first commit
This commit is contained in:
248
IptablesTool.sh~
Normal file
248
IptablesTool.sh~
Normal file
@ -0,0 +1,248 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 2012 :roy.cohen@cgi.com
|
||||
#CGI :George Hintzenweg 89 3068 AX Rotterdam, Netherlands 088 5640000
|
||||
#objective :IPtables administarion tool
|
||||
#last update :23/11/2012
|
||||
#version :0.1
|
||||
|
||||
|
||||
# Parameters
|
||||
IPT=/sbin/iptables
|
||||
|
||||
|
||||
echo -e " Welcome"
|
||||
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
|
||||
checkstatus()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 7 ]
|
||||
do
|
||||
clear
|
||||
#echo -e "\nChoose the Option Bellow!!!\n
|
||||
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
|
||||
echo -e " 1. Save the iptables\n
|
||||
2. Status of Iptables\n
|
||||
3. Start iptables Services\n
|
||||
4. Stop iptables Services\n
|
||||
5. Restart iptable Services\n
|
||||
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
|
||||
7. Go back to Main Menu"
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables save
|
||||
echo -e "\n*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
2) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables status
|
||||
echo -e "*******************************************************"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
3) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables start
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
4) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables stop
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
5) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables restart
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
6) iptables -F
|
||||
echo -e "*******************************************************"
|
||||
echo -e "All the Rules from the Iptables are Flushed!!!"
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
7) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
}
|
||||
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
buildfirewall()
|
||||
{
|
||||
##############Chose interface###############
|
||||
echo -e " Configure a Network Interface or a Destination Networks?\n
|
||||
1. A Network Interface
|
||||
2. No Network Interface. Destination Networks Only"
|
||||
read opt_int
|
||||
case $opt_int in
|
||||
1) echo -e "\nPlease Enter a Network Interface."
|
||||
read interface ;;
|
||||
2) interface="NULL" ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Chain############
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
#Label
|
||||
|
||||
echo -e "
|
||||
1. Firewall using Single Source IP\n
|
||||
2. Firewall using Source Subnet\n
|
||||
3. Firewall using for All Source Networks\n
|
||||
4. Firewall choose a source file contationing ip addesses"
|
||||
read opt_ip
|
||||
|
||||
case $opt_ip in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
|
||||
#5) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "
|
||||
1. Firewall using Single Destination IP\n
|
||||
2. Firewall using Destination Subnet\n
|
||||
3. Firewall using for All Destination Networks\n
|
||||
4. Firewall using a file"
|
||||
|
||||
read opt_ip
|
||||
case $opt_ip in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_dest ;;
|
||||
#5) ip_dest = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Specific Port
|
||||
4. Specific Port Number
|
||||
5. Using no Protocol"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=TCP ;;
|
||||
2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
|
||||
read proto ;;
|
||||
3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)"
|
||||
read proto ;;
|
||||
4) echo -e "Enter the Port Number: "
|
||||
read proto ;;
|
||||
5) proto="NULL" ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "What to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
esac
|
||||
|
||||
|
||||
###################Generating the Rule####################
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
|
||||
if [[ $interface == *eth* ]] ; then
|
||||
echo -e "\n$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule\n "
|
||||
gen=1
|
||||
else if [ $interface == "NULL"] ; then
|
||||
echo -e "\n$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule\n "
|
||||
gen=2
|
||||
else if [ $proto == "NULL" ]; then
|
||||
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n"
|
||||
gen=3
|
||||
else if [[ $proto == * ]]; then
|
||||
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n"
|
||||
gen=4
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule
|
||||
else if [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule
|
||||
else if [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
iptables -A $chain -s $ip_source -d $ip_dest -j $rule
|
||||
else if [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
|
||||
else if [ $yesno == 2 ]; then
|
||||
|
||||
main
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
main()
|
||||
{
|
||||
ROOT_UID=0
|
||||
if [ $UID == $ROOT_UID ];
|
||||
then
|
||||
clear
|
||||
opt_main=1
|
||||
while [ $opt_main != 4 ]
|
||||
do
|
||||
echo -e "************************************************************************"
|
||||
#############Check Whether the iptables installed or not############
|
||||
echo -e "\t*****Main Menu*****\n
|
||||
1. Check Iptables Package\n
|
||||
2. Iptables Services\n
|
||||
3. Build Your Firewall with Iptables\n
|
||||
4. Exit"
|
||||
read opt_main
|
||||
case $opt_main in
|
||||
1) echo -e "******************************"
|
||||
rpm -q iptables
|
||||
echo -e "******************************" ;;
|
||||
2) checkstatus ;;
|
||||
3) buildfirewall ;;
|
||||
4) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo -e "You Must be the ROOT to Perfom this Task!!!"
|
||||
fi
|
||||
}
|
||||
main
|
||||
exit 0
|
19
Man_tool/change_pass.sh
Executable file
19
Man_tool/change_pass.sh
Executable file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
#scrpit to change root password from a csv file
|
||||
#<hostname>,<passwd>
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for csv in $(cat $1)
|
||||
do
|
||||
|
||||
HOST=$(echo $csv |cut -d "," -f1)
|
||||
PASS=$(echo $csv |cut -d "," -f2)
|
||||
|
||||
ssh ansible@$HOST "echo root:$PASS |sudo chpasswd"
|
||||
|
||||
done
|
31
Man_tool/command_loop.sh
Executable file
31
Man_tool/command_loop.sh
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
#if [ $# -lt 1 ]
|
||||
#then
|
||||
# echo "Syntax: ./$(basename $0) <file name>"
|
||||
# exit
|
||||
#fi
|
||||
|
||||
for csv in $(cat $1)
|
||||
do
|
||||
|
||||
HOST=$(echo $csv |cut -d "," -f1)
|
||||
HASH=$(echo $csv |cut -d "," -f2)
|
||||
|
||||
# echo -e $host "root:$HASH/"
|
||||
echo $HOST "vgs"
|
||||
|
||||
|
||||
#scp root@$host:/var/log/glusterfs/glustershd.log .
|
||||
#ssh -o ConnectTimeout=10 -n root@$host "tail -n 100 /var/log/glusterfs/glustershd.log" > gluster/$host
|
||||
|
||||
done
|
||||
|
||||
#cat gluster/*| grep "All subvolumes are down" | grep "0-vol"|cut -d " " -f7|sort|uniq
|
||||
|
||||
|
||||
#cat gluster/*| grep "failed" | grep "0-vol"|cut -d " " -f 7,8|sort|uniq
|
||||
|
||||
#rm gluster/*
|
||||
#cat bricks_down |sort|uniq
|
16
Man_tool/uptime_loop.sh
Executable file
16
Man_tool/uptime_loop.sh
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in $(cat ${FILE})
|
||||
do
|
||||
|
||||
ssh -o ConnectTimeout=3 -n root@$host "hostname && uptime "
|
||||
|
||||
done
|
1
Man_tool/ww
Normal file
1
Man_tool/ww
Normal file
@ -0,0 +1 @@
|
||||
127.0.0.1,DlXOTJUdJ8TdaqXh,$1$xyz$uNKesoUDbo.Uh7Ei3E8cn1
|
12
OpenShift Stuff/collect_info.sh
Normal file
12
OpenShift Stuff/collect_info.sh
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host.
|
||||
#First line of code :09/10/2019
|
||||
#last update :11/10/2019
|
||||
#version :0.1
|
||||
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
|
||||
|
||||
echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'`
|
||||
echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo`
|
||||
TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+ | bc)
|
||||
echo -e "\t,Disks size,\t "$(echo "scale=2; $TOTAL_HDD_SIZE /1024^2" | bc)
|
50
OpenShift Stuff/run_collect_info.sh
Normal file
50
OpenShift Stuff/run_collect_info.sh
Normal file
@ -0,0 +1,50 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl :
|
||||
#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files.
|
||||
#First line of code :09/10/2019
|
||||
#last update :11/10/2019
|
||||
#version :0.1
|
||||
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name with hosts and contract codes>"
|
||||
exit
|
||||
fi
|
||||
CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l)
|
||||
|
||||
if [[ $CHECK_CONTACT_CODES -gt 0 ]]
|
||||
then
|
||||
echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase"
|
||||
|
||||
else
|
||||
#clean the results directory
|
||||
rm /opt/scripts/tools/collect_info/results/*
|
||||
|
||||
for host in $(cat $1)
|
||||
do
|
||||
HOST=$(echo $host|cut -d "," -f1)
|
||||
CONTRACT_LIST=$(echo $host|cut -d "," -f2)
|
||||
scp -q -p collect_info.sh $HOST:/root
|
||||
SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh")
|
||||
if [[ $SSH_OUT == "please install the bc command" ]]
|
||||
then
|
||||
echo "please install the bc command on $HOST" && exit 1
|
||||
else
|
||||
printf "%s " "$HOST," >> results/$CONTRACT_LIST
|
||||
echo $SSH_OUT >> results/$CONTRACT_LIST
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
# sun-up the colleced data in to contact code files
|
||||
for contr_file in $(ls /opt/scripts/tools/collect_info/results/)
|
||||
do
|
||||
RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc )
|
||||
CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc )
|
||||
HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc )
|
||||
echo "Total Processors $CPU" > /opt/scripts/tools/collect_info/results/$contr_file
|
||||
echo "Memory RAM Total in MB $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file
|
||||
echo "Disk size in GB $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file
|
||||
done
|
||||
fi
|
193
OpenShift Stuff/yum_update_tool_openshift.sh
Normal file
193
OpenShift Stuff/yum_update_tool_openshift.sh
Normal file
@ -0,0 +1,193 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :OpenShift patching tool using yum (RHEL and Centos)
|
||||
#First line of code :04/09/2019
|
||||
#last update :06/09/2019
|
||||
#version :0.1
|
||||
#inspred by /home/freark/bin/batch_upgrade.sh
|
||||
|
||||
|
||||
#Check if root is running the script
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Parameters
|
||||
NAGIOS_SCRIPT='/nagios_add_downtime_host.sh'
|
||||
BASE_LOG_DIR=/var/log/batch_upgrade
|
||||
TIMESTAMP=$(date +%Y%m%d.%H%M)
|
||||
|
||||
#set the master host
|
||||
read -p "Enter OpenShift master: " OS_MASTER
|
||||
|
||||
#Set node varible
|
||||
OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1)
|
||||
COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l)
|
||||
#TODO what if there are more that one node already driand?
|
||||
if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then
|
||||
echo -e "n\ NOTE: There are driand nodes on the cluster\n
|
||||
Please chack the master node for possible issues"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
###############################OPENSHIFT PACHING BEGINS HERE###############################
|
||||
#list nodes on the OpenShift Master
|
||||
function list_nodes()
|
||||
{
|
||||
printf '%s\n' "${OS_NODES_READY[@]}"
|
||||
set_update_host
|
||||
}
|
||||
|
||||
#set the hostname for the update
|
||||
function set_update_host()
|
||||
{
|
||||
echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish"
|
||||
read -p "Enter OpenShift node: " HOST_TO_UPDATE
|
||||
}
|
||||
|
||||
#Breack in an error
|
||||
function pause_on_error {
|
||||
if [ $1 -ne 0 ]
|
||||
then
|
||||
echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue"
|
||||
read
|
||||
fi
|
||||
}
|
||||
|
||||
#Add nagios downtime
|
||||
function nagios_downtime()
|
||||
{
|
||||
$NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host'
|
||||
echo "Adding downtime for host $HOST_TO_UPDATE..."
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#just a counter, one minute
|
||||
function time_counter()
|
||||
{
|
||||
count=0
|
||||
total=120
|
||||
|
||||
while [ $count -lt $total ]; do
|
||||
sleep 0.5 # this is work
|
||||
count=$(( $count + 1 ))
|
||||
pd=$(( $count * 60 / $total ))
|
||||
printf "\r${pd}s" $(( $count * 60 / $total ))
|
||||
done
|
||||
}
|
||||
|
||||
#Drain the node
|
||||
function drain()
|
||||
{
|
||||
echo "Draining $HOST_TO_UPDATE"
|
||||
ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"
|
||||
echo "
|
||||
________________________________________________________________________
|
||||
< This will take a minute, Just making sure that the node is fully drained >
|
||||
------------------------------------------------------------------------
|
||||
\ ^__^
|
||||
\ (oo)\_______
|
||||
(__)\ )\/
|
||||
||----w |
|
||||
|| ||
|
||||
|
||||
"
|
||||
time_counter
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#Update node
|
||||
function update()
|
||||
{
|
||||
mkdir -p ${BASE_LOG_DIR}
|
||||
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
|
||||
|
||||
echo -e "n\I'm now going to update $HOST_TO_UPDATE."
|
||||
echo "You can follow/check logs in:"
|
||||
echo ${LOG_DIR}
|
||||
echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here."
|
||||
echo "If any fail you MUST check and update these before proceeding!"
|
||||
echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m"
|
||||
read
|
||||
echo "This may take some time..."
|
||||
echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c "
|
||||
|
||||
#exclude openshift and docker
|
||||
ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf"
|
||||
#update command
|
||||
ssh -t $HOST_TO_UPDATE "sleep 10 && yum update" | tee ${LOG_DIR}/$HOST_TO_UPDATE
|
||||
# ssh -n $HOST_TO_UPDATE "sleep 10 && yum noninteractive -y update --security"
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#reboot node
|
||||
function reboot_server()
|
||||
{
|
||||
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
|
||||
|
||||
|
||||
echo "Restarting server $HOST_TO_UPDATE"
|
||||
#ANSWER='dummyvalue'
|
||||
while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do
|
||||
echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m"
|
||||
read ANSWER
|
||||
if [[ "${ANSWER}" == 's' ]]; then
|
||||
echo "Skipping $HOST_TO_UPDATE"
|
||||
return 0
|
||||
fi
|
||||
if [[ "${ANSWER}" == 'c' ]]; then
|
||||
echo "Proceeding to reboot $HOST_TO_UPDATE"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot"
|
||||
# no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode
|
||||
# pause_on_error $?
|
||||
|
||||
# wait until the server is down
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
while [[ $rc == 0 ]]
|
||||
do
|
||||
echo "Waiting for $HOST_TO_UPDATE to be down..."
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
sleep 0.5
|
||||
done
|
||||
|
||||
echo "Server $HOST_TO_UPDATE appears to be down..."
|
||||
|
||||
# wait until...
|
||||
# server pings again
|
||||
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
while [[ $rc != 0 ]]
|
||||
do
|
||||
echo "Waiting for $HOST_TO_UPDATE to be back up..."
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
sleep 5
|
||||
done
|
||||
}
|
||||
|
||||
#uncordon node in the OpenShift master
|
||||
function uncordon()
|
||||
{
|
||||
echo "------------------------------------"
|
||||
echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER"
|
||||
ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE"
|
||||
list_nodes
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
|
||||
############################### -MAIN RUN- ###############################
|
||||
list_nodes
|
||||
nagios_downtime
|
||||
drain
|
||||
update
|
||||
reboot_server
|
||||
uncordon
|
2
WsConfman/confman/hostlist/192.168.2.100
Normal file
2
WsConfman/confman/hostlist/192.168.2.100
Normal file
@ -0,0 +1,2 @@
|
||||
first_start
|
||||
jb{RWfnu
|
2
WsConfman/confman/hostlist/192.168.2.163
Normal file
2
WsConfman/confman/hostlist/192.168.2.163
Normal file
@ -0,0 +1,2 @@
|
||||
first_start
|
||||
>X1nr0.E
|
60
WsConfman/confman/managemnt.sh
Executable file
60
WsConfman/confman/managemnt.sh
Executable file
@ -0,0 +1,60 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 12/06/2017 :roy@wondercohen.nl
|
||||
#original script :My own work
|
||||
#objective :Linux workstation configration manger
|
||||
#last update :
|
||||
#version
|
||||
|
||||
|
||||
#Varibles
|
||||
CLIENT_ARR=( `sudo tail -50 /var/log/secure | grep "Did not receive identification string from" |cut -d " " -f12| sort | uniq` )
|
||||
CLIENT_PATH="$HOME/confman/hostlist/"
|
||||
CLIENT=(`ls $CLIENT_PATH`)
|
||||
|
||||
# Functions
|
||||
function add_client {
|
||||
#Check if the client is known and add the cilent if it is not known in the system
|
||||
for client in "${CLIENT_ARR[@]}"; do
|
||||
if [ -f $CLIENT_PATH$client ] ; then
|
||||
echo "$CLIENT_PATH$client already exists"
|
||||
else
|
||||
echo "" > $CLIENT_PATH$client
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function add_ssh_ECDSA {
|
||||
#Check if the client is known and add the ssh ECDSA key fingerprint to ~/.ssh/known_hosts
|
||||
for client in "${CLIENT[@]}"; do
|
||||
grep "$client" $HOME/.ssh/known_hosts > /dev/null
|
||||
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo " $client already known at ~/.ssh/known_hosts"
|
||||
else
|
||||
ssh-keyscan $client >> ~/.ssh/known_hosts
|
||||
fi
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
#ssh root@$CLIENT "md5sum /etc/ssh/sshd_config"
|
||||
#Check if first_start.sh as run on the client, if not than copy the first_start.sh to the client and run it
|
||||
function first_start {
|
||||
#FIST_START=`head -1 $CLIENT_PATH$CLIENT`
|
||||
|
||||
for cilent in "${CLIENT[@]}"; do
|
||||
head -1 $CLIENT_PATH$cilent | grep first_start > /dev/null
|
||||
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo "$cilent has allready run first_start"
|
||||
else
|
||||
scp ~/confman/scripts/first_start.sh root@$cilent:/root && echo "first_start" > $CLIENT_PATH$cilent
|
||||
ssh root@$cilent '/root/first_start.sh' >> $CLIENT_PATH$cilent && ssh root@$cilent 'rm /root/first_start.sh'
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
#call funcions
|
||||
add_client
|
||||
add_ssh_ECDSA
|
||||
first_start
|
9
WsConfman/confman/scripts/first_start.sh
Executable file
9
WsConfman/confman/scripts/first_start.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
PASS=`< /dev/urandom tr -dc A-Za-z0-9'"<>,./?!@#$%^&(){}[]' | head -c8`
|
||||
oldPassword="Test2001"
|
||||
newPassword=$PASS
|
||||
rootdevice="/dev/sda3"
|
||||
printf '%s\n' "$oldPassword" "$newPassword" "$newPassword" |sudo cryptsetup luksAddKey $rootdevice
|
||||
printf '%s\n' "$oldPassword" |sudo cryptsetup luksRemoveKey $rootdevice
|
||||
echo $newPassword
|
164
WsConfman/ks.cfg
Normal file
164
WsConfman/ks.cfg
Normal file
@ -0,0 +1,164 @@
|
||||
#version=RHEL7
|
||||
# Install OS instead of upgrade
|
||||
install
|
||||
cdrom
|
||||
|
||||
# Reboot the machine after the installation is complete
|
||||
# and attempt to eject the CD/DVD/Bootdisk
|
||||
#reboot --eject
|
||||
|
||||
# Setup network interfaces via DHCP
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Install from an installation tree on a remote server
|
||||
# Required when using a minimal ISO
|
||||
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
|
||||
|
||||
# install in text mode
|
||||
text
|
||||
#Shut down nd power off the system after the installation has successfully completed.
|
||||
#poweroff
|
||||
reboot
|
||||
|
||||
# System keyboard
|
||||
keyboard us
|
||||
|
||||
xconfig --startxonboot
|
||||
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
|
||||
#set root pw here (required by KS), remove pw in post
|
||||
## (Required) Sets the root password so there is no prompt during installation
|
||||
# Example: encrypted password is "Test2001"
|
||||
# to generate the hash mkpasswd --method=sha-512
|
||||
rootpw Test2001
|
||||
authconfig --enableshadow --passalgo=sha512
|
||||
|
||||
#user
|
||||
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
|
||||
|
||||
#Block ssh
|
||||
firewall --enabled --service=ssh
|
||||
#Dont start firstboot dialoge
|
||||
firstboot --disabled
|
||||
eula --agreed
|
||||
|
||||
# SELinux configuration
|
||||
# By default, selinux is enforcing
|
||||
#selinux --enforcing
|
||||
selinux --permissive
|
||||
|
||||
# Services
|
||||
services --enabled=ntpd,ntpdate
|
||||
|
||||
# Installation logging level
|
||||
logging --level=debug
|
||||
|
||||
# System timezone
|
||||
timezone Europe/Amsterdam
|
||||
|
||||
# System bootloader configuration
|
||||
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
|
||||
#Network configuration
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Clear the Master Boot Record
|
||||
zerombr
|
||||
|
||||
# Automatically create partitions, no LVM
|
||||
#autopart --nolvm
|
||||
|
||||
# Partition clearing information
|
||||
clearpart --all --initlabel
|
||||
|
||||
# Create primary partitions
|
||||
part /boot --fstype "ext3" --size=1024 --asprimary
|
||||
part swap --fstype swap --size=8024
|
||||
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
|
||||
#part pv.01 --size=1 --grow
|
||||
|
||||
# Create more logical partitions
|
||||
volgroup vgroup1 pv.01
|
||||
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
|
||||
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
|
||||
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
|
||||
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
|
||||
|
||||
%packages
|
||||
@base
|
||||
@core
|
||||
@desktop-debugging
|
||||
@fonts
|
||||
@gnome
|
||||
@gnome-desktop
|
||||
@guest-agents
|
||||
@guest-desktop-agents
|
||||
@input-methods
|
||||
@internet-browser
|
||||
@multimedia
|
||||
@print-client
|
||||
@print-server
|
||||
@x11
|
||||
-sysreport
|
||||
|
||||
%end
|
||||
|
||||
|
||||
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
%end
|
||||
|
||||
%post --log=/var/log/ks.post02.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
# Remove root password
|
||||
#echo "Removing root password"
|
||||
#passwd -d root
|
||||
|
||||
# Make sure we have the latest security updates
|
||||
echo "Updating packages"
|
||||
/usr/bin/yum clean all
|
||||
/usr/bin/yum update -y
|
||||
# Install Node.js and json via EPEL
|
||||
/usr/bin/yum install -y epel-release
|
||||
/usr/bin/yum install -y nodejs
|
||||
/usr/bin/npm install -g json
|
||||
# Clean up all yum caches
|
||||
echo "Cleaning up yum caches"
|
||||
/usr/bin/yum clean all
|
||||
# Disable kdump
|
||||
echo "Disabling kdump"
|
||||
systemctl disable kdump.service
|
||||
# Ensure we have sane and consistent defaults for ntp.conf
|
||||
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
|
||||
# For IPv6
|
||||
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
|
||||
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
|
||||
# Disable password auth. SSH logon is via ssh key only. A password is being set
|
||||
# for root via the image manifest per IMAGE-459.
|
||||
echo "Disabling password auth in sshd_config"
|
||||
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
|
||||
# Clean up files
|
||||
echo "Ceaning up build files"
|
||||
/bin/rm -rf /root/anaconda-ks.cfg
|
||||
/bin/rm -rf /tmp/.npm/
|
||||
/bin/rm -rf /tmp/ks-script*
|
||||
/bin/rm -rf /var/log/anaconda
|
||||
|
||||
# cronjob
|
||||
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
|
||||
chmod 600 /var/spool/cron/root
|
||||
|
||||
#ssh key
|
||||
mkdir /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
|
||||
%end
|
380
post_install.sh
Normal file
380
post_install.sh
Normal file
@ -0,0 +1,380 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#Wonder Cohen :The Hague The Netherlands
|
||||
#objective :Post install script for master node/ansible node
|
||||
#First line of code :07/Mar/2020
|
||||
#last update :15/Nov/2021
|
||||
#version :1.0
|
||||
#synatx example :./<script.sh>
|
||||
|
||||
|
||||
# VARS
|
||||
#hostnamectl set-hostname lx-ubt-rtm0-101.wondercohen.org
|
||||
DEB_OS="/etc/lsb-release"
|
||||
RHEL_OS="/etc/redhat-release"
|
||||
MY_IP=""
|
||||
SOURCE_CONNECTION=$(w -i |tail -n1|cut -d " " -f8)
|
||||
|
||||
#SOURCE_IP=$(last -a | grep "logged in"|awk '{print $10}')
|
||||
mkdir -p /root/tools
|
||||
|
||||
function install_software(){
|
||||
echo "*** Starting install software function ***"
|
||||
if test -f "$DEB_OS"; then
|
||||
apt -y install net-tools
|
||||
apt -y install git bash-completion fail2ban
|
||||
apt -y update && apt -y upgrade
|
||||
else
|
||||
yum install -y vim wget curl net-tools lsof bind-utils epel-release bash-completion git
|
||||
yum install -y fail2ban
|
||||
yum install -y aide
|
||||
yum -y update
|
||||
fi
|
||||
}
|
||||
|
||||
function issue_motd(){
|
||||
echo "*** Starting /etc/issue ***"
|
||||
echo -e "
|
||||
------------------------------------------------------------------------
|
||||
| *** NOTICE TO USERS *** |
|
||||
| This computer system is the private property of Wonder Cohen |
|
||||
| It is for authorized use only. |
|
||||
| |
|
||||
| Users (authorized or unauthorized) have no explicit or implicit |
|
||||
| expectation of privacy. |
|
||||
| |
|
||||
| Any or all uses of this system and all files on this system may be |
|
||||
| intercepted, monitored, recorded, copied, audited, inspected, and |
|
||||
| disclosed to your employer, to authorized site, government, and law |
|
||||
| enforcement personnel, as well as authorized officials of government |
|
||||
| agencies, both domestic and foreign. |
|
||||
| |
|
||||
| By using this system, the user consents to such interception, |
|
||||
| monitoring, recording, copying, auditing, inspection, and disclosure |
|
||||
| at the discretion of such personnel or officials. Unauthorized or |
|
||||
| improper use of this system may result in civil and criminal penalties |
|
||||
| and administrative or disciplinary action, as appropriate. By |
|
||||
| continuing to use this system you indicate your awareness of and |
|
||||
| consent to these terms and conditions of use. LOG OFF IMMEDIATELY if |
|
||||
| you do not agree to the conditions stated in this warning. |
|
||||
------------------------------------------------------------------------
|
||||
You Are Logedin from: $(w -i |tail -n1|cut -d " " -f8)
|
||||
" >/etc/issue
|
||||
cat /etc/issue > /etc/issue.net
|
||||
}
|
||||
|
||||
function tooling(){
|
||||
echo "*** Starting Tooling function ***"
|
||||
if test -f "$DEB_OS"; then
|
||||
#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
|
||||
#grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
|
||||
echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021
|
||||
#!/bin/bash
|
||||
for ip_to_block in \$(cat /var/log/ufw.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}')
|
||||
do
|
||||
ufw reject proto tcp from \$ip_to_block
|
||||
echo >/var/log/ufw.log
|
||||
done
|
||||
" > /root/tools/block_ip.sh
|
||||
chmod 700 /root/tools/block_ip.sh
|
||||
# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab
|
||||
|
||||
else
|
||||
|
||||
echo -e "#script to block malicious IP sources for Wonder Cohen 23-jun-2021
|
||||
#!/bin/bash
|
||||
for ip_to_block in \$(cat /var/log/firewall-droppd.log |grep -E -oh \"SRC=(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\"|grep -v \"SRC=0.0.0.0\"|cut -d \"=\" -f2|sort|uniq -c|sort -n| tail -n 20 | awk '{print \$2}')
|
||||
do
|
||||
firewall-cmd --permanent --add-rich-rule=\"rule family='ipv4' source address='$ip_to_block' drop\"
|
||||
firewall-cmd --reload
|
||||
echo > /var/log/firewall-droppd.log
|
||||
done
|
||||
" > /root/tools/block_ip.sh
|
||||
chmod 700 /root/tools/block_ip.sh
|
||||
# echo "0 23 * * * root /root/tools/block_ip.sh" >> /etc/crontab
|
||||
fi
|
||||
}
|
||||
|
||||
function shell_sh(){
|
||||
|
||||
echo "*** Starting shell_sh function ***"
|
||||
mkdir -p /var/log/history/
|
||||
chmod 1723 /var/log/history
|
||||
echo "ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/*" > /etc/sudoers.d/chattr
|
||||
chmod 440 /etc/sudoers.d/chattr
|
||||
|
||||
echo -e "
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#Wonder Cohen :The Hague The Netherlands
|
||||
#objective :create a historyfile of all user activites also after sudo command
|
||||
#location :/etc/profile.d/shell.sh
|
||||
#First line of code :02/Nov/2020
|
||||
#last update :15/Nov/2021
|
||||
#version :1.0
|
||||
#Aditinal info :inspired by a similar script by E. de Wolf version 151119
|
||||
#Instructions for installation :cp the contant to /etc/profile.d/shell.sh
|
||||
# :mkdir /var/log/history/
|
||||
# :chmod 1723 /var/log/history
|
||||
# :Add to sudoers file: ALL ALL= NOPASSWD: /usr/bin/chattr +a /var/log/history/*
|
||||
|
||||
#Vars
|
||||
DATE=\$(date +%Y%m%d%H%M)
|
||||
|
||||
#Users
|
||||
ACTIVE_USER=\$(whoami)
|
||||
SOURCE_USER=\$(who -m | awk '{ print \$1 }')
|
||||
#Path
|
||||
LOG_LOCATION="/var/log/history/\$\(whoami\)_\$SOURCE_USER.log"
|
||||
|
||||
#timeout logoff
|
||||
TMOUT=900
|
||||
export TMOUT
|
||||
readonly TMOUT
|
||||
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
#unlimited
|
||||
export HISTFILESIZE=
|
||||
export HISTSIZE=
|
||||
|
||||
export \$SOURCE_USER
|
||||
export HISTFILE=\$LOG_LOCATION
|
||||
export HISTIGNORE=''
|
||||
export HISTCONTROL='ignoreboth'
|
||||
export HISTTIMEFORMAT=\${HISTTIMEFORMAT:-%F %H:%M:%S }
|
||||
|
||||
shopt -s histappend
|
||||
export PROMPT_COMMAND=\"history -a; \$PROMPT_COMMAND\"
|
||||
|
||||
readonly HISTFILE
|
||||
readonly HISTIGNORE
|
||||
#lock hisroty files Files
|
||||
[[ ! -f \$LOG_LOCATION ]] && touch \$LOG_LOCATION && chmod 0600 \$LOG_LOCATION && sudo /usr/bin/chattr +a \$LOG_LOCATION
|
||||
" > /etc/profile.d/shell.sh
|
||||
chmod +x /etc/profile.d/shell.sh
|
||||
|
||||
}
|
||||
|
||||
function sshd_config(){
|
||||
echo "*** Starting Ssh function ***"
|
||||
echo -e " #ssh config for Wonder Cohen 23-jun-2021
|
||||
SyslogFacility AUTHPRIV
|
||||
PermitRootLogin no
|
||||
MaxAuthTries 6
|
||||
MaxSessions 5
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
PermitEmptyPasswords no
|
||||
PasswordAuthentication no
|
||||
ChallengeResponseAuthentication no
|
||||
GSSAPIAuthentication yes
|
||||
GSSAPICleanupCredentials no
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
PrintMotd no
|
||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
AcceptEnv XMODIFIERS
|
||||
LogLevel INFO
|
||||
Protocol 2
|
||||
IgnoreRhosts yes
|
||||
HostbasedAuthentication no
|
||||
PermitUserEnvironment no
|
||||
ClientAliveInterval 15m
|
||||
ClientAliveCountMax 0
|
||||
LoginGraceTime 60
|
||||
MaxStartups 10:30:60
|
||||
AllowTcpForwarding no
|
||||
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
|
||||
Banner /etc/issue.net
|
||||
" > /etc/ssh/sshd_config
|
||||
|
||||
systemctl restart sshd
|
||||
#mkdir -p /home/rcohen/.ssh/
|
||||
#chown rcohen:rcohen /home/rcohen/.ssh/
|
||||
#chmod 700 /home/rcohen/.ssh/
|
||||
#chmod 600 /home/rcohen/.ssh/authorized_keys
|
||||
#chown rcohen:rcohen /home/rcohen/.ssh/authorized_keys
|
||||
}
|
||||
|
||||
function firewall(){
|
||||
echo "*** Starting firewalld function ***"
|
||||
|
||||
if test -f "$DEB_OS"; then
|
||||
systemctl enable ufw
|
||||
ufw --force enable
|
||||
else
|
||||
|
||||
systemctl enable firewall
|
||||
systemctl start firewalld
|
||||
|
||||
echo -e "#firewalld.conf config for Wonder Cohen 23-jun-2021
|
||||
DefaultZone=public
|
||||
MinimalMark=100
|
||||
CleanupOnExit=yes
|
||||
Lockdown=no
|
||||
IPv6_rpfilter=yes
|
||||
IndividualCalls=no
|
||||
LogDenied=all
|
||||
AutomaticHelpers=system
|
||||
AllowZoneDrifting=yes
|
||||
" > /etc/firewalld/firewalld.conf
|
||||
firewall-cmd --reload
|
||||
|
||||
echo -e "#rsyslog_firewal logging config for Wonder Cohen 23-jun-2021
|
||||
:msg,contains,"_DROP" /var/log/firewall-droppd.log
|
||||
:msg,contains,"_REJECT" /var/log/firewall-droppd.log
|
||||
& stop
|
||||
" > /etc/rsyslog.d/firewalld-droppd.conf
|
||||
systemctl restart rsyslog.service
|
||||
fi
|
||||
}
|
||||
|
||||
function firewall_rules(){
|
||||
echo "*** Starting firewall_rules function ***"
|
||||
if test -f "$DEB_OS"; then
|
||||
ufw allow proto tcp from $MY_IP
|
||||
|
||||
ufw allow proto tcp from $SOURCE_CONNECTION
|
||||
ufw allow proto tcp from 1/24
|
||||
ufw default deny incoming
|
||||
ufw reload
|
||||
else
|
||||
firewall-cmd --set-log-denied=all
|
||||
firewall-cmd --get-log-denied
|
||||
firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public
|
||||
firewall-cmd --permanent --remove-service=cockpit --zone=public
|
||||
firewall-cmd --permanent --remove-service=ssh --zone=public
|
||||
firewall-cmd --zone=drop --permanent --add-service=http
|
||||
firewall-cmd --zone=drop --permanent --add-service=https
|
||||
firewall-cmd --zone=drop --permanent --add-service=samba-client
|
||||
firewall-cmd --zone=drop --permanent --add-service=dhcpv6-client
|
||||
firewall-cmd --zone=drop --permanent --add-service=cockpit
|
||||
firewall-cmd --zone=drop --permanent --add-service=ssh
|
||||
firewall-cmd --zone=trusted --permanent --add-source=$MY_IP
|
||||
firewall-cmd --zone=trusted --permanent --add-source=$SOURCE_CONNECTION
|
||||
firewall-cmd --reload
|
||||
fi
|
||||
}
|
||||
|
||||
function fail2ban(){
|
||||
echo "*** Starting Fail2ban function ***"
|
||||
systemctl enable fail2ban && sudo systemctl start fail2ban
|
||||
echo -e "
|
||||
[DEFAULT]
|
||||
# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
|
||||
bantime = 86400
|
||||
|
||||
# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
|
||||
findtime = 600
|
||||
maxretry = 5
|
||||
|
||||
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
||||
# will not ban a host which matches an address in this list. Several addresses
|
||||
# can be defined using space (and/or comma) separator. For example, add your
|
||||
# static IP address that you always use for login such as 103.1.2.3
|
||||
#ignoreip = 127.0.0.1/8 ::1 103.1.2.3
|
||||
|
||||
# Call iptables to ban IP address
|
||||
banaction = iptables-multiport
|
||||
|
||||
# Enable sshd protection
|
||||
[sshd]
|
||||
enabled = true
|
||||
" > /etc/fail2ban/jail.local
|
||||
systemctl restart fail2ban
|
||||
}
|
||||
|
||||
function network_setting(){
|
||||
echo "*** Starting Network function ***"
|
||||
if test -f "$DEB_OS"; then
|
||||
SET_IP=$(ip -4 a show ens3|grep inet|cut -d "." -f4|cut -d "/" -f1)
|
||||
HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
|
||||
if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ];
|
||||
then
|
||||
echo -e "
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
ens8:
|
||||
dhcp4: yes
|
||||
optional: true
|
||||
dhcp6: no
|
||||
addresses:
|
||||
-
|
||||
else
|
||||
echo -e "
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
ens8:
|
||||
dhcp4: yes
|
||||
optional: true
|
||||
dhcp6: no
|
||||
addresses:
|
||||
-
|
||||
fi
|
||||
netplan apply
|
||||
|
||||
else
|
||||
|
||||
SET_IP=$(ip -4 a show eth0 |grep inet|cut -d "." -f4|cut -d "/" -f1)
|
||||
HOSTNAME=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
|
||||
|
||||
if [ "$HOSTNAME" -ge 99 ] && [ "$HOSTNAME" -le 200 ];
|
||||
then
|
||||
echo -e "
|
||||
DEVICE=eth1\n
|
||||
ONBOOT=yesn\n
|
||||
NETBOOT=yes\n
|
||||
BOOTPROTO=static\n
|
||||
IPADDR=1\n
|
||||
NETMASK=255.255.255.0\n
|
||||
ZONE=public\n
|
||||
" >/etc/sysconfig/network-scripts/ifcfg-eth1
|
||||
else
|
||||
echo -e "
|
||||
DEVICE=eth1
|
||||
ONBOOT=yes
|
||||
NETBOOT=yes
|
||||
BOOTPROTO=static
|
||||
IPADDR=1....$SET_IP
|
||||
NETMASK=255.255.255.0
|
||||
ZONE=public\n
|
||||
" >/etc/sysconfig/network-scripts/ifcfg-eth1
|
||||
fi
|
||||
systemctl restart network.service
|
||||
fi
|
||||
}
|
||||
#https://kifarunix.com/install-and-configure-aide-on-ubuntu-20-04/
|
||||
function aide(){
|
||||
echo "*** Starting aide function ***"
|
||||
apt -y install aide
|
||||
aideinit
|
||||
cp /var/lib/aide/aide.db{.new,}
|
||||
cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf
|
||||
aide -c /etc/aide/aide.conf -C
|
||||
echo "0 0 * * * root /usr/sbin/aide -c /etc/aide/aide.conf -C" >> /etc/crontab
|
||||
}
|
||||
|
||||
function main(){
|
||||
HOSTNAME_VAR=$(hostname -f|cut -d "." -f1|cut -d "-" -f4)
|
||||
if [ "$HOSTNAME_VAR" -ge 99 ];
|
||||
then
|
||||
install_software
|
||||
issue_motd
|
||||
sshd_config
|
||||
shell_sh
|
||||
firewall
|
||||
firewall_rules
|
||||
fail2ban
|
||||
network_setting
|
||||
tooling
|
||||
#aide
|
||||
else
|
||||
echo "Please set a valid hostname"
|
||||
fi
|
||||
}
|
||||
|
||||
main 2>&1 | tee /root/$(hostname)_$(date +%Y%m%d%H%M).log
|
57
scripts/IptablesCleanTool.sh
Normal file
57
scripts/IptablesCleanTool.sh
Normal file
@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 29/11/2012 :roy@wondercohen.nl
|
||||
#objective :IPtables administering tool that cleans duplicate rules
|
||||
#last update :29/11/2012
|
||||
#version :0.1
|
||||
|
||||
# Parameters
|
||||
IPT=/sbin/iptables
|
||||
|
||||
|
||||
function check_duplicate()
|
||||
{
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
function clean_duplicate()
|
||||
{
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
function main()
|
||||
{
|
||||
ROOT_UID=0
|
||||
if [ $UID == $ROOT_UID ];
|
||||
then
|
||||
clear
|
||||
OPT_MAIN=1
|
||||
while [ $OPT_MAIN != 4 ]
|
||||
do
|
||||
echo -e "************************************************************************"
|
||||
#############Check Whether the iptables installed or not############
|
||||
echo -e "\t**********************|Main Menu|***************************\n
|
||||
1. Check for Duplicate Rules\n
|
||||
2. Clean the Duplicate Rules\n
|
||||
3. Save the Iptables\n
|
||||
4. Exit"
|
||||
read OPT_MAIN
|
||||
case $OPT_MAIN in
|
||||
1) check_duplicate ;;
|
||||
2) clean_duplicate ;;
|
||||
3) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!"
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo -e "You Must be the ROOT to Perfom this Task!"
|
||||
fi
|
||||
}
|
||||
main
|
||||
exit 0
|
745
scripts/IptablesTool.sh
Normal file
745
scripts/IptablesTool.sh
Normal file
@ -0,0 +1,745 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
|
||||
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
|
||||
#objective :IPtables administering tool
|
||||
#last update :29/11/2012
|
||||
#version :0.2
|
||||
|
||||
|
||||
# Parameters
|
||||
IPT="/sbin/iptables"
|
||||
IPTSAVE="/etc/init.d/iptables save"
|
||||
|
||||
|
||||
echo -e""
|
||||
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
|
||||
function checkstatus()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 7 ]
|
||||
do
|
||||
clear
|
||||
#echo -e "\nChoose the Option Bellow!!!\n
|
||||
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
|
||||
echo -e " 1. Save the iptables\n
|
||||
2. Status of Iptables\n
|
||||
3. Start iptables Services\n
|
||||
4. Stop iptables Services\n
|
||||
5. Restart iptable Services\n
|
||||
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
|
||||
7. Go back to Main Menu"
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables save
|
||||
echo -e "\n*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
2) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables status
|
||||
echo -e "*******************************************************"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
3) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables start
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
4) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables stop
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
5) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables restart
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
6) iptables -F
|
||||
echo -e "*******************************************************"
|
||||
echo -e "All the Rules from the Iptables are Flushed!!!"
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
7) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
}
|
||||
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
function buildfirewall()
|
||||
{
|
||||
function buildfirewallprogram ()
|
||||
{
|
||||
###############Getting the Chain############
|
||||
clear
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward
|
||||
4. Go back to Main Menu"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
#Label
|
||||
|
||||
echo -e "Please the Source IP Address\n
|
||||
1. Firewall using Single Source IP
|
||||
2. Firewall using Source Subnet
|
||||
3. Firewall using for All Source Networks
|
||||
4. Firewall choose a source file containing ip addesses
|
||||
5. Go back to Main Menu"
|
||||
read opt_ip_srource
|
||||
|
||||
case $opt_ip_srource in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
5) main;;
|
||||
#6) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
##############Chose interface###############
|
||||
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
||||
1. Configure a Network Interface
|
||||
2. Configure a Destination Networks Only
|
||||
3. Go back to Main Menu"
|
||||
read opt_int
|
||||
case $opt_int in
|
||||
1) echo -e "\nPlease Enter a Network Interface."
|
||||
read interface ;;
|
||||
2) interface="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
if [ $opt_int == "2" ]; then
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "Please Enter the IP Address of the Destination\n
|
||||
1. Firewall using Single Destination IP
|
||||
2. Firewall using Destination Subnet
|
||||
3. Firewall using for All Destination Networks
|
||||
4. Go back to Main Menu"
|
||||
|
||||
read opt_ip_dest
|
||||
case $opt_ip_dest in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
else
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
fi
|
||||
}
|
||||
###################Generating the Rule####################
|
||||
buildfirewallprogram
|
||||
|
||||
function generate_rule_single_ip()
|
||||
{
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
|
||||
main
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function generate_rule_multiple_ip()
|
||||
{
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
done
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
|
||||
|
||||
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
||||
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp
|
||||
main
|
||||
else
|
||||
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp
|
||||
main
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
function delfirewall()
|
||||
{
|
||||
function deleteonerule ()
|
||||
{
|
||||
echo -e "
|
||||
1. Delete one rule
|
||||
2. Go back to Main Menu"
|
||||
read opt_delete_one_rule
|
||||
|
||||
case $opt_delete_one_rule in
|
||||
1) echo -e "\nPlease Eneter the Rule."
|
||||
read one_rule ;;
|
||||
2) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
echo "$one_rule"| sed 's/-A/-D/g'
|
||||
echo "Do you want to remove this rule, Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] ; then
|
||||
$IPT `echo $one_rule | sed 's/-A/-D/g'`
|
||||
else
|
||||
main
|
||||
fi
|
||||
}
|
||||
|
||||
function delprogram ()
|
||||
{
|
||||
###############Getting the Chain############
|
||||
clear
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward
|
||||
4. Go back to Main Menu"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
|
||||
echo -e "
|
||||
1. Firewall using Single Source IP
|
||||
2. Firewall using Source Subnet
|
||||
3. Firewall using for All Source Networks
|
||||
4. Firewall choose a source file containing ip addesses
|
||||
5. Go back to Main Menu"
|
||||
read opt_ip_srource
|
||||
|
||||
case $opt_ip_srource in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
5) main;;
|
||||
#6) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
##############Chose interface###############
|
||||
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
||||
1. Configure a Network Interface
|
||||
2. Configure a Destination Networks Only
|
||||
3. Go back to Main Menu"
|
||||
read opt_int
|
||||
case $opt_int in
|
||||
1) echo -e "\nPlease Enter a Network Interface."
|
||||
read interface ;;
|
||||
2) interface="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
if [ $opt_int == "2" ]; then
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "Please Enter the IP Address of the Destination\n
|
||||
1. Firewall using Single Destination IP
|
||||
2. Firewall using Destination Subnet
|
||||
3. Firewall using for All Destination Networks
|
||||
4. Go back to Main Menu"
|
||||
|
||||
read opt_ip_dest
|
||||
case $opt_ip_dest in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
else
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
fi
|
||||
|
||||
###################Generating the Rule####################
|
||||
|
||||
function del_rule_single_ip()
|
||||
{
|
||||
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
}
|
||||
|
||||
function del_rule_multiple_ip()
|
||||
{
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
done
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo "$opt_ip_srource"
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
||||
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
else
|
||||
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
fi
|
||||
|
||||
}
|
||||
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
|
||||
1. Delete a Custum Rule
|
||||
2. Delete one Rule
|
||||
3. Back to Main Menu"
|
||||
|
||||
read opt_delfirewall
|
||||
case $opt_delfirewall in
|
||||
1) delprogram ;;
|
||||
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
||||
3) main ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
|
||||
function main()
|
||||
{
|
||||
ROOT_UID=0
|
||||
if [ $UID == $ROOT_UID ];
|
||||
then
|
||||
clear
|
||||
opt_main=1
|
||||
while [ $opt_main != 6 ]
|
||||
do
|
||||
echo -e "************************************************************************"
|
||||
#############Check Whether the iptables installed or not############
|
||||
echo -e "\t**********************|Main Menu|***************************\n
|
||||
1. Check Iptables Package\n
|
||||
2. Iptables Services\n
|
||||
3. Build Your Firewall with Iptables\n
|
||||
4. Delete Your Firewall with Iptables\n
|
||||
5. EDSN script\n
|
||||
6. Exit"
|
||||
read opt_main
|
||||
case $opt_main in
|
||||
1) echo -e "******************************"
|
||||
rpm -q iptables
|
||||
echo -e "******************************" ;;
|
||||
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
||||
3) buildfirewall ;;
|
||||
4) delfirewall ;;
|
||||
5) sh setIptables_config2.sh 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
||||
6) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo -e "You Must be the ROOT to Perfom this Task!!!"
|
||||
fi
|
||||
}
|
||||
main
|
||||
exit 0
|
743
scripts/IptablesTool2.sh
Normal file
743
scripts/IptablesTool2.sh
Normal file
@ -0,0 +1,743 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
|
||||
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
|
||||
#objective :IPtables administering tool
|
||||
#last update :29/11/2012
|
||||
#version :0.2
|
||||
|
||||
|
||||
# Parameters
|
||||
IPT="/sbin/iptables"
|
||||
IPTSAVE="/etc/init.d/iptables save"
|
||||
|
||||
|
||||
echo -e""
|
||||
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
|
||||
function checkstatus()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 7 ]
|
||||
do
|
||||
clear
|
||||
#echo -e "\nChoose the Option Bellow!!!\n
|
||||
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
|
||||
echo -e " 1. Save the iptables\n
|
||||
2. Status of Iptables\n
|
||||
3. Start iptables Services\n
|
||||
4. Stop iptables Services\n
|
||||
5. Restart iptable Services\n
|
||||
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
|
||||
7. Go back to Main Menu"
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables save
|
||||
echo -e "\n*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
2) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables status
|
||||
echo -e "*******************************************************"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
3) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables start
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
4) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables stop
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
5) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables restart
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
6) iptables -F
|
||||
echo -e "*******************************************************"
|
||||
echo -e "All the Rules from the Iptables are Flushed!!!"
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
7) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
}
|
||||
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
function buildfirewall()
|
||||
{
|
||||
function buildfirewallprogram ()
|
||||
{
|
||||
###############Getting the Chain############
|
||||
clear
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward
|
||||
4. Go back to Main Menu"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
#Label
|
||||
|
||||
echo -e "Please the Source IP Address\n
|
||||
1. Firewall using Single Source IP
|
||||
2. Firewall using Source Subnet
|
||||
3. Firewall using for All Source Networks
|
||||
4. Firewall choose a source file containing ip addesses
|
||||
5. Go back to Main Menu"
|
||||
read opt_ip_srource
|
||||
|
||||
case $opt_ip_srource in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
5) main;;
|
||||
#6) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
##############Chose interface###############
|
||||
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
||||
1. Configure a Network Interface
|
||||
2. Configure a Destination Networks Only
|
||||
3. Go back to Main Menu"
|
||||
read opt_int
|
||||
case $opt_int in
|
||||
1) echo -e "\nPlease Enter a Network Interface."
|
||||
read interface ;;
|
||||
2) interface="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
if [ $opt_int == "2" ]; then
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "Please Enter the IP Address of the Destination\n
|
||||
1. Firewall using Single Destination IP
|
||||
2. Firewall using Destination Subnet
|
||||
3. Firewall using for All Destination Networks
|
||||
4. Go back to Main Menu"
|
||||
|
||||
read opt_ip_dest
|
||||
case $opt_ip_dest in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
else
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
fi
|
||||
}
|
||||
###################Generating the Rule####################
|
||||
buildfirewallprogram
|
||||
|
||||
function generate_rule_single_ip()
|
||||
{
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
|
||||
main
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function generate_rule_multiple_ip()
|
||||
{
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
done
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
|
||||
|
||||
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
||||
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp
|
||||
main
|
||||
else
|
||||
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp
|
||||
main
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
function delfirewall()
|
||||
{
|
||||
function deleteonerule ()
|
||||
{
|
||||
echo -e "
|
||||
1. Delete one rule
|
||||
2. Go back to Main Menu"
|
||||
read opt_delete_one_rule
|
||||
|
||||
case $opt_delete_one_rule in
|
||||
1) echo -e "\nPlease Eneter the Rule."
|
||||
read one_rule ;;
|
||||
2) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
echo "$one_rule"| sed 's/-A/-D/g'
|
||||
echo "Do you want to remove this rule, Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] ; then
|
||||
$IPT `echo $one_rule | sed 's/-A/-D/g'`
|
||||
else
|
||||
main
|
||||
fi
|
||||
}
|
||||
|
||||
function delprogram ()
|
||||
{
|
||||
###############Getting the Chain############
|
||||
clear
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward
|
||||
4. Go back to Main Menu"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
|
||||
echo -e "
|
||||
1. Firewall using Single Source IP
|
||||
2. Firewall using Source Subnet
|
||||
3. Firewall using for All Source Networks
|
||||
4. Firewall choose a source file containing ip addesses
|
||||
5. Go back to Main Menu"
|
||||
read opt_ip_srource
|
||||
|
||||
case $opt_ip_srource in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
5) main;;
|
||||
#6) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
##############Chose interface###############
|
||||
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
||||
1. Configure a Network Interface
|
||||
2. Configure a Destination Networks Only
|
||||
3. Go back to Main Menu"
|
||||
read opt_int
|
||||
case $opt_int in
|
||||
1) echo -e "\nPlease Enter a Network Interface."
|
||||
read interface ;;
|
||||
2) interface="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
if [ $opt_int == "2" ]; then
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "Please Enter the IP Address of the Destination\n
|
||||
1. Firewall using Single Destination IP
|
||||
2. Firewall using Destination Subnet
|
||||
3. Firewall using for All Destination Networks
|
||||
4. Go back to Main Menu"
|
||||
|
||||
read opt_ip_dest
|
||||
case $opt_ip_dest in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
else
|
||||
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Not using a specific Protocol
|
||||
4. Go back to Main Menu"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=tcp ;;
|
||||
2) echo -e "Enter the TCP Service Name:"
|
||||
read proto ;;
|
||||
3) proto="NULL" ;;
|
||||
4) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
###############Getting the Destination Port#############
|
||||
echo -e "\nConfigure the Destination Port\n
|
||||
1. Specific Destination Port
|
||||
2. No Destination Port
|
||||
3. Go back to Main Menu"
|
||||
read port_ch
|
||||
case $port_ch in
|
||||
1) echo -e "Enter the Destination Port:"
|
||||
read port ;;
|
||||
2) prot="NULL" ;;
|
||||
3) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "\nWhat to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log
|
||||
5. Go back to Main Menu"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
5) main;;
|
||||
esac
|
||||
fi
|
||||
|
||||
###################Generating the Rule####################
|
||||
|
||||
function del_rule_single_ip()
|
||||
{
|
||||
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
}
|
||||
|
||||
function del_rule_multiple_ip()
|
||||
{
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=1
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
||||
gen=2
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
||||
gen=3
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
||||
gen=4
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=5
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
||||
gen=6
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
||||
gen=7
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
||||
gen=8
|
||||
fi
|
||||
done
|
||||
|
||||
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
for ipdetails in `cat $ip_source`
|
||||
do
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
||||
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
||||
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
||||
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
||||
elif [ $yesno == 2 ]; then
|
||||
main
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo "$opt_ip_srource"
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
||||
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
else
|
||||
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
||||
$IPTSAVE
|
||||
fi
|
||||
|
||||
}
|
||||
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
|
||||
1. Delete a Custum Rule
|
||||
2. Delete one Rule
|
||||
3. Back to Main Menu"
|
||||
|
||||
read opt_delfirewall
|
||||
case $opt_delfirewall in
|
||||
1) delprogram ;;
|
||||
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
||||
3) main ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
|
||||
function main()
|
||||
{
|
||||
ROOT_UID=0
|
||||
if [ $UID == $ROOT_UID ];
|
||||
then
|
||||
clear
|
||||
opt_main=1
|
||||
while [ $opt_main != 6 ]
|
||||
do
|
||||
echo -e "************************************************************************"
|
||||
#############Check Whether the iptables installed or not############
|
||||
echo -e "\t**********************|Main Menu|***************************\n
|
||||
1. Check Iptables Package\n
|
||||
2. Iptables Services\n
|
||||
3. Build Your Firewall with Iptables\n
|
||||
4. Delete Your Firewall with Iptables\n
|
||||
6. Exit"
|
||||
read opt_main
|
||||
case $opt_main in
|
||||
1) echo -e "******************************"
|
||||
rpm -q iptables
|
||||
echo -e "******************************" ;;
|
||||
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
||||
3) buildfirewall ;;
|
||||
4) delfirewall ;;
|
||||
6) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo -e "You Must be the ROOT to Perfom this Task!!!"
|
||||
fi
|
||||
}
|
||||
main
|
||||
exit 0
|
17
scripts/Loop_AddUser3.sh
Normal file
17
scripts/Loop_AddUser3.sh
Normal file
@ -0,0 +1,17 @@
|
||||
user1,password1
|
||||
user2,password2
|
||||
etc..
|
||||
|
||||
The script:
|
||||
|
||||
for userdetails in `cat /pathto//users.txt`
|
||||
do
|
||||
user=`echo $userdetails | cut -f 1 -d ,`
|
||||
passwd=`echo $userdetails | cut -f 2 -d ,`
|
||||
echo "useradd -d /user1/kopen3 -p `mkpasswd $passwd` $user"
|
||||
done
|
||||
|
||||
run the script and redirect the output to a file, e.g:
|
||||
|
||||
./createusers.sh > userscript.sh
|
||||
chmod +x userscript.sh
|
54
scripts/adduser_schrpt.sh
Normal file
54
scripts/adduser_schrpt.sh
Normal file
@ -0,0 +1,54 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./`basename $0` <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Parameters
|
||||
USER_DATA_FILE=$1
|
||||
|
||||
for userdetails in `cat $1`
|
||||
do
|
||||
ENVIRONMENT_NAME=`echo $userdetails | cut -f 1 -d:`
|
||||
ORGANIZARION_NUMBER=`echo $userdetails | cut -f 2 -d:`
|
||||
PASSWD=`echo $userdetails | cut -f 3 -d:`
|
||||
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
|
||||
egrep "^$USER_NAME" /etc/passwd >/dev/null
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "$username exists!"
|
||||
exit 1
|
||||
else
|
||||
ENCR_PASSWD=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWD)
|
||||
useradd -m -p $ENCR_PASSWD $USER_NAME
|
||||
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
|
||||
fi
|
||||
else
|
||||
echo "Only root may add a user to the system"
|
||||
exit 2
|
||||
|
||||
done
|
||||
|
||||
USER_NAME=${ENVIRONMENT_NAME}_${ORGANIZARION_NUMBER}
|
||||
|
||||
|
||||
#!/bin/bash
|
||||
# Script to add a user to Linux system
|
||||
if [ $(id -u) -eq 0 ]; then
|
||||
read -p "Enter username : " username
|
||||
read -s -p "Enter password : " password
|
||||
egrep "^$username" /etc/passwd >/dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "$username exists!"
|
||||
exit 1
|
||||
else
|
||||
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
|
||||
useradd -m -p $pass $username
|
||||
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
|
||||
fi
|
||||
else
|
||||
echo "Only root may add a user to the system"
|
||||
exit 2
|
||||
fi
|
97
scripts/bashrc
Normal file
97
scripts/bashrc
Normal file
@ -0,0 +1,97 @@
|
||||
# /etc/bashrc
|
||||
|
||||
# System wide functions and aliases
|
||||
# Environment stuff goes in /etc/profile
|
||||
|
||||
# It's NOT a good idea to change this file unless you know what you
|
||||
# are doing. It's much better to create a custom.sh shell script in
|
||||
# /etc/profile.d/ to make custom changes to your environment, as this
|
||||
# will prevent the need for merging in future updates.
|
||||
|
||||
# are we an interactive shell?
|
||||
if [ "$PS1" ]; then
|
||||
if [ -z "$PROMPT_COMMAND" ]; then
|
||||
case $TERM in
|
||||
xterm*|vte*)
|
||||
if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
|
||||
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
|
||||
elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
|
||||
PROMPT_COMMAND="__vte_prompt_command"
|
||||
else
|
||||
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
|
||||
fi
|
||||
;;
|
||||
screen*)
|
||||
if [ -e /etc/sysconfig/bash-prompt-screen ]; then
|
||||
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
|
||||
else
|
||||
PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
[ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
# Turn on parallel history
|
||||
shopt -s histappend
|
||||
history -a
|
||||
# Turn on checkwinsize
|
||||
shopt -s checkwinsize
|
||||
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
|
||||
# You might want to have e.g. tty in prompt (e.g. more virtual machines)
|
||||
# and console windows
|
||||
# If you want to do so, just add e.g.
|
||||
# if [ "$PS1" ]; then
|
||||
# PS1="[\u@\h:\l \W]\\$ "
|
||||
# fi
|
||||
# to your custom modification shell script in /etc/profile.d/ directory
|
||||
fi
|
||||
|
||||
if ! shopt -q login_shell ; then # We're not a login shell
|
||||
# Need to redefine pathmunge, it get's undefined at the end of /etc/profile
|
||||
pathmunge () {
|
||||
case ":${PATH}:" in
|
||||
*:"$1":*)
|
||||
;;
|
||||
*)
|
||||
if [ "$2" = "after" ] ; then
|
||||
PATH=$PATH:$1
|
||||
else
|
||||
PATH=$1:$PATH
|
||||
fi
|
||||
esac
|
||||
}
|
||||
|
||||
# By default, we want umask to get set. This sets it for non-login shell.
|
||||
# Current threshold for system reserved uid/gids is 200
|
||||
# You could check uidgid reservation validity in
|
||||
# /usr/share/doc/setup-*/uidgid file
|
||||
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
|
||||
umask 002
|
||||
else
|
||||
umask 022
|
||||
fi
|
||||
|
||||
SHELL=/bin/bash
|
||||
# Only display echos from profile.d scripts if we are no login shell
|
||||
# and interactive - otherwise just process them to set envvars
|
||||
for i in /etc/profile.d/*.sh; do
|
||||
if [ -r "$i" ]; then
|
||||
if [ "$PS1" ]; then
|
||||
. "$i"
|
||||
else
|
||||
. "$i" >/dev/null
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
unset i
|
||||
unset -f pathmunge
|
||||
fi
|
||||
# vim:ts=4:sw=4
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
HISTSIZE=10000
|
||||
HISTFILESIZE=20000
|
||||
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }
|
||||
|
54
scripts/bashrc.hv
Normal file
54
scripts/bashrc.hv
Normal file
@ -0,0 +1,54 @@
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
HISTSIZE=10000
|
||||
HISTFILESIZE=20000
|
||||
HISTTIMEFORMAT=${HISTTIMEFORMAT:-%F %H:%M:%S }
|
||||
|
||||
|
||||
USER=`whoami`
|
||||
HOSTNAME=`uname -n`
|
||||
|
||||
MEMORY1=`free -t -m | grep "buffers/cache" | awk '{print $3" MB";}'`
|
||||
MEMORY2=`free -t -m | grep "Mem" | awk '{print $2" MB";}'`
|
||||
PSA=`ps -Afl | wc -l`
|
||||
|
||||
# time of day
|
||||
DATE=$(date +"%F %H:%M:%S")
|
||||
|
||||
#System uptime
|
||||
uptime=`cat /proc/uptime | cut -f1 -d.`
|
||||
upDays=$((uptime/60/60/24))
|
||||
upHours=$((uptime/60/60%24))
|
||||
upMins=$((uptime/60%60))
|
||||
upSecs=$((uptime%60))
|
||||
|
||||
#System load
|
||||
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
|
||||
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
|
||||
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
|
||||
|
||||
#Host engine
|
||||
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
|
||||
|
||||
|
||||
|
||||
|
||||
echo "
|
||||
- Current time........: $DATE
|
||||
- Current user........: $USER
|
||||
- Hostname............: $HOSTNAME
|
||||
- Release.............: `cat /etc/redhat-release`
|
||||
- Users...............: Currently `users | wc -w` user(s) logged on
|
||||
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
|
||||
- Memory used.........: $MEMORY1 / $MEMORY2
|
||||
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
|
||||
- Processes...........: $PSA running
|
||||
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
|
||||
- Host engine status..:
|
||||
$ENGINE
|
||||
==================================== volume status vm ===============================
|
||||
$(gluster volume status vm clients|grep 'Brick\|Clients')
|
||||
|
||||
==================================== volume status engine ===========================
|
||||
$(gluster volume status engine clients|grep 'Brick\|Clients')
|
||||
"
|
||||
|
17
scripts/command_loop.sh
Normal file
17
scripts/command_loop.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in $(cut -d ":" -f2 ${FILE})
|
||||
do
|
||||
whois $host
|
||||
|
||||
#ssh -n root@$host "vgdisplay"
|
||||
|
||||
done
|
12
scripts/count_ip.sh
Normal file
12
scripts/count_ip.sh
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
FILE=;
|
||||
|
||||
for ip in $(tail -n 5000 $FILE |cut -d ' ' -f 1 |sort |uniq);
|
||||
do
|
||||
{
|
||||
COUNT=$(grep ^$ip $FILE |wc -l);
|
||||
if
|
||||
[[ "$COUNT" -gt "500" ]]; then echo "$COUNT: $ip";
|
||||
fi
|
||||
};
|
||||
done
|
55
scripts/git_prompt_func
Normal file
55
scripts/git_prompt_func
Normal file
@ -0,0 +1,55 @@
|
||||
#https://gist.github.com/halbtuerke/31934
|
||||
#parse_git_branch() {
|
||||
# git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/'
|
||||
#}
|
||||
#export PS1="\u@\h \[\033[32m\]\w\[\033[33m\]\$(parse_git_branch)\[\033[00m\] $ "
|
||||
RED="\[\033[0;31m\]"
|
||||
YELLOW="\[\033[0;33m\]"
|
||||
GREEN="\[\033[0;32m\]"
|
||||
BLUE="\[\033[0;34m\]"
|
||||
LIGHT_RED="\[\033[1;31m\]"
|
||||
LIGHT_GREEN="\[\033[1;32m\]"
|
||||
WHITE="\[\033[1;37m\]"
|
||||
LIGHT_GRAY="\[\033[0;37m\]"
|
||||
COLOR_NONE="\[\e[0m\]"
|
||||
|
||||
function parse_git_branch {
|
||||
|
||||
git rev-parse --git-dir &> /dev/null
|
||||
git_status="$(git status 2> /dev/null)"
|
||||
branch_pattern="^# On branch ([^${IFS}]*)"
|
||||
remote_pattern="# Your branch is (.*) of"
|
||||
diverge_pattern="# Your branch and (.*) have diverged"
|
||||
if [[ ! ${git_status}} =~ "working directory clean" ]]; then
|
||||
state="${RED}⚡"
|
||||
fi
|
||||
# add an else if or two here if you want to get more specific
|
||||
if [[ ${git_status} =~ ${remote_pattern} ]]; then
|
||||
if [[ ${BASH_REMATCH[1]} == "ahead" ]]; then
|
||||
remote="${YELLOW}↑"
|
||||
else
|
||||
remote="${YELLOW}↓"
|
||||
fi
|
||||
fi
|
||||
if [[ ${git_status} =~ ${diverge_pattern} ]]; then
|
||||
remote="${YELLOW}↕"
|
||||
fi
|
||||
if [[ ${git_status} =~ ${branch_pattern} ]]; then
|
||||
branch=${BASH_REMATCH[1]}
|
||||
echo " (${branch})${remote}${state}"
|
||||
fi
|
||||
}
|
||||
|
||||
function prompt_func() {
|
||||
previous_return_value=$?;
|
||||
# prompt="${TITLEBAR}$BLUE[$RED\w$GREEN$(__git_ps1)$YELLOW$(git_dirty_flag)$BLUE]$COLOR_NONE"
|
||||
prompt="\u@\h \[\033[32m\]\${TITLEBAR}${BLUE}[${LIGHT_GRAY}\w${GREEN}$(parse_git_branch)${BLUE}]${COLOR_NONE}"
|
||||
if test $previous_return_value -eq 0
|
||||
then
|
||||
PS1="${prompt}# "
|
||||
else
|
||||
PS1="${prompt}${RED}#${COLOR_NONE} "
|
||||
fi
|
||||
}
|
||||
|
||||
PROMPT_COMMAND=prompt_func
|
92
scripts/gluster_check.sh
Normal file
92
scripts/gluster_check.sh
Normal file
@ -0,0 +1,92 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster checks for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :17/01/2019
|
||||
#version :0.1
|
||||
#status :Not PRD ready
|
||||
|
||||
#Some general vars
|
||||
#Server IP adress in the storage network TODO: osg servers
|
||||
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
|
||||
#number of active bricks on server acourding to gluster
|
||||
NUMBER_OF_ACTIVE_BRICKS=$(gluster volume info|grep $STORAGE_IP| wc -l)
|
||||
#name of active volumes on server acourding to gluster
|
||||
GLUSTER_ACTIVE_VOLUM_NAMES=$(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
|
||||
#numer of glusterfsd (brick daemon) running processes
|
||||
GLUSTER_BRICK_NUMBER_PID=$(pidof glusterfsd |wc -w)
|
||||
#glusterd pid status
|
||||
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
|
||||
#glusterfsd (brick daemon) pid status
|
||||
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
|
||||
|
||||
######START OF SCRIPT#######
|
||||
|
||||
check_if_glusterd_is_running() {
|
||||
#check if glusterd is running
|
||||
if ! $GLUSTERD_STAT &>/dev/null; then
|
||||
echo "CRITICAL: glusterd management daemon not running"
|
||||
else
|
||||
echo "OK: glusterd management daemon is running"
|
||||
fi
|
||||
}
|
||||
|
||||
check_if_glusterfsd_is_running() {
|
||||
# check for glusterfsd (brick daemon)
|
||||
if ! $GLUSTER_BRICK_STAT; then
|
||||
echo "CRITICAL: glusterfsd brick daemon not running"
|
||||
else
|
||||
echo "OK: glusterfsd brick daemon is running"
|
||||
fi
|
||||
}
|
||||
|
||||
check_if_a_brick_is_down() {
|
||||
# check number of active bricks
|
||||
if [ "$NUMBER_OF_ACTIVE_BRICKS" == "$GLUSTER_BRICK_NUMBER_PID" ] ; then
|
||||
echo "OK: all bricks are active"
|
||||
else
|
||||
echo "CRITICAL: There is one or more bricks down"
|
||||
fi
|
||||
}
|
||||
|
||||
check_heal_status_of_a_volume() {
|
||||
# get volume heal status and redirect it to a tmp file
|
||||
for volume in $(gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
|
||||
do
|
||||
echo "volumes, $volume"
|
||||
gluster v heal $volume info |grep entries|cut -d ":" -f2
|
||||
done > /tmp/gluster_monitoring
|
||||
|
||||
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
|
||||
if [ "$?" -eq 0 ]; then
|
||||
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
|
||||
else
|
||||
echo "OK: no volumes healing at this moment"
|
||||
fi
|
||||
echo "" > /tmp/gluster_monitoring
|
||||
}
|
||||
|
||||
|
||||
|
||||
#### CALL THE FUNCTIONS ######
|
||||
check_if_glusterd_is_running
|
||||
check_if_glusterfsd_is_running
|
||||
check_if_a_brick_is_down
|
||||
check_heal_status_of_a_volume
|
||||
|
||||
|
||||
# some logs test
|
||||
#cat /var/log/glusterfs/glusterd.log|grep "E" |grep "failed"
|
||||
# oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
|
||||
|
||||
if []
|
||||
|
||||
|
||||
|
||||
OUT=$(cat /tmp/gluster_monitoring|grep -v volumes |sed "s/^[ \t]*//" |grep -v ^0 > /dev/null 2>&1)
|
||||
if [ "$?" -eq 0 ]; then
|
||||
echo "WARNING: volumes healing at this moment $(cat /tmp/gluster_monitoring |sed "s/^[ \t]*//" | grep -v ^0)"
|
||||
else
|
||||
echo "OK: no volumes healing at this moment"
|
||||
fi
|
||||
echo "" > /tmp/gluster_monitoring
|
23
scripts/gluster_checks/check_gluster_bricks.sh
Normal file
23
scripts/gluster_checks/check_gluster_bricks.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster check bricks for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :28/01/2019
|
||||
#version :1.1
|
||||
|
||||
######START OF SCRIPT#######
|
||||
IP_OF_DOWN_BRICK=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N/A|N' |grep -v "Y"| grep -B1 "N/A" | grep Brick| uniq | cut -d ":" -f1| cut -d " " -f2)
|
||||
NUMBER_OF_DOWN_BRICKS=$(cat /tmp/brick_status |grep -v "Self-heal" | grep -E 'Brick|N'|grep "N/A"| awk '{print $4}'|grep N |wc -l)
|
||||
|
||||
if [[ $(find /tmp -name "brick_status" -mmin +4 -print) ]]; then
|
||||
echo "WARNING: there was an error during the gluster birck check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
|
||||
exit 1
|
||||
# check number of active bricks
|
||||
elif [ "$NUMBER_OF_DOWN_BRICKS" -eq 0 ] ; then
|
||||
echo "OK: All bricks on are up"
|
||||
exit 0
|
||||
else
|
||||
echo "CRITICAL: There are one or more bricks down on $IP_OF_DOWN_BRICK"
|
||||
exit 2
|
||||
|
||||
fi
|
24
scripts/gluster_checks/check_gluster_cron.sh
Normal file
24
scripts/gluster_checks/check_gluster_cron.sh
Normal file
@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :igenerate Gluster output for Nagios checks
|
||||
#First line of code :15/01/2019
|
||||
#last update :28/01/2019
|
||||
#version :1.1
|
||||
#info:
|
||||
#This script needs to be added to cron and run every 3 min
|
||||
#Some general vars
|
||||
STORAGE_IP=$(ip -4 addr show dev storage | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
|
||||
|
||||
######START OF SCRIPT#######
|
||||
|
||||
#check status of the varous volumes
|
||||
/usr/sbin/gluster volume status all > /tmp/brick_status
|
||||
#check peer status
|
||||
/usr/sbin/gluster peer status > /tmp/peer_status
|
||||
|
||||
# get volume heal status and redirect it to a tmp file
|
||||
for volume in $(/usr/sbin/gluster volume info|grep $STORAGE_IP | cut -d "/" -f3)
|
||||
do
|
||||
echo "volume, $volume"
|
||||
/usr/sbin/gluster v heal $volume info |grep entries|cut -d ":" -f2
|
||||
done > /tmp/gluster_monitoring_heal
|
25
scripts/gluster_checks/check_gluster_heal.sh
Normal file
25
scripts/gluster_checks/check_gluster_heal.sh
Normal file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster check heal for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :23/01/2019
|
||||
#version :1.0
|
||||
|
||||
######START OF SCRIPT#######
|
||||
OUT=$(cat /tmp/gluster_monitoring_heal 2>/dev/null |grep -a -v volume |sed "s/^[ \t]*//"| grep -a -v ^0 > /dev/null 2>&1 )
|
||||
EXIT_CODE=$?
|
||||
if [ -f /tmp/gluster_monitoring_heal ]; then
|
||||
if [[ $(find /tmp -name "gluster_monitoring_heal" -mmin +4 -print) ]]; then
|
||||
echo "WARNING: there was an error during the gluster heal check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
|
||||
exit 1
|
||||
elif [ "$EXIT_CODE" -eq 0 ]; then
|
||||
echo -e "WARNING: volumes healing at this moment\n$(cat /tmp/gluster_monitoring_heal |sed "s/^[ \t]*//" | grep -a -v ^0)" && rm -f /tmp/gluster_monitoring_heal
|
||||
exit 1
|
||||
else
|
||||
echo "OK: no volumes healing at this moment" && rm -f /tmp/gluster_monitoring_heal
|
||||
exit 0
|
||||
fi
|
||||
else
|
||||
echo "WARNING: there was an error during the gluster heal check please check /tmp/gluster_monitoring_heal"
|
||||
exit 1
|
||||
fi
|
23
scripts/gluster_checks/check_gluster_peer.sh
Normal file
23
scripts/gluster_checks/check_gluster_peer.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster check peer for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :31/01/2019
|
||||
#version :1.0
|
||||
|
||||
######START OF SCRIPT#######
|
||||
SATE_OF_DOWN_PEER=$(cat /tmp/peer_status | grep -a Disconnected | wc -l)
|
||||
IP_OF_DOWN_PEER=$(cat /tmp/peer_status| grep -a -E "Hostname|Disconnected"| grep -a -B1 Disconnected | grep -a Hostname | cut -d ":" -f2| sed "s/^[ \t]*//")
|
||||
|
||||
if [[ $(find /tmp -name "peer_status" -mmin +4 -print) ]]; then
|
||||
echo "WARNING: there was an error during the gluster peer check. please check the output of /root/scripts/check_gluster.sh or the nrpe status"
|
||||
exit 1
|
||||
# check number of active bricks
|
||||
elif [ "$SATE_OF_DOWN_PEER" -eq 0 ] ; then
|
||||
echo "OK: All bricks on are up"
|
||||
exit 0
|
||||
else
|
||||
echo "CRITICAL: There are one or more peers down on $IP_OF_DOWN_PEER"
|
||||
exit 2
|
||||
|
||||
fi
|
15
scripts/gluster_checks/check_gluster_pod.sh
Normal file
15
scripts/gluster_checks/check_gluster_pod.sh
Normal file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster check from within a pod server heal for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :24/01/2019
|
||||
#version :1.0
|
||||
|
||||
######START OF SCRIPT#######
|
||||
gluster volume status all > /brick_status
|
||||
|
||||
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
|
||||
do
|
||||
echo "volume, $volume"
|
||||
gluster v heal $volume info |grep entries|cut -d ":" -f2
|
||||
done > /gluster_monitoring_heal
|
41
scripts/gluster_checks/check_glusterd.sh
Normal file
41
scripts/gluster_checks/check_glusterd.sh
Normal file
@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Check Gluster deamon state for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :17/01/2019
|
||||
#version :1.0
|
||||
|
||||
#Some general vars
|
||||
#glusterd pid status
|
||||
GLUSTERD_STAT=$(pidof glusterd &>/dev/null)
|
||||
#glusterfsd (brick daemon) pid status
|
||||
GLUSTER_BRICK_STAT=$(pidof glusterfsd &>/dev/null)
|
||||
|
||||
|
||||
######START OF SCRIPT#######
|
||||
|
||||
check_if_glusterd_is_running() {
|
||||
#check if glusterd is running
|
||||
if ! $GLUSTERD_STAT &>/dev/null; then
|
||||
echo "CRITICAL: glusterd management daemon not running"
|
||||
exit 2
|
||||
else
|
||||
echo "OK: glusterd management daemon is running"
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
check_if_glusterfsd_is_running() {
|
||||
# check for glusterfsd (brick daemon)
|
||||
if ! $GLUSTER_BRICK_STAT; then
|
||||
echo "CRITICAL: glusterfsd brick daemon not running"
|
||||
exit 2
|
||||
else
|
||||
echo "OK: glusterfsd brick daemon is running"
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
#### CALL THE FUNCTIONS ######
|
||||
check_if_glusterd_is_running
|
||||
check_if_glusterfsd_is_running
|
12
scripts/gluster_checks/copy_gluster_check_to_pod.sh
Normal file
12
scripts/gluster_checks/copy_gluster_check_to_pod.sh
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Copy check script to gluster pod for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :31/01/2019
|
||||
#version :1.1
|
||||
|
||||
######START OF SCRIPT#######
|
||||
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
|
||||
cd /root/scripts/
|
||||
oc cp check_gluster_pod.sh glusterfs/$POD:/
|
||||
oc exec -n glusterfs $POD /check_gluster_pod.sh && oc cp glusterfs/$POD:gluster_monitoring_heal /tmp && oc cp glusterfs/$POD:brick_status /tmp && oc cp glusterfs/$POD:brick_peer /tmp
|
20
scripts/gluster_checks/pod_loop_gluster_heal_status.sh
Normal file
20
scripts/gluster_checks/pod_loop_gluster_heal_status.sh
Normal file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster heal status volume check in a pod
|
||||
#First line of code :15/01/2019
|
||||
#last update :31/01/2019
|
||||
#version :1.2
|
||||
#info:
|
||||
#This script needs to be added to cron and run every 3 min
|
||||
#Some general vars
|
||||
STORAGE_IP=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
|
||||
|
||||
######START OF SCRIPT#######
|
||||
|
||||
|
||||
# get volume heal status and redirect it to a tmp file
|
||||
for volume in $(/usr/sbin/gluster volume info|grep "Volume Name:" | cut -d ":" -f2)
|
||||
do
|
||||
echo "volume, $volume"
|
||||
/usr/sbin/gluster v heal $volume info|grep "Status:"| grep "not connected"
|
||||
done
|
58
scripts/gluster_checks/some_check_gluster_openshift.sh
Normal file
58
scripts/gluster_checks/some_check_gluster_openshift.sh
Normal file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@wondercohen.nl
|
||||
#objective :Gluster check OSM server heal for Nagios
|
||||
#First line of code :15/01/2019
|
||||
#last update :24/01/2019
|
||||
#version :1.0
|
||||
|
||||
######START OF SCRIPT#######
|
||||
#gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
|
||||
|
||||
|
||||
|
||||
for volume in $(gluster volume info all | grep "Volume Name:"| cut -d ":" -f2)
|
||||
do
|
||||
echo "volume, $volume"
|
||||
gluster v heal $volume info |grep entries|cut -d ":" -f2
|
||||
done
|
||||
|
||||
|
||||
|
||||
#for volume in $(cat /tmp/volume_names)
|
||||
#do
|
||||
# OC="oc rsh -n"
|
||||
# POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
|
||||
# VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
|
||||
#echo "volume, $volume"
|
||||
# oc rsh -n glusterfs $POD | $VAR1
|
||||
#done
|
||||
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster volume status all
|
||||
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) ip -4 addr show
|
||||
|
||||
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
|
||||
oc rsh -n glusterfs $POD gluster volume info all | grep "Volume Name:"| cut -d ":" -f2 > /tmp/volume_names
|
||||
|
||||
|
||||
for volume in $(cat /tmp/volume_names)
|
||||
do
|
||||
OC="oc rsh -n"
|
||||
POD=$(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1)
|
||||
VAR1="gluster v heal $volume info |grep entries|cut -d: -f 2"
|
||||
echo "volume, $volume"
|
||||
echo "$OC glusterfs $POD $VAR1"
|
||||
done
|
||||
|
||||
|
||||
/tmp/gluster_monitoring_heal
|
||||
|
||||
|
||||
oc rsh -n glusterfs $(oc get pods -n glusterfs | grep Running | grep 'glusterfs-storage' | head -n 1 | cut -d' ' -f1) gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
|
||||
|
||||
oc rsh -n glusterfs glusterfs-storage-4jq8n gluster v heal vol_fa562e2cd81f137ccb455633829be163 info|grep entries|cut -d ":" -f2
|
||||
|
||||
|
||||
oc cp /tmp/database.sql mysql:/tmp/
|
||||
|
||||
kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
|
||||
|
||||
oc cp glusterfs/glusterfs-storage-4jq8n:gluster_monitoring_heal /tmp
|
19
scripts/host_ssh_test.sh
Normal file
19
scripts/host_ssh_test.sh
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./`basename $0` <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
|
||||
for host in $(cat ${FILE})
|
||||
do
|
||||
|
||||
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
|
||||
#ssh -n root@$host "ps -ef |grep vmtoolsd && hostname "
|
||||
#ssh -n root@$host "hostname"
|
||||
|
||||
done
|
61
scripts/iptables1.sh
Normal file
61
scripts/iptables1.sh
Normal file
@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
# Modify script as per your setup
|
||||
# Usage: Sample firewall script
|
||||
# ---------------------------
|
||||
_input=/root/firewall/badips.db
|
||||
_pub_if="eth1"
|
||||
IPT=/sbin/iptables
|
||||
|
||||
# Die if file not found
|
||||
[ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }
|
||||
|
||||
# DROP and close everything
|
||||
$IPT -P INPUT DROP
|
||||
$IPT -P OUTPUT DROP
|
||||
$IPT -P FORWARD DROP
|
||||
|
||||
# Unlimited lo access
|
||||
$IPT -A INPUT -i lo -j ACCEPT
|
||||
$IPT -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
# Allow all outgoing connection but no incoming stuff by default
|
||||
$IPT -A OUTPUT -o ${_pub_if} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
||||
$IPT -A INPUT -i ${_pub_if} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
|
||||
### Setup our black list ###
|
||||
# Create a new chain
|
||||
$IPT -N droplist
|
||||
|
||||
# Filter out comments and blank lines
|
||||
# store each ip or subnet in $ip
|
||||
egrep -v "^#|^$" x | while IFS= read -r ip
|
||||
do
|
||||
# Append everything to droplist
|
||||
$IPT -A droplist -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List "
|
||||
$IPT -A droplist -i ${_pub_if} -s $ip -j DROP
|
||||
done <"${_input}"
|
||||
|
||||
# Finally, insert or append our black list
|
||||
$IPT -I INPUT -j droplist
|
||||
$IPT -I OUTPUT -j droplist
|
||||
$IPT -I FORWARD -j droplist
|
||||
|
||||
|
||||
# Okay add your rest of $IPT commands here
|
||||
# Example: open port 53
|
||||
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p udp --dport 53 -j ACCEPT
|
||||
#$IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
# Open port 80
|
||||
# $IPT -A INPUT -i ${_pub_if} -s 0/0 -d 1.2.3.4 -p tcp --destination-port 80 -j ACCEPT
|
||||
|
||||
# Allow incoming ICMP ping pong stuff
|
||||
# $IPT -A INPUT -i ${_pub_if} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -m limit --limit 30/sec -j ACCEPT
|
||||
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 3 -m limit --limit 30/sec -j ACCEPT
|
||||
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 5 -m limit --limit 30/sec -j ACCEPT
|
||||
# $IPT -A INPUT -i ${_pub_if} -p icmp -m icmp --icmp-type 11 -m limit --limit 30/sec -j ACCEPT
|
||||
|
||||
# drop and log everything else
|
||||
$IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG
|
||||
$IPT -A INPUT -j DROP
|
28
scripts/iptables2.sh
Normal file
28
scripts/iptables2.sh
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
# syntax of user list file
|
||||
# sourceIPAdress:DestinationIPAddress:Port
|
||||
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./`basename $0` <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Parameters
|
||||
USER_DATA_FILE=$1
|
||||
|
||||
|
||||
_input=/path/to/text.db
|
||||
IPT=/sbin/iptables
|
||||
$IPT -N droplist
|
||||
egrep -v "^#|^$" x | while IFS= read -r ip
|
||||
do
|
||||
$IPT -A droplist -i eth1 -s $ip -j LOG --log-prefix " myBad IP BlockList "
|
||||
$IPT -A droplist -i eth1 -s $ip -j DROP
|
||||
done < "$_input"
|
||||
# Drop it
|
||||
$IPT -I INPUT -j droplist
|
||||
$IPT -I OUTPUT -j droplist
|
||||
$IPT -I FORWARD -j droplist
|
209
scripts/iptables_Roy.sh
Normal file
209
scripts/iptables_Roy.sh
Normal file
@ -0,0 +1,209 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
echo -e "****************Welcome*************"
|
||||
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
|
||||
checkstatus()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 7 ]
|
||||
do
|
||||
clear
|
||||
#echo -e "\nChoose the Option Bellow!!!\n
|
||||
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
|
||||
echo -e " 1. Save the iptables\n
|
||||
2. Status of Iptables\n
|
||||
3. Start iptables Services\n
|
||||
4. Stop iptables Services\n
|
||||
5. Restart iptable Services\n
|
||||
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
|
||||
7. Go back to Main Menu"
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables save
|
||||
echo -e "\n*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
2) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables status
|
||||
echo -e "*******************************************************"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
3) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables start
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
4) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables stop
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
|
||||
5) echo -e "*******************************************************\n"
|
||||
/etc/init.d/iptables restart
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
6) iptables -F
|
||||
echo -e "*******************************************************"
|
||||
echo -e "All the Rules from the Iptables are Flushed!!!"
|
||||
echo -e "*******************************************************\n"
|
||||
echo -e "Press Enter key to Continue..."
|
||||
read temp;;
|
||||
7) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
}
|
||||
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
|
||||
buildfirewall()
|
||||
{
|
||||
###############Getting the Chain############
|
||||
echo -e "Using Which Chain of Filter Table?\n
|
||||
1. INPUT
|
||||
2. OUTPUT
|
||||
3. Forward"
|
||||
read opt_ch
|
||||
case $opt_ch in
|
||||
1) chain="INPUT" ;;
|
||||
2) chain="OUTPUT" ;;
|
||||
3) chain="FORWARD" ;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
|
||||
#########Getting Source IP Address##########
|
||||
#Label
|
||||
|
||||
echo -e "
|
||||
1. Firewall using Single Source IP\n
|
||||
2. Firewall using Source Subnet\n
|
||||
3. Firewall using for All Source Networks\n
|
||||
4. Firewall choose a source file contationing ip addesses"
|
||||
read opt_ip
|
||||
|
||||
case $opt_ip in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Source"
|
||||
read ip_source ;;
|
||||
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_source ;;
|
||||
3) ip_source="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_source ;;
|
||||
|
||||
#5) ip_source = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
#########Getting Destination IP Address##########
|
||||
echo -e "
|
||||
1. Firewall using Single Destination IP\n
|
||||
2. Firewall using Destination Subnet\n
|
||||
3. Firewall using for All Destination Networks\n
|
||||
4. Firewall using a file"
|
||||
|
||||
read opt_ip
|
||||
case $opt_ip in
|
||||
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
||||
read ip_dest ;;
|
||||
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
||||
read ip_dest ;;
|
||||
3) ip_dest="0/0" ;;
|
||||
4) echo -e "\nPlease Enter the file name."
|
||||
read ip_dest ;;
|
||||
#5) ip_dest = "NULL" ;;
|
||||
*) echo -e "Wrong Option Selected"
|
||||
esac
|
||||
###############Getting the Protocol#############
|
||||
echo -e "
|
||||
1. All Traffic of TCP
|
||||
2. Specific TCP Service
|
||||
3. Specific Port
|
||||
4. Using no Protocol"
|
||||
read proto_ch
|
||||
case $proto_ch in
|
||||
1) proto=TCP ;;
|
||||
2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
|
||||
read proto ;;
|
||||
3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)"
|
||||
read proto ;;
|
||||
4) proto="NULL" ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
#############What to do With Rule#############
|
||||
echo -e "What to do with Rule?
|
||||
1. Accept the Packet
|
||||
2. Reject the Packet
|
||||
3. Drop the Packet
|
||||
4. Create Log"
|
||||
read rule_ch
|
||||
case $rule_ch in
|
||||
1) rule="ACCEPT" ;;
|
||||
2) rule="REJECT" ;;
|
||||
3) rule="DROP" ;;
|
||||
4) rule="LOG" ;;
|
||||
esac
|
||||
###################Generating the Rule####################
|
||||
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
||||
read temp
|
||||
echo -e "The Generated Rule is \n"
|
||||
if [ $proto == "NULL" ]; then
|
||||
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n"
|
||||
gen=1
|
||||
else
|
||||
echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n"
|
||||
gen=2
|
||||
fi
|
||||
echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
|
||||
read yesno
|
||||
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
||||
iptables -A $chain -s $ip_source -d $ip_dest -j $rule
|
||||
else if [ $yesno == 1 ] && [ $gen == 2 ]; then
|
||||
iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
|
||||
else if [ $yesno == 1 ] && [$gen == 2]; then
|
||||
iptables -A $chain -s $(grep -hvE "^#|^$" $ip_source) -d $(grep -hvE "^#|^$" $ip_dest) -p $proto -j $rule
|
||||
else if [ $yesno == 3 ]; then
|
||||
|
||||
|
||||
main
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
main()
|
||||
{
|
||||
ROOT_UID=0
|
||||
if [ $UID == $ROOT_UID ];
|
||||
then
|
||||
clear
|
||||
opt_main=1
|
||||
while [ $opt_main != 4 ]
|
||||
do
|
||||
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
|
||||
#############Check Whether the iptables installed or not############
|
||||
echo -e "\t*****Main Menu*****\n
|
||||
1. Check Iptables Package\n
|
||||
2. Iptables Services\n
|
||||
3. Build Your Firewall with Iptables\n
|
||||
4. Exit"
|
||||
read opt_main
|
||||
case $opt_main in
|
||||
1) echo -e "******************************"
|
||||
rpm -q iptables
|
||||
echo -e "******************************" ;;
|
||||
2) checkstatus ;;
|
||||
3) buildfirewall ;;
|
||||
4) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo -e "You Must be the ROOT to Perfom this Task!!!"
|
||||
fi
|
||||
}
|
||||
main
|
||||
exit 0
|
17
scripts/loop_a_function.sh
Normal file
17
scripts/loop_a_function.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
#loop a function
|
||||
|
||||
FILE="../servers"
|
||||
|
||||
uptime_ost ()
|
||||
{
|
||||
for host in $(cat ${FILE})
|
||||
do
|
||||
ssh -o ConnectTimeout=3 -n root@$host "uptime" >> uptime_$host
|
||||
done
|
||||
}
|
||||
|
||||
while true ;do
|
||||
uptime_ost;
|
||||
sleep 5
|
||||
done > /dev/null 2>&1
|
10
scripts/looping_within_host_ssh.sh
Normal file
10
scripts/looping_within_host_ssh.sh
Normal file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
FILE=$1
|
||||
for host in $(cat $FILE); do
|
||||
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
|
||||
echo -e " $host must be mounted as binformd user\n"
|
||||
else
|
||||
ssh $host 'for i in $(hostname && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a celeraUmnt${DATE}
|
||||
fi
|
||||
done
|
||||
|
62
scripts/motd
Normal file
62
scripts/motd
Normal file
@ -0,0 +1,62 @@
|
||||
#/usr/local/bin/dynmotd
|
||||
#!/bin/bash
|
||||
USER=$(whoami)
|
||||
HOSTNAME=$(uname -n)
|
||||
|
||||
MEMORY1=$(free -t -h | grep "Mem" | awk '{print $3;}')
|
||||
MEMORY2=$(free -h | grep "Mem" | awk '{print $2;}')
|
||||
PSA=$(ps -Afl | wc -l)
|
||||
|
||||
# time of day
|
||||
DATE=$(date +"%F %H:%M:%S")
|
||||
|
||||
|
||||
#System uptime
|
||||
uptime=$(cat /proc/uptime | cut -f1 -d.)
|
||||
upDays=$((uptime/60/60/24))
|
||||
upHours=$((uptime/60/60%24))
|
||||
upMins=$((uptime/60%60))
|
||||
upSecs=$((uptime%60))
|
||||
|
||||
#System load
|
||||
LOAD1=`cat /proc/loadavg | awk {'print $1'}`
|
||||
LOAD5=`cat /proc/loadavg | awk {'print $2'}`
|
||||
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
|
||||
|
||||
#Host engine
|
||||
ENGINE=$(hosted-engine --vm-status|grep "Engine status")
|
||||
|
||||
RUNNING_VMS=$(virsh -r list | awk '{print$2 " "$3}'|grep -v "Name State"| column -t)
|
||||
|
||||
#Some Colors
|
||||
BRED='\033[1;31m'
|
||||
RED='\033[0;31m'
|
||||
NC='\033[0m' # No Color
|
||||
#has the server been rebooted indicator
|
||||
if [ $upDays -eq "0" ]; then
|
||||
echo -e "${BRED}SERVER HAS BEEN REBOOTED $upHours hours AGO ${NC}";
|
||||
fi
|
||||
|
||||
echo "
|
||||
- System uptime.......: $upDays days $upHours hours $upMins minutes $upSecs seconds
|
||||
- Current time........: $DATE
|
||||
- Current user........: $USER
|
||||
- Hostname............: $HOSTNAME
|
||||
- Release.............: `cat /etc/redhat-release`
|
||||
- Users...............: Currently `users | wc -w` user(s) logged on
|
||||
- CPU usage...........: $LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)
|
||||
- Memory used.........: $MEMORY1 of $MEMORY2
|
||||
- Swap in use.........: `free -m | tail -n 1 | awk '{print $3}'` MB
|
||||
- Processes...........: $PSA running
|
||||
- VM's on this HV.....:
|
||||
$RUNNING_VMS
|
||||
|
||||
- Host engine status..:
|
||||
$ENGINE
|
||||
|
||||
==================================== volume status vm ===============================
|
||||
$(gluster volume status vm clients|grep 'Brick\|Clients')
|
||||
|
||||
==================================== volume status engine ===========================
|
||||
$(gluster volume status engine clients|grep 'Brick\|Clients')
|
||||
"
|
181
scripts/mount_tool.sh
Normal file
181
scripts/mount_tool.sh
Normal file
@ -0,0 +1,181 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 29/03/2014 :roy@wondercohen.nl
|
||||
#objective :Mount and Umount mounts on remote server
|
||||
#last update :10/05/2014
|
||||
#version :0.3
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax error must be : ./`basename $0` <file name>"
|
||||
exit
|
||||
fi
|
||||
clear
|
||||
# Parameter
|
||||
DATE=`/bin/date +%H\u%M-%d-%b-%Y`
|
||||
FILE=$1
|
||||
# Variables
|
||||
LOGDIR="$HOME/celera/logs/"
|
||||
|
||||
check(){
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 6 ]
|
||||
do
|
||||
clear
|
||||
echo -e "\n\t*****Checks for mount on servers*****\n
|
||||
1. Check all mounts via mtab\n
|
||||
2. Check Celera mounts via mtab\n
|
||||
3. Check all mounts via fstab\n
|
||||
4. Check Celera mounts via fstab\n
|
||||
5. Check Noauto mounts in fstab\n
|
||||
6. Go back to Main Menu"
|
||||
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allMtab${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
2)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/mtab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraMtab_${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
3)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allFstab${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
4)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}celeraFstab${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
5)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do echo $i; done' 2>&1 | tee -a ${LOGDIR}allNoautoFstab${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
6) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
mount()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 4 ]
|
||||
do
|
||||
clear
|
||||
echo -e "\n\t***** Mount on servers *****\n
|
||||
1. Mount all via fstab\n
|
||||
2. Mount only Celera via fstab\n
|
||||
3. Mount all noauto via fstab\n
|
||||
4. Go back to Main Menu"
|
||||
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1)
|
||||
for host in $(cat $FILE); do
|
||||
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
|
||||
echo -e " $host must be mounted as binformd user\n" | tee -a ${LOGDIR}binformd${DATE}
|
||||
else
|
||||
ssh $host mount -a 2>&1 | tee -a ${LOGDIR}mountAll${DATE}
|
||||
fi
|
||||
done
|
||||
read temp;;
|
||||
|
||||
2)
|
||||
for host in $(cat $FILE); do
|
||||
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
|
||||
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
|
||||
else
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}celeraMnt${DATE}
|
||||
fi
|
||||
done
|
||||
read temp;;
|
||||
|
||||
3)
|
||||
for host in $(cat $FILE); do
|
||||
if [[ $host =~ clnara* || clnars1d && clnars1m && clnsr206 && clnprp1d && clnprp1m && clnpr2e4 ]] ; then
|
||||
echo -e " $host must be mounted as binformd user\n"| tee -a ${LOGDIR}binformd${DATE}
|
||||
else
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts that were mounted**" && cat /etc/fstab |grep -v "^#" | grep noauto | grep -v sys |awk '\''{print $2}'\'' ) ; do mount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoMnt${DATE}
|
||||
fi
|
||||
done
|
||||
read temp;;
|
||||
|
||||
4) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
|
||||
umount()
|
||||
{
|
||||
opt_checkstatus=1
|
||||
while [ $opt_checkstatus != 3 ]
|
||||
do
|
||||
clear
|
||||
echo -e "\n\t***** UnMount on servers *****\n
|
||||
1. UnMount all via fstab\n
|
||||
2. UnMount only Celera via fstab\n
|
||||
3. Go back to Main Menu"
|
||||
|
||||
read opt_checkstatus
|
||||
case $opt_checkstatus in
|
||||
1)
|
||||
for host in $(cat $FILE); do
|
||||
echo "are you sure? if so change the script"
|
||||
#ssh $host umount -a 2>&1 | tee -a ${LOGDIR}umountAll${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
2)
|
||||
for host in $(cat $FILE); do
|
||||
ssh $host 'for i in $(hostname && echo "**Mounts that were unmounted**" && cat /etc/fstab | grep -v "^#" | grep sc |awk '\''{print $2}'\'' ) ; do umount $i; done' 2>&1 | tee -a ${LOGDIR}NoautoUmnt${DATE}
|
||||
done
|
||||
read temp;;
|
||||
|
||||
3) main;;
|
||||
*) echo -e "Wrong Option Selected!!!"
|
||||
esac
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
main()
|
||||
{
|
||||
opt_main=1
|
||||
while [ $opt_main != 4 ]
|
||||
do
|
||||
echo -e "/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\n"
|
||||
#############Check Mounts ############
|
||||
echo -e "\t*****Main Menu*****\n
|
||||
1. Checks mounts\n
|
||||
2. Mount\n
|
||||
3. Umount\n
|
||||
4. Exit"
|
||||
read opt_main
|
||||
case $opt_main in
|
||||
1) check ;;
|
||||
2) mount ;;
|
||||
3) umount ;;
|
||||
4) exit 0 ;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
done
|
||||
}
|
||||
main
|
||||
exit 0
|
13
scripts/ping_test.sh
Normal file
13
scripts/ping_test.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
for host in $(cat $1)
|
||||
do
|
||||
|
||||
if ping -c 1 -w 5 $host &>/dev/null ; then
|
||||
|
||||
echo "$host is up"
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
11
scripts/sc.sh
Normal file
11
scripts/sc.sh
Normal file
@ -0,0 +1,11 @@
|
||||
#tail -n 30 /u01/env/$1/tibco/tra/$1/application/logs/CARinboxBulk-Process_Archive.log |grep OutOfMemoryError |wc -l
|
||||
#!/bin/bash
|
||||
cd out/
|
||||
for h in $(ls /u01/zbx/agt/bin/OutOfMemory_log_checks/)
|
||||
do
|
||||
cd /u01/zbx/agt/bin/OutOfMemory_log_checks/
|
||||
mv $h.log.sh $h.sh
|
||||
#touch $h.sh
|
||||
#echo -e "#!/bin/bash\ntail -n 30 /u01/env/\$1/tibco/tra/\$1/application/logs/$h |grep OutOfMemoryError |wc -l" > $h.sh
|
||||
|
||||
done
|
70
scripts/some_thouts.sh
Normal file
70
scripts/some_thouts.sh
Normal file
@ -0,0 +1,70 @@
|
||||
$opt_int $proto_ch $port_ch
|
||||
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
1 1 1 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
1 2 1 -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
1 3 2 -A $chain -s $ip_source -i $interface --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
1 1 2 -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
||||
2 1 1 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
||||
2 2 1 -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
||||
2 3 2 -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule_ch
|
||||
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
||||
2 1 2 -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule_ch
|
||||
fi
|
||||
|
||||
|
||||
-A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule_ch ($opt_int = 1 $proto_ch=2 $port_ch=2)
|
||||
-A $chain -s $ip_source -i $interface --dport 443 -j $rule_ch ($opt_int = 1 $proto_ch=3 NO PROTOC)
|
||||
-A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule_ch ($opt_int = 2 $proto_ch=2)
|
||||
-A $chain -s $ip_source -d $ip_dest --dport 443 -j $rule_ch ($opt_int = 2 $proto_ch=3 NO PROTOC)
|
||||
|
||||
|
||||
RULE="-A$chain$ipdetails$ip_dest$proto$port$rule"
|
||||
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$12$14}'|grep "^-")
|
||||
do
|
||||
if [ "$RULE" == "$FILE" ] ; then
|
||||
echo "this Rule -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule exsists"
|
||||
read temp
|
||||
|
||||
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
-A INPUT -s 11.11.11.11 -d 22.22.22.22 -p tcp --dport 443 -j ACCEPT
|
||||
|
||||
|
||||
awk '{print $1$2$3$4$5$6$7$8$9$10$11$12$13$14$15}'
|
||||
for FILE in $(cat /etc/sysconfig/iptables |awk '{print $1$2$4$6$8$12$14}'|grep "^-")
|
||||
do
|
||||
RULE="-A$chain$ipdetails$interface$ip_dest$proto$port$rule"
|
||||
if [ "$RULE" == "$FILE" ] ; then
|
||||
echo -e "This Rule \"-D $chain -s $ip_source -i $interface -p $proto --dport $port\" -j $rule exsists"
|
||||
echo -e "\nGo Back to Build Your Firewall program Or to Main Menu\n
|
||||
1. Back to Build Your Firewall with Iptables
|
||||
2. Go back to Main Menu"
|
||||
read back_to
|
||||
case $back_to in
|
||||
1) buildfirewall;;
|
||||
2) main;;
|
||||
*) echo -e "Wrong option Selected!!!"
|
||||
esac
|
||||
|
||||
|
||||
|
||||
|
||||
for duplicate_iptables in `(cat /etc/sysconfig/iptables | sort | uniq | grep "^-")`
|
||||
do
|
||||
echo "iptables $duplicate_iptables"
|
||||
done
|
||||
|
||||
while read -r duplicate_iptables
|
||||
do
|
||||
iptables $duplicate_iptables
|
||||
done < /etc/sysconfig/iptables | grep "^-"
|
||||
|
||||
cat /etc/sysconfig/iptables | xargs -n1 -i{} grep '^{}$' ngfilelist.txt
|
||||
|
||||
|
||||
|
28
scripts/ssh_loop.sh
Normal file
28
scripts/ssh_loop.sh
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in $(cat ${FILE})
|
||||
do
|
||||
|
||||
#scp bashrc root@$host:/etc/
|
||||
|
||||
#echo $IP
|
||||
|
||||
|
||||
#ssh -n admroy@$host "rm -rf /tmp/atlas/ && sh /root/atlas.sh init && /tmp/atlas/atlas.sh build && /tmp/atlas/atlas.sh purge && /tmp/atlas/atlas.sh install && hostname"
|
||||
ssh -n root@$host "hostname"
|
||||
#ssh -n root@$host "hostname"
|
||||
|
||||
#add to known hosts
|
||||
#ssh-keyscan -H $host >> ~/.ssh/known_hosts
|
||||
|
||||
done
|
||||
|
||||
#IPADDR="10.2.2."
|
15
scripts/test_con_server_status.sh
Normal file
15
scripts/test_con_server_status.sh
Normal file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen
|
||||
# Test server conection to GW and whire the date and upteme to a logfile
|
||||
|
||||
status=$(ps -ef | grep test_con_server_status.sh | grep -v grep |wc -l)
|
||||
if [ "$status" -ge 3 ] ;
|
||||
then
|
||||
exit
|
||||
else
|
||||
while true
|
||||
do
|
||||
nc -z 10.2.1.1 22 && echo $(date && uptime) >> /var/log/custom/$HOSTNAME
|
||||
sleep 5
|
||||
done
|
||||
fi
|
8
scripts/test_scripts/gluster_peer_check.sh
Normal file
8
scripts/test_scripts/gluster_peer_check.sh
Normal file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
HOST=$1
|
||||
TIME=$(date)
|
||||
while echo -e "\n**$TIME**" >> gluster_peer_$HOST ;do
|
||||
ssh -o ConnectTimeout=3 -n root@$HOST "gluster peer status"
|
||||
sleep 5;
|
||||
done >> gluster_peer_$HOST.log 2>&1
|
6
scripts/test_scripts/log_oc_nodes.sh
Normal file
6
scripts/test_scripts/log_oc_nodes.sh
Normal file
@ -0,0 +1,6 @@
|
||||
for (( ; ; ))
|
||||
do
|
||||
date >> oc_node_status.log
|
||||
oc get nodes -o wide >> oc_node_status.log
|
||||
sleep 2
|
||||
done
|
6
scripts/test_scripts/log_oc_pods.sh
Normal file
6
scripts/test_scripts/log_oc_pods.sh
Normal file
@ -0,0 +1,6 @@
|
||||
for (( ; ; ))
|
||||
do
|
||||
date >> oc_pod_status.log
|
||||
oc get pods --all-namespaces -o wide >> oc_pod_status.log
|
||||
sleep 10
|
||||
done
|
14
scripts/test_scripts/log_ping_between.sh
Normal file
14
scripts/test_scripts/log_ping_between.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
FROM_SERVER=$1
|
||||
TO_SERVER=$2
|
||||
LOG_FILE="ping_${FROM_SERVER}_to_${TO_SERVER}.log"
|
||||
|
||||
for (( ; ; ))
|
||||
do
|
||||
date >> $LOG_FILE
|
||||
ssh -o ConnectTimeout=1 -o ConnectionAttempts=1 \
|
||||
${FROM_SERVER} ping ${TO_SERVER} | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' >> $LOG_FILE
|
||||
echo "Disconnected from server..." >> $LOG_FILE
|
||||
sleep 10
|
||||
done
|
18
scripts/test_scripts/ping_test.sh
Normal file
18
scripts/test_scripts/ping_test.sh
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
HOSTS=(host1
|
||||
host2
|
||||
)
|
||||
|
||||
uptime_mv ()
|
||||
{
|
||||
for host in "${HOSTS[@]}" ;
|
||||
do
|
||||
PONG=$(ping -c 1 $host)
|
||||
echo "$(date) $PONG" >> ping_$host.log &
|
||||
done
|
||||
}
|
||||
|
||||
while true ;do
|
||||
uptime_mv ;
|
||||
sleep 1
|
||||
done
|
33
scripts/test_scripts/test_all.sh
Normal file
33
scripts/test_scripts/test_all.sh
Normal file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
function cleanup {
|
||||
# Your cleanup code here
|
||||
echo "My pid is: $$ ?"
|
||||
echo "Pids to kill: $(pgrep -P $$)"
|
||||
pkill -P $$
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Now the real work:
|
||||
|
||||
# Things to measure:
|
||||
# - availability of loadbalancer (log_haproxy.sh)
|
||||
# - availability of webconsole and master APIs (log_master_api.sh)
|
||||
# - state of nodes (log_oc_nodes.sh)
|
||||
# - state of pods (log_oc_pods.sh)
|
||||
# - availability of servers
|
||||
# - pings between servers (log_ping_between.sh)
|
||||
|
||||
mkdir $1
|
||||
cd $1
|
||||
|
||||
#../log_haproxy.sh &
|
||||
#../log_master_api.sh &
|
||||
#../log_oc_nodes.sh &
|
||||
#../log_oc_pods.sh &
|
||||
../uptime_hv.sh &
|
||||
../virsh_list_hv.sh &
|
||||
../uptime_vm.sh &
|
||||
../gluster_peer_check.sh<Hostname> &
|
||||
wait
|
||||
|
18
scripts/test_scripts/uptime_hv.sh
Normal file
18
scripts/test_scripts/uptime_hv.sh
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
HOSTS=(
|
||||
|
||||
)
|
||||
|
||||
uptime_ost ()
|
||||
{
|
||||
for host in "${HOSTS[@]}" ;
|
||||
do
|
||||
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
|
||||
done
|
||||
}
|
||||
|
||||
while true ;do
|
||||
uptime_ost;
|
||||
sleep 5
|
||||
done > /dev/null 2>&1
|
17
scripts/test_scripts/uptime_vm.sh
Normal file
17
scripts/test_scripts/uptime_vm.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
HOSTS=(host1
|
||||
host2
|
||||
)
|
||||
|
||||
uptime_mv ()
|
||||
{
|
||||
for host in "${HOSTS[@]}" ;
|
||||
do
|
||||
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "uptime" >> uptime_$host.log
|
||||
done
|
||||
}
|
||||
|
||||
while true ;do
|
||||
uptime_mv ;
|
||||
sleep 5
|
||||
done > /dev/null 2>&1
|
19
scripts/test_scripts/virsh_list_hv.sh
Normal file
19
scripts/test_scripts/virsh_list_hv.sh
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
HOSTS=(
|
||||
host1
|
||||
host2
|
||||
)
|
||||
|
||||
virsh_test ()
|
||||
{
|
||||
for host in "${HOSTS[@]}" ;
|
||||
do
|
||||
echo $(date) >> virsh_$host
|
||||
ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 -n root@$host "virsh -r list" >> virsh_$host.log
|
||||
done
|
||||
}
|
||||
|
||||
while true ;do
|
||||
virsh_test;
|
||||
sleep 5
|
||||
done > /dev/null 2>&1
|
194
scripts/tools/OS_patching_tool.sh
Normal file
194
scripts/tools/OS_patching_tool.sh
Normal file
@ -0,0 +1,194 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@proteon.com
|
||||
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
|
||||
#objective :OpenShift pathing tool using yum (RHEL and Centos)
|
||||
#First line of code :04/09/2019
|
||||
#last update :06/09/2019
|
||||
#version :0.1
|
||||
#inspred by /home/freark/bin/batch_upgrade.sh
|
||||
|
||||
|
||||
#Check if root is running the script
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Parameters
|
||||
NAGIOS_SCRIPT='/opt/proteon-scripts/minions/nagios/generic/nagios_add_downtime_host.sh'
|
||||
BASE_LOG_DIR=/var/log/batch_upgrade
|
||||
TIMESTAMP=$(date +%Y%m%d.%H%M)
|
||||
|
||||
#set the master host
|
||||
read -p "Enter OpenShift master: " OS_MASTER
|
||||
|
||||
#Set node varible
|
||||
OS_NODES_READY=$(ssh -n $OS_MASTER "oc get nodes" |grep "Ready" | cut -d " " -f1)
|
||||
COUNT_OF_OS_NODES_DRAINED=$(ssh -n $OS_MASTER "oc get nodes" |egrep "NotReady|SchedulingDisabled" |wc -l)
|
||||
#TODO what if there are more that one node already driand?
|
||||
if [[ "$COUNT_OF_OS_NODES_DRAINED" -gt 0 ]] ; then
|
||||
echo -e "n\ NOTE: There are driand nodes on the cluster\n
|
||||
Please chack the master node for possible issues"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
###############################OPENSHIFT PACHING BEGINS HERE###############################
|
||||
#list nodes on the OpenShift Master
|
||||
function list_nodes()
|
||||
{
|
||||
printf '%s\n' "${OS_NODES_READY[@]}"
|
||||
set_update_host
|
||||
}
|
||||
|
||||
#set the hostname for the update
|
||||
function set_update_host()
|
||||
{
|
||||
echo "Set the OpenShift node that needs to updated or Press ^c to bailout/finish"
|
||||
read -p "Enter OpenShift node: " HOST_TO_UPDATE
|
||||
}
|
||||
|
||||
#Breack in an error
|
||||
function pause_on_error {
|
||||
if [ $1 -ne 0 ]
|
||||
then
|
||||
echo -e "\e[31mThe last command resulted in an error.\e[0m Press ^c to bailout or enter to continue"
|
||||
read
|
||||
fi
|
||||
}
|
||||
|
||||
#Add nagios downtime
|
||||
function nagios_downtime()
|
||||
{
|
||||
$NAGIOS_SCRIPT --host=$HOST_TO_UPDATE --comment='Batch Updating Host'
|
||||
echo "Adding downtime for host $HOST_TO_UPDATE..."
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#just a counter, one minute
|
||||
function time_counter()
|
||||
{
|
||||
count=0
|
||||
total=120
|
||||
|
||||
while [ $count -lt $total ]; do
|
||||
sleep 0.5 # this is work
|
||||
count=$(( $count + 1 ))
|
||||
pd=$(( $count * 60 / $total ))
|
||||
printf "\r${pd}s" $(( $count * 60 / $total ))
|
||||
done
|
||||
}
|
||||
|
||||
#Drain the node
|
||||
function drain()
|
||||
{
|
||||
echo "Draining $HOST_TO_UPDATE"
|
||||
ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE"
|
||||
echo "
|
||||
________________________________________________________________________
|
||||
< This will take a minute, Just making sure that the node is fully drained >
|
||||
------------------------------------------------------------------------
|
||||
\ ^__^
|
||||
\ (oo)\_______
|
||||
(__)\ )\/
|
||||
||----w |
|
||||
|| ||
|
||||
|
||||
"
|
||||
time_counter
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#Update node
|
||||
function update()
|
||||
{
|
||||
mkdir -p ${BASE_LOG_DIR}
|
||||
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
|
||||
|
||||
echo -e "n\I'm now going to update $HOST_TO_UPDATE."
|
||||
echo "You can follow/check logs in:"
|
||||
echo ${LOG_DIR}
|
||||
echo "Use for instance 'tail -f ${LOG_DIR}/$HOST_TO_UPDATE' in a different terminal after continuing here."
|
||||
echo "If any fail you MUST check and update these before proceeding!"
|
||||
echo -e "\e[33mPress ^c to bailout or enter to continue\e[0m"
|
||||
read
|
||||
echo "This may take some time..."
|
||||
echo "Please check the packge list, if docker/openshift/atomic are incluted than, STOP the update by reapling N to yum or Press ^c "
|
||||
|
||||
#exclude openshift and docker
|
||||
ssh -n $HOST_TO_UPDATE "cat /etc/yum.conf | grep -v exclude >/tmp/yum.conf && echo "exclude= docker* atomic* " >> /tmp/yum.conf && cat /tmp/yum.conf >/etc/yum.conf"
|
||||
#update command
|
||||
ssh -t $HOST_TO_UPDATE "sleep 10 && yum update --security" | tee ${LOG_DIR}/$HOST_TO_UPDATE
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
#reboot node
|
||||
function reboot_server()
|
||||
{
|
||||
LOG_DIR=$(mktemp -d ${BASE_LOG_DIR}/${TIMESTAMP}.XXXX)
|
||||
|
||||
|
||||
echo "Restarting server $HOST_TO_UPDATE"
|
||||
#ANSWER='dummyvalue'
|
||||
while [[ -n "${ANSWER}" || ( "${ANSWER}" != 'c' && "${ANSWER}" != 's' ) ]]; do
|
||||
echo -e "\e[33mPress 'c' continue, 's' to skip, or ^c to bail out...\e[0m"
|
||||
read ANSWER
|
||||
if [[ "${ANSWER}" == 's' ]]; then
|
||||
echo "Skipping $HOST_TO_UPDATE"
|
||||
return 0
|
||||
fi
|
||||
if [[ "${ANSWER}" == 'c' ]]; then
|
||||
echo "Proceeding to reboot $HOST_TO_UPDATE"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
timeout 4 ssh -o ConnectTimeout=3 $HOST_TO_UPDATE "reboot"
|
||||
# no pause on reboot, because often you get kicked out of the server too quickly causing an non-zero exitcode
|
||||
# pause_on_error $?
|
||||
|
||||
# wait until the server is down
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
while [[ $rc == 0 ]]
|
||||
do
|
||||
echo "Waiting for $HOST_TO_UPDATE to be down..."
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
sleep 0.5
|
||||
done
|
||||
|
||||
echo "Server $HOST_TO_UPDATE appears to be down..."
|
||||
|
||||
# wait until...
|
||||
# server pings again
|
||||
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
while [[ $rc != 0 ]]
|
||||
do
|
||||
echo "Waiting for $HOST_TO_UPDATE to be back up..."
|
||||
ssh -o ConnectTimeout=2 $HOST_TO_UPDATE true
|
||||
rc=$?
|
||||
sleep 5
|
||||
done
|
||||
}
|
||||
|
||||
#uncordon node in the OpenShift master
|
||||
function uncordon()
|
||||
{
|
||||
echo "------------------------------------"
|
||||
echo "Reactivating $HOST_TO_UPDATE in the OpenShift master $OS_MASTER"
|
||||
ssh -n $OS_MASTER "oc adm uncordon $HOST_TO_UPDATE"
|
||||
list_nodes
|
||||
pause_on_error $?
|
||||
}
|
||||
|
||||
|
||||
############################### -MAIN RUN- ###############################
|
||||
|
||||
list_nodes
|
||||
nagios_downtime
|
||||
drain
|
||||
update
|
||||
reboot_server
|
||||
uncordon
|
13
scripts/tools/collect_info.sh
Normal file
13
scripts/tools/collect_info.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@proteon.com
|
||||
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
|
||||
#objective :colection script for run_collect_info.sh this script collects the Total Processors, Memory RAM Total Disk size per host.
|
||||
#First line of code :09/10/2019
|
||||
#last update :11/10/2019
|
||||
#version :0.1
|
||||
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
|
||||
echo -e "\tMemory(RAM) Info\t"`free -mt| awk '/Mem/{print " \tTotal, " $2 }'`
|
||||
echo -e "\t,Total Processor,\t"`grep -c 'processor' /proc/cpuinfo`
|
||||
TOTAL_HDD_SIZE=$(df |grep "^/dev" |awk '{print $2}'|paste -sd+)
|
||||
SUM_HDD=$(echo $(($TOTAL_HDD_SIZE)) | awk '{ byte =$1 /1024**2 ; print byte}')
|
||||
echo -e "\t,Disks size,\t "$(echo $SUM_HDD)
|
14
scripts/tools/drain_host.sh
Normal file
14
scripts/tools/drain_host.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
OS_MASTER=$1
|
||||
HOSTS=($(cat $2))
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in "${HOSTS[@]}"
|
||||
do
|
||||
ssh -n root@$1 "oc adm drain --ignore-daemonsets $host"
|
||||
done
|
32
scripts/tools/just_a_waiting_bar.sh
Normal file
32
scripts/tools/just_a_waiting_bar.sh
Normal file
@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
HOST_TO_UPDATE=Host1
|
||||
OS_MASTER=Master1
|
||||
|
||||
function time_counter()
|
||||
{
|
||||
count=0
|
||||
total=120
|
||||
|
||||
while [ $count -lt $total ]; do
|
||||
sleep 0.5 # this is work
|
||||
count=$(( $count + 1 ))
|
||||
pd=$(( $count * 60 / $total ))
|
||||
printf "\r${pd}s" $(( $count * 60 / $total ))
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
echo "Draining $HOST_TO_UPDATE"
|
||||
echo "ssh -n $OS_MASTER "oc adm drain --ignore-daemonsets $HOST_TO_UPDATE""
|
||||
echo "
|
||||
________________________________________________________________________
|
||||
< This will take a minute, Just making sure that the node is fully drained >
|
||||
------------------------------------------------------------------------
|
||||
\ ^__^
|
||||
\ (oo)\_______
|
||||
(__)\ )\/\/
|
||||
||----w |
|
||||
|| ||
|
||||
|
||||
"
|
||||
time_counter
|
54
scripts/tools/run_collect_info_v2.sh
Normal file
54
scripts/tools/run_collect_info_v2.sh
Normal file
@ -0,0 +1,54 @@
|
||||
#!/bin/bash
|
||||
#Roy Cohen :roy@proteon.com
|
||||
#Proteon B.V. :Zuid Hollandlaan 7, 2596 AL Den Haag
|
||||
#objective :Script that scp's collect_info.sh from a host source file, and collects and sums-up Total Processors, Memory RAM Total Disk size contact code files.
|
||||
#First line of code :09/10/2019
|
||||
#last update :11/10/2019
|
||||
#version :0.1
|
||||
#synatx example of hostfile :<hostname,contract code> contract code must be in uppercase and my contain numbers
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name with hosts and contract codes>"
|
||||
exit
|
||||
fi
|
||||
CHECK_CONTACT_CODES=$(cat $1 |cut -d "," -f2| grep -oP '[a-z]'|wc -l)
|
||||
|
||||
if [[ $CHECK_CONTACT_CODES -gt 0 ]]
|
||||
then
|
||||
echo "there is some issue with the contact code in the hostfile, please make sure that all contact cods are in uppercase"
|
||||
|
||||
else
|
||||
#clean the results directory
|
||||
rm /opt/scripts/tools/collect_info/results/*
|
||||
|
||||
#collect data from remote server
|
||||
for host in $(cat $1)
|
||||
do
|
||||
HOST=$(echo $host|cut -d "," -f1)
|
||||
CONTRACT_LIST=$(echo $host|cut -d "," -f2)
|
||||
scp -q -p collect_info.sh $HOST:/root
|
||||
SSH_OUT=$(ssh -n $HOST "/root/collect_info.sh")
|
||||
printf "%s " "$HOST," >> results/$CONTRACT_LIST
|
||||
echo $SSH_OUT >> results/$CONTRACT_LIST
|
||||
done 2>/opt/scripts/tools/collect_info/results/error.log
|
||||
|
||||
|
||||
# sums-up the colleced data in to contact code files
|
||||
for contr_file in $(ls /opt/scripts/tools/collect_info/results/)
|
||||
do
|
||||
RAM=$(cat results/$contr_file|cut -d "," -f3| paste -sd+ | bc )
|
||||
CPU=$(cat results/$contr_file|cut -d "," -f5| paste -sd+ | bc )
|
||||
HDD=$(cat results/$contr_file|cut -d "," -f7| paste -sd+ | bc )
|
||||
echo "Total Processors, $CPU" > /opt/scripts/tools/collect_info/results/$contr_file
|
||||
echo "Memory RAM Total in MB, $RAM" >> /opt/scripts/tools/collect_info/results/$contr_file
|
||||
echo "Disk size in GB, $HDD" >> /opt/scripts/tools/collect_info/results/$contr_file
|
||||
done
|
||||
fi
|
||||
|
||||
#cat all the contracts
|
||||
for contr in $(ls /opt/scripts/tools/collect_info/results/)
|
||||
do
|
||||
echo "----$contr---"
|
||||
cat /opt/scripts/tools/collect_info/results/$contr
|
||||
done
|
14
scripts/tools/uncordon_host.sh
Normal file
14
scripts/tools/uncordon_host.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
OS_MASTER=$1
|
||||
HOSTS=($(cat $2))
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0)<OpenShift master node> <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in "${HOSTS[@]}"
|
||||
do
|
||||
ssh -n root@$1 "oc adm uncordon $host"
|
||||
done
|
16
scripts/uptime_loop.sh
Normal file
16
scripts/uptime_loop.sh
Normal file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in $(cat ${FILE})
|
||||
do
|
||||
|
||||
ssh -n root@$host "hostname && uptime && virsh -r list"
|
||||
|
||||
done
|
94
shell.sh
Normal file
94
shell.sh
Normal file
@ -0,0 +1,94 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Wonder Cohen - The Hague The Netherlands
|
||||
# shell_history_audit.sh – put in /etc/profile.d
|
||||
# Logs every interactive-bash command (including within sudo) to /var/log/history
|
||||
# Author: Roy Cohen <roy@wondercohen.nl> Last-update: 2025-06-23
|
||||
|
||||
### Installation notes:
|
||||
## Create the script
|
||||
# /etc/profile.d/shell_history_audit.sh
|
||||
|
||||
## Create log directory and group
|
||||
# sudo groupadd -f historylog
|
||||
# sudo mkdir -p /var/log/history
|
||||
# sudo chown root:historylog /var/log/history
|
||||
# sudo chmod 1770 /var/log/history
|
||||
|
||||
## Create the error log
|
||||
# sudo touch /var/log/history_audit_errors.log
|
||||
# sudo chown root:historylog /var/log/history_audit_errors.log
|
||||
# sudo chmod 666 /var/log/history_audit_errors.log
|
||||
|
||||
## Secure script
|
||||
# sudo chmod 644 /etc/profile.d/shell_history_audit.sh
|
||||
# sudo chown root:root /etc/profile.d/shell_history_audit.sh
|
||||
|
||||
## Make log files append-only (optional)
|
||||
# sudo find /var/log/history -type f -exec chattr +a {} \;
|
||||
#
|
||||
## Sudo environment setting
|
||||
# visudo
|
||||
# Defaults env_keep += "HISTFILE HISTTIMEFORMAT"
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
# Config – change these once
|
||||
HISTDIR="/var/log/history"
|
||||
AUDITGROUP="historylog" # group allowed to read the logs
|
||||
LOG_MODE=0640 # -rw-r----- root:historylog
|
||||
DIR_MODE=1770 # drwxrwx--T root:historylog
|
||||
AUTO_LOGOUT=3600 # seconds
|
||||
ERRLOG="/var/log/history_audit_errors.log"
|
||||
|
||||
##############################################################################
|
||||
# Skip for non-interactive shells
|
||||
[[ $- != *i* ]] && return
|
||||
|
||||
##############################################################################
|
||||
# Auto-logout
|
||||
readonly TMOUT="$AUTO_LOGOUT"
|
||||
export TMOUT
|
||||
|
||||
##############################################################################
|
||||
# Determine source user (for sudo tracking)
|
||||
if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then
|
||||
SRC="$SUDO_USER"
|
||||
else
|
||||
SRC=$(logname 2>/dev/null || echo "$USER")
|
||||
fi
|
||||
|
||||
LOGFILE="$HISTDIR/${USER}_${SRC}.log"
|
||||
|
||||
##############################################################################
|
||||
# Create logfile if directory is writable and it doesn't exist
|
||||
if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then
|
||||
touch "$LOGFILE" # we have permission
|
||||
chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true
|
||||
chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true
|
||||
fi
|
||||
##############################################################################
|
||||
# Check group membership (user must be in $AUDITGROUP)
|
||||
if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then
|
||||
logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped."
|
||||
return 0
|
||||
fi
|
||||
##############################################################################
|
||||
# Activate history logging only when logfile exists & is writable
|
||||
if [[ -w "$LOGFILE" ]]; then
|
||||
export HISTFILE="$LOGFILE"
|
||||
export HISTSIZE=
|
||||
export HISTFILESIZE=
|
||||
export HISTIGNORE=''
|
||||
export HISTCONTROL='ignoreboth'
|
||||
export HISTTIMEFORMAT='%F %T '
|
||||
|
||||
shopt -s histappend
|
||||
case "${PROMPT_COMMAND:-}" in
|
||||
*history\ -a*) : ;;
|
||||
*) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;;
|
||||
esac
|
||||
else
|
||||
# Log error (optional)
|
||||
echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true
|
||||
fi
|
110
shell_history_audit.sh
Normal file
110
shell_history_audit.sh
Normal file
@ -0,0 +1,110 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
# Copyright © 2025 Roy Cohen <roy@wondercohen.nl>
|
||||
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the “Software”), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED
|
||||
|
||||
# Wonder Cohen - The Hague The Netherlands
|
||||
# shell_history_audit.sh – put in /etc/profile.d
|
||||
# Logs every interactive-bash command (including within sudo) to /var/log/history
|
||||
# Last-update: 2025-06-23
|
||||
|
||||
### Installation notes:
|
||||
## Create the script
|
||||
# /etc/profile.d/shell_history_audit.sh
|
||||
|
||||
## Create log directory and group
|
||||
# sudo groupadd -f historylog
|
||||
# sudo mkdir -p /var/log/history
|
||||
# sudo chown root:historylog /var/log/history
|
||||
# sudo chmod 1770 /var/log/history
|
||||
|
||||
## Create the error log
|
||||
# sudo touch /var/log/history_audit_errors.log
|
||||
# sudo chown root:historylog /var/log/history_audit_errors.log
|
||||
# sudo chmod 666 /var/log/history_audit_errors.log
|
||||
|
||||
## Secure script
|
||||
# sudo chmod 644 /etc/profile.d/shell_history_audit.sh
|
||||
# sudo chown root:root /etc/profile.d/shell_history_audit.sh
|
||||
|
||||
## Make log files append-only (optional)
|
||||
# sudo find /var/log/history -type f -exec chattr +a {} \;
|
||||
#
|
||||
## Sudo environment setting
|
||||
# visudo
|
||||
# Defaults env_keep += "HISTFILE HISTTIMEFORMAT"
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
# Config – change these once
|
||||
HISTDIR="/var/log/history"
|
||||
AUDITGROUP="historylog" # group allowed to read the logs
|
||||
LOG_MODE=0640 # -rw-r----- root:historylog
|
||||
DIR_MODE=1770 # drwxrwx--T root:historylog
|
||||
AUTO_LOGOUT=3600 # seconds
|
||||
ERRLOG="/var/log/history_audit_errors.log"
|
||||
|
||||
##############################################################################
|
||||
# Skip for non-interactive shells
|
||||
[[ $- != *i* ]] && return
|
||||
|
||||
##############################################################################
|
||||
# Auto-logout
|
||||
readonly TMOUT="$AUTO_LOGOUT"
|
||||
export TMOUT
|
||||
|
||||
##############################################################################
|
||||
# Determine source user (for sudo tracking)
|
||||
if [[ -n "${SUDO_USER:-}" && $SUDO_USER != "$USER" ]]; then
|
||||
SRC="$SUDO_USER"
|
||||
else
|
||||
SRC=$(logname 2>/dev/null || echo "$USER")
|
||||
fi
|
||||
|
||||
LOGFILE="$HISTDIR/${USER}_${SRC}.log"
|
||||
|
||||
##############################################################################
|
||||
# Create logfile if directory is writable and it doesn't exist
|
||||
if [[ -w "$HISTDIR" && ! -e "$LOGFILE" ]]; then
|
||||
touch "$LOGFILE" # we have permission
|
||||
chmod "$LOG_MODE" "$LOGFILE" 2>/dev/null || true
|
||||
chown "$USER:$AUDITGROUP" "$LOGFILE" 2>/dev/null || true
|
||||
fi
|
||||
##############################################################################
|
||||
# Check group membership (user must be in $AUDITGROUP)
|
||||
if ! id -nG "$USER" | grep -qw "$AUDITGROUP"; then
|
||||
logger -t shell_history_audit "DENIED: $USER is not in $AUDITGROUP group. History logging skipped."
|
||||
return 0
|
||||
fi
|
||||
##############################################################################
|
||||
# Activate history logging only when logfile exists & is writable
|
||||
if [[ -w "$LOGFILE" ]]; then
|
||||
export HISTFILE="$LOGFILE"
|
||||
export HISTSIZE=
|
||||
export HISTFILESIZE=
|
||||
export HISTIGNORE=''
|
||||
export HISTCONTROL='ignoreboth'
|
||||
export HISTTIMEFORMAT='%F %T '
|
||||
|
||||
shopt -s histappend
|
||||
case "${PROMPT_COMMAND:-}" in
|
||||
*history\ -a*) : ;;
|
||||
*) PROMPT_COMMAND="history -a${PROMPT_COMMAND:+; $PROMPT_COMMAND}" ;;
|
||||
esac
|
||||
else
|
||||
# Log error (optional)
|
||||
echo "$(date '+%F %T') WARN: Could not activate logging for $USER to $LOGFILE" >> "$ERRLOG" 2>/dev/null || true
|
||||
fi
|
13
ssh_loops/loop_array.sh
Normal file
13
ssh_loops/loop_array.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
#find only derctoris older then 10 days
|
||||
DIR_NAME=($(find /opt/backup/database/ -maxdepth 1 -type d -ctime +10))
|
||||
|
||||
for dir in "${DIR_NAME[@]}"
|
||||
do
|
||||
echo "tar -cvPf $dir.tgz $dir --remove-files"
|
||||
|
||||
done
|
||||
|
||||
|
||||
#this will tar and remove
|
||||
#tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files
|
51
ssh_loops/loop_array_with_flags.sh
Normal file
51
ssh_loops/loop_array_with_flags.sh
Normal file
@ -0,0 +1,51 @@
|
||||
#!/bin/bash
|
||||
#find only directories older then 10 days
|
||||
|
||||
#this will tar and remove
|
||||
#tar -cvf /home/roy/Desktop/test/some_dir.tgz /home/roy/Desktop/test/some_dir --remove-files
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-h|--help)
|
||||
echo "$package - attempt to capture frames"
|
||||
echo " "
|
||||
echo "$package [options] application [arguments]"
|
||||
echo " "
|
||||
echo "options:"
|
||||
echo "-h, --help show brief help"
|
||||
echo "--days=<1-n> specify an action to use"
|
||||
echo "-o, --output-dir=DIR specify a directory to store output in"
|
||||
exit 0
|
||||
;;
|
||||
-a)
|
||||
shift
|
||||
DIR_NAME=($(find /var/log -maxdepth 1 -type d -mtime +10))
|
||||
if test $# -gt 0; then
|
||||
export PROCESS=$1
|
||||
else
|
||||
for dir in "${DIR_NAME[@]}"
|
||||
do
|
||||
echo "tar -czPf $dir.tar.gz $dir --remove-files"
|
||||
done
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
--days*)
|
||||
DIR_NAME=($(find /var/log/ -maxdepth 1 -type d -mtime +$2))
|
||||
if test $# -gt 0; then
|
||||
export PROCESS=$1
|
||||
else
|
||||
for dir in "${DIR_NAME[@]}"
|
||||
do
|
||||
echo "tar -czPf $dir.tar.gz $dir --remove-files"
|
||||
done
|
||||
exit 1
|
||||
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
18
ssh_loops/service_check_loop.sh
Normal file
18
ssh_loops/service_check_loop.sh
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
# This script will check the runing services for every host you provide in a source file.
|
||||
# Example of running ./service_check_loop.sh <some_file_with_hosts>
|
||||
|
||||
HOSTNAME=($(cat $1))
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "Syntax: ./$(basename $0) <file name>"
|
||||
exit
|
||||
fi
|
||||
|
||||
for host in "${HOSTNAME[@]}"
|
||||
do
|
||||
printf "%s " "$host,"
|
||||
SSH_OUT=$(ssh -n root@$host "netstat -pnltu|cut -d "/" -f2|sed '/^$/d'|sort|uniq"|tr '\n' ',')
|
||||
echo $SSH_OUT
|
||||
done |tee -a /tmp/$1.log
|
Reference in New Issue
Block a user