This commit is contained in:
Matthew McKinnon 2018-05-03 21:32:34 +10:00
parent aac1417ebe
commit 286fca303c
2 changed files with 200 additions and 0 deletions

141
check_updates_rpm.sh Executable file
View File

@ -0,0 +1,141 @@
#!/bin/bash
# Script Name: check_updates_rpm
# Author Name: Matt McKinnon
# Date: 7th June 2016
# Description: For use on rpm based distros ie CentOS, Red Hat, Fedora
# This script will:
# Clean up the local rpm repository of retrieved packages (yum clean)
# Resync the package index (yum makecache)
# If called with AUTOUPDATE set to yes then SECURITY updates will be downloaded and applied. (The package yum-plugin-security is required Install using
# yum install yum-plugin-security)
#
# Make user configuration changes in this section
#
MAILTO="support@comprofix.com"
AUTOUPDATE="no"
LOGFILE="/var/log/server_maint.log"
THISSERVER=$(hostname -f)
#
# End of user configuration section
#
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
# Check if the script is being run as root exit if it is not.
if [ $(id -u) -ne 0 ]
then
echo "ur not root bro"
exit 1
fi
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at `date`" >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
stoplogging() {
echo "`date` [MESSAGE] $0 finished runnning" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
check_return() {
if [ "$?" -ne "0" ]
then
echo "$(date) [ERROR] $1 failed to run" >> $LOGFILE
send_error_email $1
stoplogging
exit 1
fi
echo "$(date) [SUCCESS] $1 ran without error" >> $LOGFILE
}
send_error_email() {
echo "Hello,
Whilst running the update script ($0) on $THISSERVER there was a problem.
[ERROR] "$1" failed to run
The server has the following network interfaces configured ${SERVERADDS[@]}.
Please log in via ssh (e.g. ssh root@${IPADDR[0]}) and check the log file:
vim $LOGFILE
Regards." | /bin/mail -s "[$THISSERVER] There was an error whilst running $0" $MAILTO
}
# IP Address stuff
declare -a IPADDR
declare -a NICINTERFACE
declare -a SERVERADDS
index=0
for i in $( ifconfig | grep 'inet addr' | awk '{print $2}'| sed 's#addr:##g' );
do
IPADDR[$index]=$i
let "index += 1"
done
index=0
for i in $( ifconfig | grep 'eth' | awk '{print $1}' );
do
SERVERADDS[$index]="$i ${IPADDR[$index]}"
let "index += 1"
done
# End IP Address stuff
startlogging
yum clean all > /dev/null
check_return "yum clean all"
yum makecache > /dev/null
check_return "yum makecache"
if [[ "$AUTOUPDATE" == "yes" ]]
then
yum -y update --security > /dev/null
check_return "yum -y update --security"
else
PACKAGES_TO_BE_UPGRADED=`yum list updates -q`
check_return "yum list updates -q"
fi
if [[ -z $PACKAGES_TO_BE_UPGRADED ]]
then
echo "$(date) [MESSAGE] No packages need updating." >> $LOGFILE
else
echo "
Hello,
Packages requiring updates onto $THISSERVER.
$PACKAGES_TO_BE_UPGRADED
The server has the following network interfaces configured ${SERVERADDS[@]}.
To update the server log in via ssh (e.g. ssh root@${IPADDR[0]}) and run the following command:
yum upgrade
See the logfile for more info: vim $LOGFILE
Regards. " | /bin/mail -s "[$THISSERVER] server may need some updates applied" $MAILTO
echo "`date` [MESSAGE] Packages need updating email sent to $MAILTO" >> $LOGFILE
fi
stoplogging
exit 0

59
shorewall-blacklist.sh Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
#
# Shorewall blacklist file
# blacklist file
#
BLACKLIST="/etc/shorewall/blacklist"
CUSTOM="/etc/shorewall/custom-blacklist"
#
# get URL
#
URL[0]="http://feeds.dshield.org/block.txt"
URL[1]="http://www.spamhaus.org/drop/drop.lasso"
#Counrtry BlockLists
COUNTRY=(cn tw tr mx il id ua za)
IPDENY="http://www.ipdeny.com/ipblocks/data/countries"
#
# Don't Edit After this line
#
# Temporary dump staging folder
TMP=$(mktemp -d -t tmp.XXXXXXXXXX)
#
# @method to delete Temporary folder
#
function finish {
rm -rf "$TMP"
}
trap finish EXIT
echo "Downloading new blacklists...."
#Blank out existing blacklists
cat /dev/null > "$TMP/blacklist"
cat /dev/null > $BLACKLIST
#Add custom entries
if [[ -s $CUSTOM ]]; then
cat $CUSTOM >> "$TMP/blacklist"
fi
## top 20 attacking class C (/24)
wget -q -O - ${URL[0]} | sed '1,/Start/d' | sed '/#/d' | awk '{print $1,$3}' | sed 's/ /\//' >> "$TMP/blacklist"
## Spamhaus DROP List
wget -q -O - ${URL[1]} | sed '1,/Expires/d' | awk '{print $1}' >> "$TMP/blacklist"
## Country Blocklists
for BLOCK in ${COUNTRY[*]}; do
wget -q -O - $IPDENY/$BLOCK.zone | awk '{print $1}' >> "$TMP/blacklist"
done
#Remove duplicate entries
sort "$TMP/blacklist" | uniq -c | awk '{print $2}' > $BLACKLIST
shorewall refresh