diff --git a/README.md b/README.md
old mode 100755
new mode 100644
index 608dbf0..557e9a4
--- a/README.md
+++ b/README.md
@@ -4,101 +4,91 @@ Scripts for different tasks
These scripts perform multiple of different tasks that help monitor the server and send emails after performing functions.
To send emails the sendEmail package is required
-apt-get install sendemail
+
+apt-get install sendemail
+
+
Change the following lines in scripts that send emails
MAILFROM is set to determine the server name and domain name for the server and generate and email for it to determine where the email is coming from. This can be changed to specify an email address or you can leave it to generate one.
-
-MAILTO=user@example.com
+MAILTO=user@example.com
SMTP=mail.example.com
MAILFROM=$(hostaname)@$(dnsdomainname)
-
+
#### 00logwatch
This script sends a report based on the log files and settings.
Installation
-
-apt-get install logwatch
+apt-get install logwatch
ln -s $(pwd)/00logwatch /etc/cron.daily
-
+
-#### check_updates_deb_sh
+#### check_updates_deb
This script checks for updates on your Debian based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
Installation
-
-ln -s $(pwd)/check_updates_deb_sh /etc/cron.daily
-
+ln -s $(pwd)/check_updates_deb /etc/cron.daily
+
-#### dbbackup.sh
+#### check_updates_rpm
+
+This script checks for updates on your RPM based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
+
+Installation
+ln -s $(pwd)/check_updates_rpm /etc/cron.daily
+
+
+#### dbbackup
This scripts backs up mysql databases and rotates the number of backups through seven days.
Specify the user and password that has access to the databases.
-
-DBUSER='dbbackup'
+DBUSER='dbbackup'
DBPASS='EWFfP3GZsqr427Yj'
BACKUPDIR='/BACKUP/db/'
-
+
-#### diskalert.sh
+Installation
+ln -s $(pwd)/dbbackup /etc/cron.daily
+
+
+#### diskalert
Sends and email when disk space reaches greater than 90%.
Installation
-
-ln -s ${pwd}/diskalert.sh /etc/cron.hourly
-
-
-#### gitlabbackup.sh
-
-If you run your own gitlab server.
-
-Add the following lines to /etc/gitlab/gitlab.rb once added run gitlab-ctl reconfigure for changes to take effect
-
-
-gitlab_rails['backup_path'] = 'BACKUP FOLDER'
-gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
-
-
-Change the BACKUP FOLDER to a location where you want the backups to be saved.
-
-Installation
-
-ln -s ${PWD}/gitlabbackup.sh /etc/cron.daily
-
+ln -s ${pwd}/diskalert.sh /etc/cron.hourly
+
#### nasbackup.sh
This script does an rsync from one folder location to another
Installation
-
-ln -s ${PWD}/nasbackup.sh /etc/cron.daily
-
+
+ln -s ${PWD}/nasbackup /etc/cron.daily
+
-#### mailQWatch.sh
+#### mailQWatch
Script checks mailq size on a postfix system and sends an email when queue size is greater than threshold.
Update variables in scripts to suit your needs.
-
-QUEUELIMIT=75
+QUEUELIMIT=75
SUBJECT="Mail Queue on $HOST is currently $QUEUECOUNT"
MAILTO="user@example.com"
-
+
Installation
As root, sudo will not work.
-
-echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
-
+echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
+
diff --git a/check_updates_deb.sh b/check_updates_deb
similarity index 100%
rename from check_updates_deb.sh
rename to check_updates_deb
diff --git a/check_updates_rpm b/check_updates_rpm
new file mode 100755
index 0000000..37c6df1
--- /dev/null
+++ b/check_updates_rpm
@@ -0,0 +1,141 @@
+#!/bin/bash
+# Script Name: check_updates_rpm
+# Author Name: Matt McKinnon
+# Date: 7th June 2016
+# Description: For use on rpm based distros ie CentOS, Red Hat, Fedora
+# This script will:
+# Clean up the local rpm repository of retrieved packages (yum clean)
+# Resync the package index (yum makecache)
+# If called with AUTOUPDATE set to yes then SECURITY updates will be downloaded and applied. (The package yum-plugin-security is required Install using
+# yum install yum-plugin-security)
+
+#
+# Make user configuration changes in this section
+#
+
+MAILTO="support@comprofix.com"
+AUTOUPDATE="no"
+LOGFILE="/var/log/server_maint.log"
+THISSERVER=$(hostname -f)
+
+#
+# End of user configuration section
+#
+
+DASHES="---------------------------------------------------------------------------------"
+DASHES2="================================================================================="
+
+
+# Check if the script is being run as root exit if it is not.
+
+if [ $(id -u) -ne 0 ]
+then
+echo "ur not root bro"
+ exit 1
+fi
+
+startlogging() {
+ echo $DASHES2 >> $LOGFILE
+ echo "$0 started running at `date`" >> $LOGFILE
+ echo $DASHES2 >> $LOGFILE
+}
+
+stoplogging() {
+ echo "`date` [MESSAGE] $0 finished runnning" >> $LOGFILE
+ echo $DASHES >> $LOGFILE
+}
+
+check_return() {
+ if [ "$?" -ne "0" ]
+ then
+ echo "$(date) [ERROR] $1 failed to run" >> $LOGFILE
+ send_error_email $1
+ stoplogging
+ exit 1
+ fi
+ echo "$(date) [SUCCESS] $1 ran without error" >> $LOGFILE
+}
+
+send_error_email() {
+echo "Hello,
+
+Whilst running the update script ($0) on $THISSERVER there was a problem.
+
+[ERROR] "$1" failed to run
+
+The server has the following network interfaces configured ${SERVERADDS[@]}.
+
+Please log in via ssh (e.g. ssh root@${IPADDR[0]}) and check the log file:
+
+vim $LOGFILE
+
+Regards." | /bin/mail -s "[$THISSERVER] There was an error whilst running $0" $MAILTO
+}
+
+# IP Address stuff
+declare -a IPADDR
+declare -a NICINTERFACE
+declare -a SERVERADDS
+index=0
+
+for i in $( ifconfig | grep 'inet addr' | awk '{print $2}'| sed 's#addr:##g' );
+do
+ IPADDR[$index]=$i
+ let "index += 1"
+done
+
+index=0
+
+for i in $( ifconfig | grep 'eth' | awk '{print $1}' );
+do
+ SERVERADDS[$index]="$i ${IPADDR[$index]}"
+ let "index += 1"
+done
+
+# End IP Address stuff
+
+
+startlogging
+
+yum clean all > /dev/null
+check_return "yum clean all"
+
+yum makecache > /dev/null
+check_return "yum makecache"
+
+if [[ "$AUTOUPDATE" == "yes" ]]
+then
+ yum -y update --security > /dev/null
+ check_return "yum -y update --security"
+else
+ PACKAGES_TO_BE_UPGRADED=`yum list updates -q`
+ check_return "yum list updates -q"
+fi
+
+if [[ -z $PACKAGES_TO_BE_UPGRADED ]]
+then
+ echo "$(date) [MESSAGE] No packages need updating." >> $LOGFILE
+else
+
+echo "
+Hello,
+
+Packages requiring updates onto $THISSERVER.
+
+$PACKAGES_TO_BE_UPGRADED
+
+The server has the following network interfaces configured ${SERVERADDS[@]}.
+
+To update the server log in via ssh (e.g. ssh root@${IPADDR[0]}) and run the following command:
+
+yum upgrade
+
+See the logfile for more info: vim $LOGFILE
+
+Regards. " | /bin/mail -s "[$THISSERVER] server may need some updates applied" $MAILTO
+
+ echo "`date` [MESSAGE] Packages need updating email sent to $MAILTO" >> $LOGFILE
+fi
+
+stoplogging
+exit 0
diff --git a/dbbackup.sh b/dbbackup
similarity index 100%
rename from dbbackup.sh
rename to dbbackup
diff --git a/diskalert.sh b/diskalert
similarity index 100%
rename from diskalert.sh
rename to diskalert
diff --git a/gitlabbackup.sh b/gitlabbackup.sh
deleted file mode 100755
index c314e21..0000000
--- a/gitlabbackup.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-# Script Name: gitlabbackup
-# Author: Matt McKinnon
-# Date: 04 May 2018
-# Description:
-# This script will backup your gitlab configuration files.
-# Send an email report.
-# Rotate backups for 7 days
-#
-# Add the following lines to /etc/gitlab/gitlab.rb once added
-# run gitlab-ctl reconfigure for changes to take effect
-#
-# gitlab_rails['backup_path'] = ''
-# gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
-
-MAIL="support@comprofix.com"
-MAILTO="support@comprofix.com"
-MAILFROM="support@comprofix.com"
-THISSERVER=$(hostname -f)
-SMTP="mail.comprofix.com"
-SUBJECT="$(hostname -f) Gitlab Backup Completed $BAKDATE"
-BAKDATE=$(date +%Y%m%d)
-BACKUPDIR='/BACKUP'
-VHOSTS='/var/www/vhosts/'
-LOGFOLDER=/var/log/
-LOGFILE=$LOGFOLDER/backuplog-`date +%d-%m-%Y.log`
-
-
-rotate_backups() {
- find $BACKUPDIR -type f -mtime +7 -exec rm -frv {} \; >> $LOGFILE
-
-}
-
-startlogging() {
- echo $DASHES2 >> $LOGFILE
- echo "$0 started running at $(date)" >> $LOGFILE
- echo $DASHES >> $LOGFILE
-}
-
-stoplogging() {
- echo $DASHES >> $LOGFILE
- echo "$0 finished running at $(date)" >> $LOGFILE
- echo $DASHES2 >> $LOGFILE
-}
-
-DASHES="---------------------------------------------------------------------------------"
-DASHES2="================================================================================="
-
-if [ ! -d "$BACKUPDIR" ]; then
- # Control will enter here if $DIRECTORY doesn't exist.
- mkdir $BACKUPDIR
-fi
-
-startlogging
-
-# Rotate backup files
-echo "$(date) [MESSAGE] Removing old backups" >> $LOGFILE
-rotate_backups
-
-echo "$(date) [MESSAGE] Backing up gitlab for $(hostname -f)" >> $LOGFILE
-gitlab-rake gitlab:backup:create >> $LOGFILE
-
-#Backup files to offsite location
-
-echo "$(date) [MESSAGE] Copying backup files to offsite location" >> $LOGFILE
-scp -rq -P 2222 $BACKUPDIR/* moe@home.comprofix.com:/data/backup/website
-
-echo "$(date) [MESSAGE] Sending email of backup report" >> $LOGFILE
-
-stoplogging
-
-#sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q
-
-#Use below if using POSTFIX
-cat $LOGFILE | mail -s "$SUBJECT" "$MAIL"
-
diff --git a/godaddy-ddns b/godaddy-ddns
new file mode 100755
index 0000000..f51a33e
--- /dev/null
+++ b/godaddy-ddns
@@ -0,0 +1,112 @@
+#!/bin/bash
+# GoDaddy.sh v1.0 by Nazar78 @ TeaNazaR.com
+###########################################
+# Simple DDNS script to update GoDaddy's DNS. Just schedule every 5mins in crontab.
+# With options to run scripts/programs/commands on update failure/success.
+#
+# Requirements:
+# - Bash - On LEDE/OpenWRT, opkg install bash
+# - curl CLI - On Debian, apt-get install curl
+#
+# History:
+# v1.0 - 20160513 - 1st release.
+#
+# PS: Feel free to distribute but kindly retain the credits (-:
+###########################################
+
+# Begin settings
+# Get the Production API key/secret from https://developer.godaddy.com/keys/.
+# Ensure it's for "Production" as first time it's created for "Test".
+#Key=
+#Secret=
+
+Key=A4vTD3PLEX1_G3C4VGGaDiha9BCZZc2ZpP
+Secret=G3C6k2r1kAbKfMHnws3BAs
+
+# Domain to update.
+Domain=comprofix.com
+
+# Advanced settings - change only if you know what you're doing :-)
+# Record type, as seen in the DNS setup page, default A.
+Type=A
+
+# Record name, as seen in the DNS setup page, default @.
+Name=home
+
+# Time To Live in seconds, minimum default 600 (10mins).
+# If your public IP seldom changes, set it to 3600 (1hr) or more for DNS servers cache performance.
+TTL=600
+
+# Writable path to last known Public IP record cached. Best to place in tmpfs.
+CachedIP=/tmp/current_ip
+
+# External URL to check for current Public IP, must contain only a single plain text IP.
+# Default http://api.ipify.org.
+CheckURL=http://api.ipify.org
+
+# Optional scripts/programs/commands to execute on successful update. Leave blank to disable.
+# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
+# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
+# Example: SuccessExec='/bin/echo "$(date): My public IP changed to ${PublicIP}!">>/var/log/GoDaddy.sh.log'
+SuccessExec=''
+
+# Optional scripts/programs/commands to execute on update failure. Leave blank to disable.
+# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
+# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
+# Example: FailedExec='/some/path/something-went-wrong.sh ${Update} && /some/path/email-script.sh ${PublicIP}'
+FailedExec=''
+# End settings
+
+Curl=$(/usr/bin/which curl 2>/dev/null)
+Touch=$(/usr/bin/which touch 2>/dev/null)
+[ "${Curl}" = "" ] &&
+echo "Error: Unable to find 'curl CLI'." && exit 1
+[ -z "${Key}" ] || [ -z "${Secret}" ] &&
+echo "Error: Requires API 'Key/Secret' value." && exit 1
+[ -z "${Domain}" ] &&
+echo "Error: Requires 'Domain' value." && exit 1
+[ -z "${Type}" ] && Type=A
+[ -z "${Name}" ] && Name=@
+[ -z "${TTL}" ] && TTL=600
+[ "${TTL}" -lt 600 ] && TTL=600
+${Touch} ${CachedIP} 2>/dev/null
+[ $? -ne 0 ] && echo "Error: Can't write to ${CachedIP}." && exit 1
+[ -z "${CheckURL}" ] && CheckURL=http://api.ipify.org
+echo -n "Checking current 'Public IP' from '${CheckURL}'..."
+PublicIP=$(${Curl} -kLs ${CheckURL})
+if [ $? -eq 0 ] && [[ "${PublicIP}" =~ [0-9]{1,3}\.[0-9]{1,3} ]];then
+ echo "${PublicIP}!"
+else
+ echo "Fail! ${PublicIP}"
+ eval ${FailedExec}
+ exit 1
+fi
+if [ "$(cat ${CachedIP} 2>/dev/null)" != "${PublicIP}" ];then
+ echo -n "Checking '${Domain}' IP records from 'GoDaddy'..."
+ Check=$(${Curl} -kLsH"Authorization: sso-key ${Key}:${Secret}" \
+ -H"Content-type: application/json" \
+ https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
+ 2>/dev/null|jq -r '.[0].data'>/dev/null)
+ if [ $? -eq 0 ] && [ "${Check}" = "${PublicIP}" ];then
+ echo -n ${Check}>${CachedIP}
+ echo -e "unchanged!\nCurrent 'Public IP' matches 'GoDaddy' records. No update required!"
+ else
+ echo -en "changed!\nUpdating '${Domain}'..."
+ Update=$(${Curl} -kLsXPUT -H"Authorization: sso-key ${Key}:${Secret}" \
+ -H"Content-type: application/json" \
+ https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
+ -d "[{\"data\":\"${PublicIP}\",\"ttl\":${TTL}}]" 2>/dev/null)
+ if [ $? -eq 0 ] && [ "${Update}" = "" ];then
+ echo -n ${PublicIP}>${CachedIP}
+ echo "Success!"
+ eval ${SuccessExec}
+ else
+ echo "Fail! ${Update}"
+ eval ${FailedExec}
+ exit 1
+ fi
+ fi
+else
+ echo "Current 'Public IP' matches 'Cached IP' recorded. No update required!"
+fi
+exit $?
diff --git a/godaddy-ddns.sh b/godaddy-ddns.sh
deleted file mode 100755
index 3dc9e4e..0000000
--- a/godaddy-ddns.sh
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash
-
-# This script is used to check and update your GoDaddy DNS server to the IP address of your current internet connection.
-# Special thanks to mfox for his ps script
-# https://github.com/markafox/GoDaddy_Powershell_DDNS
-#
-# First go to GoDaddy developer site to create a developer account and get your key and secret
-#
-# https://developer.godaddy.com/getstarted
-# Be aware that there are 2 types of key and secret - one for the test server and one for the production server
-# Get a key and secret for the production server
-#
-#
-#Create a godaddy_keys file with the lines
-#
-# KEY
-# SECRET
-#
-#
-#Update the first 4 variables with your information
-
-
-MAILTO="support@comprofix.com"
-MAILFROM="support@comprofix.com"
-SMTP="mail.comprofix.com"
-
-domain="comprofix.com" # your domain
-name="home" # name of A record to update
-key=$(cat /opt/scripts/godaddy_keys | grep KEY | awk '{ print $2 }') # key for godaddy developer API
-secret=$(cat /opt/scripts//godaddy_keys | grep SECRET | awk '{ print $2 }') # secret for godaddy developer API
-
-headers="Authorization: sso-key $key:$secret"
-
-# echo $headers
-
-result=$(curl -s -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
-
-# echo $result
-
-dnsIp=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
-
-# DEBUG: Remove hash from below line
-# echo "dnsIp:" $dnsIp
-
-# Get public ip address there are several websites that can do this.
-ret=$(curl -s GET "http://ipinfo.io/json")
-currentIp=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
-
-# DEBUG: Remove hash from below line
-# echo "currentIp:" $currentIp
-
- if [ $dnsIp != $currentIp ];
- then
- # echo "Ips are not equal"
- request='{"data":"'$currentIp'","ttl":600}'
- # echo $request
- nresult=$(curl -i -s -X PUT \
- -H "$headers" \
- -H "Content-Type: application/json" \
- -d $request "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
- # echo $nresult
-
- sendemail -o tls=no -s $SMTP -t $MAILTO -f "$name.$domain <$MAILFROM>" -u "$name.$domain IP has been updated" -m "
-
- $name.$domain IP has been updated
-
- $name.$domain IP is now: $currentIp
-
-
- " -q
-
-fi
diff --git a/mailQWatch.sh b/mailQWatch
similarity index 100%
rename from mailQWatch.sh
rename to mailQWatch
diff --git a/nasbackup.sh b/nasbackup
similarity index 100%
rename from nasbackup.sh
rename to nasbackup
diff --git a/plesk-backup.sh b/plesk-backup
similarity index 100%
rename from plesk-backup.sh
rename to plesk-backup
diff --git a/shorewall-blacklist b/shorewall-blacklist
new file mode 100755
index 0000000..b7c9bcf
--- /dev/null
+++ b/shorewall-blacklist
@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# Shorewall blacklist file
+# blacklist file
+#
+BLACKLIST="/etc/shorewall/blacklist"
+CUSTOM="/etc/shorewall/custom-blacklist"
+
+#
+# get URL
+#
+
+URL[0]="http://feeds.dshield.org/block.txt"
+URL[1]="http://www.spamhaus.org/drop/drop.lasso"
+
+#Counrtry BlockLists
+COUNTRY=(cn tw tr mx il id ua za)
+IPDENY="http://www.ipdeny.com/ipblocks/data/countries"
+
+#
+# Don't Edit After this line
+#
+
+# Temporary dump staging folder
+ TMP=$(mktemp -d -t tmp.XXXXXXXXXX)
+ #
+ # @method to delete Temporary folder
+ #
+ function finish {
+ rm -rf "$TMP"
+}
+trap finish EXIT
+
+echo "Downloading new blacklists...."
+
+#Blank out existing blacklists
+cat /dev/null > "$TMP/blacklist"
+cat /dev/null > $BLACKLIST
+
+#Add custom entries
+if [[ -s $CUSTOM ]]; then
+ cat $CUSTOM >> "$TMP/blacklist"
+fi
+
+## top 20 attacking class C (/24)
+wget -q -O - ${URL[0]} | sed '1,/Start/d' | sed '/#/d' | awk '{print $1,$3}' | sed 's/ /\//' >> "$TMP/blacklist"
+
+## Spamhaus DROP List
+wget -q -O - ${URL[1]} | sed '1,/Expires/d' | awk '{print $1}' >> "$TMP/blacklist"
+
+## Country Blocklists
+for BLOCK in ${COUNTRY[*]}; do
+ wget -q -O - $IPDENY/$BLOCK.zone | awk '{print $1}' >> "$TMP/blacklist"
+done
+
+#Remove duplicate entries
+sort "$TMP/blacklist" | uniq -c | awk '{print $2}' > $BLACKLIST
+
+shorewall refresh
diff --git a/ssl-install b/ssl-install
new file mode 100755
index 0000000..c272cf5
--- /dev/null
+++ b/ssl-install
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Script Name: ssl-install
+# Author: Matt McKinnon
+# Date: 28th May 2018
+# Description:
+#
+# Script used to copy Let's Encrypt Generated Certificates from generating server to ESXi VPS Server.
+# This script requires acme.sh be used to setup your Let's Encrypt Certificates.
+# - https://github.com/Neilpang/acme.sh
+#
+# SSH Key Login also needs to be enabled on ESXi
+#
+#
+#
+#
+
+DOM_NAME="comprofix.com"
+ESXI_SERVER="esxi.comprofix.com"
+
+
+if [ ! -d $HOME/.acme.sh ]; then
+ echo "Folder does not exist"
+ exit 0
+else
+ echo "You are using acme.sh. Well done"
+
+fi
+
+
+scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.cer root@$ESXI_SERVER:/etc/vmware/ssl/rui.crt
+scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.key root@$ESXI_SERVER:/etc/vmware/ssl/rui.key
+#ssh -qt root@$ESXI_SERVER "/sbin/services.sh restart"
+ssh -qt root@$ESXI_SERVER "/etc/init.d/hostd restart"
+ssh -qt root@$ESXI_SERVER "/etc/init.d/vpxa restart"
+
+
+