mmckinnon/serverscripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mmckinnon:1e731f3fd2f93f8cc9c53910dd8739748e07d290
Branches Tags
mmckinnon:master
..
compare: mmckinnon:ef1c2c6c78ce94cf8ef2b72355b4ebd496c2b48f
Branches Tags
mmckinnon:master

No commits in common. "1e731f3fd2f93f8cc9c53910dd8739748e07d290" and "ef1c2c6c78ce94cf8ef2b72355b4ebd496c2b48f" have entirely different histories.
1e731f3fd2 ... ef1c2c6c78

11 changed files with 457 additions and 22 deletions
Show Stats Expand all files Collapse all files

6
00logwatch
View File

@ -6,9 +6,9 @@
# This script will email a logwatch report # This script will email a logwatch report
MAILTO="support@comprofix.com" MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f) THISSERVER=$(hostname -f)
MAILFROM="$THISSERVER@comprofix.com" SMTP="mail.comprofix.com"
SMTP="comprofix-com.mail.protection.outlook.com"
#Check if removed-but-not-purged #Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0 test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
@ -17,5 +17,3 @@ test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch > /tmp/logwatch /usr/sbin/logwatch > /tmp/logwatch
sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "[$THISSERVER] Logwatch" -m "$(cat /tmp/logwatch)" -q sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "[$THISSERVER] Logwatch" -m "$(cat /tmp/logwatch)" -q
rm /tmp/logwatch

38
README.md
View File

@ -8,6 +8,7 @@ To send emails the sendEmail package is required
apt-get install sendemail apt-get install sendemail
</pre> </pre>
Change the following lines in scripts that send emails Change the following lines in scripts that send emails
MAILFROM is set to determine the server name and domain name for the server and generate and email for it to determine where the email is coming from. This can be changed to specify an email address or you can leave it to generate one. MAILFROM is set to determine the server name and domain name for the server and generate and email for it to determine where the email is coming from. This can be changed to specify an email address or you can leave it to generate one.
@ -34,6 +35,14 @@ This script checks for updates on your Debian based systems. If any updates are
<pre>ln -s $(pwd)/check_updates_deb /etc/cron.daily <pre>ln -s $(pwd)/check_updates_deb /etc/cron.daily
</pre> </pre>
#### check_updates_rpm
This script checks for updates on your RPM based systems. If any updates are found it will download them ready for Installation and an email will be sent to an email address specified
<b>Installation</b>
<pre>ln -s $(pwd)/check_updates_rpm /etc/cron.daily
</pre>
#### dbbackup #### dbbackup
This scripts backs up mysql databases and rotates the number of backups through seven days. This scripts backs up mysql databases and rotates the number of backups through seven days.
@ -55,4 +64,31 @@ Sends and email when disk space reaches greater than 90%.
<b>Installation</b> <b>Installation</b>
<pre>ln -s ${pwd}/diskalert.sh /etc/cron.hourly <pre>ln -s ${pwd}/diskalert.sh /etc/cron.hourly
</pre> </pre>
#### nasbackup.sh
This script does an rsync from one folder location to another
<b>Installation</b>
<pre>
ln -s ${PWD}/nasbackup /etc/cron.daily
</pre>
#### mailQWatch
Script checks mailq size on a postfix system and sends an email when queue size is greater than threshold.
Update variables in scripts to suit your needs.
<pre>QUEUELIMIT=75
SUBJECT="Mail Queue on $HOST is currently $QUEUECOUNT"
MAILTO="user@example.com"
</pre>
<b>Installation</b>
As root, sudo will not work.
<pre>echo "*/5 * * * * ${PWD}/mailQWatch.sh" >> /etc/crontab
</pre>

4
check_updates_deb
View File

@ -16,9 +16,9 @@
# #
MAILTO="support@comprofix.com" MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f) THISSERVER=$(hostname -f)
MAILFROM="$THISSERVER@comprofix.com" SMTP="mail.comprofix.com"
SMTP="comprofix-com.mail.protection.outlook.com"
AUTOUPDATE="no" AUTOUPDATE="no"
LOGFILE="/var/log/server_maint.log" LOGFILE="/var/log/server_maint.log"

141
check_updates_rpm Executable file
View File

@ -0,0 +1,141 @@
#!/bin/bash
# Script Name: check_updates_rpm
# Author Name: Matt McKinnon
# Date: 7th June 2016
# Description: For use on rpm based distros ie CentOS, Red Hat, Fedora
# This script will:
# Clean up the local rpm repository of retrieved packages (yum clean)
# Resync the package index (yum makecache)
# If called with AUTOUPDATE set to yes then SECURITY updates will be downloaded and applied. (The package yum-plugin-security is required Install using
# yum install yum-plugin-security)
#
# Make user configuration changes in this section
#
MAILTO="support@comprofix.com"
AUTOUPDATE="no"
LOGFILE="/var/log/server_maint.log"
THISSERVER=$(hostname -f)
#
# End of user configuration section
#
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
# Check if the script is being run as root exit if it is not.
if [ $(id -u) -ne 0 ]
then
echo "ur not root bro"
exit 1
fi
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at `date`" >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
stoplogging() {
echo "`date` [MESSAGE] $0 finished runnning" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
check_return() {
if [ "$?" -ne "0" ]
then
echo "$(date) [ERROR] $1 failed to run" >> $LOGFILE
send_error_email $1
stoplogging
exit 1
fi
echo "$(date) [SUCCESS] $1 ran without error" >> $LOGFILE
}
send_error_email() {
echo "Hello,
Whilst running the update script ($0) on $THISSERVER there was a problem.
[ERROR] "$1" failed to run
The server has the following network interfaces configured ${SERVERADDS[@]}.
Please log in via ssh (e.g. ssh root@${IPADDR[0]}) and check the log file:
vim $LOGFILE
Regards." | /bin/mail -s "[$THISSERVER] There was an error whilst running $0" $MAILTO
}
# IP Address stuff
declare -a IPADDR
declare -a NICINTERFACE
declare -a SERVERADDS
index=0
for i in $( ifconfig | grep 'inet addr' | awk '{print $2}'| sed 's#addr:##g' );
do
IPADDR[$index]=$i
let "index += 1"
done
index=0
for i in $( ifconfig | grep 'eth' | awk '{print $1}' );
do
SERVERADDS[$index]="$i ${IPADDR[$index]}"
let "index += 1"
done
# End IP Address stuff
startlogging
yum clean all > /dev/null
check_return "yum clean all"
yum makecache > /dev/null
check_return "yum makecache"
if [[ "$AUTOUPDATE" == "yes" ]]
then
yum -y update --security > /dev/null
check_return "yum -y update --security"
else
PACKAGES_TO_BE_UPGRADED=`yum list updates -q`
check_return "yum list updates -q"
fi
if [[ -z $PACKAGES_TO_BE_UPGRADED ]]
then
echo "$(date) [MESSAGE] No packages need updating." >> $LOGFILE
else
echo "
Hello,
Packages requiring updates onto $THISSERVER.
$PACKAGES_TO_BE_UPGRADED
The server has the following network interfaces configured ${SERVERADDS[@]}.
To update the server log in via ssh (e.g. ssh root@${IPADDR[0]}) and run the following command:
yum upgrade
See the logfile for more info: vim $LOGFILE
Regards. " | /bin/mail -s "[$THISSERVER] server may need some updates applied" $MAILTO
echo "`date` [MESSAGE] Packages need updating email sent to $MAILTO" >> $LOGFILE
fi
stoplogging
exit 0

25
dbbackup
View File

@ -15,18 +15,17 @@
# GRANT LOCK TABLES, SELECT, SHOW VIEW, RELOAD, REPLICATION CLIENT, EVENT, TRIGGER ON *.* TO 'dbbackup'@'localhost'; # GRANT LOCK TABLES, SELECT, SHOW VIEW, RELOAD, REPLICATION CLIENT, EVENT, TRIGGER ON *.* TO 'dbbackup'@'localhost';
MAIL="support@comprofix.com"
MAILTO="support@comprofix.com" MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f) THISSERVER=$(hostname -f)
MAILFROM="$THISSERVER@comprofix.com" SMTP="mail.comprofix.com"
SMTP="comprofix-com.mail.protection.outlook.com"
SQLSERVER="mysql.comprofix.xyz"
SUBJECT="$(hostname -f) Database Backup Completed $BAKDATE"
BAKDATE=$(date +%Y%m%d) BAKDATE=$(date +%Y%m%d)
SUBJECT="$SQLSERVER Database Backup Completed - $BAKDATE"
DBUSER='dbbackup' DBUSER='dbbackup'
DBPASS=$(cat ~/.dbpassword) DBPASS='MdCg8uTSEWhmv7+D'
BACKUPDIR='/mnt/nfs/archive/db/' BACKUPDIR='/BACKUP/db/'
rotate_backups() { rotate_backups() {
find $BACKUPDIR -type f -mtime +7 -exec rm -frv {} \; find $BACKUPDIR -type f -mtime +7 -exec rm -frv {} \;
@ -35,18 +34,18 @@ rotate_backups() {
rotate_backups rotate_backups
databases=$(mariadb --user=$DBUSER --password=$DBPASS --host=$SQLSERVER -e "SHOW DATABASES;" | tr -d "| " | grep -v Database) databases=$(mysql --user=$DBUSER --password=$DBPASS -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
for db in $databases; do for db in $databases; do
if [[ "$db" != "information_schema" ]] && [[ "$db" != "performance_schema" ]] && [[ "$db" != "mysql" ]] && [[ "$db" != "sys" ]] && [[ "$db" != "test" ]] && [[ "$db" != _* ]] ; then if [[ "$db" != "information_schema" ]] && [[ "$db" != "performance_schema" ]] && [[ "$db" != "mysql" ]] && [[ "$db" != _* ]] ; then
echo "Dumping database: $db" >> /tmp/dbbackup.msg echo "Dumping database: $db" >> /tmp/dbbackup.msg
mariadb-dump --force --opt --user=$DBUSER --password=$DBPASS --host=$SQLSERVER --databases $db > $BACKUPDIR/$db.$BAKDATE.sql mysqldump --force --opt --user=$DBUSER --password=$DBPASS --databases $db > $BACKUPDIR/$db.$BAKDATE.sql
fi fi
done done
#sendemail -o tls=yes -s $SMTP -t $MAILTO -f "$SQLSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q #sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q
#Use Below to use systems postfix or local MTA #Use Below to use systems postfix or local MTA
#cat /tmp/dbbackup.msg #| mail -s "$SUBJECT" "$MAIL" cat /tmp/dbbackup.msg | mail -s "$SUBJECT" "$MAIL"
#rm -fr /tmp/dbbackup.msg rm -fr /tmp/dbbackup.msg

4
diskalert
View File

@ -6,9 +6,9 @@
# This script will email when diskspace is high. # This script will email when diskspace is high.
MAILTO="support@comprofix.com" MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f) THISSERVER=$(hostname -f)
MAILFROM="$THISSERVER@comprofix.com" SMTP="mail.comprofix.com"
SMTP="comprofix-com.mail.protection.outlook.com"
LOGFILE="/var/log/diskalert.log" LOGFILE="/var/log/diskalert.log"
THISSERVER=$(hostname -f) THISSERVER=$(hostname -f)

21
mailQWatch Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Script Name: mailQWatch
# Author: Matt McKinnon
# Date: 7th June 2016
# Description:
# This script will email a report mailq on postfix is high.
QUEUELIMIT=75
SUBJECT="Mail Queue on $HOST is currently $QUEUECOUNT"
MAILTO="support@comprofix.com"
HOST=$(/bin/hostname)
POSTQUEUE=$(which postqueue)
QUEUELENGTH=$($POSTQUEUE -p | tail -n1 | awk '{print $5}')
QUEUECOUNT=$(echo $QUEUELENGTH | grep "[0-9]")
if [ "$QUEUECOUNT" == "" ]; then
exit;
elif [ "$QUEUECOUNT" -gt "$QUEUELIMIT" ]; then
$POSTQUEUE -p | /bin/mail -s "$SUBJECT" "$MAILTO"
fi

51
nasbackup Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f)
SMTP="mail.comprofix.com"
SUBJECT="Backup Log `date +%d-%m-%Y`"
LOGFOLDER=/var/log/nasbackup
LOGFILE=$LOGFOLDER/backuplog-`date +%d-%m-%Y.log`
THISSERVER=`hostname --fqdn`
N_DAYS=7
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at $(date)" >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
stoplogging() {
echo "$(date) [MESSAGE] $0 finished runnning" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
startlogging
mkdir -p $LOGFOLDER
rsync -urtlOv --partial --delete --exclude 'kvm' /data/ /media/nas/ >> $LOGFILE
FILES=$(find $LOGFOLDER -type f -mtime +$N_DAYS -name '*.log' | wc -l)
if [ $FILES -eq 0 ];
then
echo "$(date) [MESSAGE] No Old Log Files Found" >> $LOGFILE
else
echo "$(date) [MESSAGE] Older than $N_DAYS days will be deleted" >> $LOGFILE
find $LOGFOLDER/* -mtime +$N_DAYS -exec rm {} \;
fi
echo "$(date) [MESSAGE] Backup completed $LOGFILE has been emailed." >> $LOGFILE
stoplogging
sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -a "$LOGFILE" -m "$SUBJECT" -q

93
plesk-backup Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash
# Script Name:plesk-backup
# Author: Matt McKinnon
# Date: 04 May 2018
# Description:
# This script will backup your plesk hosting files.
# Send an email report of plesk hosting files that have been backed up.
# Rotate backups for 7 days
#
MAIL="support@comprofix.com"
MAILTO="support@comprofix.com"
MAILFROM="support@comprofix.com"
THISSERVER=$(hostname -f)
SMTP="mail.comprofix.com"
SUBJECT="$(hostname -f) Hosting Files Backup Completed $BAKDATE"
BAKDATE=$(date +%Y%m%d)
BACKUPDIR='/BACKUP'
VHOSTS='/var/www/vhosts/'
LOGFOLDER=/var/log/
LOGFILE=$LOGFOLDER/backuplog-`date +%d-%m-%Y.log`
rotate_backups() {
find $BACKUPDIR -type f -mtime +1 -exec rm -fr {} \;
}
startlogging() {
echo $DASHES2 >> $LOGFILE
echo "$0 started running at $(date)" >> $LOGFILE
echo $DASHES >> $LOGFILE
}
stoplogging() {
echo $DASHES >> $LOGFILE
echo "$0 finished running at $(date)" >> $LOGFILE >> $LOGFILE
echo $DASHES2 >> $LOGFILE
}
DASHES="---------------------------------------------------------------------------------"
DASHES2="================================================================================="
startlogging
rotate_backups
#Backup website files
# Get domain ID
IDS=$(MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -sN -uadmin -e 'select id from psa.domains, psa.hosting where id = dom_id order by id;')
#Use ID to get domain name and www_root folders and create archive using domain name.
for ID in $IDS; do
DOMAIN_NAME=$(MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -sN -uadmin -e 'select name from psa.domains,psa.hosting where id = '$ID' AND dom_id ='$ID' order by id;')
WWW_ROOT=$(MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -sN -uadmin -e 'select www_root from psa.domains,psa.hosting where id = '$ID' AND dom_id ='$ID' order by id;')
echo "$(date) [MESSAGE] Creating archive of $DOMAIN_NAME" >> $LOGFILE
if [ $DOMAIN_NAME = 'cloud.comprofix.com' ]; then
zip -rq $BACKUPDIR/$DOMAIN_NAME.$BAKDATE.zip $WWW_ROOT -x '*data*'
else
zip -rq $BACKUPDIR/$DOMAIN_NAME.$BAKDATE.zip $WWW_ROOT
fi
done
#Backup databases
databases=$(MYSQL_PWD=$(cat /etc/psa/.psa.shadow) mysql -sN -uadmin -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
for db in $databases; do
if [[ "$db" != "information_schema" ]] && [[ "$db" != "performance_schema" ]] && [[ "$db" != "mysql" ]] && [[ "$db" != _* ]] && [[ "$db" != "apsc" ]] && [[ "$db" != "horde" ]] && [[ "$db" != phpmyadmin_* ]] && [[ "$db" != "psa" ]] && [[ "$db" != "roundcubemail" ]] ; then
echo "$(date) [MESSAGE] Dumping $db to sql file" >> $LOGFILE
mysqldump --force --opt --user=$DBUSER --password=$DBPASS --databases $db > $BACKUPDIR/$db.$BAKDATE.sql
fi
done
#Backup files to offsite location
echo "$(date) [MESSAGE] Copying backup files to offsite location" >> $LOGFILE
#scp -rq -P 2222 $BACKUPDIR/* moe@home.comprofix.com:/data/backup/website
rsync -avz -e "ssh -p 2222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" /BACKUP/ moe@home.comprofix.com:/data/backup/websites/ >> $LOGFILE
echo "$(date) [MESSAGE] Sending email of backup report" >> $LOGFILE
stoplogging
#sendemail -o tls=no -s $SMTP -t $MAILTO -f "$THISSERVER <$MAILFROM>" -u "$SUBJECT" -m "$(cat /tmp/dbbackup.msg)" -q
#Use below if using POSTFIX
cat $LOGFILE | mail -s "$SUBJECT" "$MAIL"

59
shorewall-blacklist Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
#
# Shorewall blacklist file
# blacklist file
#
BLACKLIST="/etc/shorewall/blacklist"
CUSTOM="/etc/shorewall/custom-blacklist"
#
# get URL
#
URL[0]="http://feeds.dshield.org/block.txt"
URL[1]="http://www.spamhaus.org/drop/drop.lasso"
#Counrtry BlockLists
COUNTRY=(cn tw tr mx il id ua za)
IPDENY="http://www.ipdeny.com/ipblocks/data/countries"
#
# Don't Edit After this line
#
# Temporary dump staging folder
TMP=$(mktemp -d -t tmp.XXXXXXXXXX)
#
# @method to delete Temporary folder
#
function finish {
rm -rf "$TMP"
}
trap finish EXIT
echo "Downloading new blacklists...."
#Blank out existing blacklists
cat /dev/null > "$TMP/blacklist"
cat /dev/null > $BLACKLIST
#Add custom entries
if [[ -s $CUSTOM ]]; then
cat $CUSTOM >> "$TMP/blacklist"
fi
## top 20 attacking class C (/24)
wget -q -O - ${URL[0]} | sed '1,/Start/d' | sed '/#/d' | awk '{print $1,$3}' | sed 's/ /\//' >> "$TMP/blacklist"
## Spamhaus DROP List
wget -q -O - ${URL[1]} | sed '1,/Expires/d' | awk '{print $1}' >> "$TMP/blacklist"
## Country Blocklists
for BLOCK in ${COUNTRY[*]}; do
wget -q -O - $IPDENY/$BLOCK.zone | awk '{print $1}' >> "$TMP/blacklist"
done
#Remove duplicate entries
sort "$TMP/blacklist" | uniq -c | awk '{print $2}' > $BLACKLIST
shorewall refresh

37
ssl-install Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# Script Name: ssl-install
# Author: Matt McKinnon
# Date: 28th May 2018
# Description:
#
# Script used to copy Let's Encrypt Generated Certificates from generating server to ESXi VPS Server.
# This script requires acme.sh be used to setup your Let's Encrypt Certificates.
# - https://github.com/Neilpang/acme.sh
#
# SSH Key Login also needs to be enabled on ESXi
#
#
#
#
DOM_NAME="home.comprofix.com"
ESXI_SERVER="esxi.home.comprofix.com"
if [ ! -d $HOME/.acme.sh ]; then
echo "Folder does not exist"
exit 0
else
echo "You are using acme.sh. Well done"
fi
scp ~/.acme.sh/$DOM_NAME/$DOM_NAME.cer root@$ESXI_SERVER:/etc/vmware/ssl/rui.crt
scp ~/.acme.sh/$DOM_NAME/$DOM_NAME.key root@$ESXI_SERVER:/etc/vmware/ssl/rui.key
#ssh -qt root@$ESXI_SERVER "/sbin/services.sh restart"
ssh -t root@$ESXI_SERVER "/etc/init.d/hostd restart"
ssh -t root@$ESXI_SERVER "/etc/init.d/vpxa restart"