Scripts
Script: https traffic block
This script is for blocking https traffic in the software router it self, I am using squid and it is not capable for handling HTTPS traffics, because 1 , the url is encrypted. 2, The routing table is only for handing traffic over port 80.
This script have two input file, it will create automatically when the first run. It having capability for private-IP based restriction
Editable area in the script :
DIST=192.168.1.6 #IP where the request has to forward DPORT=81 #Port where the request has to forward BLOCKPORTS=443 #Outgoing + incomming Port RULE=forward #Possible options reject,drop,forward
If you have any web-page for giving a message to the user regarding the block, set it here
Enter the domain and local IP separately in the file, examples are shown below Download here
[anand@planetcure ~]$ sh https_block.sh --help This script is for block https outbound traffic using source based requests -s or --silent Silent execution ssl_domains File for enter SSL domain names ip_users File for enter localip list
You must have to enable forwarding and execute it from root.
First run :
[root@planetcure]# sh https_block.sh Parent dir not found, Creating entire structure /opt/installer/scripts |-- ip_users `-- ssl_domains 0 directories, 2 files [INFO]:We found empty input file. exiting..
Input Files :
[root@planetcure]# ls /opt/installer/scripts/ ip_users ssl_domains
File input one by one :
[root@planetcure scripts]# cat ip_users 192.168.1.100 192.168.1.245 [root@planetcure scripts]# cat ssl_domains www.enlook.wordpress.com facebook.com www.facebook.com
Output:
[root@planetcure]# sh https_block.sh Validating file structure checking ssl_domains Ok. checking ip_users Ok. /opt/installer/scripts |-- ip_users `-- ssl_domains 0 directories, 2 files Executing source Ip 192.168.1.100 76.74.254.123 blocked for the domain www.enlook.wordpress.com 192.0.80.250 blocked for the domain www.enlook.wordpress.com 192.0.81.250 blocked for the domain www.enlook.wordpress.com 66.155.9.238 blocked for the domain www.enlook.wordpress.com 66.155.11.238 blocked for the domain www.enlook.wordpress.com 76.74.254.120 blocked for the domain www.enlook.wordpress.com 173.252.110.27 blocked for the domain facebook.com 31.13.79.128 blocked for the domain www.facebook.com Executing source Ip 192.168.1.245 76.74.254.120 blocked for the domain www.enlook.wordpress.com 76.74.254.123 blocked for the domain www.enlook.wordpress.com 192.0.80.250 blocked for the domain www.enlook.wordpress.com 192.0.81.250 blocked for the domain www.enlook.wordpress.com 66.155.9.238 blocked for the domain www.enlook.wordpress.com 66.155.11.238 blocked for the domain www.enlook.wordpress.com 173.252.110.27 blocked for the domain facebook.com 31.13.79.128 blocked for the domain www.facebook.com
Now set this as crone like below
*/05 * * * * /bin/sh /root/https_block.sh -s
If you run again the script it will show the current status of the blocked domain
[root@localhost bash]# sh https_block.sh Validating file structure checking ssl_domains Ok. checking ip_users Ok. /opt/installer/scripts |-- ip_users `-- ssl_domains 0 directories, 2 files Executing source Ip 192.168.1.100 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 76.74.254.123 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 192.0.80.250 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 192.0.81.250 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 66.155.9.238 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 66.155.11.238 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.100 76.74.254.120 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:facebook.com DNAT tcp -- 192.168.1.100 173.252.110.27 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 31.13.79.144 blocked for the domain www.facebook.com Executing source Ip 192.168.1.245 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 76.74.254.120 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 76.74.254.123 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 192.0.80.250 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 192.0.81.250 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 66.155.9.238 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:www.enlook.wordpress.com DNAT tcp -- 192.168.1.245 66.155.11.238 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 Domain:facebook.com DNAT tcp -- 192.168.1.245 173.252.110.27 tcp dpt:443 tcp dpt:443 to:192.168.1.6:81 31.13.79.144 blocked for the domain www.facebook.com
Now you have control in the network traffic usage.
Bash: History appending for multiple sessions
I got a requirement for listing all the command history if multiple terminal sessions using in different region for the single user. I followed the below steps.
step1 : Create a new file with the below entries
root@appserver:# cat /etc/profile.d/bash_history.sh function share_history { history -a history -c history -r } HISTSIZE=99999 HISTCONTROL=ignoredups HISTTIMEFORMAT=`echo -e "33[1;34m%d/%h/%Y 33[1;31m%H:%M:%S 33[0m"` PROMPT_COMMAND='share_history' shopt -u histappend
Step2: activate it in run-time
root@appserver:# source /etc/profile.d/bash_history.sh
Now you can see the list of aged histories
Sample Output :
1005 26/Dec/2013 14:23:08 vi /etc/profile.d/bash_history.sh 1006 26/Dec/2013 14:23:27 source /etc/profile.d/bash_history.sh 1007 26/Dec/2013 14:23:31 history
script : Start the tomcat as service.
This script is used to start the sevrlet container as service, which is using common-daemon for starting java process.
#!/bin/sh # # tomcat Start/Stop the Tomcat servlet container. # # chkconfig: 345 55 55 # description: Tomcat servlet container. # processname: tomcat ############################################################################## # # Small shell script to show how to start/stop Tomcat using jsvc # If you want to have Tomcat running on port 80 please modify the server.xml # file: # # <!-- Define a non-SSL HTTP/1.1 Connector on port 80 --> # <Connector className="org.apache.catalina.connector.http.HttpConnector" # port="80" minProcessors="5" maxProcessors="75" # enableLookups="true" redirectPort="8443" # acceptCount="10" debug="0" connectionTimeout="60000"/> # Download and install dependency package # http://mirror.symnds.com/software/Apache//commons/daemon/binaries/commons-daemon-1.0.15-bin.tar.gz # # Source function library. . /etc/rc.d/init.d/functions set +x JAVA_HOME=/usr/local/jdk1.7.0_45 CATALINA_HOME=/usr/local/apache-tomcat-6.0.37 DAEMON_HOME=/usr/local/apache-tomcat-6.0.37 TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS='-Xms512M -Xmx1024M' CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $DAEMON_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar prog=tomcat start() { echo $"Starting $prog: " # # Start Tomcat # $DAEMON_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile '&1' \ $CATALINA_OPTS \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap # # To get a verbose JVM #-verbose \ # To get a debug of jsvc. #-debug \ } stop() { echo $"Stopping $prog: " # # Stop Tomcat # PID=`cat /var/run/jsvc.pid` kill $PID } status() { if ! $JAVA_HOME/bin/jps -mlvV | grep -v "Jps" > /dev/null then echo "Stopped : $prog is no not running" else echo "Running process for tomcat" echo "==========================" $JAVA_HOME/bin/jps -mlvV | grep -v "Jps" fi } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 2 start ;; status) status ;; *) echo "Usage $0 {start|stop|restart|status}" exit 1;; esac
script: Bash script to backup MySQL databases.
#!/bin/bash # Simple script to backup MySQL databases # # You have to enter the credintials, the scritp will make backup of all the databases # including information schema and perfomance schema as well, and store it as a gunzip format # in the backup directory. Each databases are dump as seperate files. # # This will maintain 30 days backup. If you need to extend, edit the WEIGHT as your own. # Website : https://enlook.wordpress.com , http://planetcure.info , http://xtermpro.com # Created by : Anandbabu # ################################################################################################# # Parent backup directory backup_parent_dir="/backup/" #Enter multiple email ID using space Email="email@domain.com email@domain.com" Email_Content="/tmp/Mail_db" WEIGHT=30 # 30 days # MySQL settings mysql_user="my_database_user" mysql_password='database_password' mysql_databases="Default_database" #Creating file for email [ ! -f ${Email_Content} ] && touch ${Email_Content} || :> ${Email_Content} E_mail(){ for email in ${Email} do cat ${Email_Content} | mail -s "Notification: Mysql Database Backup $@ from MyServer " ${email} -aFrom:Backup\<backup@domain.com\> done } # Read MySQL password from stdin if empty if [ -z "${mysql_password}" ]; then echo -n "Enter MySQL ${mysql_user} password: " >> ${Email_Content} read -s mysql_password echo fi # Check MySQL password echo exit | mysql --user=${mysql_user} --password=${mysql_password} -B 2>/dev/null if [ "$?" -gt 0 ]; then echo "MySQL ${mysql_user} password incorrect" >> ${Email_Content} E_mail Failed exit 1 else echo "MySQL ${mysql_user} password correct." >> ${Email_Content} fi # Create backup directory and set permissions backup_date=`date +%Y_%m_%d_%H_%M` backup_dir="${backup_parent_dir}/${backup_date}" echo "Backup directory: ${backup_dir}" >> ${Email_Content} mkdir -p "${backup_dir}" chmod 700 "${backup_dir}" # Get MySQL databases mysql_databases=`echo 'show databases' | mysql --user=${mysql_user} --password=${mysql_password} -B | sed /^Database$/d` # Backup and compress each database for database in $mysql_databases do if [[ "$database" =~ "information_schema" || "$database" =~ "performance_schema" ]] ; then additional_mysqldump_params="--skip-lock-tables" else additional_mysqldump_params="" fi echo "Creating backup of \"${database}\" database" >> ${Email_Content} mysqldump ${additional_mysqldump_params} --user=${mysql_user} --password=${mysql_password} ${database} | gzip > "${backup_dir}/${database}.sql.gz" chmod 600 "${backup_dir}/${database}.sql.gz" done ##Removing folder older than 30 days ECOUT="" echo "" >> ${Email_Content} ECOUT=`find ${backup_parent_dir} -type d -ctime +$WEIGHT` if [ -z $ECOUT ]; then echo "No more older backups to remove" >> ${Email_Content} E_mail Success exit else echo "Following older backups are removed" >> ${Email_Content} for i in $ECOUT do rm -rvf $i 1>>${Email_Content} 2>>${Email_Content} done E_mail Success exit fi
Script: SSH auto multi login.
I have using to login my server through my gateway server.
#Script to login to gateway server and initiate login to internal server #!/bin/bash _Terminal="/usr/bin/gnome-terminal --maximize" QT="42" Exec(){ echo -e "#!/usr/bin/expect -f spawn ssh -l root Mydomain.gateserver.com send -- "$QT"ssh root@$1\r"$QT" interact" > /tmp/$_ServerName chmod +x /tmp/$_ServerName } while read char do _ServerName=`echo $char |awk '{print $2}'` _ServerIP=`echo $char |awk '{print $3}'` Exec $_ServerIP _Tabs=""$_Tabs" --tab-with-profile="Default" --title=$_ServerName -x "/tmp/$_ServerName"" done < $1 eval $_Terminal $_Tabs exit
#Input file syntax
My.server1.domain.com 111.222.333.444 My.server2.domain.com 122.332.353.411 My.server3.domain.com 131.282.393.42
#usage
./Script intpufile
Script: Reset default iptable rules on Cpanel server
#!/bin/sh /sbin/modprobe nf_conntrack_ftp 2>&1 >/dev/null IPTABLES='/sbin/iptables' # policy $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD ACCEPT $IPTABLES -F $IPTABLES -X $IPTABLES -Z # # INPUT Policy # # default $IPTABLES -A INPUT -p icmp -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT if [ -s /etc/ip.allow ]; then for ip in `cat /etc/ip.allow`; do $IPTABLES -A INPUT -s $ip -j ACCEPT done fi # ident $IPTABLES -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset # $IPTABLES -N IPDENY $IPTABLES -A IPDENY -j LOG --log-tcp-options --log-ip-options --log-prefix '[IPTABLES IPDENY]: ' $IPTABLES -A IPDENY -j DROP if [ -s /etc/ip.deny ]; then for ip in `cat /etc/ip.deny`; do $IPTABLES -A INPUT -s $ip -j IPDENY done fi # syn-flood $IPTABLES -N CHK-SYNFLOOD $IPTABLES -N LOG-SYNFLOOD $IPTABLES -A CHK-SYNFLOOD -p tcp --syn -m limit --limit 10/s --limit-burst 10 -j ACCEPT $IPTABLES -A CHK-SYNFLOOD -p tcp --syn -j LOG-SYNFLOOD $IPTABLES -A CHK-SYNFLOOD -p tcp ! --syn -j ACCEPT $IPTABLES -A LOG-SYNFLOOD -m limit --limit 1/s --limit-burst 2 -j LOG --log-prefix "iptables SYNFLOOD DROP " $IPTABLES -A LOG-SYNFLOOD -j DROP # drop new connection except syn $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # related $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # whm/cpanel $IPTABLES -A INPUT -p tcp --dport 2086 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2087 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2082 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2083 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2095 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2096 -j ACCEPT # ssh $IPTABLES -N SSH_OnBruteForceAttacked $IPTABLES -A SSH_OnBruteForceAttacked -m recent --name SSHSyn --remove $IPTABLES -A SSH_OnBruteForceAttacked -m recent --name SSHBlackList --set -j LOG --log-level warning --log-prefix "SSH BruteForceAttack: " $IPTABLES -A SSH_OnBruteForceAttacked -j DROP $IPTABLES -N SSH $IPTABLES -A SSH -p tcp ! --syn -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A SSH -p tcp --syn -m state --state NEW -m recent --name SSHBlackList --update --seconds 600 --rttl -j DROP $IPTABLES -A SSH -p tcp --syn -m state --state NEW -m recent --name SSHSyn --update --seconds 60 --hitcount 5 --rttl -j SSH_OnBruteForceAttacked $IPTABLES -A SSH -p tcp --syn -m state --state NEW -m recent --name SSHSyn --set $IPTABLES -A SSH -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -j SSH # ftp $IPTABLES -N FTP_OnBruteForceAttacked $IPTABLES -A FTP_OnBruteForceAttacked -m recent --name ftp_block --set -j LOG --log-level warning --log-prefix "FTP BruteForceAttack: " $IPTABLES -A FTP_OnBruteForceAttacked -j DROP $IPTABLES -N FTP $IPTABLES -A FTP -p tcp ! --syn -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FTP -p tcp --syn -m recent --name ftp_block --update --seconds 600 -j REJECT --reject-with icmp-port-unreachable $IPTABLES -A FTP -p tcp --syn -m recent --name ftp_conn --rcheck --seconds 20 --hitcount 10 -j FTP_OnBruteForceAttacked $IPTABLES -A FTP -p tcp --syn -m recent --name ftp_conn --set $IPTABLES -A FTP -p tcp --syn -j ACCEPT $IPTABLES -A INPUT -p tcp -m state --state NEW --dport 21 -j FTP $IPTABLES -A INPUT -p tcp --dport 1200:5000 -m state --state NEW -j ACCEPT # tftp $IPTABLES -A INPUT -p udp --dport 69 -j ACCEPT # dhcp $IPTABLES -A INPUT -p udp --dport 67 -j ACCEPT $IPTABLES -A INPUT -p udp --dport 4077 -j ACCEPT # dns $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT # smtp $IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 465 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 587 -j ACCEPT # pop/imap $IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 995 -j ACCEPT # munin $IPTABLES -A INPUT -p tcp --dport 4949 -j ACCEPT # http/https $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT # mysql $IPTABLES -A INPUT -p tcp --dport 3306 -j ACCEPT # GRE $IPTABLES -A INPUT -p 47 -j ACCEPT # all $IPTABLES -A INPUT -j LOG --log-prefix "[INPUT Block] : " # # Output Policy # # trust $IPTABLES -A OUTPUT -p icmp -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -A OUTPUT -d $trustnet -j ACCEPT $IPTABLES -A OUTPUT -d $admin02 -j ACCEPT $IPTABLES -A OUTPUT -d $admin03 -j ACCEPT # related $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ident $IPTABLES -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset # whm/cpanel $IPTABLES -A OUTPUT -p tcp --dport 2086 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2087 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2082 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2083 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2095 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2096 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 2089 -j ACCEPT # http/https $IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 80 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 443 -j ACCEPT # ssh $IPTABLES -A OUTPUT -p tcp --dport 22 -j ACCEPT # ftp $IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT $IPTABLES -A OUTPUT -p tcp -m state --state NEW --sport 20 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 1200:5000 -j ACCEPT # dns $IPTABLES -A OUTPUT -p tcp --dport 53 -j ACCEPT $IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A OUTPUT -p udp --sport 53 -j ACCEPT # smtp $IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 465 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 587 -j ACCEPT # pop/imap $IPTABLES -A OUTPUT -p tcp --dport 110 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 995 -j ACCEPT # ntp $IPTABLES -A OUTPUT -p tcp --dport 123 -j ACCEPT $IPTABLES -A OUTPUT -p udp --dport 123 -j ACCEPT # mysql $IPTABLES -A OUTPUT -p tcp --dport 3306 -j ACCEPT # svn/git $IPTABLES -A OUTPUT -p tcp --dport 3690 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 9418 -j ACCEPT # whois $IPTABLES -A OUTPUT -p tcp --dport 43 -j ACCEPT # backup/rsync $IPTABLES -A OUTPUT -p tcp --dport 5801 -j ACCEPT # traceroute $IPTABLES -A OUTPUT -p udp --dport 33434:33523 -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -p 47 -j ACCEPT # logging $IPTABLES -A OUTPUT -j LOG --log-prefix "[OUTPUT Block] : " $IPTABLES -A OUTPUT -j DROP
Howto: Run crone job in seconds
Here I have wrote a simple scripts to execute crone jobs in seconds of time. Using this we can schedule a job less than a minute,
#This script to sync files fro EBS storage to S3 mounted under /ebs /s3cloud _Seconds=2 a=0 _Delay=$(echo "60/$_Seconds" | bc) while true do a=$((a+1)) if [ "$a" == "$_Delay" ]; then exit 0 else sleep $_Seconds /usr/bin/rsync -abvz --size-only /ebs/ /s3cloud/ fi done