptables
function check_duplicate()
{
}
function clean_duplicate()
{
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
OPT_MAIN=1
while [ $OPT_MAIN != 4 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check for Duplicate Rules\n
2. Clean the Duplicate Rules\n
3. Save the Iptables\n
4. Exit"
read OPT_MAIN
case $OPT_MAIN in
1) check_duplicate ;;
2) clean_duplicate ;;
3) exit 0 ;;
*) echo -e "Wrong option Selected!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!"
fi
}
main
exit 0

745
scripts/IptablesTool.sh Normal file
View File

@ -0,0 +1,745 @@
#!/bin/bash
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
#objective :IPtables administering tool
#last update :29/11/2012
#version :0.2
# Parameters
IPT="/sbin/iptables"
IPTSAVE="/etc/init.d/iptables save"
echo -e""
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
function checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
function buildfirewall()
{
function buildfirewallprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "Please the Source IP Address\n
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
}
###################Generating the Rule####################
buildfirewallprogram
function generate_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function generate_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
else
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
fi
}
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
function delfirewall()
{
function deleteonerule ()
{
echo -e "
1. Delete one rule
2. Go back to Main Menu"
read opt_delete_one_rule
case $opt_delete_one_rule in
1) echo -e "\nPlease Eneter the Rule."
read one_rule ;;
2) main;;
*) echo -e "Wrong Option Selected"
esac
echo "$one_rule"| sed 's/-A/-D/g'
echo "Do you want to remove this rule, Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] ; then
$IPT `echo $one_rule | sed 's/-A/-D/g'`
else
main
fi
}
function delprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
echo -e "
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
###################Generating the Rule####################
function del_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function del_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo "$opt_ip_srource"
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
else
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
fi
}
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
1. Delete a Custum Rule
2. Delete one Rule
3. Back to Main Menu"
read opt_delfirewall
case $opt_delfirewall in
1) delprogram ;;
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) main ;;
*) echo -e "Wrong option Selected!!!"
esac
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 6 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Delete Your Firewall with Iptables\n
5. EDSN script\n
6. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) buildfirewall ;;
4) delfirewall ;;
5) sh setIptables_config2.sh 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
6) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

743
scripts/IptablesTool2.sh Normal file
View File

@ -0,0 +1,743 @@
#!/bin/bash
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
#objective :IPtables administering tool
#last update :29/11/2012
#version :0.2
# Parameters
IPT="/sbin/iptables"
IPTSAVE="/etc/init.d/iptables save"
echo -e""
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
function checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
function buildfirewall()
{
function buildfirewallprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "Please the Source IP Address\n
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
}
###################Generating the Rule####################
buildfirewallprogram
function generate_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function generate_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
else
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
fi
}
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
function delfirewall()
{
function deleteonerule ()
{
echo -e "
1. Delete one rule
2. Go back to Main Menu"
read opt_delete_one_rule
case $opt_delete_one_rule in
1) echo -e "\nPlease Eneter the Rule."
read one_rule ;;
2) main;;
*) echo -e "Wrong Option Selected"
esac
echo "$one_rule"| sed 's/-A/-D/g'
echo "Do you want to remove this rule, Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] ; then
$IPT `echo $one_rule | sed 's/-A/-D/g'`
else
main
fi
}
function delprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
echo -e "
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
###################Generating the Rule####################
function del_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function del_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo "$opt_ip_srource"
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
else
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
fi
}
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
1. Delete a Custum Rule
2. Delete one Rule
3. Back to Main Menu"
read opt_delfirewall
case $opt_delfirewall in
1) delprogram ;;
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) main ;;
*) echo -e "Wrong option Selected!!!"
esac
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 6 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Delete Your Firewall with Iptables\n
6. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) buildfirewall ;;
4) delfirewall ;;
6) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

17
scripts/Loop_AddUser3.sh Normal file
View File

@ -0,0 +1,17 @@
user1,password1
user2,password2
etc..
The script:
for userdetails in `cat /pathto//users.txt`
do
user=`echo $userdetails | cut -f 1 -d ,`
passwd=`echo $userdetails | cut -f 2 -d ,`
echo "useradd -d /user1/kopen3 -p `mkpasswd $passwd` $user"
done
run the script and redirect the output to a file, e.g:
./createusers.sh > userscript.sh
chmod +x userscript.sh

54
scripts/adduser_schrpt.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
# Parameters
USER_DATA_FILE=$1
for userdetails in `cat $1`
do
ENVIRONMENT_NAME=`echo $userdetails | cut -f 1 -d:`
ORGANIZARION_NUMBER=`echo $userdetails | cut -f 2 -d:`
PASSWD=`echo $userdetails | cut -f 3 -d:`
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
egrep "^$USER_NAME" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
ENCR_PASSWD=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWD)
useradd -m -p $ENCR_PASSWD $USER_NAME
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
done
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
#!/bin/bash
# Script to add a user to Linux system
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi

97
scripts/bashrc Normal file
View File

@ -0,0 +1,97 @@
# /etc/bashrc
# System wide functions and aliases
# Environment stuff goes in /etc/profile
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
# are we an interactive shell?
if [ "$PS1" ]; then
if [ -z "$PROMPT_COMMAND" ]; then
case $TERM in
xterm*|vte*)
if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
PROMPT_COMMAND="__vte_prompt_command"
else
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
fi
;;
screen*)
if [ -e /etc/sysconfig/bash-prompt-screen ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
else
PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
fi
;;
*)
[ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
;;
esac
fi
# Turn on parallel history
shopt -s histappend
history -a
# Turn on checkwinsize
shopt -s checkwinsize
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
# You might want to have e.g. tty in prompt (e.g. more virtual machines)
# and console windows
# If you want to do so, just add e.g.
# if [ "$PS1" ]; then
# PS1="[\u@\h:\l \W]\\$ "
# fi
# to your custom modification shell script in /etc/profile.d/ directory
fi
if ! shopt -q login_shell ; then # We're not a login shell
# Need to redefine pathmunge, it get's undefined at the end of /etc/profile
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
SHELL=/bin/bash
# Only display echos from profile.d scripts if we are no login shell
# and interactive - otherwise just process them to set envvars
for i in /etc/profile.d/*.sh; do
if [ -r "$i" ]; then
if [ "$PS1" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
fi
# vim:ts=4:sw=4
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000
HISTFILESIZE=20000
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }

54
scripts/bashrc.hv Normal file
View File

@ -0,0 +1,54 @@
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000
HISTFILESIZE=20000
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }
USER=`whoami`
HOSTNAME=`uname -n`
MEMORY1=`free -t -m | grep "buffers/cache" | awk '{print $3" MB";}'`
MEMORY2=`free -t -m | grep "Mem" | awk '{print $2" MB";}'`
PSA=`ps -Afl | wc -l`
# time of day
DATE=$(date +"%F %H:%M:%S")
#System uptime
uptime=`cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
#Host engine
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
echo "
- Current time........: $DATE
- Current user........: $USER
- Hostname............: $HOSTNAME
- Release.............: `cat /etc/redhat-release`
- Users...............: Currently `users | wc -w` user(s) logged on
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
- Memory used.........: $MEMORY1 / $MEMORY2
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
- Processes...........: $PSA running
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
- Host engine status..:
$ENGINE
==================================== volume status vm ===============================
$(gluster volume status vm clients|grep 'Brick\|Clients')
==================================== volume status engine ===========================
$(gluster volume status engine clients|grep 'Brick\|Clients')
"

17
scripts/command_loop.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cut -d ":" -f2 ${FILE})
do
whois $host
#ssh -n root@$host "vgdisplay"
done

12
scripts/count_ip.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
FILE=;
for ip in $(tail -n 5000 $FILE |cut -d ' ' -f 1 |sort |uniq);
do
{
COUNT=$(grep ^$ip $FILE |wc -l);
if
[[ "$COUNT" -gt "500" ]]; then echo "$COUNT: $ip";
fi
};
done

55
scripts/git_prompt_func Normal file
View File

@ -0,0 +1,55 @@
#https://gist.github.com/halbtuerke/31934
#parse_git_branch() {
# git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/'
#}
#export PS1="\u@\h \[\033[32m\]\w\[\033[33m\]\$(parse_git_branch)\[\033[00m\] $ "
RED="\[\033[0;31m\]"
YELLOW="\[\033[0;33m\]"
GREEN="\[\033[0;32m\]"
BLUE="\[\033[0;34m\]"
LIGHT_RED="\[\033[1;31m\]"
LIGHT_GREEN="\[\033[1;32m\]"
WHITE="\[\033[1;37m\]"
LIGHT_GRAY="\[\033[0;37m\]"
COLOR_NONE="\[\e[0m\]"
function parse_git_branch {
git rev-parse --git-dir &> /dev/null
git_status="$(git status 2> /dev/null)"
branch_pattern="^# On branch ([^${IFS}]*)"
remote_pattern="# Your branch is (.*) of"
diverge_pattern="# Your branch and (.*) have diverged"
if [[ ! ${git_status}} =~ "working directory clean" ]]; then
state="${RED}⚡"
fi
# add an else if or two here if you want to get more specific
if [[ ${git_status} =~ ${remote_pattern} ]]; then
if [[ ${BASH_REMATCH[1]} == "ahead" ]]; then
remote="${YELLOW}↑"
else
remote="${YELLOW}↓"
fi
fi
if [[ ${git_status} =~ ${diverge_pattern} ]]; then
remote="${YELLOW}↕"
fi
if [[ ${git_status} =~ ${branch_pattern} ]]; then
branch=${BASH_REMATCH[1]}
echo " (${branch})${remote}${state}"
fi
}
function prompt_func() {
previous_return_value=$?;
# prompt="${TITLEBAR}$BLUE[$RED\w$GREEN$(__git_ps1)$YELLOW$(git_dirty_flag)$BLUE]$COLOR_NONE"
prompt="\u@\h \[\033[32m\]\${TITLEBAR}${BLUE}[${LIGHT_GRAY}\w${GREEN}$(parse_git_branch)${BLUE}]${COLOR_NONE}"
if test $previous_return_value -eq 0
then
PS1="${prompt}# "
else
PS1="${prompt}${RED}#${COLOR_NONE} "
fi
}
PROMPT_COMMAND=prompt_func

92
scripts/gluster_check.sh Normal file
View File

@ -0,0 +1,92 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster checks for Nagios
#First line of code :15/01/2019
#last update :17/01/2019
#version :0.1
#status :Not PRD ready
#Some general vars
#Server IP adress in the storage network TODO: osg servers
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
#number of active bricks on server acourding to gluster
NUMBER_OF_ACTIVE_BRICKS=$(gluster volume info|grep $STORAGE_IP| wc -l)
#name of active volumes on server acourding to gluster
GLUSTER_ACTIVE_VOLUM_NAMES=$(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
#numer of glusterfsd (brick daemon) running processes
GLUSTER_BRICK_NUMBER_PID=$(pidof glusterfsd |wc -w)
#glusterd pid status
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
#glusterfsd (brick daemon) pid status
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
######START OF SCRIPT#######
check_if_glusterd_is_running() {
#check if glusterd is running
if ! $GLUSTERD_STAT &>/dev/null; then
echo "CRITICAL: glusterd management daemon not running"
else
echo "OK: glusterd management daemon is running"
fi
}
check_if_glusterfsd_is_running() {
# check for glusterfsd (brick daemon)
if ! $GLUSTER_BRICK_STAT; then
echo "CRITICAL: glusterfsd brick daemon not running"
else
echo "OK: glusterfsd brick daemon is running"
fi
}
check_if_a_brick_is_down() {
# check number of active bricks
if [ "$NUMBER_OF_ACTIVE_BRICKS" == "$GLUSTER_BRICK_NUMBER_PID" ] ; then
echo "OK: all bricks are active"
else
echo "CRITICAL: There is one or more bricks down"
fi
}
check_heal_status_of_a_volume() {
# get volume heal status and redirect it to a tmp file
for volume in $(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
do
echo "volumes, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /tmp/gluster_monitoring
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
if [ "$?" -eq 0 ]; then
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
else
echo "OK: no volumes healing at this moment"
fi
echo "" > /tmp/gluster_monitoring
}
#### CALL THE FUNCTIONS ######
check_if_glusterd_is_running
check_if_glusterfsd_is_running
check_if_a_brick_is_down
check_heal_status_of_a_volume
# some logs test
#cat /var/log/glusterfs/glusterd.log|grep "E" |grep "failed"
# oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
if []
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
if [ "$?" -eq 0 ]; then
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
else
echo "OK: no volumes healing at this moment"
fi
echo "" > /tmp/gluster_monitoring

23
scripts/gluster_checks/check_gluster_bricks.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check bricks for Nagios
#First line of code :15/01/2019
#last update :28/01/2019
#version :1.1
######START OF SCRIPT#######
IP_OF_DOWN_BRICK=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N/A|N' |grep -v "Y"| grep -B1 "N/A" | grep Brick| uniq | cut -d ":" -f1| cut -d " " -f2)
NUMBER_OF_DOWN_BRICKS=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N'|grep "N/A"| awk '{print $4}'|grep N |wc -l)
if [[ $(find /tmp -name "brick_status" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster birck check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
# check number of active bricks
elif [ "$NUMBER_OF_DOWN_BRICKS" -eq 0 ] ; then
echo "OK: All bricks on are up"
exit 0
else
echo "CRITICAL: There are one or more bricks down on $IP_OF_DOWN_BRICK"
exit 2
fi

24
scripts/gluster_checks/check_gluster_cron.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :igenerate Gluster output for Nagios checks
#First line of code :15/01/2019
#last update :28/01/2019
#version :1.1
#info:
#This script needs to be added to cron and run every 3 min
#Some general vars
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
######START OF SCRIPT#######
#check status of the varous volumes
/usr/sbin/gluster volume status all > /tmp/brick_status
#check peer status
/usr/sbin/gluster peer status > /tmp/peer_status
# get volume heal status and redirect it to a tmp file
for volume in $(/usr/sbin/gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
do
echo "volume, $volume"
/usr/sbin/gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /tmp/gluster_monitoring_heal

25
scripts/gluster_checks/check_gluster_heal.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check heal for Nagios
#First line of code :15/01/2019
#last update :23/01/2019
#version :1.0
######START OF SCRIPT#######
OUT=$(cat /tmp/gluster_monitoring_heal 2>/dev/null |grep -a -v volume |sed "s/^[ \t]*//"| grep -a -v ^0 > /dev/null 2>&1 )
EXIT_CODE=$?
if [ -f /tmp/gluster_monitoring_heal ]; then
if [[ $(find /tmp -name "gluster_monitoring_heal" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster heal check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
elif [ "$EXIT_CODE" -eq 0 ]; then
echo -e "WARNING: volumes healing at this moment\n$(cat /tmp/gluster_monitoring_heal |sed "s/^[ \t]*//" | grep -a -v ^0)" && rm -f /tmp/gluster_monitoring_heal
exit 1
else
echo "OK: no volumes healing at this moment" && rm -f /tmp/gluster_monitoring_heal
exit 0
fi
else
echo "WARNING: there was an error during the gluster heal check please check /tmp/gluster_monitoring_heal"
exit 1
fi

23
scripts/gluster_checks/check_gluster_peer.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check peer for Nagios
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.0
######START OF SCRIPT#######
SATE_OF_DOWN_PEER=$(cat /tmp/peer_status | grep -a Disconnected | wc -l)
IP_OF_DOWN_PEER=$(cat /tmp/peer_status| grep -a -E "Hostname|Disconnected"| grep -a -B1 Disconnected | grep -a Hostname | cut -d ":" -f2| sed "s/^[ \t]*//")
if [[ $(find /tmp -name "peer_status" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster peer check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
# check number of active bricks
elif [ "$SATE_OF_DOWN_PEER" -eq 0 ] ; then
echo "OK: All bricks on are up"
exit 0
else
echo "CRITICAL: There are one or more peers down on $IP_OF_DOWN_PEER"
exit 2
fi

15
scripts/gluster_checks/check_gluster_pod.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check from within a pod server heal for Nagios
#First line of code :15/01/2019
#last update :24/01/2019
#version :1.0
######START OF SCRIPT#######
gluster volume status all > /brick_status
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
do
echo "volume, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /gluster_monitoring_heal

41
scripts/gluster_checks/check_glusterd.sh Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Check Gluster deamon state for Nagios
#First line of code :15/01/2019
#last update :17/01/2019
#version :1.0
#Some general vars
#glusterd pid status
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
#glusterfsd (brick daemon) pid status
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
######START OF SCRIPT#######
check_if_glusterd_is_running() {
#check if glusterd is running
if ! $GLUSTERD_STAT &>/dev/null; then
echo "CRITICAL: glusterd management daemon not running"
exit 2
else
echo "OK: glusterd management daemon is running"
exit 0
fi
}
check_if_glusterfsd_is_running() {
# check for glusterfsd (brick daemon)
if ! $GLUSTER_BRICK_STAT; then
echo "CRITICAL: glusterfsd brick daemon not running"
exit 2
else
echo "OK: glusterfsd brick daemon is running"
exit 0
fi
}
#### CALL THE FUNCTIONS ######
check_if_glusterd_is_running
check_if_glusterfsd_is_running

12
scripts/gluster_checks/copy_gluster_check_to_pod.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Copy check script to gluster pod for Nagios
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.1
######START OF SCRIPT#######
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
cd /root/scripts/
oc cp check_gluster_pod.sh glusterfs/$POD:/
oc exec -n glusterfs $POD /check_gluster_pod.sh && oc cp glusterfs/$POD:gluster_monitoring_heal /tmp && oc cp glusterfs/$POD:brick_status /tmp && oc cp glusterfs/$POD:brick_peer /tmp

20
scripts/gluster_checks/pod_loop_gluster_heal_status.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster heal status volume check in a pod
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.2
#info:
#This script needs to be added to cron and run every 3 min
#Some general vars
STORAGE_IP=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
######START OF SCRIPT#######
# get volume heal status and redirect it to a tmp file
for volume in $(/usr/sbin/gluster volume info|grep "Volume Name:" | cut -d ":" -f2)
do
echo "volume, $volume"
/usr/sbin/gluster v heal $volume info|grep "Status:"| grep "not connected"
done

58
scripts/gluster_checks/some_check_gluster_openshift.sh Normal file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check OSM server heal for Nagios
#First line of code :15/01/2019
#last update :24/01/2019
#version :1.0
######START OF SCRIPT#######
#gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
do
echo "volume, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done
#for volume in $(cat /tmp/volume_names)
#do
# OC="oc rsh -n"
# POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
# VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
#echo "volume, $volume"
# oc rsh -n glusterfs $POD | $VAR1
#done
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) ip -4 addr show
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
oc rsh -n glusterfs $POD gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
for volume in $(cat /tmp/volume_names)
do
OC="oc rsh -n"
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
echo "volume, $volume"
echo "$OC glusterfs $POD $VAR1"
done
/tmp/gluster_monitoring_heal
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
oc rsh -n glusterfs glusterfs-storage-4jq8n gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
oc cp /tmp/database.sql mysql:/tmp/
kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
oc cp glusterfs/glusterfs-storage-4jq8n:gluster_monitoring_heal /tmp

19
scripts/host_ssh_test.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
for host in $(cat ${FILE})
do
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
#ssh -n root@$host "ps -ef |grep vmtoolsd && hostname "
#ssh -n root@$host "hostname"
done

61
scripts/iptables1.sh Normal file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# Modify script as per your setup
# Usage: Sample firewall script
# ---------------------------
_input=/root/firewall/badips.db
_pub_if="eth1"
IPT=/sbin/iptables
# Die if file not found
[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }
# DROP and close everything
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
# Unlimited lo access
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Allow all outgoing connection but no incoming stuff by default
$IPT -A OUTPUT -o ${_pub_if} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i ${_pub_if} -m state --state ESTABLISHED,RELATED -j ACCEPT
### Setup our black list ###
# Create a new chain
$IPT -N droplist
# Filter out comments and blank lines
# store each ip or subnet in $ip
egrep -v "^#|^$" x | while IFS= read -r ip
do
# Append everything to droplist
$IPT -A droplist -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List "
$IPT -A droplist -i ${_pub_if} -s $ip -j DROP
done <"${_input}"
# Finally, insert or append our black list
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist
# Okay add your rest of $IPT commands here
# Example: open port 53
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p udp --dport 53 -j ACCEPT
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --dport 53 -j ACCEPT
# Open port 80
# $IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --destination-port 80 -j ACCEPT
# Allow incoming ICMP ping pong stuff
# $IPT -A INPUT -i ${_pub_if} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 3 -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 5 -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 11 -m limit --limit 30/sec -j ACCEPT
# drop and log everything else
$IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG
$IPT -A INPUT -j DROP

28
scripts/iptables2.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
# syntax of user list file
# sourceIPAdress:DestinationIPAddress:Port
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
# Parameters
USER_DATA_FILE=$1
_input=/path/to/text.db
IPT=/sbin/iptables
$IPT -N droplist
egrep -v "^#|^$" x | while IFS= read -r ip
do
$IPT -A droplist -i eth1 -s $ip -j LOG --log-prefix " myBad IP BlockList "
$IPT -A droplist -i eth1 -s $ip -j DROP
done < "$_input"
# Drop it
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist

209
scripts/iptables_Roy.sh Normal file
View File

@ -0,0 +1,209 @@
#!/bin/bash
echo -e "****************Welcome*************"
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
buildfirewall()
{
###############Getting the Chain############
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "
1. Firewall using Single Source IP\n
2. Firewall using Source Subnet\n
3. Firewall using for All Source Networks\n
4. Firewall choose a source file contationing ip addesses"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
#5) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
#########Getting Destination IP Address##########
echo -e "
1. Firewall using Single Destination IP\n
2. Firewall using Destination Subnet\n
3. Firewall using for All Destination Networks\n
4. Firewall using a file"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_dest ;;
#5) ip_dest = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Specific Port
4. Using no Protocol"
read proto_ch
case $proto_ch in
1) proto=TCP ;;
2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
read proto ;;
3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)"
read proto ;;
4) proto="NULL" ;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "What to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
esac
###################Generating the Rule####################
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $proto == "NULL" ]; then
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n"
gen=1
else
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n"
gen=2
fi
echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -j $rule
else if [ $yesno == 1 ] && [ $gen == 2 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
else if [ $yesno == 1 ] && [$gen == 2]; then
iptables -A $chain -s $(grep -hvE "^#|^$" $ip_source) -d $(grep -hvE "^#|^$" $ip_dest) -p $proto -j $rule
else if [ $yesno == 3 ]; then
main
fi
fi
fi
fi
}
main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 4 ]
do
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
#############Check Whether the iptables installed or not############
echo -e "\t*****Main Menu*****\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus ;;
3) buildfirewall ;;
4) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

17
scripts/loop_a_function.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#loop a function
FILE="../servers"
uptime_ost ()
{
for host in $(cat ${FILE})
do
ssh -o ConnectTimeout=3 -n root@$host "uptime" >> uptime_$host
done
}
while true ;do
uptime_ost;
sleep 5
done > /dev/null 2>&1

10
scripts/looping_within_host_ssh.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
FILE=$1
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"
else
ssh $host 'for i in $(hostname && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a celeraUmnt${DATE}
fi
done

62
scripts/motd Normal file
View File

@ -0,0 +1,62 @@
#/usr/local/bin/dynmotd
#!/bin/bash
USER=$(whoami)
HOSTNAME=$(uname -n)
MEMORY1=$(free -t -h | grep "Mem" | awk '{print $3;}')
MEMORY2=$(free -h | grep "Mem" | awk '{print $2;}')
PSA=$(ps -Afl | wc -l)
# time of day
DATE=$(date +"%F %H:%M:%S")
#System uptime
uptime=$(cat /proc/uptime | cut -f1 -d.)
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
#Host engine
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
RUNNING_VMS=$(virsh -r list | awk '{print$2 " "$3}'|grep -v "Name State"| column -t)
#Some Colors
BRED='\033[1;31m'
RED='\033[0;31m'
NC='\033[0m' # No Color
#has the server been rebooted indicator
if [ $upDays -eq "0" ]; then
echo -e "${BRED}SERVER HAS BEEN REBOOTED $upHours hours AGO ${NC}";
fi
echo "
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
- Current time........: $DATE
- Current user........: $USER
- Hostname............: $HOSTNAME
- Release.............: `cat /etc/redhat-release`
- Users...............: Currently `users | wc -w` user(s) logged on
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
- Memory used.........: $MEMORY1 of $MEMORY2
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
- Processes...........: $PSA running
- VM's on this HV.....:
$RUNNING_VMS
- Host engine status..:
$ENGINE
==================================== volume status vm ===============================
$(gluster volume status vm clients|grep 'Brick\|Clients')
==================================== volume status engine ===========================
$(gluster volume status engine clients|grep 'Brick\|Clients')
"

181
scripts/mount_tool.sh Normal file
View File

@ -0,0 +1,181 @@
#!/bin/bash
#(c) Roy Cohen 29/03/2014 :roy@wondercohen.nl
#objective :Mount and Umount mounts on remote server
#last update :10/05/2014
#version :0.3
if [ $# -lt 1 ]
then
echo "Syntax error must be : ./`basename $0` <file name>"
exit
fi
clear
# Parameter
DATE=`/bin/date +%H\u%M-%d-%b-%Y`
FILE=$1
# Variables
LOGDIR="$HOME/celera/logs/"
check(){
opt_checkstatus=1
while [ $opt_checkstatus != 6 ]
do
clear
echo -e "\n\t*****Checks for mount on servers*****\n
1. Check all mounts via mtab\n
2. Check Celera mounts via mtab\n
3. Check all mounts via fstab\n
4. Check Celera mounts via fstab\n
5. Check Noauto mounts in fstab\n
6. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allMtab${DATE}
done
read temp;;
2)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraMtab_${DATE}
done
read temp;;
3)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allFstab${DATE}
done
read temp;;
4)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraFstab${DATE}
done
read temp;;
5)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allNoautoFstab${DATE}
done
read temp;;
6) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
mount()
{
opt_checkstatus=1
while [ $opt_checkstatus != 4 ]
do
clear
echo -e "\n\t***** Mount on servers *****\n
1. Mount all via fstab\n
2. Mount only Celera via fstab\n
3. Mount all noauto via fstab\n
4. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n" | tee -a ${LOGDIR}binformd${DATE}
else
ssh $host mount -a 2>&1 | tee -a ${LOGDIR}mountAll${DATE}
fi
done
read temp;;
2)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
else
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}celeraMnt${DATE}
fi
done
read temp;;
3)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
else
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoMnt${DATE}
fi
done
read temp;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
umount()
{
opt_checkstatus=1
while [ $opt_checkstatus != 3 ]
do
clear
echo -e "\n\t***** UnMount on servers *****\n
1. UnMount all via fstab\n
2. UnMount only Celera via fstab\n
3. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
echo "are you sure? if so change the script"
#ssh $host umount -a 2>&1 | tee -a ${LOGDIR}umountAll${DATE}
done
read temp;;
2)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts that were unmounted**" && cat /etc/fstab | grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do umount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoUmnt${DATE}
done
read temp;;
3) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
main()
{
opt_main=1
while [ $opt_main != 4 ]
do
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
#############Check Mounts ############
echo -e "\t*****Main Menu*****\n
1. Checks mounts\n
2. Mount\n
3. Umount\n
4. Exit"
read opt_main
case $opt_main in
1) check ;;
2) mount ;;
3) umount ;;
4) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
}
main
exit 0

13
scripts/ping_test.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
for host in $(cat $1)
do
if ping -c 1 -w 5 $host &>/dev/null ; then
echo "$host is up"
fi
done

11
scripts/sc.sh Normal file
View File

@ -0,0 +1,11 @@
#tail -n 30 /u01/env/$1/tibco/tra/$1/application/logs/CARinboxBulk-Process_Archive.log |grep OutOfMemoryError |wc -l
#!/bin/bash
cd out/
for h in $(ls /u01/zbx/agt/bin/OutOfMemory_log_checks/)
do
cd /u01/zbx/agt/bin/OutOfMemory_log_checks/
mv $h.log.sh $h.sh
#touch $h.sh
#echo -e "#!/bin/bash\ntail -n 30 /u01/env/\$1/tibco/tra/\$1/application/logs/$h |grep OutOfMemoryError |wc -l" > $h.sh
done

70
scripts/some_thouts.sh Normal file
View File

@ -0,0 +1,70 @@
$opt_int $proto_ch $port_ch
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
1 1 1 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
1 2 1 -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
1 3 2 -A $chain -s $ip_source -i $interface --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
1 1 2 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
2 1 1 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
2 2 1 -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
2 3 2 -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
2 1 2 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
fi
-A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch ($opt_int = 1 $proto_ch=2 $port_ch=2)
-A $chain -s $ip_source -i $interface --dport 443 -j $rule_ch ($opt_int = 1 $proto_ch=3 NO PROTOC)
-A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch ($opt_int = 2 $proto_ch=2)
-A $chain -s $ip_source -d $ip_dest --dport 443 -j $rule_ch ($opt_int = 2 $proto_ch=3 NO PROTOC)
RULE="-A$chain$ipdetails$ip_dest$proto$port$rule"
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$12$14}'|grep "^-")
do
if [ "$RULE" == "$FILE" ] ; then
echo "this Rule -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule exsists"
read temp
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp --dport 443 -j ACCEPT
awk '{print $1$2$3$4$5$6$7$8$9$10$11$12$13$14$15}'
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$8$12$14}'|grep "^-")
do
RULE="-A$chain$ipdetails$interface$ip_dest$proto$port$rule"
if [ "$RULE" == "$FILE" ] ; then
echo -e "This Rule \"-D $chain -s $ip_source -i $interface -p $proto --dport $port\" -j $rule exsists"
echo -e "\nGo Back to Build Your Firewall program Or to Main Menu\n
1. Back to Build Your Firewall with Iptables
2. Go back to Main Menu"
read back_to
case $back_to in
1) buildfirewall;;
2) main;;
*) echo -e "Wrong option Selected!!!"
esac
for duplicate_iptables in `(cat /etc/sysconfig/iptables | sort | uniq | grep "^-")`
do
echo "iptables $duplicate_iptables"
done
while read -r duplicate_iptables
do
iptables $duplicate_iptables
done < /etc/sysconfig/iptables | grep "^-"
cat /etc/sysconfig/iptables | xargs -n1 -i{} grep '^{}$' ngfilelist.txt

28
scripts/ssh_loop.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cat ${FILE})
do
#scp bashrc root@$host:/etc/
#echo $IP
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
ssh -n root@$host "hostname"
#ssh -n root@$host "hostname"
#add to known hosts
#ssh-keyscan -H $host >> ~/.ssh/known_hosts
done
#IPADDR="10.2.2."

15
scripts/test_con_server_status.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#Roy Cohen
# Test server conection to GW and whire the date and upteme to a logfile
status=$(ps -ef | grep test_con_server_status.sh | grep -v grep |wc -l)
if [ "$status" -ge 3 ] ;
then
exit
else
while true
do
nc -z 10.2.1.1 22 && echo $(date && uptime) >> /var/log/custom/$HOSTNAME
sleep 5
done
fi

8
scripts/test_scripts/gluster_peer_check.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
HOST=$1
TIME=$(date)
while echo -e "\n**$TIME**" >> gluster_peer_$HOST ;do
ssh -o ConnectTimeout=3 -n root@$HOST "gluster peer status"
sleep 5;
done >> gluster_peer_$HOST.log 2>&1

6
scripts/test_scripts/log_oc_nodes.sh Normal file
View File

@ -0,0 +1,6 @@
for (( ; ; ))
do
date >> oc_node_status.log
oc get nodes -o wide >> oc_node_status.log
sleep 2
done

6
scripts/test_scripts/log_oc_pods.sh Normal file
View File

@ -0,0 +1,6 @@
for (( ; ; ))
do
date >> oc_pod_status.log
oc get pods --all-namespaces -o wide >> oc_pod_status.log
sleep 10
done

14
scripts/test_scripts/log_ping_between.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
FROM_SERVER=$1
TO_SERVER=$2
LOG_FILE="ping_${FROM_SERVER}_to_${TO_SERVER}.log"
for (( ; ; ))
do
date >> $LOG_FILE
ssh -o ConnectTimeout=1 -o ConnectionAttempts=1 \
${FROM_SERVER} ping ${TO_SERVER} | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' >> $LOG_FILE
echo "Disconnected from server..." >> $LOG_FILE
sleep 10
done

18
scripts/test_scripts/ping_test.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
HOSTS=(host1
host2
)
uptime_mv ()
{
for host in "${HOSTS[@]}" ;
do
PONG=$(ping -c 1 $host)
echo "$(date) $PONG" >> ping_$host.log &
done
}
while true ;do
uptime_mv ;
sleep 1
done

33
scripts/test_scripts/test_all.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
function cleanup {
# Your cleanup code here
echo "My pid is: $$ ?"
echo "Pids to kill: $(pgrep -P $$)"
pkill -P $$
}
trap cleanup EXIT
# Now the real work:
# Things to measure:
# - availability of loadbalancer (log_haproxy.sh)
# - availability of webconsole and master APIs (log_master_api.sh)
# - state of nodes (log_oc_nodes.sh)
# - state of pods (log_oc_pods.sh)
# - availability of servers
# - pings between servers (log_ping_between.sh)
mkdir $1
cd $1
#../log_haproxy.sh &
#../log_master_api.sh &
#../log_oc_nodes.sh &
#../log_oc_pods.sh &
../uptime_hv.sh &
../virsh_list_hv.sh &
../uptime_vm.sh &
../gluster_peer_check.sh<Hostname> &
wait

18
scripts/test_scripts/uptime_hv.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
HOSTS=(
)
uptime_ost ()
{
for host in "${HOSTS[@]}" ;
do
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
done
}
while true ;do
uptime_ost;
sleep 5
done > /dev/null 2>&1

17
scripts/test_scripts/uptime_vm.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
HOSTS=(host1
host2
)
uptime_mv ()
{
for host in "${HOSTS[@]}" ;
do
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
done
}
while true ;do
uptime_mv ;
sleep 5
done > /dev/null 2>&1

19
scripts/test_scripts/virsh_list_hv.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
HOSTS=(
host1
host2
)
virsh_test ()
{
for host in "${HOSTS[@]}" ;
do
echo $(date) >> virsh_$host
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "virsh -r list" >> virsh_$host.log
done
}
while true ;do
virsh_test;
sleep 5
done > /dev/null 2>&1

194
scripts/tools/OS_patching_tool.sh Normal file
View File

@ -0,0 +1,194 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :OpenShift pathing tool using yum (RHEL and Centos)
#First line of code :04/09/2019
#last update :06/09/2019
#version :0.1
#inspred by /home/freark/bin/batch_upgrade.sh
#Check if root is running the script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Parameters
NAGIOS_SCRIPT='/opt/proteon-scripts/minions/nagios/generic/nagios_add_downtime_host.sh'
BASE_LOG_DIR=/var/log/batch_upgrade
TIMESTAMP=$(date +%Y%m%d.%H%M)
#set the master host
read -p "Enter OpenShift master: " OS_MASTER
#Set node varible
OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1)
COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l)
#TODO what if there are more that one node already driand?
if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then
echo -e "n\ NOTE: There are driand nodes on the cluster\n
Please chack the master node for possible issues"
exit 1
fi
###############################OPENSHIFT PACHING BEGINS HERE###############################
#list nodes on the OpenShift Master
function list_nodes()
{
printf '%s\n' "${OS_NODES_READY[@]}"
set_update_host
}
#set the hostname for the update
function set_update_host()
{
echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish"
read -p "Enter OpenShift node: " HOST_TO_UPDATE
}
#Breack in an error
function pause_on_error {
if [ $1 -ne 0 ]
then
echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue"
read
fi
}
#Add nagios downtime
function nagios_downtime()
{
$NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host'
echo "Adding downtime for host $HOST_TO_UPDATE..."
pause_on_error $?
}
#just a counter, one minute
function time_counter()
{
count=0
total=120
while [ $count -lt $total ]; do
sleep 0.5 # this is work
count=$(( $count + 1 ))
pd=$(( $count * 60 / $total ))
printf "\r${pd}s" $(( $count * 60 / $total ))
done
}
#Drain the node
function drain()
{
echo "Draining $HOST_TO_UPDATE"
ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"
echo "
________________________________________________________________________
< This will take a minute, Just making sure that the node is fully drained >
------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/
||----w |
|| ||
"
time_counter
pause_on_error $?
}
#Update node
function update()
{
mkdir -p ${BASE_LOG_DIR}
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo -e "n\I'm now going to update $HOST_TO_UPDATE."
echo "You can follow/check logs in:"
echo ${LOG_DIR}
echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here."
echo "If any fail you MUST check and update these before proceeding!"
echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m"
read
echo "This may take some time..."
echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c "
#exclude openshift and docker
ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf"
#update command
ssh -t $HOST_TO_UPDATE "sleep 10 && yum update --security" | tee ${LOG_DIR}/$HOST_TO_UPDATE
pause_on_error $?
}
#reboot node
function reboot_server()
{
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo "Restarting server $HOST_TO_UPDATE"
#ANSWER='dummyvalue'
while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do
echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m"
read ANSWER
if [[ "${ANSWER}" == 's' ]]; then
echo "Skipping $HOST_TO_UPDATE"
return 0
fi
if [[ "${ANSWER}" == 'c' ]]; then
echo "Proceeding to reboot $HOST_TO_UPDATE"
break
fi
done
timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot"
# no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode
# pause_on_error $?
# wait until the server is down
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc == 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be down..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 0.5
done
echo "Server $HOST_TO_UPDATE appears to be down..."
# wait until...
# server pings again
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc != 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be back up..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 5
done
}
#uncordon node in the OpenShift master
function uncordon()
{
echo "------------------------------------"
echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER"
ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE"
list_nodes
pause_on_error $?
}
############################### -MAIN RUN- ###############################
list_nodes
nagios_downtime
drain
update
reboot_server
uncordon

13
scripts/tools/collect_info.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'`
echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo`
TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+)
SUM_HDD=$(echo $(($TOTAL_HDD_SIZE)) | awk '{ byte =$1 /1024**2 ; print byte}')
echo -e "\t,Disks size,\t "$(echo $SUM_HDD)

14
scripts/tools/drain_host.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
OS_MASTER=$1
HOSTS=($(cat $2))
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
exit
fi
for host in "${HOSTS[@]}"
do
ssh -n root@$1 "oc adm drain --ignore-daemonsets $host"
done

32
scripts/tools/just_a_waiting_bar.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
HOST_TO_UPDATE=Host1
OS_MASTER=Master1
function time_counter()
{
count=0
total=120
while [ $count -lt $total ]; do
sleep 0.5 # this is work
count=$(( $count + 1 ))
pd=$(( $count * 60 / $total ))
printf "\r${pd}s" $(( $count * 60 / $total ))
done
}
echo "Draining $HOST_TO_UPDATE"
echo "ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE""
echo "
________________________________________________________________________
< This will take a minute, Just making sure that the node is fully drained >
------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\/
||----w |
|| ||
"
time_counter

54
scripts/tools/run_collect_info_v2.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name with hosts and contract codes>"
exit
fi
CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l)
if [[ $CHECK_CONTACT_CODES -gt 0 ]]
then
echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase"
else
#clean the results directory
rm /opt/scripts/tools/collect_info/results/*
#collect data from remote server
for host in $(cat $1)
do
HOST=$(echo $host|cut -d "," -f1)
CONTRACT_LIST=$(echo $host|cut -d "," -f2)
scp -q -p collect_info.sh $HOST:/root
SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh")
printf "%s " "$HOST," >> results/$CONTRACT_LIST
echo $SSH_OUT >> results/$CONTRACT_LIST
done 2>/opt/scripts/tools/collect_info/results/error.log
# sums-up the colleced data in to contact code files
for contr_file in $(ls /opt/scripts/tools/collect_info/results/)
do
RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc )
CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc )
HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc )
echo "Total Processors, $CPU" > /opt/scripts/tools/collect_info/results/$contr_file
echo "Memory RAM Total in MB, $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file
echo "Disk size in GB, $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file
done
fi
#cat all the contracts
for contr in $(ls /opt/scripts/tools/collect_info/results/)
do
echo "----$contr---"
cat /opt/scripts/tools/collect_info/results/$contr
done

14
scripts/tools/uncordon_host.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
OS_MASTER=$1
HOSTS=($(cat $2))
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
exit
fi
for host in "${HOSTS[@]}"
do
ssh -n root@$1 "oc adm uncordon $host"
done

16
scripts/uptime_loop.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cat ${FILE})
do
ssh -n root@$host "hostname && uptime && virsh -r list"
done