This commit is contained in:
Matthew McKinnon 2018-09-21 10:12:03 +10:00
commit 426fa43f66
13 changed files with 386 additions and 195 deletions

84
README.md Executable file → Normal file
View File

@ -4,101 +4,91 @@ Scripts for different tasks
These scripts perform multiple of different tasks that help monitor the server and send emails after performing functions.
To send emails the sendEmail package is required
<pre><code>apt-get install sendemail</code></pre>
<pre>
apt-get install sendemail
</pre>
Change the following lines in scripts that send emails
MAILFROM is set to determine the server name and domain name for the server and generate and email for it to determine where the email is coming from. This can be changed to specify an email address or you can leave it to generate one.
<pre><code>
MAILTO=user@example.com
<pre>MAILTO=user@example.com
SMTP=mail.example.com
MAILFROM=$(hostaname)@$(dnsdomainname)
</code></pre>
</pre>
#### 00logwatch
This script sends a report based on the log files and settings.
<b>Installation</b>
<pre><code>
apt-get install logwatch
<pre>apt-get install logwatch
ln -s $(pwd)/00logwatch /etc/cron.daily
</code></pre>
</pre>
#### check_updates_deb_sh
#### check_updates_deb
This script checks for updates on your Debian based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
<b>Installation</b>
<pre><code>
ln -s $(pwd)/check_updates_deb_sh /etc/cron.daily
</code></pre>
<pre>ln -s $(pwd)/check_updates_deb /etc/cron.daily
</pre>
#### dbbackup.sh
#### check_updates_rpm
This script checks for updates on your RPM based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
<b>Installation</b>
<pre>ln -s $(pwd)/check_updates_rpm /etc/cron.daily
</pre>
#### dbbackup
This scripts backs up mysql databases and rotates the number of backups through seven days.
Specify the user and password that has access to the databases.
<pre><code>
DBUSER='dbbackup'
<pre>DBUSER='dbbackup'
DBPASS='EWFfP3GZsqr427Yj'
BACKUPDIR='/BACKUP/db/'
</code></pre>
</pre>
#### diskalert.sh
<b>Installation</b>
<pre>ln -s $(pwd)/dbbackup /etc/cron.daily
</pre>
#### diskalert
Sends and email when disk space reaches greater than 90%.
<b>Installation</b>
<pre><code>
ln -s ${pwd}/diskalert.sh /etc/cron.hourly
</code></pre>
#### gitlabbackup.sh
If you run your own gitlab server.
Add the following lines to /etc/gitlab/gitlab.rb once added run gitlab-ctl reconfigure for changes to take effect
<pre><code>
gitlab_rails['backup_path'] = 'BACKUP FOLDER'
gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
</code></pre>
Change the BACKUP FOLDER to a location where you want the backups to be saved.
<b>Installation</b>
<pre><code>
ln -s ${PWD}/gitlabbackup.sh /etc/cron.daily
</code></pre>
<pre>ln -s ${pwd}/diskalert.sh /etc/cron.hourly
</pre>
#### nasbackup.sh
This script does an rsync from one folder location to another
<b>Installation</b>
<pre><code>
ln -s ${PWD}/nasbackup.sh /etc/cron.daily
</code></pre>
<pre>
ln -s ${PWD}/nasbackup /etc/cron.daily
</pre>
#### mailQWatch.sh
#### mailQWatch
Script checks mailq size on a postfix system and sends an email when queue size is greater than threshold.
Update variables in scripts to suit your needs.
<pre><code>
QUEUELIMIT=75
<pre>QUEUELIMIT=75
SUBJECT="Mail Queue on $HOST is currently $QUEUECOUNT"
MAILTO="user@example.com"
</code></pre>
</pre>
<b>Installation</b>
As root, sudo will not work.
<pre><code>
echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
</code></pre>
<pre>echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
</pre>

141
check_updates_rpm Executable file
View File

@ -0,0 +1,141 @@
#!/bin/bash
# Script Name: check_updates_rpm
# Author Name: Matt McKinnon
# Date: 7th June 2016
# Description: For use on rpm based distros ie CentOS, Red Hat, Fedora
# This script will:
# Clean up the local rpm repository of retrieved packages (yum clean)
# Resync the package index (yum makecache)
# If called with AUTOUPDATE set to yes then SECURITY updates will be downloaded and applied. (The package yum-plugin-security is required Install using
# yum install yum-plugin-security)
#
# Make user configuration changes in this section
#
MAILTO="support@comprofix.com"
AUTOUPDATE="no"
LOGFILE="/var/log/server_maint.log"
THISSERVER=$(hostname -f)
#
# End of user configuration section
#
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
# Check if the script is being run as root exit if it is not.
if [ $(id -u) -ne 0 ]
then
echo "ur not root bro"
exit 1
fi
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at `date`" >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
stoplogging() {
echo "`date` [MESSAGE] $0 finished runnning" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
check_return() {
if [ "$?" -ne "0" ]
then
echo "$(date) [ERROR] $1 failed to run" >> $LOGFILE
send_error_email $1
stoplogging
exit 1
fi
echo "$(date) [SUCCESS] $1 ran without error" >> $LOGFILE
}
send_error_email() {
echo "Hello,
Whilst running the update script ($0) on $THISSERVER there was a problem.
[ERROR] "$1" failed to run
The server has the following network interfaces configured ${SERVERADDS[@]}.
Please log in via ssh (e.g. ssh root@${IPADDR[0]}) and check the log file:
vim $LOGFILE
Regards." | /bin/mail -s "[$THISSERVER] There was an error whilst running $0" $MAILTO
}
# IP Address stuff
declare -a IPADDR
declare -a NICINTERFACE
declare -a SERVERADDS
index=0
for i in $( ifconfig | grep 'inet addr' | awk '{print $2}'| sed 's#addr:##g' );
do
IPADDR[$index]=$i
let "index += 1"
done
index=0
for i in $( ifconfig | grep 'eth' | awk '{print $1}' );
do
SERVERADDS[$index]="$i ${IPADDR[$index]}"
let "index += 1"
done
# End IP Address stuff
startlogging
yum clean all > /dev/null
check_return "yum clean all"
yum makecache > /dev/null
check_return "yum makecache"
if [[ "$AUTOUPDATE" == "yes" ]]
then
yum -y update --security > /dev/null
check_return "yum -y update --security"
else
PACKAGES_TO_BE_UPGRADED=`yum list updates -q`
check_return "yum list updates -q"
fi
if [[ -z $PACKAGES_TO_BE_UPGRADED ]]
then
echo "$(date) [MESSAGE] No packages need updating." >> $LOGFILE
else
echo "
Hello,
Packages requiring updates onto $THISSERVER.
$PACKAGES_TO_BE_UPGRADED
The server has the following network interfaces configured ${SERVERADDS[@]}.
To update the server log in via ssh (e.g. ssh root@${IPADDR[0]}) and run the following command:
yum upgrade
See the logfile for more info: vim $LOGFILE
Regards. " | /bin/mail -s "[$THISSERVER] server may need some updates applied" $MAILTO
echo "`date` [MESSAGE] Packages need updating email sent to $MAILTO" >> $LOGFILE
fi
stoplogging
exit 0

View File

@ -1,76 +0,0 @@
#!/bin/bash
# Script Name: gitlabbackup
# Author: Matt McKinnon
# Date: 04 May 2018
# Description:
# This script will backup your gitlab configuration files.
# Send an email report.
# Rotate backups for 7 days
#
# Add the following lines to /etc/gitlab/gitlab.rb once added
# run gitlab-ctl reconfigure for changes to take effect
#
# gitlab_rails['backup_path'] = '<BACKUP FOLDER>'
# gitlab_rails['backup_keep_time'] = 604800 #7 days of backups to keep
MAIL="support@comprofix.com"
MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f)
SMTP="mail.comprofix.com"
SUBJECT="$(hostname -f) Gitlab Backup Completed $BAKDATE"
BAKDATE=$(date +%Y%m%d)
BACKUPDIR='/BACKUP'
VHOSTS='/var/www/vhosts/'
LOGFOLDER=/var/log/
LOGFILE=$LOGFOLDER/backuplog-`date +%d-%m-%Y.log`
rotate_backups() {
find $BACKUPDIR -type f -mtime +7 -exec rm -frv {} \; >> $LOGFILE
}
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at $(date)" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
stoplogging() {
echo $DASHES >> $LOGFILE
echo "$0 finished running at $(date)" >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
if [ ! -d "$BACKUPDIR" ]; then
# Control will enter here if $DIRECTORY doesn't exist.
mkdir $BACKUPDIR
fi
startlogging
# Rotate backup files
echo "$(date) [MESSAGE] Removing old backups" >> $LOGFILE
rotate_backups
echo "$(date) [MESSAGE] Backing up gitlab for $(hostname -f)" >> $LOGFILE
gitlab-rake gitlab:backup:create >> $LOGFILE
#Backup files to offsite location
echo "$(date) [MESSAGE] Copying backup files to offsite location" >> $LOGFILE
scp -rq -P 2222 $BACKUPDIR/* moe@home.comprofix.com:/data/backup/website
echo "$(date) [MESSAGE] Sending email of backup report" >> $LOGFILE
stoplogging
#sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q
#Use below if using POSTFIX
cat $LOGFILE | mail -s "$SUBJECT" "$MAIL"

112
godaddy-ddns Executable file
View File

@ -0,0 +1,112 @@
#!/bin/bash
# GoDaddy.sh v1.0 by Nazar78 @ TeaNazaR.com
###########################################
# Simple DDNS script to update GoDaddy's DNS. Just schedule every 5mins in crontab.
# With options to run scripts/programs/commands on update failure/success.
#
# Requirements:
# - Bash - On LEDE/OpenWRT, opkg install bash
# - curl CLI - On Debian, apt-get install curl
#
# History:
# v1.0 - 20160513 - 1st release.
#
# PS: Feel free to distribute but kindly retain the credits (-:
###########################################
# Begin settings
# Get the Production API key/secret from https://developer.godaddy.com/keys/.
# Ensure it's for "Production" as first time it's created for "Test".
#Key=<API production key>
#Secret=<API secret>
Key=A4vTD3PLEX1_G3C4VGGaDiha9BCZZc2ZpP
Secret=G3C6k2r1kAbKfMHnws3BAs
# Domain to update.
Domain=comprofix.com
# Advanced settings - change only if you know what you're doing :-)
# Record type, as seen in the DNS setup page, default A.
Type=A
# Record name, as seen in the DNS setup page, default @.
Name=home
# Time To Live in seconds, minimum default 600 (10mins).
# If your public IP seldom changes, set it to 3600 (1hr) or more for DNS servers cache performance.
TTL=600
# Writable path to last known Public IP record cached. Best to place in tmpfs.
CachedIP=/tmp/current_ip
# External URL to check for current Public IP, must contain only a single plain text IP.
# Default http://api.ipify.org.
CheckURL=http://api.ipify.org
# Optional scripts/programs/commands to execute on successful update. Leave blank to disable.
# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
# Example: SuccessExec='/bin/echo "$(date): My public IP changed to ${PublicIP}!">>/var/log/GoDaddy.sh.log'
SuccessExec=''
# Optional scripts/programs/commands to execute on update failure. Leave blank to disable.
# This variable will be evaluated at runtime but will not be parsed for errors nor execution guaranteed.
# Take note of the single quotes. If it's a script, ensure it's executable i.e. chmod 755 ./script.
# Example: FailedExec='/some/path/something-went-wrong.sh ${Update} && /some/path/email-script.sh ${PublicIP}'
FailedExec=''
# End settings
Curl=$(/usr/bin/which curl 2>/dev/null)
Touch=$(/usr/bin/which touch 2>/dev/null)
[ "${Curl}" = "" ] &&
echo "Error: Unable to find 'curl CLI'." && exit 1
[ -z "${Key}" ] || [ -z "${Secret}" ] &&
echo "Error: Requires API 'Key/Secret' value." && exit 1
[ -z "${Domain}" ] &&
echo "Error: Requires 'Domain' value." && exit 1
[ -z "${Type}" ] && Type=A
[ -z "${Name}" ] && Name=@
[ -z "${TTL}" ] && TTL=600
[ "${TTL}" -lt 600 ] && TTL=600
${Touch} ${CachedIP} 2>/dev/null
[ $? -ne 0 ] && echo "Error: Can't write to ${CachedIP}." && exit 1
[ -z "${CheckURL}" ] && CheckURL=http://api.ipify.org
echo -n "Checking current 'Public IP' from '${CheckURL}'..."
PublicIP=$(${Curl} -kLs ${CheckURL})
if [ $? -eq 0 ] && [[ "${PublicIP}" =~ [0-9]{1,3}\.[0-9]{1,3} ]];then
echo "${PublicIP}!"
else
echo "Fail! ${PublicIP}"
eval ${FailedExec}
exit 1
fi
if [ "$(cat ${CachedIP} 2>/dev/null)" != "${PublicIP}" ];then
echo -n "Checking '${Domain}' IP records from 'GoDaddy'..."
Check=$(${Curl} -kLsH"Authorization: sso-key ${Key}:${Secret}" \
-H"Content-type: application/json" \
https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
2>/dev/null|jq -r '.[0].data'>/dev/null)
if [ $? -eq 0 ] && [ "${Check}" = "${PublicIP}" ];then
echo -n ${Check}>${CachedIP}
echo -e "unchanged!\nCurrent 'Public IP' matches 'GoDaddy' records. No update required!"
else
echo -en "changed!\nUpdating '${Domain}'..."
Update=$(${Curl} -kLsXPUT -H"Authorization: sso-key ${Key}:${Secret}" \
-H"Content-type: application/json" \
https://api.godaddy.com/v1/domains/${Domain}/records/${Type}/${Name} \
-d "[{\"data\":\"${PublicIP}\",\"ttl\":${TTL}}]" 2>/dev/null)
if [ $? -eq 0 ] && [ "${Update}" = "" ];then
echo -n ${PublicIP}>${CachedIP}
echo "Success!"
eval ${SuccessExec}
else
echo "Fail! ${Update}"
eval ${FailedExec}
exit 1
fi
fi
else
echo "Current 'Public IP' matches 'Cached IP' recorded. No update required!"
fi
exit $?

View File

@ -1,72 +0,0 @@
#!/bin/bash
# This script is used to check and update your GoDaddy DNS server to the IP address of your current internet connection.
# Special thanks to mfox for his ps script
# https://github.com/markafox/GoDaddy_Powershell_DDNS
#
# First go to GoDaddy developer site to create a developer account and get your key and secret
#
# https://developer.godaddy.com/getstarted
# Be aware that there are 2 types of key and secret - one for the test server and one for the production server
# Get a key and secret for the production server
#
#
#Create a godaddy_keys file with the lines
#
# KEY <godaddy dev API KEY>
# SECRET <godaddy dev SECRET>
#
#
#Update the first 4 variables with your information
MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
SMTP="mail.comprofix.com"
domain="comprofix.com" # your domain
name="home" # name of A record to update
key=$(cat /opt/scripts/godaddy_keys | grep KEY | awk '{ print $2 }') # key for godaddy developer API
secret=$(cat /opt/scripts//godaddy_keys | grep SECRET | awk '{ print $2 }') # secret for godaddy developer API
headers="Authorization: sso-key $key:$secret"
# echo $headers
result=$(curl -s -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
# echo $result
dnsIp=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
# DEBUG: Remove hash from below line
# echo "dnsIp:" $dnsIp
# Get public ip address there are several websites that can do this.
ret=$(curl -s GET "http://ipinfo.io/json")
currentIp=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
# DEBUG: Remove hash from below line
# echo "currentIp:" $currentIp
if [ $dnsIp != $currentIp ];
then
# echo "Ips are not equal"
request='{"data":"'$currentIp'","ttl":600}'
# echo $request
nresult=$(curl -i -s -X PUT \
-H "$headers" \
-H "Content-Type: application/json" \
-d $request "https://api.godaddy.com/v1/domains/$domain/records/A/$name")
# echo $nresult
sendemail -o tls=no -s $SMTP -t $MAILTO -f "$name.$domain <$MAILFROM>" -u "$name.$domain IP has been updated" -m "
$name.$domain IP has been updated
$name.$domain IP is now: $currentIp
" -q
fi

59
shorewall-blacklist Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
#
# Shorewall blacklist file
# blacklist file
#
BLACKLIST="/etc/shorewall/blacklist"
CUSTOM="/etc/shorewall/custom-blacklist"
#
# get URL
#
URL[0]="http://feeds.dshield.org/block.txt"
URL[1]="http://www.spamhaus.org/drop/drop.lasso"
#Counrtry BlockLists
COUNTRY=(cn tw tr mx il id ua za)
IPDENY="http://www.ipdeny.com/ipblocks/data/countries"
#
# Don't Edit After this line
#
# Temporary dump staging folder
TMP=$(mktemp -d -t tmp.XXXXXXXXXX)
#
# @method to delete Temporary folder
#
function finish {
rm -rf "$TMP"
}
trap finish EXIT
echo "Downloading new blacklists...."
#Blank out existing blacklists
cat /dev/null > "$TMP/blacklist"
cat /dev/null > $BLACKLIST
#Add custom entries
if [[ -s $CUSTOM ]]; then
cat $CUSTOM >> "$TMP/blacklist"
fi
## top 20 attacking class C (/24)
wget -q -O - ${URL[0]} | sed '1,/Start/d' | sed '/#/d' | awk '{print $1,$3}' | sed 's/ /\//' >> "$TMP/blacklist"
## Spamhaus DROP List
wget -q -O - ${URL[1]} | sed '1,/Expires/d' | awk '{print $1}' >> "$TMP/blacklist"
## Country Blocklists
for BLOCK in ${COUNTRY[*]}; do
wget -q -O - $IPDENY/$BLOCK.zone | awk '{print $1}' >> "$TMP/blacklist"
done
#Remove duplicate entries
sort "$TMP/blacklist" | uniq -c | awk '{print $2}' > $BLACKLIST
shorewall refresh

37
ssl-install Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# Script Name: ssl-install
# Author: Matt McKinnon
# Date: 28th May 2018
# Description:
#
# Script used to copy Let's Encrypt Generated Certificates from generating server to ESXi VPS Server.
# This script requires acme.sh be used to setup your Let's Encrypt Certificates.
# - https://github.com/Neilpang/acme.sh
#
# SSH Key Login also needs to be enabled on ESXi
#
#
#
#
DOM_NAME="comprofix.com"
ESXI_SERVER="esxi.comprofix.com"
if [ ! -d $HOME/.acme.sh ]; then
echo "Folder does not exist"
exit 0
else
echo "You are using acme.sh. Well done"
fi
scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.cer root@$ESXI_SERVER:/etc/vmware/ssl/rui.crt
scp -q ~/.acme.sh/$DOM_NAME/$DOM_NAME.key root@$ESXI_SERVER:/etc/vmware/ssl/rui.key
#ssh -qt root@$ESXI_SERVER "/sbin/services.sh restart"
ssh -qt root@$ESXI_SERVER "/etc/init.d/hostd restart"
ssh -qt root@$ESXI_SERVER "/etc/init.d/vpxa restart"