concise7113/Bash_Scrips
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Roy
2025-06-23 21:19:51 +02:00
commit a4f9ea11f3
69 changed files with 4857 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

248
IptablesTool.sh~ Normal file
View File

@ -0,0 +1,248 @@
#!/bin/bash
#(c) Roy Cohen 2012 :roy.cohen@cgi.com
#CGI :George Hintzenweg 89 3068 AX Rotterdam, Netherlands 088 5640000
#objective :IPtables administarion tool
#last update :23/11/2012
#version :0.1
# Parameters
IPT=/sbin/iptables
echo -e " Welcome"
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
buildfirewall()
{
##############Chose interface###############
echo -e " Configure a Network Interface or a Destination Networks?\n
1. A Network Interface
2. No Network Interface. Destination Networks Only"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Chain############
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "
1. Firewall using Single Source IP\n
2. Firewall using Source Subnet\n
3. Firewall using for All Source Networks\n
4. Firewall choose a source file contationing ip addesses"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
#5) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
#########Getting Destination IP Address##########
echo -e "
1. Firewall using Single Destination IP\n
2. Firewall using Destination Subnet\n
3. Firewall using for All Destination Networks\n
4. Firewall using a file"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_dest ;;
#5) ip_dest = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Specific Port
4. Specific Port Number
5. Using no Protocol"
read proto_ch
case $proto_ch in
1) proto=TCP ;;
2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
read proto ;;
3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)"
read proto ;;
4) echo -e "Enter the Port Number: "
read proto ;;
5) proto="NULL" ;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "What to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
esac
###################Generating the Rule####################
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
for ipdetails in `cat $ip_source`
do
if [[ $interface == *eth* ]] ; then
echo -e "\n$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule\n "
gen=1
else if [ $interface == "NULL"] ; then
echo -e "\n$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule\n "
gen=2
else if [ $proto == "NULL" ]; then
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n"
gen=3
else if [[ $proto == * ]]; then
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n"
gen=4
fi
fi
fi
fi
echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule
else if [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule
else if [ $yesno == 1 ] && [ $gen == 3 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -j $rule
else if [ $yesno == 1 ] && [ $gen == 4 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
else if [ $yesno == 2 ]; then
main
fi
fi
fi
fi
fi
}
main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 4 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t*****Main Menu*****\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus ;;
3) buildfirewall ;;
4) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

19
Man_tool/change_pass.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
#scrpit to change root password from a csv file
#<hostname>,<passwd>
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for csv in $(cat $1)
do
HOST=$(echo $csv |cut -d "," -f1)
PASS=$(echo $csv |cut -d "," -f2)
ssh ansible@$HOST "echo root:$PASS |sudo chpasswd"
done

31
Man_tool/command_loop.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/bash
#if [ $# -lt 1 ]
#then
# echo "Syntax: ./$(basename $0) <file name>"
# exit
#fi
for csv in $(cat $1)
do
HOST=$(echo $csv |cut -d "," -f1)
HASH=$(echo $csv |cut -d "," -f2)
# echo -e $host "root:$HASH/"
echo $HOST "vgs"
#scp root@$host:/var/log/glusterfs/glustershd.log .
#ssh -o ConnectTimeout=10 -n root@$host "tail -n 100 /var/log/glusterfs/glustershd.log" > gluster/$host
done
#cat gluster/*| grep "All subvolumes are down" | grep "0-vol"|cut -d " " -f7|sort|uniq
#cat gluster/*| grep "failed" | grep "0-vol"|cut -d " " -f 7,8|sort|uniq
#rm gluster/*
#cat bricks_down |sort|uniq

16
Man_tool/uptime_loop.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cat ${FILE})
do
ssh -o ConnectTimeout=3 -n root@$host "hostname && uptime "
done

1
Man_tool/ww Normal file
View File

@ -0,0 +1 @@
127.0.0.1,DlXOTJUdJ8TdaqXh,$1$xyz$uNKesoUDbo.Uh7Ei3E8cn1

12
OpenShift Stuff/collect_info.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'`
echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo`
TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+ | bc)
echo -e "\t,Disks size,\t "$(echo "scale=2; $TOTAL_HDD_SIZE /1024^2" | bc)

50
OpenShift Stuff/run_collect_info.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl :
#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name with hosts and contract codes>"
exit
fi
CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l)
if [[ $CHECK_CONTACT_CODES -gt 0 ]]
then
echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase"
else
#clean the results directory
rm /opt/scripts/tools/collect_info/results/*
for host in $(cat $1)
do
HOST=$(echo $host|cut -d "," -f1)
CONTRACT_LIST=$(echo $host|cut -d "," -f2)
scp -q -p collect_info.sh $HOST:/root
SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh")
if [[ $SSH_OUT == "please install the bc command" ]]
then
echo "please install the bc command on $HOST" && exit 1
else
printf "%s " "$HOST," >> results/$CONTRACT_LIST
echo $SSH_OUT >> results/$CONTRACT_LIST
fi
done
# sun-up the colleced data in to contact code files
for contr_file in $(ls /opt/scripts/tools/collect_info/results/)
do
RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc )
CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc )
HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc )
echo "Total Processors $CPU" > /opt/scripts/tools/collect_info/results/$contr_file
echo "Memory RAM Total in MB $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file
echo "Disk size in GB $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file
done
fi

193
OpenShift Stuff/yum_update_tool_openshift.sh Normal file
View File

@ -0,0 +1,193 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :OpenShift patching tool using yum (RHEL and Centos)
#First line of code :04/09/2019
#last update :06/09/2019
#version :0.1
#inspred by /home/freark/bin/batch_upgrade.sh
#Check if root is running the script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Parameters
NAGIOS_SCRIPT='/nagios_add_downtime_host.sh'
BASE_LOG_DIR=/var/log/batch_upgrade
TIMESTAMP=$(date +%Y%m%d.%H%M)
#set the master host
read -p "Enter OpenShift master: " OS_MASTER
#Set node varible
OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1)
COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l)
#TODO what if there are more that one node already driand?
if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then
echo -e "n\ NOTE: There are driand nodes on the cluster\n
Please chack the master node for possible issues"
exit 1
fi
###############################OPENSHIFT PACHING BEGINS HERE###############################
#list nodes on the OpenShift Master
function list_nodes()
{
printf '%s\n' "${OS_NODES_READY[@]}"
set_update_host
}
#set the hostname for the update
function set_update_host()
{
echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish"
read -p "Enter OpenShift node: " HOST_TO_UPDATE
}
#Breack in an error
function pause_on_error {
if [ $1 -ne 0 ]
then
echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue"
read
fi
}
#Add nagios downtime
function nagios_downtime()
{
$NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host'
echo "Adding downtime for host $HOST_TO_UPDATE..."
pause_on_error $?
}
#just a counter, one minute
function time_counter()
{
count=0
total=120
while [ $count -lt $total ]; do
sleep 0.5 # this is work
count=$(( $count + 1 ))
pd=$(( $count * 60 / $total ))
printf "\r${pd}s" $(( $count * 60 / $total ))
done
}
#Drain the node
function drain()
{
echo "Draining $HOST_TO_UPDATE"
ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"
echo "
________________________________________________________________________
< This will take a minute, Just making sure that the node is fully drained >
------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/
||----w |
|| ||
"
time_counter
pause_on_error $?
}
#Update node
function update()
{
mkdir -p ${BASE_LOG_DIR}
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo -e "n\I'm now going to update $HOST_TO_UPDATE."
echo "You can follow/check logs in:"
echo ${LOG_DIR}
echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here."
echo "If any fail you MUST check and update these before proceeding!"
echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m"
read
echo "This may take some time..."
echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c "
#exclude openshift and docker
ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf"
#update command
ssh -t $HOST_TO_UPDATE "sleep 10 && yum update" | tee ${LOG_DIR}/$HOST_TO_UPDATE
# ssh -n $HOST_TO_UPDATE "sleep 10 && yum noninteractive -y update --security"
pause_on_error $?
}
#reboot node
function reboot_server()
{
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo "Restarting server $HOST_TO_UPDATE"
#ANSWER='dummyvalue'
while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do
echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m"
read ANSWER
if [[ "${ANSWER}" == 's' ]]; then
echo "Skipping $HOST_TO_UPDATE"
return 0
fi
if [[ "${ANSWER}" == 'c' ]]; then
echo "Proceeding to reboot $HOST_TO_UPDATE"
break
fi
done
timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot"
# no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode
# pause_on_error $?
# wait until the server is down
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc == 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be down..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 0.5
done
echo "Server $HOST_TO_UPDATE appears to be down..."
# wait until...
# server pings again
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc != 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be back up..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 5
done
}
#uncordon node in the OpenShift master
function uncordon()
{
echo "------------------------------------"
echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER"
ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE"
list_nodes
pause_on_error $?
}
############################### -MAIN RUN- ###############################
list_nodes
nagios_downtime
drain
update
reboot_server
uncordon

0
README.md Normal file
View File

2
WsConfman/confman/hostlist/192.168.2.100 Normal file
View File

@ -0,0 +1,2 @@
first_start
jb{RWfnu

2
WsConfman/confman/hostlist/192.168.2.163 Normal file
View File

@ -0,0 +1,2 @@
first_start
>X1nr0.E

60
WsConfman/confman/managemnt.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
#(c) Roy Cohen 12/06/2017 :roy@wondercohen.nl
#original script :My own work
#objective :Linux workstation configration manger
#last update :
#version
#Varibles
CLIENT_ARR=( `sudo tail -50 /var/log/secure | grep "Did not receive identification string from" |cut -d " " -f12| sort | uniq` )
CLIENT_PATH="$HOME/confman/hostlist/"
CLIENT=(`ls $CLIENT_PATH`)
# Functions
function add_client {
#Check if the client is known and add the cilent if it is not known in the system
for client in "${CLIENT_ARR[@]}"; do
if [ -f $CLIENT_PATH$client ] ; then
echo "$CLIENT_PATH$client already exists"
else
echo "" > $CLIENT_PATH$client
fi
done
}
function add_ssh_ECDSA {
#Check if the client is known and add the ssh ECDSA key fingerprint to ~/.ssh/known_hosts
for client in "${CLIENT[@]}"; do
grep "$client" $HOME/.ssh/known_hosts > /dev/null
if [ $? -eq 0 ] ; then
echo " $client already known at ~/.ssh/known_hosts"
else
ssh-keyscan $client >> ~/.ssh/known_hosts
fi
done
}
#ssh root@$CLIENT "md5sum /etc/ssh/sshd_config"
#Check if first_start.sh as run on the client, if not than copy the first_start.sh to the client and run it
function first_start {
#FIST_START=`head -1 $CLIENT_PATH$CLIENT`
for cilent in "${CLIENT[@]}"; do
head -1 $CLIENT_PATH$cilent | grep first_start > /dev/null
if [ $? -eq 0 ] ; then
echo "$cilent has allready run first_start"
else
scp ~/confman/scripts/first_start.sh root@$cilent:/root && echo "first_start" > $CLIENT_PATH$cilent
ssh root@$cilent '/root/first_start.sh' >> $CLIENT_PATH$cilent && ssh root@$cilent 'rm /root/first_start.sh'
fi
done
}
#call funcions
add_client
add_ssh_ECDSA
first_start

9
WsConfman/confman/scripts/first_start.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
PASS=`< /dev/urandom tr -dc A-Za-z0-9'"<>,./?!@#$%^&(){}[]' | head -c8`
oldPassword="Test2001"
newPassword=$PASS
rootdevice="/dev/sda3"
printf '%s\n' "$oldPassword" "$newPassword" "$newPassword" |sudo cryptsetup luksAddKey $rootdevice
printf '%s\n' "$oldPassword" |sudo cryptsetup luksRemoveKey $rootdevice
echo $newPassword

164
WsConfman/ks.cfg Normal file
View File

@ -0,0 +1,164 @@
#version=RHEL7
# Install OS instead of upgrade
install
cdrom
# Reboot the machine after the installation is complete
# and attempt to eject the CD/DVD/Bootdisk
#reboot --eject
# Setup network interfaces via DHCP
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
# Install from an installation tree on a remote server
# Required when using a minimal ISO
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
# install in text mode
text
#Shut down nd power off the system after the installation has successfully completed.
#poweroff
reboot
# System keyboard
keyboard us
xconfig --startxonboot
# System language
lang en_US.UTF-8
#set root pw here (required by KS), remove pw in post
## (Required) Sets the root password so there is no prompt during installation
# Example: encrypted password is "Test2001"
# to generate the hash mkpasswd --method=sha-512
rootpw Test2001
authconfig --enableshadow --passalgo=sha512
#user
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
#Block ssh
firewall --enabled --service=ssh
#Dont start firstboot dialoge
firstboot --disabled
eula --agreed
# SELinux configuration
# By default, selinux is enforcing
#selinux --enforcing
selinux --permissive
# Services
services --enabled=ntpd,ntpdate
# Installation logging level
logging --level=debug
# System timezone
timezone Europe/Amsterdam
# System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#Network configuration
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
# Clear the Master Boot Record
zerombr
# Automatically create partitions, no LVM
#autopart --nolvm
# Partition clearing information
clearpart --all --initlabel
# Create primary partitions
part /boot --fstype "ext3" --size=1024 --asprimary
part swap --fstype swap --size=8024
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
#part pv.01 --size=1 --grow
# Create more logical partitions
volgroup vgroup1 pv.01
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
%packages
@base
@core
@desktop-debugging
@fonts
@gnome
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@multimedia
@print-client
@print-server
@x11
-sysreport
%end
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
#!/bin/bash
set -x
%end
%post --log=/var/log/ks.post02.log
#!/bin/bash
set -x
# Remove root password
#echo "Removing root password"
#passwd -d root
# Make sure we have the latest security updates
echo "Updating packages"
/usr/bin/yum clean all
/usr/bin/yum update -y
# Install Node.js and json via EPEL
/usr/bin/yum install -y epel-release
/usr/bin/yum install -y nodejs
/usr/bin/npm install -g json
# Clean up all yum caches
echo "Cleaning up yum caches"
/usr/bin/yum clean all
# Disable kdump
echo "Disabling kdump"
systemctl disable kdump.service
# Ensure we have sane and consistent defaults for ntp.conf
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
# For IPv6
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
# Disable password auth. SSH logon is via ssh key only. A password is being set
# for root via the image manifest per IMAGE-459.
echo "Disabling password auth in sshd_config"
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
# Clean up files
echo "Ceaning up build files"
/bin/rm -rf /root/anaconda-ks.cfg
/bin/rm -rf /tmp/.npm/
/bin/rm -rf /tmp/ks-script*
/bin/rm -rf /var/log/anaconda
# cronjob
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
chmod 600 /var/spool/cron/root
#ssh key
mkdir /root/.ssh
chmod 700 /root/.ssh
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
%end

380
post_install.sh Normal file
View File

@ -0,0 +1,380 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#Wonder Cohen :The Hague The Netherlands
#objective :Post install script for master node/ansible node
#First line of code :07/Mar/2020
#last update :15/Nov/2021
#version :1.0
#synatx example :./<script.sh>
# VARS
#hostnamectl set-hostname lx-ubt-rtm0-101.wondercohen.org
DEB_OS="/etc/lsb-release"
RHEL_OS="/etc/redhat-release"
MY_IP=""
SOURCE_CONNECTION=$(w -i |tail -n1|cut -d " " -f8)
#SOURCE_IP=$(last -a | grep "logged in"|awk '{print $10}')
mkdir -p /root/tools
function install_software(){
echo "*** Starting install software function ***"
if test -f "$DEB_OS"; then
apt -y install net-tools
apt -y install git bash-completion fail2ban
apt -y update && apt -y upgrade
else
yum install -y vim wget curl net-tools lsof bind-utils epel-release bash-completion git
yum install -y fail2ban
yum install -y aide
yum -y update
fi
}
function issue_motd(){
echo "*** Starting /etc/issue ***"
echo -e "
------------------------------------------------------------------------
| *** NOTICE TO USERS *** |
| This computer system is the private property of Wonder Cohen |
| It is for authorized use only. |
| |
| Users (authorized or unauthorized) have no explicit or implicit |
| expectation of privacy. |
| |
| Any or all uses of this system and all files on this system may be |
| intercepted, monitored, recorded, copied, audited, inspected, and |
| disclosed to your employer, to authorized site, government, and law |
| enforcement personnel, as well as authorized officials of government |
| agencies, both domestic and foreign. |
| |
| By using this system, the user consents to such interception, |
| monitoring, recording, copying, auditing, inspection, and disclosure |
| at the discretion of such personnel or officials. Unauthorized or |
| improper use of this system may result in civil and criminal penalties |
| and administrative or disciplinary action, as appropriate. By |
| continuing to use this system you indicate your awareness of and |
| consent to these terms and conditions of use. LOG OFF IMMEDIATELY if |
| you do not agree to the conditions stated in this warning. |
------------------------------------------------------------------------
You Are Logedin from: $(w -i |tail -n1|cut -d " " -f8)
" >/etc/issue
cat /etc/issue > /etc/issue.net
}
function tooling(){
echo "*** Starting Tooling function ***"
if test -f "$DEB_OS"; then
#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021
#!/bin/bash
for ip_to_block in \$(cat /var/log/ufw.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}')
do
ufw reject proto tcp from \$ip_to_block
echo >/var/log/ufw.log
done
" > /root/tools/block_ip.sh
chmod 700 /root/tools/block_ip.sh
# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab
else
echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021
#!/bin/bash
for ip_to_block in \$(cat /var/log/firewall-droppd.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}')
do
firewall-cmd --permanent --add-rich-rule=\"rule family='ipv4' source address='$ip_to_block' drop\"
firewall-cmd --reload
echo > /var/log/firewall-droppd.log
done
" > /root/tools/block_ip.sh
chmod 700 /root/tools/block_ip.sh
# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab
fi
}
function shell_sh(){
echo "*** Starting shell_sh function ***"
mkdir -p /var/log/history/
chmod 1723 /var/log/history
echo "ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/*" > /etc/sudoers.d/chattr
chmod 440 /etc/sudoers.d/chattr
echo -e "
#Roy Cohen :roy@wondercohen.nl
#Wonder Cohen :The Hague The Netherlands
#objective :create a historyfile of all user activites also after sudo command
#location :/etc/profile.d/shell.sh
#First line of code :02/Nov/2020
#last update :15/Nov/2021
#version :1.0
#Aditinal info :inspired by a similar script by E. de Wolf version 151119
#Instructions for installation :cp the contant to /etc/profile.d/shell.sh
# :mkdir /var/log/history/
# :chmod 1723 /var/log/history
# :Add to sudoers file: ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/*
#Vars
DATE=\$(date +%Y%m%d%H%M)
#Users
ACTIVE_USER=\$(whoami)
SOURCE_USER=\$(who -m | awk '{ print \$1 }')
#Path
LOG_LOCATION="/var/log/history/\$\(whoami\)_\$SOURCE_USER.log"
#timeout logoff
TMOUT=900
export TMOUT
readonly TMOUT
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
#unlimited
export HISTFILESIZE=
export HISTSIZE=
export \$SOURCE_USER
export HISTFILE=\$LOG_LOCATION
export HISTIGNORE=''
export HISTCONTROL='ignoreboth'
export HISTTIMEFORMAT=\${HISTTIMEFORMAT:-%F %H:%M:%S }
shopt -s histappend
export PROMPT_COMMAND=\"history -a; \$PROMPT_COMMAND\"
readonly HISTFILE
readonly HISTIGNORE
#lock hisroty files Files
[[ ! -f \$LOG_LOCATION ]] && touch \$LOG_LOCATION && chmod 0600 \$LOG_LOCATION && sudo /usr/bin/chattr +a \$LOG_LOCATION
" > /etc/profile.d/shell.sh
chmod +x /etc/profile.d/shell.sh
}
function sshd_config(){
echo "*** Starting Ssh function ***"
echo -e " #ssh config for Wonder Cohen 23-jun-2021
SyslogFacility AUTHPRIV
PermitRootLogin no
MaxAuthTries 6
MaxSessions 5
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
LogLevel INFO
Protocol 2
IgnoreRhosts yes
HostbasedAuthentication no
PermitUserEnvironment no
ClientAliveInterval 15m
ClientAliveCountMax 0
LoginGraceTime 60
MaxStartups 10:30:60
AllowTcpForwarding no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
Banner /etc/issue.net
" > /etc/ssh/sshd_config
systemctl restart sshd
#mkdir -p /home/rcohen/.ssh/
#chown rcohen:rcohen /home/rcohen/.ssh/
#chmod 700 /home/rcohen/.ssh/
#chmod 600 /home/rcohen/.ssh/authorized_keys
#chown rcohen:rcohen /home/rcohen/.ssh/authorized_keys
}
function firewall(){
echo "*** Starting firewalld function ***"
if test -f "$DEB_OS"; then
systemctl enable ufw
ufw --force enable
else
systemctl enable firewall
systemctl start firewalld
echo -e "#firewalld.conf config for Wonder Cohen 23-jun-2021
DefaultZone=public
MinimalMark=100
CleanupOnExit=yes
Lockdown=no
IPv6_rpfilter=yes
IndividualCalls=no
LogDenied=all
AutomaticHelpers=system
AllowZoneDrifting=yes
" > /etc/firewalld/firewalld.conf
firewall-cmd --reload
echo -e "#rsyslog_firewal logging config for Wonder Cohen 23-jun-2021
:msg,contains,"_DROP" /var/log/firewall-droppd.log
:msg,contains,"_REJECT" /var/log/firewall-droppd.log
& stop
" > /etc/rsyslog.d/firewalld-droppd.conf
systemctl restart rsyslog.service
fi
}
function firewall_rules(){
echo "*** Starting firewall_rules function ***"
if test -f "$DEB_OS"; then
ufw allow proto tcp from $MY_IP
ufw allow proto tcp from $SOURCE_CONNECTION
ufw allow proto tcp from 1/24
ufw default deny incoming
ufw reload
else
firewall-cmd --set-log-denied=all
firewall-cmd --get-log-denied
firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public
firewall-cmd --permanent --remove-service=cockpit --zone=public
firewall-cmd --permanent --remove-service=ssh --zone=public
firewall-cmd --zone=drop --permanent --add-service=http
firewall-cmd --zone=drop --permanent --add-service=https
firewall-cmd --zone=drop --permanent --add-service=samba-client
firewall-cmd --zone=drop --permanent --add-service=dhcpv6-client
firewall-cmd --zone=drop --permanent --add-service=cockpit
firewall-cmd --zone=drop --permanent --add-service=ssh
firewall-cmd --zone=trusted --permanent --add-source=$MY_IP
firewall-cmd --zone=trusted --permanent --add-source=$SOURCE_CONNECTION
firewall-cmd --reload
fi
}
function fail2ban(){
echo "*** Starting Fail2ban function ***"
systemctl enable fail2ban && sudo systemctl start fail2ban
echo -e "
[DEFAULT]
# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
bantime = 86400
# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 600
maxretry = 5
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator. For example, add your
# static IP address that you always use for login such as 103.1.2.3
#ignoreip = 127.0.0.1/8 ::1 103.1.2.3
# Call iptables to ban IP address
banaction = iptables-multiport
# Enable sshd protection
[sshd]
enabled = true
" > /etc/fail2ban/jail.local
systemctl restart fail2ban
}
function network_setting(){
echo "*** Starting Network function ***"
if test -f "$DEB_OS"; then
SET_IP=$(ip -4 a show ens3|grep inet|cut -d "." -f4|cut -d "/" -f1)
HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ];
then
echo -e "
network:
version: 2
renderer: networkd
ethernets:
ens8:
dhcp4: yes
optional: true
dhcp6: no
addresses:
-
else
echo -e "
network:
version: 2
renderer: networkd
ethernets:
ens8:
dhcp4: yes
optional: true
dhcp6: no
addresses:
-
fi
netplan apply
else
SET_IP=$(ip -4 a show eth0 |grep inet|cut -d "." -f4|cut -d "/" -f1)
HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ];
then
echo -e "
DEVICE=eth1\n
ONBOOT=yesn\n
NETBOOT=yes\n
BOOTPROTO=static\n
IPADDR=1\n
NETMASK=255.255.255.0\n
ZONE=public\n
" >/etc/sysconfig/network-scripts/ifcfg-eth1
else
echo -e "
DEVICE=eth1
ONBOOT=yes
NETBOOT=yes
BOOTPROTO=static
IPADDR=1....$SET_IP
NETMASK=255.255.255.0
ZONE=public\n
" >/etc/sysconfig/network-scripts/ifcfg-eth1
fi
systemctl restart network.service
fi
}
#https://kifarunix.com/install-and-configure-aide-on-ubuntu-20-04/
function aide(){
echo "*** Starting aide function ***"
apt -y install aide
aideinit
cp /var/lib/aide/aide.db{.new,}
cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf
aide -c /etc/aide/aide.conf -C
echo "0 0 * * * root /usr/sbin/aide -c /etc/aide/aide.conf -C" >> /etc/crontab
}
function main(){
HOSTNAME_VAR=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
if [ "$HOSTNAME_VAR" -ge 99 ];
then
install_software
issue_motd
sshd_config
shell_sh
firewall
firewall_rules
fail2ban
network_setting
tooling
#aide
else
echo "Please set a valid hostname"
fi
}
main 2>&1 | tee /root/$(hostname)_$(date +%Y%m%d%H%M).log

57
scripts/IptablesCleanTool.sh Normal file
View File

@ -0,0 +1,57 @@
#!/bin/bash
#(c) Roy Cohen 29/11/2012 :roy@wondercohen.nl
#objective :IPtables administering tool that cleans duplicate rules
#last update :29/11/2012
#version :0.1
# Parameters
IPT=/sbin/iptables
function check_duplicate()
{
}
function clean_duplicate()
{
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
OPT_MAIN=1
while [ $OPT_MAIN != 4 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check for Duplicate Rules\n
2. Clean the Duplicate Rules\n
3. Save the Iptables\n
4. Exit"
read OPT_MAIN
case $OPT_MAIN in
1) check_duplicate ;;
2) clean_duplicate ;;
3) exit 0 ;;
*) echo -e "Wrong option Selected!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!"
fi
}
main
exit 0

745
scripts/IptablesTool.sh Normal file
View File

@ -0,0 +1,745 @@
#!/bin/bash
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
#objective :IPtables administering tool
#last update :29/11/2012
#version :0.2
# Parameters
IPT="/sbin/iptables"
IPTSAVE="/etc/init.d/iptables save"
echo -e""
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
function checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
function buildfirewall()
{
function buildfirewallprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "Please the Source IP Address\n
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
}
###################Generating the Rule####################
buildfirewallprogram
function generate_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function generate_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
else
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
fi
}
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
function delfirewall()
{
function deleteonerule ()
{
echo -e "
1. Delete one rule
2. Go back to Main Menu"
read opt_delete_one_rule
case $opt_delete_one_rule in
1) echo -e "\nPlease Eneter the Rule."
read one_rule ;;
2) main;;
*) echo -e "Wrong Option Selected"
esac
echo "$one_rule"| sed 's/-A/-D/g'
echo "Do you want to remove this rule, Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] ; then
$IPT `echo $one_rule | sed 's/-A/-D/g'`
else
main
fi
}
function delprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
echo -e "
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
###################Generating the Rule####################
function del_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function del_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo "$opt_ip_srource"
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
else
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
fi
}
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
1. Delete a Custum Rule
2. Delete one Rule
3. Back to Main Menu"
read opt_delfirewall
case $opt_delfirewall in
1) delprogram ;;
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) main ;;
*) echo -e "Wrong option Selected!!!"
esac
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 6 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Delete Your Firewall with Iptables\n
5. EDSN script\n
6. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) buildfirewall ;;
4) delfirewall ;;
5) sh setIptables_config2.sh 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
6) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

743
scripts/IptablesTool2.sh Normal file
View File

@ -0,0 +1,743 @@
#!/bin/bash
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
#objective :IPtables administering tool
#last update :29/11/2012
#version :0.2
# Parameters
IPT="/sbin/iptables"
IPTSAVE="/etc/init.d/iptables save"
echo -e""
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
function checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
function buildfirewall()
{
function buildfirewallprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "Please the Source IP Address\n
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
}
###################Generating the Rule####################
buildfirewallprogram
function generate_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function generate_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
else
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
echo -e "Press Enter key to Continue..."
read temp
main
fi
}
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
function delfirewall()
{
function deleteonerule ()
{
echo -e "
1. Delete one rule
2. Go back to Main Menu"
read opt_delete_one_rule
case $opt_delete_one_rule in
1) echo -e "\nPlease Eneter the Rule."
read one_rule ;;
2) main;;
*) echo -e "Wrong Option Selected"
esac
echo "$one_rule"| sed 's/-A/-D/g'
echo "Do you want to remove this rule, Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] ; then
$IPT `echo $one_rule | sed 's/-A/-D/g'`
else
main
fi
}
function delprogram ()
{
###############Getting the Chain############
clear
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward
4. Go back to Main Menu"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
echo -e "
1. Firewall using Single Source IP
2. Firewall using Source Subnet
3. Firewall using for All Source Networks
4. Firewall choose a source file containing ip addesses
5. Go back to Main Menu"
read opt_ip_srource
case $opt_ip_srource in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
5) main;;
#6) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
##############Chose interface###############
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
1. Configure a Network Interface
2. Configure a Destination Networks Only
3. Go back to Main Menu"
read opt_int
case $opt_int in
1) echo -e "\nPlease Enter a Network Interface."
read interface ;;
2) interface="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
if [ $opt_int == "2" ]; then
#########Getting Destination IP Address##########
echo -e "Please Enter the IP Address of the Destination\n
1. Firewall using Single Destination IP
2. Firewall using Destination Subnet
3. Firewall using for All Destination Networks
4. Go back to Main Menu"
read opt_ip_dest
case $opt_ip_dest in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) main;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
else
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Not using a specific Protocol
4. Go back to Main Menu"
read proto_ch
case $proto_ch in
1) proto=tcp ;;
2) echo -e "Enter the TCP Service Name:"
read proto ;;
3) proto="NULL" ;;
4) main;;
*) echo -e "Wrong option Selected!!!"
esac
###############Getting the Destination Port#############
echo -e "\nConfigure the Destination Port\n
1. Specific Destination Port
2. No Destination Port
3. Go back to Main Menu"
read port_ch
case $port_ch in
1) echo -e "Enter the Destination Port:"
read port ;;
2) prot="NULL" ;;
3) main;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "\nWhat to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log
5. Go back to Main Menu"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
5) main;;
esac
fi
###################Generating the Rule####################
function del_rule_single_ip()
{
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
}
function del_rule_multiple_ip()
{
for ipdetails in `cat $ip_source`
do
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=1
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
gen=2
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
gen=3
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
gen=4
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=5
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
gen=6
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
gen=7
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
gen=8
fi
done
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
for ipdetails in `cat $ip_source`
do
if [ $yesno == 1 ] && [ $gen == 1 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
elif [ $yesno == 2 ]; then
main
fi
done
}
echo "$opt_ip_srource"
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
else
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
$IPTSAVE
fi
}
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
1. Delete a Custum Rule
2. Delete one Rule
3. Back to Main Menu"
read opt_delfirewall
case $opt_delfirewall in
1) delprogram ;;
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) main ;;
*) echo -e "Wrong option Selected!!!"
esac
}
function main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 6 ]
do
echo -e "************************************************************************"
#############Check Whether the iptables installed or not############
echo -e "\t**********************|Main Menu|***************************\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Delete Your Firewall with Iptables\n
6. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
3) buildfirewall ;;
4) delfirewall ;;
6) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

17
scripts/Loop_AddUser3.sh Normal file
View File

@ -0,0 +1,17 @@
user1,password1
user2,password2
etc..
The script:
for userdetails in `cat /pathto//users.txt`
do
user=`echo $userdetails | cut -f 1 -d ,`
passwd=`echo $userdetails | cut -f 2 -d ,`
echo "useradd -d /user1/kopen3 -p `mkpasswd $passwd` $user"
done
run the script and redirect the output to a file, e.g:
./createusers.sh > userscript.sh
chmod +x userscript.sh

54
scripts/adduser_schrpt.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
# Parameters
USER_DATA_FILE=$1
for userdetails in `cat $1`
do
ENVIRONMENT_NAME=`echo $userdetails | cut -f 1 -d:`
ORGANIZARION_NUMBER=`echo $userdetails | cut -f 2 -d:`
PASSWD=`echo $userdetails | cut -f 3 -d:`
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
egrep "^$USER_NAME" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
ENCR_PASSWD=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWD)
useradd -m -p $ENCR_PASSWD $USER_NAME
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
done
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
#!/bin/bash
# Script to add a user to Linux system
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi

97
scripts/bashrc Normal file
View File

@ -0,0 +1,97 @@
# /etc/bashrc
# System wide functions and aliases
# Environment stuff goes in /etc/profile
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
# are we an interactive shell?
if [ "$PS1" ]; then
if [ -z "$PROMPT_COMMAND" ]; then
case $TERM in
xterm*|vte*)
if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
PROMPT_COMMAND="__vte_prompt_command"
else
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
fi
;;
screen*)
if [ -e /etc/sysconfig/bash-prompt-screen ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
else
PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
fi
;;
*)
[ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
;;
esac
fi
# Turn on parallel history
shopt -s histappend
history -a
# Turn on checkwinsize
shopt -s checkwinsize
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
# You might want to have e.g. tty in prompt (e.g. more virtual machines)
# and console windows
# If you want to do so, just add e.g.
# if [ "$PS1" ]; then
# PS1="[\u@\h:\l \W]\\$ "
# fi
# to your custom modification shell script in /etc/profile.d/ directory
fi
if ! shopt -q login_shell ; then # We're not a login shell
# Need to redefine pathmunge, it get's undefined at the end of /etc/profile
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
SHELL=/bin/bash
# Only display echos from profile.d scripts if we are no login shell
# and interactive - otherwise just process them to set envvars
for i in /etc/profile.d/*.sh; do
if [ -r "$i" ]; then
if [ "$PS1" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
fi
# vim:ts=4:sw=4
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000
HISTFILESIZE=20000
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }

54
scripts/bashrc.hv Normal file
View File

@ -0,0 +1,54 @@
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000
HISTFILESIZE=20000
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }
USER=`whoami`
HOSTNAME=`uname -n`
MEMORY1=`free -t -m | grep "buffers/cache" | awk '{print $3" MB";}'`
MEMORY2=`free -t -m | grep "Mem" | awk '{print $2" MB";}'`
PSA=`ps -Afl | wc -l`
# time of day
DATE=$(date +"%F %H:%M:%S")
#System uptime
uptime=`cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
#Host engine
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
echo "
- Current time........: $DATE
- Current user........: $USER
- Hostname............: $HOSTNAME
- Release.............: `cat /etc/redhat-release`
- Users...............: Currently `users | wc -w` user(s) logged on
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
- Memory used.........: $MEMORY1 / $MEMORY2
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
- Processes...........: $PSA running
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
- Host engine status..:
$ENGINE
==================================== volume status vm ===============================
$(gluster volume status vm clients|grep 'Brick\|Clients')
==================================== volume status engine ===========================
$(gluster volume status engine clients|grep 'Brick\|Clients')
"

17
scripts/command_loop.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cut -d ":" -f2 ${FILE})
do
whois $host
#ssh -n root@$host "vgdisplay"
done

12
scripts/count_ip.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
FILE=;
for ip in $(tail -n 5000 $FILE |cut -d ' ' -f 1 |sort |uniq);
do
{
COUNT=$(grep ^$ip $FILE |wc -l);
if
[[ "$COUNT" -gt "500" ]]; then echo "$COUNT: $ip";
fi
};
done

55
scripts/git_prompt_func Normal file
View File

@ -0,0 +1,55 @@
#https://gist.github.com/halbtuerke/31934
#parse_git_branch() {
# git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/'
#}
#export PS1="\u@\h \[\033[32m\]\w\[\033[33m\]\$(parse_git_branch)\[\033[00m\] $ "
RED="\[\033[0;31m\]"
YELLOW="\[\033[0;33m\]"
GREEN="\[\033[0;32m\]"
BLUE="\[\033[0;34m\]"
LIGHT_RED="\[\033[1;31m\]"
LIGHT_GREEN="\[\033[1;32m\]"
WHITE="\[\033[1;37m\]"
LIGHT_GRAY="\[\033[0;37m\]"
COLOR_NONE="\[\e[0m\]"
function parse_git_branch {
git rev-parse --git-dir &> /dev/null
git_status="$(git status 2> /dev/null)"
branch_pattern="^# On branch ([^${IFS}]*)"
remote_pattern="# Your branch is (.*) of"
diverge_pattern="# Your branch and (.*) have diverged"
if [[ ! ${git_status}} =~ "working directory clean" ]]; then
state="${RED}⚡"
fi
# add an else if or two here if you want to get more specific
if [[ ${git_status} =~ ${remote_pattern} ]]; then
if [[ ${BASH_REMATCH[1]} == "ahead" ]]; then
remote="${YELLOW}↑"
else
remote="${YELLOW}↓"
fi
fi
if [[ ${git_status} =~ ${diverge_pattern} ]]; then
remote="${YELLOW}↕"
fi
if [[ ${git_status} =~ ${branch_pattern} ]]; then
branch=${BASH_REMATCH[1]}
echo " (${branch})${remote}${state}"
fi
}
function prompt_func() {
previous_return_value=$?;
# prompt="${TITLEBAR}$BLUE[$RED\w$GREEN$(__git_ps1)$YELLOW$(git_dirty_flag)$BLUE]$COLOR_NONE"
prompt="\u@\h \[\033[32m\]\${TITLEBAR}${BLUE}[${LIGHT_GRAY}\w${GREEN}$(parse_git_branch)${BLUE}]${COLOR_NONE}"
if test $previous_return_value -eq 0
then
PS1="${prompt}# "
else
PS1="${prompt}${RED}#${COLOR_NONE} "
fi
}
PROMPT_COMMAND=prompt_func

92
scripts/gluster_check.sh Normal file
View File

@ -0,0 +1,92 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster checks for Nagios
#First line of code :15/01/2019
#last update :17/01/2019
#version :0.1
#status :Not PRD ready
#Some general vars
#Server IP adress in the storage network TODO: osg servers
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
#number of active bricks on server acourding to gluster
NUMBER_OF_ACTIVE_BRICKS=$(gluster volume info|grep $STORAGE_IP| wc -l)
#name of active volumes on server acourding to gluster
GLUSTER_ACTIVE_VOLUM_NAMES=$(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
#numer of glusterfsd (brick daemon) running processes
GLUSTER_BRICK_NUMBER_PID=$(pidof glusterfsd |wc -w)
#glusterd pid status
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
#glusterfsd (brick daemon) pid status
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
######START OF SCRIPT#######
check_if_glusterd_is_running() {
#check if glusterd is running
if ! $GLUSTERD_STAT &>/dev/null; then
echo "CRITICAL: glusterd management daemon not running"
else
echo "OK: glusterd management daemon is running"
fi
}
check_if_glusterfsd_is_running() {
# check for glusterfsd (brick daemon)
if ! $GLUSTER_BRICK_STAT; then
echo "CRITICAL: glusterfsd brick daemon not running"
else
echo "OK: glusterfsd brick daemon is running"
fi
}
check_if_a_brick_is_down() {
# check number of active bricks
if [ "$NUMBER_OF_ACTIVE_BRICKS" == "$GLUSTER_BRICK_NUMBER_PID" ] ; then
echo "OK: all bricks are active"
else
echo "CRITICAL: There is one or more bricks down"
fi
}
check_heal_status_of_a_volume() {
# get volume heal status and redirect it to a tmp file
for volume in $(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
do
echo "volumes, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /tmp/gluster_monitoring
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
if [ "$?" -eq 0 ]; then
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
else
echo "OK: no volumes healing at this moment"
fi
echo "" > /tmp/gluster_monitoring
}
#### CALL THE FUNCTIONS ######
check_if_glusterd_is_running
check_if_glusterfsd_is_running
check_if_a_brick_is_down
check_heal_status_of_a_volume
# some logs test
#cat /var/log/glusterfs/glusterd.log|grep "E" |grep "failed"
# oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
if []
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
if [ "$?" -eq 0 ]; then
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
else
echo "OK: no volumes healing at this moment"
fi
echo "" > /tmp/gluster_monitoring

23
scripts/gluster_checks/check_gluster_bricks.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check bricks for Nagios
#First line of code :15/01/2019
#last update :28/01/2019
#version :1.1
######START OF SCRIPT#######
IP_OF_DOWN_BRICK=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N/A|N' |grep -v "Y"| grep -B1 "N/A" | grep Brick| uniq | cut -d ":" -f1| cut -d " " -f2)
NUMBER_OF_DOWN_BRICKS=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N'|grep "N/A"| awk '{print $4}'|grep N |wc -l)
if [[ $(find /tmp -name "brick_status" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster birck check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
# check number of active bricks
elif [ "$NUMBER_OF_DOWN_BRICKS" -eq 0 ] ; then
echo "OK: All bricks on are up"
exit 0
else
echo "CRITICAL: There are one or more bricks down on $IP_OF_DOWN_BRICK"
exit 2
fi

24
scripts/gluster_checks/check_gluster_cron.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :igenerate Gluster output for Nagios checks
#First line of code :15/01/2019
#last update :28/01/2019
#version :1.1
#info:
#This script needs to be added to cron and run every 3 min
#Some general vars
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
######START OF SCRIPT#######
#check status of the varous volumes
/usr/sbin/gluster volume status all > /tmp/brick_status
#check peer status
/usr/sbin/gluster peer status > /tmp/peer_status
# get volume heal status and redirect it to a tmp file
for volume in $(/usr/sbin/gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
do
echo "volume, $volume"
/usr/sbin/gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /tmp/gluster_monitoring_heal

25
scripts/gluster_checks/check_gluster_heal.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check heal for Nagios
#First line of code :15/01/2019
#last update :23/01/2019
#version :1.0
######START OF SCRIPT#######
OUT=$(cat /tmp/gluster_monitoring_heal 2>/dev/null |grep -a -v volume |sed "s/^[ \t]*//"| grep -a -v ^0 > /dev/null 2>&1 )
EXIT_CODE=$?
if [ -f /tmp/gluster_monitoring_heal ]; then
if [[ $(find /tmp -name "gluster_monitoring_heal" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster heal check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
elif [ "$EXIT_CODE" -eq 0 ]; then
echo -e "WARNING: volumes healing at this moment\n$(cat /tmp/gluster_monitoring_heal |sed "s/^[ \t]*//" | grep -a -v ^0)" && rm -f /tmp/gluster_monitoring_heal
exit 1
else
echo "OK: no volumes healing at this moment" && rm -f /tmp/gluster_monitoring_heal
exit 0
fi
else
echo "WARNING: there was an error during the gluster heal check please check /tmp/gluster_monitoring_heal"
exit 1
fi

23
scripts/gluster_checks/check_gluster_peer.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check peer for Nagios
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.0
######START OF SCRIPT#######
SATE_OF_DOWN_PEER=$(cat /tmp/peer_status | grep -a Disconnected | wc -l)
IP_OF_DOWN_PEER=$(cat /tmp/peer_status| grep -a -E "Hostname|Disconnected"| grep -a -B1 Disconnected | grep -a Hostname | cut -d ":" -f2| sed "s/^[ \t]*//")
if [[ $(find /tmp -name "peer_status" -mmin +4 -print) ]]; then
echo "WARNING: there was an error during the gluster peer check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
exit 1
# check number of active bricks
elif [ "$SATE_OF_DOWN_PEER" -eq 0 ] ; then
echo "OK: All bricks on are up"
exit 0
else
echo "CRITICAL: There are one or more peers down on $IP_OF_DOWN_PEER"
exit 2
fi

15
scripts/gluster_checks/check_gluster_pod.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check from within a pod server heal for Nagios
#First line of code :15/01/2019
#last update :24/01/2019
#version :1.0
######START OF SCRIPT#######
gluster volume status all > /brick_status
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
do
echo "volume, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done > /gluster_monitoring_heal

41
scripts/gluster_checks/check_glusterd.sh Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Check Gluster deamon state for Nagios
#First line of code :15/01/2019
#last update :17/01/2019
#version :1.0
#Some general vars
#glusterd pid status
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
#glusterfsd (brick daemon) pid status
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
######START OF SCRIPT#######
check_if_glusterd_is_running() {
#check if glusterd is running
if ! $GLUSTERD_STAT &>/dev/null; then
echo "CRITICAL: glusterd management daemon not running"
exit 2
else
echo "OK: glusterd management daemon is running"
exit 0
fi
}
check_if_glusterfsd_is_running() {
# check for glusterfsd (brick daemon)
if ! $GLUSTER_BRICK_STAT; then
echo "CRITICAL: glusterfsd brick daemon not running"
exit 2
else
echo "OK: glusterfsd brick daemon is running"
exit 0
fi
}
#### CALL THE FUNCTIONS ######
check_if_glusterd_is_running
check_if_glusterfsd_is_running

12
scripts/gluster_checks/copy_gluster_check_to_pod.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Copy check script to gluster pod for Nagios
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.1
######START OF SCRIPT#######
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
cd /root/scripts/
oc cp check_gluster_pod.sh glusterfs/$POD:/
oc exec -n glusterfs $POD /check_gluster_pod.sh && oc cp glusterfs/$POD:gluster_monitoring_heal /tmp && oc cp glusterfs/$POD:brick_status /tmp && oc cp glusterfs/$POD:brick_peer /tmp

20
scripts/gluster_checks/pod_loop_gluster_heal_status.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster heal status volume check in a pod
#First line of code :15/01/2019
#last update :31/01/2019
#version :1.2
#info:
#This script needs to be added to cron and run every 3 min
#Some general vars
STORAGE_IP=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
######START OF SCRIPT#######
# get volume heal status and redirect it to a tmp file
for volume in $(/usr/sbin/gluster volume info|grep "Volume Name:" | cut -d ":" -f2)
do
echo "volume, $volume"
/usr/sbin/gluster v heal $volume info|grep "Status:"| grep "not connected"
done

58
scripts/gluster_checks/some_check_gluster_openshift.sh Normal file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#Roy Cohen :roy@wondercohen.nl
#objective :Gluster check OSM server heal for Nagios
#First line of code :15/01/2019
#last update :24/01/2019
#version :1.0
######START OF SCRIPT#######
#gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
do
echo "volume, $volume"
gluster v heal $volume info |grep entries|cut -d ":" -f2
done
#for volume in $(cat /tmp/volume_names)
#do
# OC="oc rsh -n"
# POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
# VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
#echo "volume, $volume"
# oc rsh -n glusterfs $POD | $VAR1
#done
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) ip -4 addr show
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
oc rsh -n glusterfs $POD gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
for volume in $(cat /tmp/volume_names)
do
OC="oc rsh -n"
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
echo "volume, $volume"
echo "$OC glusterfs $POD $VAR1"
done
/tmp/gluster_monitoring_heal
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
oc rsh -n glusterfs glusterfs-storage-4jq8n gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
oc cp /tmp/database.sql mysql:/tmp/
kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
oc cp glusterfs/glusterfs-storage-4jq8n:gluster_monitoring_heal /tmp

19
scripts/host_ssh_test.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
for host in $(cat ${FILE})
do
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
#ssh -n root@$host "ps -ef |grep vmtoolsd && hostname "
#ssh -n root@$host "hostname"
done

61
scripts/iptables1.sh Normal file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# Modify script as per your setup
# Usage: Sample firewall script
# ---------------------------
_input=/root/firewall/badips.db
_pub_if="eth1"
IPT=/sbin/iptables
# Die if file not found
[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }
# DROP and close everything
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
# Unlimited lo access
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Allow all outgoing connection but no incoming stuff by default
$IPT -A OUTPUT -o ${_pub_if} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i ${_pub_if} -m state --state ESTABLISHED,RELATED -j ACCEPT
### Setup our black list ###
# Create a new chain
$IPT -N droplist
# Filter out comments and blank lines
# store each ip or subnet in $ip
egrep -v "^#|^$" x | while IFS= read -r ip
do
# Append everything to droplist
$IPT -A droplist -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List "
$IPT -A droplist -i ${_pub_if} -s $ip -j DROP
done <"${_input}"
# Finally, insert or append our black list
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist
# Okay add your rest of $IPT commands here
# Example: open port 53
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p udp --dport 53 -j ACCEPT
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --dport 53 -j ACCEPT
# Open port 80
# $IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --destination-port 80 -j ACCEPT
# Allow incoming ICMP ping pong stuff
# $IPT -A INPUT -i ${_pub_if} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 3 -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 5 -m limit --limit 30/sec -j ACCEPT
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 11 -m limit --limit 30/sec -j ACCEPT
# drop and log everything else
$IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG
$IPT -A INPUT -j DROP

28
scripts/iptables2.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
# syntax of user list file
# sourceIPAdress:DestinationIPAddress:Port
if [ $# -lt 1 ]
then
echo "Syntax: ./`basename $0` <file name>"
exit
fi
# Parameters
USER_DATA_FILE=$1
_input=/path/to/text.db
IPT=/sbin/iptables
$IPT -N droplist
egrep -v "^#|^$" x | while IFS= read -r ip
do
$IPT -A droplist -i eth1 -s $ip -j LOG --log-prefix " myBad IP BlockList "
$IPT -A droplist -i eth1 -s $ip -j DROP
done < "$_input"
# Drop it
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist

209
scripts/iptables_Roy.sh Normal file
View File

@ -0,0 +1,209 @@
#!/bin/bash
echo -e "****************Welcome*************"
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
checkstatus()
{
opt_checkstatus=1
while [ $opt_checkstatus != 7 ]
do
clear
#echo -e "\nChoose the Option Bellow!!!\n
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
echo -e " 1. Save the iptables\n
2. Status of Iptables\n
3. Start iptables Services\n
4. Stop iptables Services\n
5. Restart iptable Services\n
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
7. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1) echo -e "*******************************************************\n"
/etc/init.d/iptables save
echo -e "\n*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
2) echo -e "*******************************************************\n"
/etc/init.d/iptables status
echo -e "*******************************************************"
echo -e "Press Enter key to Continue..."
read temp;;
3) echo -e "*******************************************************\n"
/etc/init.d/iptables start
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
4) echo -e "*******************************************************\n"
/etc/init.d/iptables stop
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
5) echo -e "*******************************************************\n"
/etc/init.d/iptables restart
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
6) iptables -F
echo -e "*******************************************************"
echo -e "All the Rules from the Iptables are Flushed!!!"
echo -e "*******************************************************\n"
echo -e "Press Enter key to Continue..."
read temp;;
7) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
buildfirewall()
{
###############Getting the Chain############
echo -e "Using Which Chain of Filter Table?\n
1. INPUT
2. OUTPUT
3. Forward"
read opt_ch
case $opt_ch in
1) chain="INPUT" ;;
2) chain="OUTPUT" ;;
3) chain="FORWARD" ;;
*) echo -e "Wrong Option Selected!!!"
esac
#########Getting Source IP Address##########
#Label
echo -e "
1. Firewall using Single Source IP\n
2. Firewall using Source Subnet\n
3. Firewall using for All Source Networks\n
4. Firewall choose a source file contationing ip addesses"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Source"
read ip_source ;;
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
read ip_source ;;
3) ip_source="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_source ;;
#5) ip_source = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
#########Getting Destination IP Address##########
echo -e "
1. Firewall using Single Destination IP\n
2. Firewall using Destination Subnet\n
3. Firewall using for All Destination Networks\n
4. Firewall using a file"
read opt_ip
case $opt_ip in
1) echo -e "\nPlease Enter the IP Address of the Destination"
read ip_dest ;;
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
read ip_dest ;;
3) ip_dest="0/0" ;;
4) echo -e "\nPlease Enter the file name."
read ip_dest ;;
#5) ip_dest = "NULL" ;;
*) echo -e "Wrong Option Selected"
esac
###############Getting the Protocol#############
echo -e "
1. All Traffic of TCP
2. Specific TCP Service
3. Specific Port
4. Using no Protocol"
read proto_ch
case $proto_ch in
1) proto=TCP ;;
2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
read proto ;;
3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)"
read proto ;;
4) proto="NULL" ;;
*) echo -e "Wrong option Selected!!!"
esac
#############What to do With Rule#############
echo -e "What to do with Rule?
1. Accept the Packet
2. Reject the Packet
3. Drop the Packet
4. Create Log"
read rule_ch
case $rule_ch in
1) rule="ACCEPT" ;;
2) rule="REJECT" ;;
3) rule="DROP" ;;
4) rule="LOG" ;;
esac
###################Generating the Rule####################
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
read temp
echo -e "The Generated Rule is \n"
if [ $proto == "NULL" ]; then
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n"
gen=1
else
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n"
gen=2
fi
echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
read yesno
if [ $yesno == 1 ] && [ $gen == 1 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -j $rule
else if [ $yesno == 1 ] && [ $gen == 2 ]; then
iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
else if [ $yesno == 1 ] && [$gen == 2]; then
iptables -A $chain -s $(grep -hvE "^#|^$" $ip_source) -d $(grep -hvE "^#|^$" $ip_dest) -p $proto -j $rule
else if [ $yesno == 3 ]; then
main
fi
fi
fi
fi
}
main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 4 ]
do
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
#############Check Whether the iptables installed or not############
echo -e "\t*****Main Menu*****\n
1. Check Iptables Package\n
2. Iptables Services\n
3. Build Your Firewall with Iptables\n
4. Exit"
read opt_main
case $opt_main in
1) echo -e "******************************"
rpm -q iptables
echo -e "******************************" ;;
2) checkstatus ;;
3) buildfirewall ;;
4) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
else
echo -e "You Must be the ROOT to Perfom this Task!!!"
fi
}
main
exit 0

17
scripts/loop_a_function.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#loop a function
FILE="../servers"
uptime_ost ()
{
for host in $(cat ${FILE})
do
ssh -o ConnectTimeout=3 -n root@$host "uptime" >> uptime_$host
done
}
while true ;do
uptime_ost;
sleep 5
done > /dev/null 2>&1

10
scripts/looping_within_host_ssh.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
FILE=$1
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"
else
ssh $host 'for i in $(hostname && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a celeraUmnt${DATE}
fi
done

62
scripts/motd Normal file
View File

@ -0,0 +1,62 @@
#/usr/local/bin/dynmotd
#!/bin/bash
USER=$(whoami)
HOSTNAME=$(uname -n)
MEMORY1=$(free -t -h | grep "Mem" | awk '{print $3;}')
MEMORY2=$(free -h | grep "Mem" | awk '{print $2;}')
PSA=$(ps -Afl | wc -l)
# time of day
DATE=$(date +"%F %H:%M:%S")
#System uptime
uptime=$(cat /proc/uptime | cut -f1 -d.)
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
#Host engine
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
RUNNING_VMS=$(virsh -r list | awk '{print$2 " "$3}'|grep -v "Name State"| column -t)
#Some Colors
BRED='\033[1;31m'
RED='\033[0;31m'
NC='\033[0m' # No Color
#has the server been rebooted indicator
if [ $upDays -eq "0" ]; then
echo -e "${BRED}SERVER HAS BEEN REBOOTED $upHours hours AGO ${NC}";
fi
echo "
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
- Current time........: $DATE
- Current user........: $USER
- Hostname............: $HOSTNAME
- Release.............: `cat /etc/redhat-release`
- Users...............: Currently `users | wc -w` user(s) logged on
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
- Memory used.........: $MEMORY1 of $MEMORY2
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
- Processes...........: $PSA running
- VM's on this HV.....:
$RUNNING_VMS
- Host engine status..:
$ENGINE
==================================== volume status vm ===============================
$(gluster volume status vm clients|grep 'Brick\|Clients')
==================================== volume status engine ===========================
$(gluster volume status engine clients|grep 'Brick\|Clients')
"

181
scripts/mount_tool.sh Normal file
View File

@ -0,0 +1,181 @@
#!/bin/bash
#(c) Roy Cohen 29/03/2014 :roy@wondercohen.nl
#objective :Mount and Umount mounts on remote server
#last update :10/05/2014
#version :0.3
if [ $# -lt 1 ]
then
echo "Syntax error must be : ./`basename $0` <file name>"
exit
fi
clear
# Parameter
DATE=`/bin/date +%H\u%M-%d-%b-%Y`
FILE=$1
# Variables
LOGDIR="$HOME/celera/logs/"
check(){
opt_checkstatus=1
while [ $opt_checkstatus != 6 ]
do
clear
echo -e "\n\t*****Checks for mount on servers*****\n
1. Check all mounts via mtab\n
2. Check Celera mounts via mtab\n
3. Check all mounts via fstab\n
4. Check Celera mounts via fstab\n
5. Check Noauto mounts in fstab\n
6. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allMtab${DATE}
done
read temp;;
2)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraMtab_${DATE}
done
read temp;;
3)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allFstab${DATE}
done
read temp;;
4)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraFstab${DATE}
done
read temp;;
5)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allNoautoFstab${DATE}
done
read temp;;
6) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
mount()
{
opt_checkstatus=1
while [ $opt_checkstatus != 4 ]
do
clear
echo -e "\n\t***** Mount on servers *****\n
1. Mount all via fstab\n
2. Mount only Celera via fstab\n
3. Mount all noauto via fstab\n
4. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n" | tee -a ${LOGDIR}binformd${DATE}
else
ssh $host mount -a 2>&1 | tee -a ${LOGDIR}mountAll${DATE}
fi
done
read temp;;
2)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
else
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}celeraMnt${DATE}
fi
done
read temp;;
3)
for host in $(cat $FILE); do
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
else
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoMnt${DATE}
fi
done
read temp;;
4) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
umount()
{
opt_checkstatus=1
while [ $opt_checkstatus != 3 ]
do
clear
echo -e "\n\t***** UnMount on servers *****\n
1. UnMount all via fstab\n
2. UnMount only Celera via fstab\n
3. Go back to Main Menu"
read opt_checkstatus
case $opt_checkstatus in
1)
for host in $(cat $FILE); do
echo "are you sure? if so change the script"
#ssh $host umount -a 2>&1 | tee -a ${LOGDIR}umountAll${DATE}
done
read temp;;
2)
for host in $(cat $FILE); do
ssh $host 'for i in $(hostname && echo "**Mounts that were unmounted**" && cat /etc/fstab | grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do umount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoUmnt${DATE}
done
read temp;;
3) main;;
*) echo -e "Wrong Option Selected!!!"
esac
done
}
main()
{
opt_main=1
while [ $opt_main != 4 ]
do
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
#############Check Mounts ############
echo -e "\t*****Main Menu*****\n
1. Checks mounts\n
2. Mount\n
3. Umount\n
4. Exit"
read opt_main
case $opt_main in
1) check ;;
2) mount ;;
3) umount ;;
4) exit 0 ;;
*) echo -e "Wrong option Selected!!!"
esac
done
}
main
exit 0

13
scripts/ping_test.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
for host in $(cat $1)
do
if ping -c 1 -w 5 $host &>/dev/null ; then
echo "$host is up"
fi
done

11
scripts/sc.sh Normal file
View File

@ -0,0 +1,11 @@
#tail -n 30 /u01/env/$1/tibco/tra/$1/application/logs/CARinboxBulk-Process_Archive.log |grep OutOfMemoryError |wc -l
#!/bin/bash
cd out/
for h in $(ls /u01/zbx/agt/bin/OutOfMemory_log_checks/)
do
cd /u01/zbx/agt/bin/OutOfMemory_log_checks/
mv $h.log.sh $h.sh
#touch $h.sh
#echo -e "#!/bin/bash\ntail -n 30 /u01/env/\$1/tibco/tra/\$1/application/logs/$h |grep OutOfMemoryError |wc -l" > $h.sh
done

70
scripts/some_thouts.sh Normal file
View File

@ -0,0 +1,70 @@
$opt_int $proto_ch $port_ch
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
1 1 1 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
1 2 1 -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
1 3 2 -A $chain -s $ip_source -i $interface --dport $port -j $rule_ch
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
1 1 2 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
2 1 1 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
2 2 1 -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
2 3 2 -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule_ch
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
2 1 2 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
fi
-A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch ($opt_int = 1 $proto_ch=2 $port_ch=2)
-A $chain -s $ip_source -i $interface --dport 443 -j $rule_ch ($opt_int = 1 $proto_ch=3 NO PROTOC)
-A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch ($opt_int = 2 $proto_ch=2)
-A $chain -s $ip_source -d $ip_dest --dport 443 -j $rule_ch ($opt_int = 2 $proto_ch=3 NO PROTOC)
RULE="-A$chain$ipdetails$ip_dest$proto$port$rule"
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$12$14}'|grep "^-")
do
if [ "$RULE" == "$FILE" ] ; then
echo "this Rule -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule exsists"
read temp
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp --dport 443 -j ACCEPT
awk '{print $1$2$3$4$5$6$7$8$9$10$11$12$13$14$15}'
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$8$12$14}'|grep "^-")
do
RULE="-A$chain$ipdetails$interface$ip_dest$proto$port$rule"
if [ "$RULE" == "$FILE" ] ; then
echo -e "This Rule \"-D $chain -s $ip_source -i $interface -p $proto --dport $port\" -j $rule exsists"
echo -e "\nGo Back to Build Your Firewall program Or to Main Menu\n
1. Back to Build Your Firewall with Iptables
2. Go back to Main Menu"
read back_to
case $back_to in
1) buildfirewall;;
2) main;;
*) echo -e "Wrong option Selected!!!"
esac
for duplicate_iptables in `(cat /etc/sysconfig/iptables | sort | uniq | grep "^-")`
do
echo "iptables $duplicate_iptables"
done
while read -r duplicate_iptables
do
iptables $duplicate_iptables
done < /etc/sysconfig/iptables | grep "^-"
cat /etc/sysconfig/iptables | xargs -n1 -i{} grep '^{}$' ngfilelist.txt

28
scripts/ssh_loop.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cat ${FILE})
do
#scp bashrc root@$host:/etc/
#echo $IP
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
ssh -n root@$host "hostname"
#ssh -n root@$host "hostname"
#add to known hosts
#ssh-keyscan -H $host >> ~/.ssh/known_hosts
done
#IPADDR="10.2.2."

15
scripts/test_con_server_status.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#Roy Cohen
# Test server conection to GW and whire the date and upteme to a logfile
status=$(ps -ef | grep test_con_server_status.sh | grep -v grep |wc -l)
if [ "$status" -ge 3 ] ;
then
exit
else
while true
do
nc -z 10.2.1.1 22 && echo $(date && uptime) >> /var/log/custom/$HOSTNAME
sleep 5
done
fi

8
scripts/test_scripts/gluster_peer_check.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
HOST=$1
TIME=$(date)
while echo -e "\n**$TIME**" >> gluster_peer_$HOST ;do
ssh -o ConnectTimeout=3 -n root@$HOST "gluster peer status"
sleep 5;
done >> gluster_peer_$HOST.log 2>&1

6
scripts/test_scripts/log_oc_nodes.sh Normal file
View File

@ -0,0 +1,6 @@
for (( ; ; ))
do
date >> oc_node_status.log
oc get nodes -o wide >> oc_node_status.log
sleep 2
done

6
scripts/test_scripts/log_oc_pods.sh Normal file
View File

@ -0,0 +1,6 @@
for (( ; ; ))
do
date >> oc_pod_status.log
oc get pods --all-namespaces -o wide >> oc_pod_status.log
sleep 10
done

14
scripts/test_scripts/log_ping_between.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
FROM_SERVER=$1
TO_SERVER=$2
LOG_FILE="ping_${FROM_SERVER}_to_${TO_SERVER}.log"
for (( ; ; ))
do
date >> $LOG_FILE
ssh -o ConnectTimeout=1 -o ConnectionAttempts=1 \
${FROM_SERVER} ping ${TO_SERVER} | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' >> $LOG_FILE
echo "Disconnected from server..." >> $LOG_FILE
sleep 10
done

18
scripts/test_scripts/ping_test.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
HOSTS=(host1
host2
)
uptime_mv ()
{
for host in "${HOSTS[@]}" ;
do
PONG=$(ping -c 1 $host)
echo "$(date) $PONG" >> ping_$host.log &
done
}
while true ;do
uptime_mv ;
sleep 1
done

33
scripts/test_scripts/test_all.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
function cleanup {
# Your cleanup code here
echo "My pid is: $$ ?"
echo "Pids to kill: $(pgrep -P $$)"
pkill -P $$
}
trap cleanup EXIT
# Now the real work:
# Things to measure:
# - availability of loadbalancer (log_haproxy.sh)
# - availability of webconsole and master APIs (log_master_api.sh)
# - state of nodes (log_oc_nodes.sh)
# - state of pods (log_oc_pods.sh)
# - availability of servers
# - pings between servers (log_ping_between.sh)
mkdir $1
cd $1
#../log_haproxy.sh &
#../log_master_api.sh &
#../log_oc_nodes.sh &
#../log_oc_pods.sh &
../uptime_hv.sh &
../virsh_list_hv.sh &
../uptime_vm.sh &
../gluster_peer_check.sh<Hostname> &
wait

18
scripts/test_scripts/uptime_hv.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
HOSTS=(
)
uptime_ost ()
{
for host in "${HOSTS[@]}" ;
do
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
done
}
while true ;do
uptime_ost;
sleep 5
done > /dev/null 2>&1

17
scripts/test_scripts/uptime_vm.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
HOSTS=(host1
host2
)
uptime_mv ()
{
for host in "${HOSTS[@]}" ;
do
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
done
}
while true ;do
uptime_mv ;
sleep 5
done > /dev/null 2>&1

19
scripts/test_scripts/virsh_list_hv.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/bash
HOSTS=(
host1
host2
)
virsh_test ()
{
for host in "${HOSTS[@]}" ;
do
echo $(date) >> virsh_$host
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "virsh -r list" >> virsh_$host.log
done
}
while true ;do
virsh_test;
sleep 5
done > /dev/null 2>&1

194
scripts/tools/OS_patching_tool.sh Normal file
View File

@ -0,0 +1,194 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :OpenShift pathing tool using yum (RHEL and Centos)
#First line of code :04/09/2019
#last update :06/09/2019
#version :0.1
#inspred by /home/freark/bin/batch_upgrade.sh
#Check if root is running the script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Parameters
NAGIOS_SCRIPT='/opt/proteon-scripts/minions/nagios/generic/nagios_add_downtime_host.sh'
BASE_LOG_DIR=/var/log/batch_upgrade
TIMESTAMP=$(date +%Y%m%d.%H%M)
#set the master host
read -p "Enter OpenShift master: " OS_MASTER
#Set node varible
OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1)
COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l)
#TODO what if there are more that one node already driand?
if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then
echo -e "n\ NOTE: There are driand nodes on the cluster\n
Please chack the master node for possible issues"
exit 1
fi
###############################OPENSHIFT PACHING BEGINS HERE###############################
#list nodes on the OpenShift Master
function list_nodes()
{
printf '%s\n' "${OS_NODES_READY[@]}"
set_update_host
}
#set the hostname for the update
function set_update_host()
{
echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish"
read -p "Enter OpenShift node: " HOST_TO_UPDATE
}
#Breack in an error
function pause_on_error {
if [ $1 -ne 0 ]
then
echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue"
read
fi
}
#Add nagios downtime
function nagios_downtime()
{
$NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host'
echo "Adding downtime for host $HOST_TO_UPDATE..."
pause_on_error $?
}
#just a counter, one minute
function time_counter()
{
count=0
total=120
while [ $count -lt $total ]; do
sleep 0.5 # this is work
count=$(( $count + 1 ))
pd=$(( $count * 60 / $total ))
printf "\r${pd}s" $(( $count * 60 / $total ))
done
}
#Drain the node
function drain()
{
echo "Draining $HOST_TO_UPDATE"
ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"
echo "
________________________________________________________________________
< This will take a minute, Just making sure that the node is fully drained >
------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/
||----w |
|| ||
"
time_counter
pause_on_error $?
}
#Update node
function update()
{
mkdir -p ${BASE_LOG_DIR}
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo -e "n\I'm now going to update $HOST_TO_UPDATE."
echo "You can follow/check logs in:"
echo ${LOG_DIR}
echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here."
echo "If any fail you MUST check and update these before proceeding!"
echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m"
read
echo "This may take some time..."
echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c "
#exclude openshift and docker
ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf"
#update command
ssh -t $HOST_TO_UPDATE "sleep 10 && yum update --security" | tee ${LOG_DIR}/$HOST_TO_UPDATE
pause_on_error $?
}
#reboot node
function reboot_server()
{
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
echo "Restarting server $HOST_TO_UPDATE"
#ANSWER='dummyvalue'
while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do
echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m"
read ANSWER
if [[ "${ANSWER}" == 's' ]]; then
echo "Skipping $HOST_TO_UPDATE"
return 0
fi
if [[ "${ANSWER}" == 'c' ]]; then
echo "Proceeding to reboot $HOST_TO_UPDATE"
break
fi
done
timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot"
# no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode
# pause_on_error $?
# wait until the server is down
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc == 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be down..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 0.5
done
echo "Server $HOST_TO_UPDATE appears to be down..."
# wait until...
# server pings again
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
while [[ $rc != 0 ]]
do
echo "Waiting for $HOST_TO_UPDATE to be back up..."
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
rc=$?
sleep 5
done
}
#uncordon node in the OpenShift master
function uncordon()
{
echo "------------------------------------"
echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER"
ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE"
list_nodes
pause_on_error $?
}
############################### -MAIN RUN- ###############################
list_nodes
nagios_downtime
drain
update
reboot_server
uncordon

13
scripts/tools/collect_info.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'`
echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo`
TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+)
SUM_HDD=$(echo $(($TOTAL_HDD_SIZE)) | awk '{ byte =$1 /1024**2 ; print byte}')
echo -e "\t,Disks size,\t "$(echo $SUM_HDD)

14
scripts/tools/drain_host.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
OS_MASTER=$1
HOSTS=($(cat $2))
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
exit
fi
for host in "${HOSTS[@]}"
do
ssh -n root@$1 "oc adm drain --ignore-daemonsets $host"
done

32
scripts/tools/just_a_waiting_bar.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
HOST_TO_UPDATE=Host1
OS_MASTER=Master1
function time_counter()
{
count=0
total=120
while [ $count -lt $total ]; do
sleep 0.5 # this is work
count=$(( $count + 1 ))
pd=$(( $count * 60 / $total ))
printf "\r${pd}s" $(( $count * 60 / $total ))
done
}
echo "Draining $HOST_TO_UPDATE"
echo "ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE""
echo "
________________________________________________________________________
< This will take a minute, Just making sure that the node is fully drained >
------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\/
||----w |
|| ||
"
time_counter

54
scripts/tools/run_collect_info_v2.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
#Roy Cohen :roy@proteon.com
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files.
#First line of code :09/10/2019
#last update :11/10/2019
#version :0.1
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name with hosts and contract codes>"
exit
fi
CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l)
if [[ $CHECK_CONTACT_CODES -gt 0 ]]
then
echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase"
else
#clean the results directory
rm /opt/scripts/tools/collect_info/results/*
#collect data from remote server
for host in $(cat $1)
do
HOST=$(echo $host|cut -d "," -f1)
CONTRACT_LIST=$(echo $host|cut -d "," -f2)
scp -q -p collect_info.sh $HOST:/root
SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh")
printf "%s " "$HOST," >> results/$CONTRACT_LIST
echo $SSH_OUT >> results/$CONTRACT_LIST
done 2>/opt/scripts/tools/collect_info/results/error.log
# sums-up the colleced data in to contact code files
for contr_file in $(ls /opt/scripts/tools/collect_info/results/)
do
RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc )
CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc )
HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc )
echo "Total Processors, $CPU" > /opt/scripts/tools/collect_info/results/$contr_file
echo "Memory RAM Total in MB, $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file
echo "Disk size in GB, $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file
done
fi
#cat all the contracts
for contr in $(ls /opt/scripts/tools/collect_info/results/)
do
echo "----$contr---"
cat /opt/scripts/tools/collect_info/results/$contr
done

14
scripts/tools/uncordon_host.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
OS_MASTER=$1
HOSTS=($(cat $2))
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
exit
fi
for host in "${HOSTS[@]}"
do
ssh -n root@$1 "oc adm uncordon $host"
done

16
scripts/uptime_loop.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
FILE=$1
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in $(cat ${FILE})
do
ssh -n root@$host "hostname && uptime && virsh -r list"
done

94
shell.sh Normal file
View File

@ -0,0 +1,94 @@
#!/usr/bin/env bash
# Wonder Cohen - The Hague The Netherlands
# shell_history_audit.sh put in /etc/profile.d
# Logs every interactive-bash command (including within sudo) to /var/log/history
# Author: Roy Cohen <roy@wondercohen.nl> Last-update: 2025-06-23
### Installation notes:
## Create the script
# /etc/profile.d/shell_history_audit.sh
## Create log directory and group
# sudo groupadd -f historylog
# sudo mkdir -p /var/log/history
# sudo chown root:historylog /var/log/history
# sudo chmod 1770 /var/log/history
## Create the error log
# sudo touch /var/log/history_audit_errors.log
# sudo chown root:historylog /var/log/history_audit_errors.log
# sudo chmod 666 /var/log/history_audit_errors.log
## Secure script
# sudo chmod 644 /etc/profile.d/shell_history_audit.sh
# sudo chown root:root /etc/profile.d/shell_history_audit.sh
## Make log files append-only (optional)
# sudo find /var/log/history -type f -exec chattr +a {} \;
#
## Sudo environment setting
# visudo
# Defaults env_keep += "HISTFILE HISTTIMEFORMAT"
#
##############################################################################
# Config change these once
HISTDIR="/var/log/history"
AUDITGROUP="historylog" # group allowed to read the logs
LOG_MODE=0640 # -rw-r----- root:historylog
DIR_MODE=1770 # drwxrwx--T root:historylog
AUTO_LOGOUT=3600 # seconds
ERRLOG="/var/log/history_audit_errors.log"
##############################################################################
# Skip for non-interactive shells
[[ $- != *i* ]] && return
##############################################################################
# Auto-logout
readonly TMOUT="$AUTO_LOGOUT"
export TMOUT
##############################################################################
# Determine source user (for sudo tracking)
if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then
SRC="$SUDO_USER"
else
SRC=$(logname 2>/dev/null || echo "$USER")
fi
LOGFILE="$HISTDIR/${USER}_${SRC}.log"
##############################################################################
# Create logfile if directory is writable and it doesn't exist
if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then
touch "$LOGFILE" # we have permission
chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true
chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true
fi
##############################################################################
# Check group membership (user must be in $AUDITGROUP)
if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then
logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped."
return 0
fi
##############################################################################
# Activate history logging only when logfile exists & is writable
if [[ -w "$LOGFILE" ]]; then
export HISTFILE="$LOGFILE"
export HISTSIZE=
export HISTFILESIZE=
export HISTIGNORE=''
export HISTCONTROL='ignoreboth'
export HISTTIMEFORMAT='%F %T '
shopt -s histappend
case "${PROMPT_COMMAND:-}" in
*history\ -a*) : ;;
*) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;;
esac
else
# Log error (optional)
echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true
fi

110
shell_history_audit.sh Normal file
View File

@ -0,0 +1,110 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-3.0-or-later
# Copyright © 2025 Roy Cohen <roy@wondercohen.nl>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the “Software”), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED
# Wonder Cohen - The Hague The Netherlands
# shell_history_audit.sh put in /etc/profile.d
# Logs every interactive-bash command (including within sudo) to /var/log/history
# Last-update: 2025-06-23
### Installation notes:
## Create the script
# /etc/profile.d/shell_history_audit.sh
## Create log directory and group
# sudo groupadd -f historylog
# sudo mkdir -p /var/log/history
# sudo chown root:historylog /var/log/history
# sudo chmod 1770 /var/log/history
## Create the error log
# sudo touch /var/log/history_audit_errors.log
# sudo chown root:historylog /var/log/history_audit_errors.log
# sudo chmod 666 /var/log/history_audit_errors.log
## Secure script
# sudo chmod 644 /etc/profile.d/shell_history_audit.sh
# sudo chown root:root /etc/profile.d/shell_history_audit.sh
## Make log files append-only (optional)
# sudo find /var/log/history -type f -exec chattr +a {} \;
#
## Sudo environment setting
# visudo
# Defaults env_keep += "HISTFILE HISTTIMEFORMAT"
#
##############################################################################
# Config change these once
HISTDIR="/var/log/history"
AUDITGROUP="historylog" # group allowed to read the logs
LOG_MODE=0640 # -rw-r----- root:historylog
DIR_MODE=1770 # drwxrwx--T root:historylog
AUTO_LOGOUT=3600 # seconds
ERRLOG="/var/log/history_audit_errors.log"
##############################################################################
# Skip for non-interactive shells
[[ $- != *i* ]] && return
##############################################################################
# Auto-logout
readonly TMOUT="$AUTO_LOGOUT"
export TMOUT
##############################################################################
# Determine source user (for sudo tracking)
if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then
SRC="$SUDO_USER"
else
SRC=$(logname 2>/dev/null || echo "$USER")
fi
LOGFILE="$HISTDIR/${USER}_${SRC}.log"
##############################################################################
# Create logfile if directory is writable and it doesn't exist
if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then
touch "$LOGFILE" # we have permission
chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true
chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true
fi
##############################################################################
# Check group membership (user must be in $AUDITGROUP)
if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then
logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped."
return 0
fi
##############################################################################
# Activate history logging only when logfile exists & is writable
if [[ -w "$LOGFILE" ]]; then
export HISTFILE="$LOGFILE"
export HISTSIZE=
export HISTFILESIZE=
export HISTIGNORE=''
export HISTCONTROL='ignoreboth'
export HISTTIMEFORMAT='%F %T '
shopt -s histappend
case "${PROMPT_COMMAND:-}" in
*history\ -a*) : ;;
*) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;;
esac
else
# Log error (optional)
echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true
fi

13
ssh_loops/loop_array.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
#find only derctoris older then 10 days
DIR_NAME=($(find /opt/backup/database/ -maxdepth 1 -type d -ctime +10))
for dir in "${DIR_NAME[@]}"
do
echo "tar -cvPf $dir.tgz $dir --remove-files"
done
#this will tar and remove
#tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files

51
ssh_loops/loop_array_with_flags.sh Normal file
View File

@ -0,0 +1,51 @@
#!/bin/bash
#find only directories older then 10 days
#this will tar and remove
#tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files
while test $# -gt 0; do
case "$1" in
-h|--help)
echo "$package - attempt to capture frames"
echo " "
echo "$package [options] application [arguments]"
echo " "
echo "options:"
echo "-h, --help show brief help"
echo "--days=<1-n> specify an action to use"
echo "-o, --output-dir=DIR specify a directory to store output in"
exit 0
;;
-a)
shift
DIR_NAME=($(find /var/log -maxdepth 1 -type d -mtime +10))
if test $# -gt 0; then
export PROCESS=$1
else
for dir in "${DIR_NAME[@]}"
do
echo "tar -czPf $dir.tar.gz $dir --remove-files"
done
exit 1
fi
shift
;;
--days*)
DIR_NAME=($(find /var/log/ -maxdepth 1 -type d -mtime +$2))
if test $# -gt 0; then
export PROCESS=$1
else
for dir in "${DIR_NAME[@]}"
do
echo "tar -czPf $dir.tar.gz $dir --remove-files"
done
exit 1
shift
;;
*)
break
;;
esac
done

18
ssh_loops/service_check_loop.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# This script will check the runing services for every host you provide in a source file.
# Example of running ./service_check_loop.sh <some_file_with_hosts>
HOSTNAME=($(cat $1))
if [ $# -lt 1 ]
then
echo "Syntax: ./$(basename $0) <file name>"
exit
fi
for host in "${HOSTNAME[@]}"
do
printf "%s " "$host,"
SSH_OUT=$(ssh -n root@$host "netstat -pnltu|cut -d "/" -f2|sed '/^$/d'|sort|uniq"|tr '\n' ',')
echo $SSH_OUT
done |tee -a /tmp/$1.log