Merge branch 'master' of https://gitlab.com/mmckinnon/serverscripts
This commit is contained in:
commit
426fa43f66
84
README.md
Executable file → Normal file
84
README.md
Executable file → Normal file
@ -4,101 +4,91 @@ Scripts for different tasks
|
||||
These scripts perform multiple of different tasks that help monitor the server and send emails after performing functions.
|
||||
To send emails the sendEmail package is required
|
||||
|
||||
<pre><code>apt-get install sendemail</code></pre>
|
||||
<pre>
|
||||
apt-get install sendemail
|
||||
</pre>
|
||||
|
||||
|
||||
Change the following lines in scripts that send emails
|
||||
|
||||
MAILFROM is set to determine the server name and domain name for the server and generate and email for it to determine where the email is coming from. This can be changed to specify an email address or you can leave it to generate one.
|
||||
|
||||
<pre><code>
|
||||
MAILTO=user@example.com
|
||||
<pre>MAILTO=user@example.com
|
||||
SMTP=mail.example.com
|
||||
MAILFROM=$(hostaname)@$(dnsdomainname)
|
||||
</code></pre>
|
||||
</pre>
|
||||
|
||||
#### 00logwatch
|
||||
|
||||
This script sends a report based on the log files and settings.
|
||||
|
||||
<b>Installation</b>
|
||||
<pre><code>
|
||||
apt-get install logwatch
|
||||
<pre>apt-get install logwatch
|
||||
ln -s $(pwd)/00logwatch /etc/cron.daily
|
||||
</code></pre>
|
||||
</pre>
|
||||
|
||||
#### check_updates_deb_sh
|
||||
#### check_updates_deb
|
||||
|
||||
This script checks for updates on your Debian based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
|
||||
|
||||
<b>Installation</b>
|
||||
<pre><code>
|
||||
ln -s $(pwd)/check_updates_deb_sh /etc/cron.daily
|
||||
</code></pre>
|
||||
<pre>ln -s $(pwd)/check_updates_deb /etc/cron.daily
|
||||
</pre>
|
||||
|
||||
#### dbbackup.sh
|
||||
#### check_updates_rpm
|
||||
|
||||
This script checks for updates on your RPM based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
|
||||
|
||||
<b>Installation</b>
|
||||
<pre>ln -s $(pwd)/check_updates_rpm /etc/cron.daily
|
||||
</pre>
|
||||
|
||||
#### dbbackup
|
||||
|
||||
This scripts backs up mysql databases and rotates the number of backups through seven days.
|
||||
|
||||
Specify the user and password that has access to the databases.
|
||||
|
||||
<pre><code>
|
||||
DBUSER='dbbackup'
|
||||
<pre>DBUSER='dbbackup'
|
||||
DBPASS='EWFfP3GZsqr427Yj'
|
||||
BACKUPDIR='/BACKUP/db/'
|
||||
</code></pre>
|
||||
</pre>
|
||||
|
||||
#### diskalert.sh
|
||||
<b>Installation</b>
|
||||
<pre>ln -s $(pwd)/dbbackup /etc/cron.daily
|
||||
</pre>
|
||||
|
||||
#### diskalert
|
||||
|
||||
Sends and email when disk space reaches greater than 90%.
|
||||
|
||||
<b>Installation</b>
|
||||
<pre><code>
|
||||
ln -s ${pwd}/diskalert.sh /etc/cron.hourly
|
||||
</code></pre>
|
||||
|
||||
#### gitlabbackup.sh
|
||||
|
||||
If you run your own gitlab server.
|
||||
|
||||
Add the following lines to /etc/gitlab/gitlab.rb once added run gitlab-ctl reconfigure for changes to take effect
|
||||
|
||||
<pre><code>
|
||||
gitlab_rails['backup_path'] = 'BACKUP FOLDER'
|
||||
gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
|
||||
</code></pre>
|
||||
|
||||
Change the BACKUP FOLDER to a location where you want the backups to be saved.
|
||||
|
||||
<b>Installation</b>
|
||||
<pre><code>
|
||||
ln -s ${PWD}/gitlabbackup.sh /etc/cron.daily
|
||||
</code></pre>
|
||||
<pre>ln -s ${pwd}/diskalert.sh /etc/cron.hourly
|
||||
</pre>
|
||||
|
||||
#### nasbackup.sh
|
||||
|
||||
This script does an rsync from one folder location to another
|
||||
|
||||
<b>Installation</b>
|
||||
<pre><code>
|
||||
ln -s ${PWD}/nasbackup.sh /etc/cron.daily
|
||||
</code></pre>
|
||||
<pre>
|
||||
ln -s ${PWD}/nasbackup /etc/cron.daily
|
||||
</pre>
|
||||
|
||||
#### mailQWatch.sh
|
||||
#### mailQWatch
|
||||
|
||||
Script checks mailq size on a postfix system and sends an email when queue size is greater than threshold.
|
||||
|
||||
Update variables in scripts to suit your needs.
|
||||
|
||||
<pre><code>
|
||||
QUEUELIMIT=75
|
||||
<pre>QUEUELIMIT=75
|
||||
SUBJECT="Mail Queue on $HOST is currently $QUEUECOUNT"
|
||||
MAILTO="user@example.com"
|
||||
</code></pre>
|
||||
</pre>
|
||||
|
||||
<b>Installation</b>
|
||||
|
||||
As root, sudo will not work.
|
||||
|
||||
<pre><code>
|
||||
echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
|
||||
</code></pre>
|
||||
<pre>echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
|
||||
</pre>
|
||||
|
141
check_updates_rpm
Executable file
141
check_updates_rpm
Executable file
@ -0,0 +1,141 @@
|
||||
#!/bin/bash
|
||||
# Script Name: check_updates_rpm
|
||||
# Author Name: Matt McKinnon
|
||||
# Date: 7th June 2016
|
||||
# Description: For use on rpm based distros ie CentOS, Red Hat, Fedora
|
||||
# This script will:
|
||||
# Clean up the local rpm repository of retrieved packages (yum clean)
|
||||
# Resync the package index (yum makecache)
|
||||
# If called with AUTOUPDATE set to yes then SECURITY updates will be downloaded and applied. (The package yum-plugin-security is required Install using
|
||||
# yum install yum-plugin-security)
|
||||
|
||||
#
|
||||
# Make user configuration changes in this section
|
||||
#
|
||||
|
||||
MAILTO="support@comprofix.com"
|
||||
AUTOUPDATE="no"
|
||||
LOGFILE="/var/log/server_maint.log"
|
||||
THISSERVER=$(hostname -f)
|
||||
|
||||
#
|
||||
# End of user configuration section
|
||||
#
|
||||
|
||||
DASHES="---------------------------------------------------------------------------------"
|
||||
DASHES2="================================================================================="
|
||||
|
||||
|
||||
# Check if the script is being run as root exit if it is not.
|
||||
|
||||
if [ $(id -u) -ne 0 ]
|
||||
then
|
||||
echo "ur not root bro"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
startlogging() {
|
||||
echo $DASHES2 >> $LOGFILE
|
||||
echo "$0 started running at `date`" >> $LOGFILE
|
||||
echo $DASHES2 >> $LOGFILE
|
||||
}
|
||||
|
||||
stoplogging() {
|
||||
echo "`date` [MESSAGE] $0 finished runnning" >> $LOGFILE
|
||||
echo $DASHES >> $LOGFILE
|
||||
}
|
||||
|
||||
check_return() {
|
||||
if [ "$?" -ne "0" ]
|
||||
then
|
||||
echo "$(date) [ERROR] $1 failed to run" >> $LOGFILE
|
||||
send_error_email $1
|
||||
stoplogging
|
||||
exit 1
|
||||
fi
|
||||
echo "$(date) [SUCCESS] $1 ran without error" >> $LOGFILE
|
||||
}
|
||||
|
||||
send_error_email() {
|
||||
echo "Hello,
|
||||
|
||||
Whilst running the update script ($0) on $THISSERVER there was a problem.
|
||||
|
||||
[ERROR] "$1" failed to run
|
||||
|
||||
The server has the following network interfaces configured ${SERVERADDS[@]}.
|
||||
|
||||
Please log in via ssh (e.g. ssh root@${IPADDR[0]}) and check the log file:
|
||||
|
||||
vim $LOGFILE
|
||||
|
||||
Regards." | /bin/mail -s "[$THISSERVER] There was an error whilst running $0" $MAILTO
|
||||
}
|
||||
|
||||
# IP Address stuff
|
||||
declare -a IPADDR
|
||||
declare -a NICINTERFACE
|
||||
declare -a SERVERADDS
|
||||
index=0
|
||||
|
||||
for i in $( ifconfig | grep 'inet addr' | awk '{print $2}'| sed 's#addr:##g' );
|
||||
do
|
||||
IPADDR[$index]=$i
|
||||
let "index += 1"
|
||||
done
|
||||
|
||||
index=0
|
||||
|
||||
for i in $( ifconfig | grep 'eth' | awk '{print $1}' );
|
||||
do
|
||||
SERVERADDS[$index]="$i ${IPADDR[$index]}"
|
||||
let "index += 1"
|
||||
done
|
||||
|
||||
# End IP Address stuff
|
||||
|
||||
|
||||
startlogging
|
||||
|
||||
yum clean all > /dev/null
|
||||
check_return "yum clean all"
|
||||
|
||||
yum makecache > /dev/null
|
||||
check_return "yum makecache"
|
||||
|
||||
if [[ "$AUTOUPDATE" == "yes" ]]
|
||||
then
|
||||
yum -y update --security > /dev/null
|
||||
check_return "yum -y update --security"
|
||||
else
|
||||
PACKAGES_TO_BE_UPGRADED=`yum list updates -q`
|
||||
check_return "yum list updates -q"
|
||||
fi
|
||||
|
||||
if [[ -z $PACKAGES_TO_BE_UPGRADED ]]
|
||||
then
|
||||
echo "$(date) [MESSAGE] No packages need updating." >> $LOGFILE
|
||||
else
|
||||
|
||||
echo "
|
||||
Hello,
|
||||
|
||||
Packages requiring updates onto $THISSERVER.
|
||||
|
||||
$PACKAGES_TO_BE_UPGRADED
|
||||
|
||||
The server has the following network interfaces configured ${SERVERADDS[@]}.
|
||||
|
||||
To update the server log in via ssh (e.g. ssh root@${IPADDR[0]}) and run the following command:
|
||||
|
||||
yum upgrade
|
||||
|
||||
See the logfile for more info: vim $LOGFILE
|
||||
|
||||
Regards. " | /bin/mail -s "[$THISSERVER] server may need some updates applied" $MAILTO
|
||||
|
||||
echo "`date` [MESSAGE] Packages need updating email sent to $MAILTO" >> $LOGFILE
|
||||
fi
|
||||
|
||||
stoplogging
|
||||
exit 0
|
@ -1,76 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Script Name: gitlabbackup
|
||||
# Author: Matt McKinnon
|
||||
# Date: 04 May 2018
|
||||
# Description:
|
||||
# This script will backup your gitlab configuration files.
|
||||
# Send an email report.
|
||||
# Rotate backups for 7 days
|
||||
#
|
||||
# Add the following lines to /etc/gitlab/gitlab.rb once added
|
||||
# run gitlab-ctl reconfigure for changes to take effect
|
||||
#
|
||||
# gitlab_rails['backup_path'] = '<BACKUP FOLDER>'
|
||||
# gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
|
||||
|
||||
MAIL="support@comprofix.com"
|
||||
MAILTO="support@comprofix.com"
|
||||
MAILFROM="support@comprofix.com"
|
||||
THISSERVER=$(hostname -f)
|
||||
SMTP="mail.comprofix.com"
|
||||
SUBJECT="$(hostname -f) Gitlab Backup Completed $BAKDATE"
|
||||
BAKDATE=$(date +%Y%m%d)
|
||||
BACKUPDIR='/BACKUP'
|
||||
VHOSTS='/var/www/vhosts/'
|
||||
LOGFOLDER=/var/log/
|
||||
LOGFILE=$LOGFOLDER/backuplog-`date +%d-%m-%Y.log`
|
||||
|
||||
|
||||
rotate_backups() {
|
||||
find $BACKUPDIR -type f -mtime +7 -exec rm -frv {} \; >> $LOGFILE
|
||||
|
||||
}
|
||||
|
||||
startlogging() {
|
||||
echo $DASHES2 >> $LOGFILE
|
||||
echo "$0 started running at $(date)" >> $LOGFILE
|
||||
echo $DASHES >> $LOGFILE
|
||||
}
|
||||
|
||||
stoplogging() {
|
||||
echo $DASHES >> $LOGFILE
|
||||
echo "$0 finished running at $(date)" >> $LOGFILE
|
||||
echo $DASHES2 >> $LOGFILE
|
||||
}
|
||||
|
||||
DASHES="---------------------------------------------------------------------------------"
|
||||
DASHES2="================================================================================="
|
||||
|
||||
if [ ! -d "$BACKUPDIR" ]; then
|
||||
# Control will enter here if $DIRECTORY doesn't exist.
|
||||
mkdir $BACKUPDIR
|
||||
fi
|
||||
|
||||
startlogging
|
||||
|
||||
# Rotate backup files
|
||||
echo "$(date) [MESSAGE] Removing old backups" >> $LOGFILE
|
||||
rotate_backups
|
||||
|
||||
echo "$(date) [MESSAGE] Backing up gitlab for $(hostname -f)" >> $LOGFILE
|
||||
gitlab-rake gitlab:backup:create >> $LOGFILE
|
||||
|
||||
#Backup files to offsite location
|
||||
|
||||
echo "$(date) [MESSAGE] Copying backup files to offsite location" >> $LOGFILE
|
||||
scp -rq -P 2222 $BACKUPDIR/* moe@home.comprofix.com:/data/backup/website
|
||||
|
||||
echo "$(date) [MESSAGE] Sending email of backup report" >> $LOGFILE
|
||||
|
||||
stoplogging
|
||||
|
||||
#sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q
|
||||
|
||||
#Use below if using POSTFIX
|
||||
cat $LOGFILE | mail -s "$SUBJECT" "$MAIL"
|
||||
|
112
godaddy-ddns
Executable file
112
godaddy-ddns
Executable file
@ -0,0 +1,112 @@
|
||||
#!/bin/bash
|
||||
# GoDaddy.sh v1.0 by Nazar78 @ TeaNazaR.com
|
||||
###########################################
|
||||
# Simple DDNS script to update GoDaddy's DNS. Just schedule every 5mins in crontab.
|
||||
# With options to run scripts/programs/commands on update failure/success.
|
||||
#
|
||||
# Requirements:
|
||||
# - Bash - On LEDE/OpenWRT, opkg install bash
|
||||
# - curl CLI - On Debian, apt-get install curl
|
||||
#
|
||||
# History:
|
||||
# v1.0 - 20160513 - 1st release.
|
||||
#
|
||||
# PS: Feel free to distribute but kindly retain the credits (-:
|
||||
###########################################
|
||||
|
||||
# Begin settings
|
||||
# Get the Production API key/secret from https://developer.godaddy.com/keys/.
|
||||
# Ensure it's for "Production" as first time it's created for "Test".
|
||||
#Key=<API production key>
|
||||
#Secret=<API secret>
|
||||
|
||||
Key=A4vTD3PLEX1_G3C4VGGaDiha9BCZZc2ZpP
|
||||
Secret=G3C6k2r1kAbKfMHnws3BAs
|
||||
|
||||
# Domain to update.
|
||||
Domain=comprofix.com
|
||||
|
||||
# Advanced settings - change only if you know what you're doing :-)
|
||||
# Record type, as seen in the DNS setup page, default A.
|
||||
Type=A
|
||||
|
||||
# Record name, as seen in the DNS setup page, default @.
|
||||
Name=home
|
||||
|
||||
# Time To Live in seconds, minimum default 600 (10mins).
|
||||
# If your public IP seldom changes, set it to 3600 (1hr) or more for DNS servers cache performance.
|
||||
TTL=600
|
||||
|
||||
# Writable path to last known Public IP record cached. Best to place in tmpfs.
|
||||
CachedIP=/tmp/current_ip
|
||||
|
||||
# External URL to check for current Public IP, must contain only a single plain text IP.
|
||||
# Default http://api.ipify.org.
|
||||
CheckURL=http://api.ipify.org
|
||||
|
||||
# Optional scripts/programs/commands to execute on successful update. Leave blank to disable.
|
||||
# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
|
||||
# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
|
||||
# Example: SuccessExec='/bin/echo "$(date): My public IP changed to ${PublicIP}!">>/var/log/GoDaddy.sh.log'
|
||||
SuccessExec=''
|
||||
|
||||
# Optional scripts/programs/commands to execute on update failure. Leave blank to disable.
|
||||
# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
|
||||
# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
|
||||
# Example: FailedExec='/some/path/something-went-wrong.sh ${Update} && /some/path/email-script.sh ${PublicIP}'
|
||||
FailedExec=''
|
||||
# End settings
|
||||
|
||||
Curl=$(/usr/bin/which curl 2>/dev/null)
|
||||
Touch=$(/usr/bin/which touch 2>/dev/null)
|
||||
[ "${Curl}" = "" ] &&
|
||||
echo "Error: Unable to find 'curl CLI'." && exit 1
|
||||
[ -z "${Key}" ] || [ -z "${Secret}" ] &&
|
||||
echo "Error: Requires API 'Key/Secret' value." && exit 1
|
||||
[ -z "${Domain}" ] &&
|
||||
echo "Error: Requires 'Domain' value." && exit 1
|
||||
[ -z "${Type}" ] && Type=A
|
||||
[ -z "${Name}" ] && Name=@
|
||||
[ -z "${TTL}" ] && TTL=600
|
||||
[ "${TTL}" -lt 600 ] && TTL=600
|
||||
${Touch} ${CachedIP} 2>/dev/null
|
||||
[ $? -ne 0 ] && echo "Error: Can't write to ${CachedIP}." && exit 1
|
||||
[ -z "${CheckURL}" ] && CheckURL=http://api.ipify.org
|
||||
echo -n "Checking current 'Public IP' from '${CheckURL}'..."
|
||||
PublicIP=$(${Curl} -kLs ${CheckURL})
|
||||
if [ $? -eq 0 ] && [[ "${PublicIP}" =~ [0-9]{1,3}\.[0-9]{1,3} ]];then
|
||||
echo "${PublicIP}!"
|
||||
else
|
||||
echo "Fail! ${PublicIP}"
|
||||
eval ${FailedExec}
|
||||
exit 1
|
||||
fi
|
||||
if [ "$(cat ${CachedIP} 2>/dev/null)" != "${PublicIP}" ];then
|
||||
echo -n "Checking '${Domain}' IP records from 'GoDaddy'..."
|
||||
Check=$(${Curl} -kLsH"Authorization: sso-key ${Key}:${Secret}" \
|
||||
-H"Content-type: application/json" \
|
||||
https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
|
||||
2>/dev/null|jq -r '.[0].data'>/dev/null)
|
||||
if [ $? -eq 0 ] && [ "${Check}" = "${PublicIP}" ];then
|
||||
echo -n ${Check}>${CachedIP}
|
||||
echo -e "unchanged!\nCurrent 'Public IP' matches 'GoDaddy' records. No update required!"
|
||||
else
|
||||
echo -en "changed!\nUpdating '${Domain}'..."
|
||||
Update=$(${Curl} -kLsXPUT -H"Authorization: sso-key ${Key}:${Secret}" \
|
||||
-H"Content-type: application/json" \
|
||||
https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
|
||||
-d "[{\"data\":\"${PublicIP}\",\"ttl\":${TTL}}]" 2>/dev/null)
|
||||
if [ $? -eq 0 ] && [ "${Update}" = "" ];then
|
||||
echo -n ${PublicIP}>${CachedIP}
|
||||
echo "Success!"
|
||||
eval ${SuccessExec}
|
||||
else
|
||||
echo "Fail! ${Update}"
|
||||
eval ${FailedExec}
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "Current 'Public IP' matches 'Cached IP' recorded. No update required!"
|
||||
fi
|
||||
exit $?
|
@ -1,72 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This script is used to check and update your GoDaddy DNS server to the IP address of your current internet connection.
|
||||
# Special thanks to mfox for his ps script
|
||||
# https://github.com/markafox/GoDaddy_Powershell_DDNS
|
||||
#
|
||||
# First go to GoDaddy developer site to create a developer account and get your key and secret
|
||||
#
|
||||
# https://developer.godaddy.com/getstarted
|
||||
# Be aware that there are 2 types of key and secret - one for the test server and one for the production server
|
||||
# Get a key and secret for the production server
|
||||
#
|
||||
#
|
||||
#Create a godaddy_keys file with the lines
|
||||
#
|
||||
# KEY <godaddy dev API KEY>
|
||||
# SECRET <godaddy dev SECRET>
|
||||
#
|
||||
#
|
||||
#Update the first 4 variables with your information
|
||||
|
||||
|
||||
MAILTO="support@comprofix.com"
|
||||
MAILFROM="support@comprofix.com"
|
||||
SMTP="mail.comprofix.com"
|
||||
|
||||
domain="comprofix.com" # your domain
|
||||
name="home" # name of A record to update
|
||||
key=$(cat /opt/scripts/godaddy_keys | grep KEY | awk '{ print $2 }') # key for godaddy developer API
|
||||
secret=$(cat /opt/scripts//godaddy_keys | grep SECRET | awk '{ print $2 }') # secret for godaddy developer API
|
||||
|
||||
headers="Authorization: sso-key $key:$secret"
|
||||
|
||||
# echo $headers
|
||||
|
||||
result=$(curl -s -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
|
||||
|
||||
# echo $result
|
||||
|
||||
dnsIp=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
|
||||
|
||||
# DEBUG: Remove hash from below line
|
||||
# echo "dnsIp:" $dnsIp
|
||||
|
||||
# Get public ip address there are several websites that can do this.
|
||||
ret=$(curl -s GET "http://ipinfo.io/json")
|
||||
currentIp=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
|
||||
|
||||
# DEBUG: Remove hash from below line
|
||||
# echo "currentIp:" $currentIp
|
||||
|
||||
if [ $dnsIp != $currentIp ];
|
||||
then
|
||||
# echo "Ips are not equal"
|
||||
request='{"data":"'$currentIp'","ttl":600}'
|
||||
# echo $request
|
||||
nresult=$(curl -i -s -X PUT \
|
||||
-H "$headers" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d $request "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
|
||||
# echo $nresult
|
||||
|
||||
sendemail -o tls=no -s $SMTP -t $MAILTO -f "$name.$domain <$MAILFROM>" -u "$name.$domain IP has been updated" -m "
|
||||
|
||||
$name.$domain IP has been updated
|
||||
|
||||
$name.$domain IP is now: $currentIp
|
||||
|
||||
|
||||
" -q
|
||||
|
||||
fi
|
59
shorewall-blacklist
Executable file
59
shorewall-blacklist
Executable file
@ -0,0 +1,59 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Shorewall blacklist file
|
||||
# blacklist file
|
||||
#
|
||||
BLACKLIST="/etc/shorewall/blacklist"
|
||||
CUSTOM="/etc/shorewall/custom-blacklist"
|
||||
|
||||
#
|
||||
# get URL
|
||||
#
|
||||
|
||||
URL[0]="http://feeds.dshield.org/block.txt"
|
||||
URL[1]="http://www.spamhaus.org/drop/drop.lasso"
|
||||
|
||||
#Counrtry BlockLists
|
||||
COUNTRY=(cn tw tr mx il id ua za)
|
||||
IPDENY="http://www.ipdeny.com/ipblocks/data/countries"
|
||||
|
||||
#
|
||||
# Don't Edit After this line
|
||||
#
|
||||
|
||||
# Temporary dump staging folder
|
||||
TMP=$(mktemp -d -t tmp.XXXXXXXXXX)
|
||||
#
|
||||
# @method to delete Temporary folder
|
||||
#
|
||||
function finish {
|
||||
rm -rf "$TMP"
|
||||
}
|
||||
trap finish EXIT
|
||||
|
||||
echo "Downloading new blacklists...."
|
||||
|
||||
#Blank out existing blacklists
|
||||
cat /dev/null > "$TMP/blacklist"
|
||||
cat /dev/null > $BLACKLIST
|
||||
|
||||
#Add custom entries
|
||||
if [[ -s $CUSTOM ]]; then
|
||||
cat $CUSTOM >> "$TMP/blacklist"
|
||||
fi
|
||||
|
||||
## top 20 attacking class C (/24)
|
||||
wget -q -O - ${URL[0]} | sed '1,/Start/d' | sed '/#/d' | awk '{print $1,$3}' | sed 's/ /\//' >> "$TMP/blacklist"
|
||||
|
||||
## Spamhaus DROP List
|
||||
wget -q -O - ${URL[1]} | sed '1,/Expires/d' | awk '{print $1}' >> "$TMP/blacklist"
|
||||
|
||||
## Country Blocklists
|
||||
for BLOCK in ${COUNTRY[*]}; do
|
||||
wget -q -O - $IPDENY/$BLOCK.zone | awk '{print $1}' >> "$TMP/blacklist"
|
||||
done
|
||||
|
||||
#Remove duplicate entries
|
||||
sort "$TMP/blacklist" | uniq -c | awk '{print $2}' > $BLACKLIST
|
||||
|
||||
shorewall refresh
|
37
ssl-install
Executable file
37
ssl-install
Executable file
@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
# Script Name: ssl-install
|
||||
# Author: Matt McKinnon
|
||||
# Date: 28th May 2018
|
||||
# Description:
|
||||
#
|
||||
# Script used to copy Let's Encrypt Generated Certificates from generating server to ESXi VPS Server.
|
||||
# This script requires acme.sh be used to setup your Let's Encrypt Certificates.
|
||||
# - https://github.com/Neilpang/acme.sh
|
||||
#
|
||||
# SSH Key Login also needs to be enabled on ESXi
|
||||
#
|
||||
#
|
||||
#
|
||||
#
|
||||
|
||||
DOM_NAME="comprofix.com"
|
||||
ESXI_SERVER="esxi.comprofix.com"
|
||||
|
||||
|
||||
if [ ! -d $HOME/.acme.sh ]; then
|
||||
echo "Folder does not exist"
|
||||
exit 0
|
||||
else
|
||||
echo "You are using acme.sh. Well done"
|
||||
|
||||
fi
|
||||
|
||||
|
||||
scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.cer root@$ESXI_SERVER:/etc/vmware/ssl/rui.crt
|
||||
scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.key root@$ESXI_SERVER:/etc/vmware/ssl/rui.key
|
||||
#ssh -qt root@$ESXI_SERVER "/sbin/services.sh restart"
|
||||
ssh -qt root@$ESXI_SERVER "/etc/init.d/hostd restart"
|
||||
ssh -qt root@$ESXI_SERVER "/etc/init.d/vpxa restart"
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user