#!/bin/bash
#Script to add firewall rules to a linux system to completely block
#all traffic to and from networks in the spamhaus drop list.
#Copyright 2009, William Stearns, wstearns@pobox.com
#Released under the GPL. This and other tools can be found at
#http://www.stearns.org/
#Sole (optional) command line parameter is the file location of the
#drop list, such as:
#cd /var/lib/
#wget http://www.spamhaus.org/drop/drop.lasso
# ./spamhaus-drop /var/lib/drop.lasso
#While the DROP file should be regularly updated, this should
#probably be about once per day or less frequently; do _not_
#download DROP more than once an hour.
if [ -n "$1" ]; then
DropList="$1"
else
DropList="./drop.lasso"
fi
if [ ! -s "$DropList" ]; then
echo "Unable to find drop list file $DropList . Perhaps do:" >&2
echo "wget http://www.spamhaus.org/drop/drop.lasso -O $DropList"
echo "exiting." >&2
exit 1
fi
if [ ! -x /sbin/iptables ]; then
echo "Missing iptables command line tool, exiting." >&2
exit 1
fi
cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
/sbin/iptables -I INPUT -s "$OneNetBlock" -j DROP
/sbin/iptables -I OUTPUT -d "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -s "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -d "$OneNetBlock" -j DROP
done |
Fabio Laganà Debian, Linux, Shell, Uncategorized, bash, droplist, sed, spam, spamhaus
nome script: /usr/local/sbin/backup_dir.sh
descrizione: Con questo script viene fatto il backup delle directory importanti server
Inserendo una riga simile nel cron scheduliamo il backup tutte le notti
cat /etc/cron.d/backup
MAILTO="postmaster@yourdomain.com"
00 21 * * * root test -x /usr/local/sbin/backup_dir.sh && /usr/local/sbin/backup_dir.sh
#!/bin/bash
#
# backup_dir.sh
# Con questo script viene fatto il backup delle directory importanti server
#
hosts_internal=( your_host )
for host in ${hosts_internal[@]}
do
echo "Download of /etc/ /usr/local/sbin/ /root/ /home/ directory from "$host" "
echo -n "Starting ------>"
date
# bakup file for hosts
tar -zcvf /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz /etc/ /usr/local/sbin/ /root/ /home/ ;
mv /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz /backups/"$host"/;
rm -f /var/backups/backup_files_"$host"_`date +"%d%m%Y"`.tar.gz
echo -n "Stopping ------>"
date
echo ""
done |
Fabio Laganà Debian, Shell, backup, bash backup, bash, hosts, ip
# cat /usr/local/sbin/count_mail_per_domain.sh
#!/bin/bash
logfile=$2
domain=$3
case "$1" in
-t)
cat $logfile |grep "to remote" | awk '{print $14}'
| awk -F@ '{ field = $2 }; {print "domain: " field }'
| sort |uniq -c |sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
;;
-su)
cat $logfile |grep "to remote" |grep -i "$domain"
|awk ' { field = $14 }; {print "to remote: " field }'
| sort| uniq -c| sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini per utente: "totale;}'
;;
-s)
cat $logfile |grep "to remote" |grep -i "$domain" |awk '{print $14}'
| awk -F@ '{ field = $2 }; {print "to remote domain: " field }'
| sort| uniq -c| sort -nr
| awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giorno domini: "totale;}'
;;
*)
echo $"Usage: $0 { -t /var/log/mail.log.0 } for print total mail for domain "
echo $"Usage: $0 { -su /var/log/mail.log.0 domain.com } for print total mail for single domain per user"
echo $"Usage: $0 { -s /var/log/mail.log.0 domain.com } for print total mail for single domain"
exit 1
esac |
for more tips visit qmail relay to smarthost
Fabio Laganà Debian, Mailserver, Qmail, Shell, Uncategorized, awk, bash awk, bash, Debian, mail.log, Mailserver, Qmail
#!/bin/sh
SERVER=ssl.mioserverweb.dominio
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
VALID_DAYS=365
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 2048
echo Create selfsigned certificate
rm $CERTIFICATE_FILE
# From man req:
# -x509
# this option outputs a self signed certificate instead
# of a certificate request. This is typically used to
# generate a test certificate or a self signed root CA.
# The extensions added to the certificate (if any) are
# specified in the configuration file.
openssl req -new
-days $VALID_DAYS
-key $PRIVATE_KEY
-x509
-out $CERTIFICATE_FILE
echo private-keyfile is $PRIVATE_KEY
echo server-certificate-file is $CERTIFICATE_FILE
ls -l $PRIVATE_KEY $CERTIFICATE_FILE |
Fabio Laganà Debian, Linux, SSL, bash certificates, Debian, Howto, SSL, webserver
- Farsi una copia del vecchio certificato
cd /etc/ssl/certs
cp -ap pop3ss.pem pop3s.pem.scaduto
- Ricreazione nuovo certificato
cd /etc/ssl
openssl req -new -x509 -nodes -days 3650 -newkey rsa:1024 -keyout private/pop3s.key -out pop3s.cert
touch certs/pop3s-new.pem
chmod 600 certs/pop3s-new.pem
cat private/pop3s.key pop3s.cert > certs/pop3s-new.pem
dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
pico certs/pop3s-new.pem
chown vpopmail certs/pop3s-new.pem
cd certs
mv pop3s-new.pem pop3s.pem
-- rollback in caso qualcosa andasse storto --
mv pop3s.pem.scaduto pop3s.pem |
Fabio Laganà SSL, bash bash, certificats, Debian, Linux, SSL
#!/bin/bash
### Checking del daemon.log per eventuali problemi sul DB MySQL
# rel. 0.3 - 01 Agosto 2008
# time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"`
# time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"`
file_to_check=/var/log/daemon.log
tmp_file=/tmp/info.tmp.01.$$
tmp_file1=/tmp/info.tmp.02.$$
host=`cat /etc/hostname`
semaphore=/tmp/.flag_checking_daemon_log
daemon=mysql
if [[ -e $semaphore ]];
then
echo "checking for mysqld....Nothing to do ....another cron is still working"
else
touch $semaphore
if [[ `date +"%d"` < '10' ]]; then
time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"| sed -r 's/[[:space:]](0)([1-9])[[:space:]]/ 2 /'`
time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"| sed -r 's/[[:space:]](0)([1-9])[[:space:]]/ 2 /'`
else
time_to_check_min=`date +"%b %d %k:%M" -d "-1 min"`
time_to_check_hour=`date +"%b %d %k:%M" -d "-1 hour"`
fi
#echo "checking for ""$file_to_check $time_to_check_min"
grep "$time_to_check_min" "$file_to_check" > $tmp_file
grep "$daemon" "$tmp_file" > $tmp_file1
if [[ -e $tmp_file1 ]];
then
if [[ -s $tmp_file1 ]]; then
mail -s "Something happening on [ $daemon ] for ""$host" tech-c@bakeca.it < $tmp_file1
fi
#remove the tmp_file
rm -f $tmp_file
rm -f $tmp_file1
fi
#removing the semaphore
rm -f $semaphore
fi |
Fabio Laganà Debian, Linux, Shell, bash, mysql bash, daemon.log, Debian, Linux, mysql, scripts
For a beowulf of full fledged Debian systems (local disk, no shared /usr
or anything like that) you'd need to use
prototype-node:
dselect (install and configure everything you want)
dpkg --get-selections > selection.file
second node:
dpkg --set-selections < selection.file
apt-get install dselect-upgrade
[log any questions and answers]
[create an expect script with your responses to any questions]
rest-of-nodes:
dpkg --set-selections < selection.file
expect -c "apt-get install dselect-upgrade" -f expect-script
Fabio Laganà Debian, Linux, Shell, bash cloning
# last filed
zcat access.log.gz |grep 27/Jan/2008 |awk '{ field = $NF }; {print field}' |
# count per Hits
zcat access.log.gz |grep 27/Jan/2008 |awk '{ field = $NF }; {print "Host: " field } ' | sort |uniq -c |
# count per Hits + Totale al fondo
cat nomefile |grep "27/Jan/2008:" |awk ' { field = $NF }; {print "Host: " field }' | sort|uniq -c|sort -nr|awk -v totale=0 '{totale=totale+$1; print ;} END {print "Totale giornaliero: "totale;}' |
Fabio Laganà awk, bash tips&tricks
