#!/bin/bash
#Script to add firewall rules to a linux system to completely block
#all traffic to and from networks in the spamhaus drop list.
#Copyright 2009, William Stearns, wstearns@pobox.com
#Released under the GPL. This and other tools can be found at
#http://www.stearns.org/
#Sole (optional) command line parameter is the file location of the
#drop list, such as:
#cd /var/lib/
#wget http://www.spamhaus.org/drop/drop.lasso
# ./spamhaus-drop /var/lib/drop.lasso
#While the DROP file should be regularly updated, this should
#probably be about once per day or less frequently; do _not_
#download DROP more than once an hour.
if [ -n "$1" ]; then
DropList="$1"
else
DropList="./drop.lasso"
fi
if [ ! -s "$DropList" ]; then
echo "Unable to find drop list file $DropList . Perhaps do:" >&2
echo "wget http://www.spamhaus.org/drop/drop.lasso -O $DropList"
echo "exiting." >&2
exit 1
fi
if [ ! -x /sbin/iptables ]; then
echo "Missing iptables command line tool, exiting." >&2
exit 1
fi
cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
/sbin/iptables -I INPUT -s "$OneNetBlock" -j DROP
/sbin/iptables -I OUTPUT -d "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -s "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -d "$OneNetBlock" -j DROP
done |
Fabio Laganà Debian, Linux, Shell, Uncategorized, bash, droplist, sed, spam, spamhaus
nome script: /usr/local/sbin/backup_dir.sh
descrizione: Con questo script viene fatto il backup delle directory importanti server
Inserendo una riga simile nel cron scheduliamo il backup tutte le notti
cat /etc/cron.d/backup
MAILTO="postmaster@yourdomain.com"
00 21 * * * root test -x /usr/local/sbin/backup_dir.sh && /usr/local/sbin/backup_dir.sh
#!/bin/bash
#
# backup_dir.sh
# Con questo script viene fatto il backup delle directory importanti server
#
hosts_internal=( your_host )
for host in ${hosts_internal[@]}
do
echo "Download of /etc/ /usr/local/sbin/ /root/ /home/ directory from "$host" "
echo -n "Starting ------>"
date
# bakup file for hosts
tar -zcvf /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz /etc/ /usr/local/sbin/ /root/ /home/ ;
mv /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz /backups/"$host"/;
rm -f /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz
echo -n "Stopping ------>"
date
echo ""
done |
Fabio Laganà Debian, Shell, backup, bash backup, bash, hosts, ip
# cat /usr/local/sbin/count_mail_per_domain.sh
#!/bin/bash
logfile=$2
domain=$3
case "$1" in
-t)
cat $logfile |grep "to remote" | awk '{print $14}'
| awk -F@ '{ field = $2 }; {print "domain: " field }'
| sort |uniq -c |sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
;;
-su)
cat $logfile |grep "to remote" |grep -i "$domain"
|awk ' { field = $14 }; {print "to remote: " field }'
| sort| uniq -c| sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini per utente: "totale;}'
;;
-s)
cat $logfile |grep "to remote" |grep -i "$domain" |awk '{print $14}'
| awk -F@ '{ field = $2 }; {print "to remote domain: " field }'
| sort| uniq -c| sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
;;
*)
echo $"Usage: $0 { -t /var/log/mail.log.0 } for print total mail for domain "
echo $"Usage: $0 { -su /var/log/mail.log.0 domain.com } for print total mail for single domain per user"
echo $"Usage: $0 { -s /var/log/mail.log.0 domain.com } for print total mail for single domain"
exit 1
esac |
for more tips visit qmail relay to smarthost
Fabio Laganà Debian, Mailserver, Qmail, Shell, Uncategorized, awk, bash awk, bash, Debian, mail.log, Mailserver, Qmail
To put a second IP address to the same interface, just enter on the commandline as root:
OpenBSD# ifconfig re0 inet alias 192.168.10.199 netmask 255.255.255.0
This sets an IP address 192.168.10.199 to vr0. Check again with ifconfig:
OpenBSD# ifconfig -A
lo0: flags=8049 mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
re0: flags=8843 mtu 1500
lladdr 00:40:45:28:89:37
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.199 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::240:45ff:fe28:8937%vr0 prefixlen 64 scopeid 0x2
inet 192.168.10.199 netmask 0xffffff00 broadcast 192.168.100.255
Now we see two IP addresses on vr0. If you want to set an IP address within the same network you would have to set a fake netmask of 255.255.255.255.
If you use ifconfig to set an IP alias, the alias won’t be present after the next reboot. To make the setting permanent, add a line to /etc/hostname.<INTERFACE>:
OpenBSD# vi /etc/hostname.vr0
inet 192.168.1.199 255.255.255.0 NONE
inet alias 192.168.10.199 255.255.255.0
You can remove an IP alias with a comand like this:
OpenBSD# ifconfig re0 192.168.10.199 delete
This deletes the second IP address from the interface keeping the first.
Fabio Laganà OpenBSD, Shell add, alias, ip, OpenBSD, remove
#!/bin/sh
SERVER=ssl.mioserverweb.dominio
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
VALID_DAYS=365
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 2048
echo Create selfsigned certificate
rm $CERTIFICATE_FILE
# From man req:
# -x509
# this option outputs a self signed certificate instead
# of a certificate request. This is typically used to
# generate a test certificate or a self signed root CA.
# The extensions added to the certificate (if any) are
# specified in the configuration file.
openssl req -new
-days $VALID_DAYS
-key $PRIVATE_KEY
-x509
-out $CERTIFICATE_FILE
echo private-keyfile is $PRIVATE_KEY
echo server-certificate-file is $CERTIFICATE_FILE
ls -l $PRIVATE_KEY $CERTIFICATE_FILE |
Fabio Laganà Debian, Linux, SSL, bash certificates, Debian, Howto, SSL, webserver
- Farsi una copia del vecchio certificato
cd /etc/ssl/certs
cp -ap pop3ss.pem pop3s.pem.scaduto
- Ricreazione nuovo certificato
cd /etc/ssl
openssl req -new -x509 -nodes -days 3650 -newkey rsa:1024 -keyout private/pop3s.key -out pop3s.cert
touch certs/pop3s-new.pem
chmod 600 certs/pop3s-new.pem
cat private/pop3s.key pop3s.cert > certs/pop3s-new.pem
dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
pico certs/pop3s-new.pem
chown vpopmail certs/pop3s-new.pem
cd certs
mv pop3s-new.pem pop3s.pem
-- rollback in caso qualcosa andasse storto --
mv pop3s.pem.scaduto pop3s.pem |
Fabio Laganà SSL, bash bash, certificats, Debian, Linux, SSL
Create a hard disk image:
dd if=/dev/hda1 of=/home/hda1.bin
Create a compressed disk image
dd if=/dev/hda1 | gzip > /home/hda1.bin.gz
Back up the MBR
dd if=/dev/hda of=/home/hda.boot.mbr bs=512 count=1
Restore MBR (from a Live CD)
dd if=/mnt/hda1/home/hda.boot.mbr of=/dev/hda bs=512 count=1
Backup a drive to another drive
dd if=/dev/hda of=/dev/hdb conv=noerror,sync bs=4k |
Fabio Laganà Debian, Linux, cloning cloning, dd, hard disk
1) Enable secure shell daemon to start automatically
chmod 755 /etc/rc.d/rc.sshd
2) Configure adapter for static IP rather than DHCP
vi /etc/rc.d/rc.inet1
Added this:
ifconfig eth0 xxx.xxx.xxx.xxx netmask 255.255.255.0
route add default gateway xxx.xxx.xxx.x
echo “nameserver xxx.xxx.xxx.xxx” >> /etc/resolv.conf
Fabio Laganà BackTrack 3, dhcp, ssh BackTrack 3, dhcp, sshd, Tips
sul target host partire con una LIVE linux e mettere netcat in ascolto in questo modo…
netcat -l -p 1234 | dd of=/dev/sda bs=16065b |
sul master (dove risiede l’immagine gzippata)
zcat immagine.gz | netcat 192.168.1.1 1234 |
Fabio Laganà Debian, Shell, netcat dd, netcat, zcat
