deflax/sysadmin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

initial commit

Browse source
This commit is contained in:
deflax 2017-09-15 21:11:31 +03:00
commit d30dd2fc84
25 changed files with 2042 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

250
Oracle Siebel 15.0.txt Normal file
View file

@ -0,0 +1,250 @@
Siebel HOST: SIEBELHOST
- install telnet
- install iis
- install jre-8u71-windows-x64
0. Prepare Siebel Install Image using snic.bat from the zips.
java -jar snic.jar also works
1. Install 64bit Oracle Database 11g.
global database name:SIEBELDB
db administrative pass:SiebelDb1password1
The Database Control URL is https://localhost:1158/em
user: SYS
connect as: SYSDBA
create tablespaces:
size 5GB
SBLDATA
SBLDATA01.DBF
SBLINDX
SBLINDX01.DBF
2. Install 32bit Oracle Database 11g Client
Type: Administrator
Place tnsnames.ora into C:\Oracle\product\11.2.0\client_1\network\admin
tnsnames.ora contents:
SIEBELDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = SIEBELDB)
)
)
3. Create Users (based on oracle grantusr.sql)
cmd.exe
sqlplus sys@siebeldb as sysdba
create role sse_role;
grant create session to sse_role;
create role tblo_role;
grant ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE INDEXTYPE,
CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE SESSION,
CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE TYPE, CREATE VIEW,
CREATE DIMENSION, CREATE MATERIALIZED VIEW, QUERY REWRITE, ON COMMIT REFRESH
to tblo_role;
create user SIEBEL identified by sadmin1password1;
grant tblo_role to SIEBEL;
grant sse_role to SIEBEL;
alter user SIEBEL quota 0 on SYSTEM quota 0 on SYSAUX;
alter user SIEBEL default tablespace SBLDATA;
alter user SIEBEL temporary tablespace temp;
alter user SIEBEL quota unlimited on SBLDATA;
alter user SIEBEL quota unlimited on SBLINDX;
create user SADMIN identified by sadmin1password1;
grant sse_role to SADMIN;
alter user SADMIN default tablespace sbldata;
alter user SADMIN temporary tablespace temp;
alter user SADMIN quota unlimited on SBLDATA;
alter user SADMIN quota unlimited on SBLINDX;
----
4. INSTALL SIEBEL SERVER from Network Image. General Config:
Oracle Home Name: SES_HOME
Location: c:\Siebel\15.0.0.0.0\ses
-gateway name server
-siebel server
-database configuration utilities
Program folder name: Siebel Enterprise Server 15.0.0.0.0
5. SIEBEL ENTERPRISE CONFIGURATION
5.1. Install new gateway name
5.2. Install new enterprise in a gateway name server:
Gateway Name server port: 2320
name server account name: SADMIN
pass: sadmin1password1
enterprise name: SBA_82
Siebel File system: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs
database table owner: SIEBEL
sqlnet connect string: SIEBELDB
user name: SADMIN
pass: sadmin1password1
6. DATABASE SERVER CONFIGURATION
Make desktop shortcut to C:\Windows\SysWOW64\odbcad32.exe
run as admin and get ODBC Data Source Name: SBA_82_DSN
db username: SADMIN
pass: sadmin1password1
db table owner: SIEBEL
pass: sadmin1password1
index tables space name: SBLINDX
table space name: SBLDATA
Wait 3 hours max.
Check Program Files\Oracle\Inventory\logs for errors
7. SIEBEL SERVER CONFIGURATION
gateway login: SADMIN
Enable Open UI -> NO.
Component Groups:
-CallCenter
-Remote
-ORCL
-WorkFlow
-Communications
broker port: 2321
tcp/ip for syncronization manager: 40400
8. SIEBEL ENTERPRISE CONFIGURATION - SWSE Profile
Enterprise Name: SBA_82
Path: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver
HI Employee User: SIEBANON
HI pass: siebanon123
SI contact user: SIEBANON
pass: siebanon123c
token: 615 112 419 907 (spaces are just for readability here)
statistic page: _stats.swe
http port: 8080
https port: 8443
9. POPULATE THE FS DIR:
Copy all files from C:\Siebel\15.0.0.0.0\ses\dbsrvr\FILES
to: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs\att
10. INSTALL SIEBEL WEB SERVER EXTENSION
C:\Siebel_Install_Image\15.0.0.0\Windows\Server\Siebel_Web_Server_Extension\Disk1\install
swse seed: 612 451 241 125 121 (again spaces are for readability)
11. Siebel Web Server Extension Configuration
Load balancing: Single Siebel Server
profile location : C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver
12. Fix Permission
Go to C:\Siebel\15.0.0.0.0\eappweb
Right click properties -> sharing -> advanced sharing.
share this folder.
permissions -> add -> advanced -> find and add:
IUSR
IIS_IUSRS
with full permissions.
13. Setup ISS
cmd.exe ->
iisreset
14. INSTALL WEB CLIENT:
C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Web_Client\Disk1\install
start setup.bat
name: CLIENT_HOME
path: C:\Siebel\15.0.0.0.0\Client
select: developer web client
enable openui: no
db alias: SIEBELDB
owner: SIEBEL
siebel FS: C:\SIEBEL_FS
gateway addr: SIEBELHOST
enterprise: SBA_82
request: SIEBELHOST
15. Install Siebel Tools:
C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Tools\Disk1\install
start setup.bat
home: TOOLS_HOME
c:\Siebel\15.0.0.0.0\Tools
db alias: SIEBELDB
owner: SIEBEL
siebel FS: C:\SIEBEL_FS
gateway addr: SIEBELHOST
enterprise: SBA_82
installation spawns C:\Siebel\15.0.0.0.0\Client\PUBLIC\enu\predeploy.htm
unblock active x on your IE
16. Web Access
login using the start menu shortcuts is:
userid: SADMIN
pass: sadmin1password1
connect to: Server
add http://siebelhost:8080 to trusted sites
(http://siebelhost.crm.example.com:8080/start.swe should also be trusted in my case...)
and in internet tools setup low security profile to start activex controls automatically
17. Setup anon user:
Go to Site map -> Administration User -> Employees
click New and add:
Last Name: SIEBANON
First Name: SIEBANON
User ID: SIEBANON
Position: Siebel Administrator (?)
Ctrl+S to save.
cmd.exe -> sqlplus sys@siebeldb as sysdba
create user SIEBANON identified by siebanon123;
grant sse_role to SIEBANON;
exit
iisreset

1
README.md Normal file
View file

@ -0,0 +1 @@
A collection of files I have used for various tasks.

116
Redundant-BGP.txt Normal file
View file

@ -0,0 +1,116 @@
Redundant BGP with 2 ISPs, VRRP and Bird.
/etc/sysctl.conf:
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.eth1.rp_filter=1
net.ipv4.ip_forward=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1
my as = 2000
as 321 as2000 as 123
ebgp ibgp ebgp
isp2 ------> RT2 <------> RT1 <------ isp1
| .22 .21 |
eth0 . eth1 | eth0
. |
^
vrrp .1
/etc/keepalived/keepalived.conf:
vrrp_instance VI_1 {
state MASTER
#state BACKUP #RT2
interface eth1 #interconnect
virtual_router_id 51
priority 100
#priority 150 #RT2
advert_int 1
authentication {
auth_type PASS
auth_pass <CHANGEME>
}
virtual_ipaddress {
x.x.x.1 dev eth1
}
#notify /script.sh #misc
}
/etc/bird/bird.conf:
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
debug protocols all;
# Router ID
router id x.x.x.21;
#router id x.x.x.22; #RT2
protocol kernel RT1 {
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 0; # Scan kernel routing table every 20 seconds, 0 disables the scanning and only netlink is used to send/receive kernel routes
import all; # Default is import all
export all; # Default is export none
device routes;
graceful restart;
}
protocol device {
scan time 60;
}
protocol static {
route x.x.x.0/24 via x.x.x.1;
}
# Import all directly connected routes. These come in with RTS_DEVICE
protocol direct evrdirect {
interface "*";
export all;
}
filter bgp_out
{
#dont poison the ISPs with anything else except your prefix
if net = x.x.x.0/24 then accept;
else reject;
}
protocol bgp RT1 {
local as 2000;
neighbor x.x.x.22 as 2000; # iBGP peering
#neighbor x.x.x.x.21 as 2000; on RT2
keepalive time 5;
graceful restart;
import all;
export all;
preference 50; # highest preference "wins".
direct;
gateway direct;
}
protocol bgp MAIN {
local as 2000;
neighbor y.y.y.y as 123;
#neighbor z.z.z.z as 321; on RT1
keepalive time 5;
graceful restart;
import all;
export filter bgp_out;
hold time 30;
preference 100;
}

17
Windows Oracle env vars.txt Normal file
View file

@ -0,0 +1,17 @@
some tips i've found in stack overflow. could be useful:
fix symbolic links:
cd c:\windows\system32
mklink /d ora112 c:\Oracle\product\11.2.0\dbhome_1
cd c:\Windows\sysWOW64
mklink /d ora112 c:\Oracle\product\11.2.0\client_1
PATH=C:\windows\System32\ora112\bin;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\
ORACLE_HOME=c:\windows\system32\ora112
Set Registry value HKLM\Software\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to:
C:\Windows\System32\ora112
Set Registry value HKLM\Software\Wow6432Node\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to:
C:\Windows\System32\ora112 (not C:\Windows\SysWOW64\System32\ora112)

138
configs/.tmux.conf Normal file
View file

@ -0,0 +1,138 @@
# afx .tmux.conf 2017
# unbind all does not recover the default binds but we can list them
# and fill the 'gaps' with manual rebind in the conf file using this command:
# tmux -f /dev/null -L temp start-server \; list-keys
unbind-key -a
set-option -g prefix F2 # ctrl+b => F2
#bind-key a send-key M-a # alt+a = alt+a+a
bind-key Left send-key M-Left
bind-key Right send-key M-Right
#set tab names
set-window-option -g automatic-rename on
set-option -g set-titles on
set -g base-index 1 #0 is too far from ` ;)
set -g status-keys vi
set -g history-limit 10000
set -sg escape-time 0 #No delay for escape key press
set -g terminal-overrides "screen.xterm-new" #disable italic in searches
setw -g mode-keys vi
#setw -g mode-mouse off #tmux 1.9
#set-option -g mouse on #tmux 2.1
bind-key r source-file ~/.tmux.conf
bind-key R refresh-client
bind-key : command-prompt
bind-key c new-window
bind-key w list-window
bind-key Space next-layout
bind-key d detach
bind-key t clock-mode
bind-key n command-prompt 'rename-window %%'
bind-key x confirm-before -p "kill-pane #W? (y/n)" kill-pane
bind-key X confirm-before -p "kill-window #W? (y/n)" kill-window
bind-key N command-prompt 'rename-session %%'
bind-key f command-prompt "find-window '%%'"
bind-key i display-message
bind-key l last-window
bind-key w choose-window
bind-key Escape copy-mode -u
bind-key Up copy-mode -u
bind-key | split-window -h
bind-key \ split-window -h
bind-key = split-window -v
bind-key - split-window -v
#bind-key < swap-window -t :-
#bind-key > swap-window -t :+
bind-key 0 select-window -t :0
bind-key 1 select-window -t :1
bind-key 2 select-window -t :2
bind-key 3 select-window -t :3
bind-key 4 select-window -t :4
bind-key 5 select-window -t :5
bind-key 6 select-window -t :6
bind-key 7 select-window -t :7
bind-key 8 select-window -t :8
bind-key 9 select-window -t :9
# pane selection with Ctrl+ArrowKeys
bind -n C-Left select-pane -L
bind -n C-Right select-pane -R
bind -n C-Up select-pane -U
bind -n C-Down select-pane -D
# pane resize with Shift+ArrowKeys
bind -n S-Left resize-pane -L
bind -n S-Right resize-pane -R
bind -n S-Up resize-pane -U
bind -n S-Down resize-pane -D
# switch tabs with Alt+Comma and Alt+Dot
bind -n M-, previous-window
bind -n M-. next-window
# loud or quiet?
set-option -g visual-activity off
set-option -g visual-bell off
set-option -g visual-silence off
set-window-option -g monitor-activity on
set-option -g bell-action none
# THEME
set -g default-terminal "screen-256color"
set -g status-position top
set -g status-left ''
set -g status-utf8 on
# Basic status bar colors
set -g status-fg colour240
set -g status-bg colour233
# Left side of status bar
set -g status-left-bg colour233
set -g status-left-fg colour243
set -g status-left-length 40
set -g status-left "#[fg=colour232,bg=colour39,bold] #S #[fg=colour233,bg=colour240] #(whoami) #[fg=colour240,bg=colour235] #I:#P "
# Right side of status bar
set -g status-right-bg colour233
set -g status-right-fg colour243
set -g status-right-length 150
set -g status-right "#[fg=colour235,bg=colour233]#[fg=colour240,bg=colour235] %H:%M:%S #[fg=colour240,bg=colour235]#[fg=colour233,bg=colour240] %d-%b-%y #[fg=colour245,bg=colour240]#[fg=colour232,bg=colour245,bold] #H "
# Window status
set -g window-status-format " #I:#W#F "
set -g window-status-current-format " #I:#W#F "
# Current window status
set -g window-status-current-bg colour39
set -g window-status-current-fg colour232
# Window with activity status
set -g window-status-activity-bg colour75 # fg and bg are flipped here due to
set -g window-status-activity-fg colour233 # a bug in tmux
# Window separator
set -g window-status-separator ""
# Window status alignment
set -g status-justify centre
# Pane border
set -g pane-border-bg default
set -g pane-border-fg colour238
# Active pane border
set -g pane-active-border-bg default
set -g pane-active-border-fg colour39
# Pane number indicator
set -g display-panes-colour colour233
set -g display-panes-active-colour colour245
# Clock mode
set -g clock-mode-colour colour39
set -g clock-mode-style 24
# Message
set -g message-bg colour39
set -g message-fg black
# Command message
set -g message-command-bg colour233
set -g message-command-fg black
# Mode
set -g mode-bg colour39
set -g mode-fg colour232

50
configs/putty-base16-irblack.reg Normal file
View file

@ -0,0 +1,50 @@
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\Base16-IR Black]
"Colour0"="145,143,136"
"Colour1"="181,179,170"
"Colour2"="0,0,0"
"Colour3"="36,36,34"
"Colour4"="0,0,0"
"Colour5"="217,215,204"
"Colour6"="0,0,0"
"Colour7"="108,108,102"
"Colour8"="255,108,96"
"Colour9"="233,192,98"
"Colour10"="168,255,96"
"Colour11"="36,36,34"
"Colour12"="255,255,182"
"Colour13"="72,72,68"
"Colour14"="150,203,254"
"Colour15"="145,143,136"
"Colour16"="255,115,253"
"Colour17"="217,215,204"
"Colour18"="198,197,254"
"Colour19"="177,138,61"
"Colour20"="181,179,170"
"Colour21"="253,251,238"

44
plesk-wordpress-web.config.txt Normal file
View file

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors>
<remove statusCode="502" subStatusCode="-1" />
<remove statusCode="501" subStatusCode="-1" />
<remove statusCode="500" subStatusCode="-1" />
<remove statusCode="412" subStatusCode="-1" />
<remove statusCode="406" subStatusCode="-1" />
<remove statusCode="405" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<remove statusCode="403" subStatusCode="-1" />
<remove statusCode="401" subStatusCode="-1" />
<error statusCode="400" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\bad_request.html" />
<error statusCode="407" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\proxy_authentication_required.html" />
<error statusCode="414" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\request-uri_too_long.html" />
<error statusCode="415" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\unsupported_media_type.html" />
<error statusCode="503" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\maintenance.html" />
<error statusCode="401" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\unauthorized.html" />
<error statusCode="403" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\forbidden.html" />
<error statusCode="404" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_found.html" />
<error statusCode="405" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\method_not_allowed.html" />
<error statusCode="406" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_acceptable.html" />
<error statusCode="412" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\precondition_failed.html" />
<error statusCode="500" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\internal_server_error.html" />
<error statusCode="501" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_implemented.html" />
<error statusCode="502" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\bad_gateway.html" />
</httpErrors>
<rewrite>
<rules>
<rule name="Main Rule" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

116
scripts/aclset.sh Normal file
View file

@ -0,0 +1,116 @@
#!/bin/bash
# afx acl setup
### vars
watchdir="/srv/test"
domainadmin="afx"
password="CHANGEME"
###
#init
controlfile="control.txt"
passfile="password.txt"
aclset="";
acldel="";
old_IFS=$IFS # save the field separator
IFS=$'\n' # new field separator, the end of line
exec > /tmp/afxacl.log 2>&1
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.1.tmp
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.1.tmp
updatedb --database-root=$watchdir --output /tmp/afxacl.db -l 0
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.2.tmp
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.2.tmp
setlist=`diff /tmp/afxacl.set.1.tmp /tmp/afxacl.set.2.tmp`
aclset=`echo "$setlist" | grep '>'`
dellist=`diff /tmp/afxacl.del.1.tmp /tmp/afxacl.del.2.tmp`
acldel=`echo "$dellist" | grep '>'`
#del
if [ -n "$acldel" ]
then
while read dline;
do
curcontroldel=`echo "$dline" | cut -c 3-`;
echo "unlocking $curcontroldel"
ccut=`expr ${#passfile} + 1`
cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev`
echo ""
if [ -d "$cdir" ];
then
if grep -q $password "$curcontroldel";
then
echo "password accepted"
chattr -i "$cdir/$controlfile"
rm "$cdir/$controlfile"
setfacl -R --remove-all "$cdir"
chmod 770 "$cdir"
echo ""
echo "current permissions:"
getfacl "$cdir"
rm "$curcontroldel"
else
echo "invalid password!"
rm "$curcontroldel"
fi
else
echo "warning: whole dir was deleted"
fi
echo ""
echo ""
done < <(echo "$acldel")
fi
# set
if [ -n "$aclset" ]
then
while read cline;
do
curcontrolset=`echo "$cline" | cut -c 3-`;
echo "setting up acl from $curcontrolset"
ccuser=`stat -c "%U" "$curcontrolset"`
if [ "$ccuser" != "$domainadmin" ];
then
echo "$ccuser is not a valid admin!"
rm $curcontrolset
continue;
fi
echo ""
ccut=`expr ${#controlfile} + 1`
cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev`
chmod 700 "$cdir"
for uline in $(cat "$curcontrolset")
do
echo "add user $uline ..."
setfacl -R -n -m u:$uline:rwx "$cdir"
done
echo "add admin $domainadmin ..."
setfacl -R -n -m u:$domainadmin:rwx "$cdir"
setfacl -R -n -m m::rwx "$cdir"
chattr +i "$curcontrolset"
echo ""
echo "current permissions:"
getfacl "$cdir"
echo ""
echo ""
done < <(echo "$aclset")
fi
IFS=$old_IFS # restore default field separator
if [ -s /tmp/afxacl.log ];
then
mutt -s "setacl.sh notice" mailbox@server.com < /tmp/afxacl.log
fi
#cleantmp
rm /tmp/afxacl.set*
rm /tmp/afxacl.del*

33
scripts/arduino.py Normal file
View file

@ -0,0 +1,33 @@
#!/usr/bin/env python
""" arduino reader by afx """
import time, serial
from sys import argv
def query_arduino():
global serial
serial = serial.Serial('/dev/ttyACM0', 9600)
serial.write('1')
query = serial.readline().strip('\r\n').split()
fo = open('/etc/scripts/.arduino.db', 'wb')
fo.write(','.join(query))
fo.close()
def print_arduino(pmode):
fr = open('/etc/scripts/.arduino.db', 'r+')
rquery = fr.read(100);
print(rquery.split(',')[pmode])
fr.close()
if __name__ == "__main__":
mode = argv
if mode[1] == 'temp':
print_arduino(0)
elif mode[1] == 'humid':
print_arduino(1)
elif mode[1] == 'query':
query_arduino()
else:
print('Usage: script.py [temp] [humid]')

76
scripts/blackhole.py Normal file
View file

@ -0,0 +1,76 @@
#!/usr/bin/python3
# simple ip blackhole list :)
# afx Nov 2016
#
# requires Pygtail
# should be installed to iptables filtered machine with DROP and LOG policy
# the idea is that any traffic coming to this serviceless machine can be assumed
# as bad and then listed for further processing
from pygtail import Pygtail
import sys
import signal
import re
import time
import json
kernlog = '/var/log/kern.log'
dbfile = '/var/www/html/blacklist.txt'
#add whitelisted ips here:
whitelist = [ '1.2.3.4',
'5.6.7.8' ]
######
def signal_handler(signal, frame):
print('You\'ve pressed Ctrl+C. Listing stats and exiting...')
print('')
print(json.dumps(stats))
sys.exit(0)
signal.signal(signal.SIGINT, signal_handler)
print('.o.oOo.o. blackhole.py by afx .o.oOo.o.')
print('^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^')
print('Whitelist: {}'.format(whitelist))
blacklist = []
stats = {}
try:
blackfile = open(dbfile, 'r')
for item in blackfile:
blacklist.append(item.strip())
blackfile.close()
print('Blacklist: {}'.format(blacklist))
except Exception as e:
print(e)
print('Blacklist empty.')
print('')
while True:
time.sleep(1)
for line in Pygtail(kernlog):
query = re.findall( r'SRC=[0-9]+(?:\.[0-9]+){3}', line )
newip = query[0][4:]
if newip in whitelist:
print('{} whitelisted'.format(newip))
continue
elif newip in blacklist:
try:
oldcounter = stats[newip]
except:
oldcounter = 0
counter = oldcounter + 1
stats.update({ newip: counter })
print('{} -> {}'.format(newip, str(stats[newip])))
else:
print('{} blackholed'.format(newip))
blacklist.append(newip)
blackfile = open(dbfile, 'w')
for item in blacklist:
blackfile.write("%s\n" % item)
blackfile.close()
#EOF

29
scripts/clean-maildir.sh Normal file
View file

@ -0,0 +1,29 @@
#!/bin/sh
# Time to wait before removing mails from the Junk folder (Default: 7 days) Set 0 to turn off.
junk_max_hours=$((24*2))
# Time to wait before removing mails from the Trash folder (Default: 30 days) Set 0 to turn off.
trash_max_hours=$((24*10))
for domain in /var/vmail/*
do
if [ -d "$domain" ]
then
for user in $domain/*
do
if [ "$junk_max_hours" -gt "0" ]
then
if [ -d "$user/Maildir/.Junk" ]
then
tmpreaper -m $junk_max_hours $user/Maildir/.Junk/{cur,new}
fi
fi
if [ "$trash_max_hours" -gt "0" ]
then
if [ -d "$user/Maildir/.Trash" ]
then
tmpreaper -m $trash_max_hours $user/Maildir/.Trash/{cur,new}
fi
fi
done
fi
done

49
scripts/cronic.sh Normal file
View file

@ -0,0 +1,49 @@
#!/bin/bash
# Cronic v2 - cron job report wrapper
# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever.
# Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/
set -eu
OUT=/tmp/cronic.out.$$
ERR=/tmp/cronic.err.$$
TRACE=/tmp/cronic.trace.$$
set +e
"$@" >$OUT 2>$TRACE
RESULT=$?
set -e
PATTERN="^${PS4:0:1}\\+${PS4:1}"
if grep -aq "$PATTERN" $TRACE
then
! grep -av "$PATTERN" $TRACE > $ERR
else
ERR=$TRACE
fi
if [ $RESULT -ne 0 -o -s "$ERR" ]
then
echo "Cronic detected failure or error output for the command:"
echo "$@"
echo
echo "RESULT CODE: $RESULT"
echo
echo "ERROR OUTPUT:"
cat "$ERR"
echo
echo "STANDARD OUTPUT:"
cat "$OUT"
if [ $TRACE != $ERR ]
then
echo
echo "TRACE-ERROR OUTPUT:"
cat "$TRACE"
fi
fi
rm -f "$OUT"
rm -f "$ERR"
rm -f "$TRACE"

333
scripts/iptables-vlan.sh Normal file
View file

@ -0,0 +1,333 @@
#!/bin/bash
SYSCTL="/sbin/sysctl -w"
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
# Internet Interface
INET_IFACE="eth1"
INET_IP="1.2.3.4"
INET_ADMIN="2.3.4.5"
VPN_IFACE="tun+"
VPN_IP="10.8.0.1"
VPN_NET="10.8.0.0/8"
VPN_BCAST="10.255.255.255"
# Local Interface Information
LOCAL_IFACE="eth0"
LOCAL_IP="192.168.5.1"
LOCAL_NET="192.168.5.0/24"
LOCAL_BCAST="192.168.5.255"
EVOIP_IFACE="vlan1234"
EVOIP_IP="10.20.5.50"
EVOIP_NET="10.20.5.48/29"
EVOIP_BCAST="10.20.5.55"
VIDEO_IFACE="vlan1015"
VIDEO_IP="192.168.15.1"
VIDEO_NET="192.168.15.0/24"
VIDEO_BCAST="192.168.15.255"
VOIP_IFACE="vlan1016"
VOIP_IP="192.168.16.1"
VOIP_NET="192.168.16.0/24"
VOIP_BCAST="192.168.16.255"
WIFI_IFACE="vlan1017"
WIFI_IP="192.168.17.1"
WIFI_NET="192.168.17.0/24"
WIFI_BCAST="192.168.17.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
# Save and Restore arguments handled here
if [ "$1" = "save" ]
then
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
$IPTS > /etc/scripts/iptables
echo "done"
exit 0
elif [ "$1" = "restore" ]
then
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
$IPTR < /etc/scripts/iptables
echo "done"
exit 0
fi
echo "Loading kernel modules ..."
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_mark
#/sbin/modprobe ipt_tcpmss
/sbin/modprobe multiport
/sbin/modprobe ipt_state
#/sbin/modprobe ipt_unclean
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
else
$SYSCTL net.ipv4.ip_forward="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
$SYSCTL net.ipv4.tcp_syncookies="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
$SYSCTL net.ipv4.conf.all.rp_filter="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
else
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
else
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
else
$SYSCTL net.ipv4.conf.all.log_martians="1"
fi
###############################################################################
echo "Flushing Tables ..."
# Reset Default Policies
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
if [ "$1" = "stop" ]
then
echo "Firewall completely flushed! Now running with no firewall."
exit 0
fi
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
###############################################################################
#$IPT -N bad_packets
#$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
#$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
#$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
$IPT -A bad_packets -p tcp -j bad_tcp_packets
$IPT -A bad_packets -p ALL -j RETURN
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
#$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A bad_tcp_packets -p tcp -j RETURN
#$IPT -A icmp_packets --fragment -p ICMP -j LOG --log-prefix "fp=icmp_packets:1 a=DROP "
$IPT -A icmp_packets --fragment -p ICMP -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPT -A icmp_packets -p ICMP -j RETURN
#$IPT -A icmp_packets -p ICMP -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT
$IPT -A udp_inbound -m state --state NEW -p UDP -s 0/0 --destination-port 1194 -j ACCEPT #vpn
$IPT -A udp_inbound -p UDP -j RETURN
$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 2222 -j ACCEPT #ssh
$IPT -A tcp_inbound -p TCP -j RETURN
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
###############################################################################
echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
#$IPT -A INPUT -p ALL -j bad_packets
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $WIFI_IFACE -d $WIFI_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $VIDEO_IFACE -d $VIDEO_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $VOIP_IFACE -d $VOIP_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $VPN_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -i $EVOIP_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
#$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
#$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
###############################################################################
echo "Process FORWARD chain ..."
#$IPT -A FORWARD -p ALL -j bad_packets
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
#forward VIDEO vlan1015 to internet but not to the local network!
###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j DROP
$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j ACCEPT
$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT
#forward VOIP vlan1016 to internet but not to the local network!
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j DROP
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT
#forward WIFI vlan1017 to internet but not to the local network!
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j DROP
#wifi to DVR allowed:
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.2 -j ACCEPT
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.1 -j ACCEPT
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VIDEO_NET -j DROP
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j DROP
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT
#forward VPN
$IPT -A FORWARD -p ALL -i $VPN_IFACE -s $VPN_NET -j ACCEPT
#$IPT -A FORWARD -i $VPN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $EVOIP_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
###############################################################################
echo "Process OUTPUT chain ..."
$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $VIDEO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $VIDEO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $WIFI_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $WIFI_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $VOIP_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $VOIP_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $VPN_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $EVOIP_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
###############################################################################
echo "Load rules for nat table ..."
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $EVOIP_IFACE -j MASQUERADE
$IPT -t nat -A POSTROUTING -s $VPN_NET -o $INET_IFACE -j MASQUERADE #vpn
###
echo "Loading extra rules ..."
#VOIP
$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 5060 -j ACCEPT
$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 5060 -j DNAT --to 192.168.16.2:5060
$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 10000:20000 -j ACCEPT
$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 10000:20000 -j DNAT --to 192.168.16.2:10000-20000
#NVR
$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 8001 -j ACCEPT
$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 8001 -j DNAT --to 192.168.15.251:8001
$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 8001 -j DNAT --to 192.168.15.251:8001
$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 8001 -j SNAT --to $INET_IP
#substream
$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 554 -j ACCEPT
$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 554 -j DNAT --to 192.168.15.251:554
$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 554 -j DNAT --to 192.168.15.250:554
$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 554 -j SNAT --to $INET_IP

267
scripts/iptables.sh Normal file
View file

@ -0,0 +1,267 @@
#!/bin/bash
### iptables.sh for ipv4
SYSCTL="/sbin/sysctl -w"
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
# Internet Interface
INET_IFACE="pub"
#INET_IFACE2="pub2"
INET_ADMIN="1.2.3.4"
INET_ORB="2.3.4.5"
# Local Interface Information
LOCAL_IFACE="dmz"
LOCAL_IP="192.168.0.5"
LOCAL_NET="192.168.0.0/24"
LOCAL_BCAST="192.168.0.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
# Save and Restore arguments handled here
if [ "$1" = "save" ]
then
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
$IPTS > /etc/scripts/iptables
echo "done"
exit 0
elif [ "$1" = "restore" ]
then
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
$IPTR < /etc/scripts/iptables
echo "done"
exit 0
fi
echo "Loading kernel modules ..."
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
# /sbin/modprobe iptable_filter
# /sbin/modprobe iptable_mangle
# /sbin/modprobe iptable_nat
# /sbin/modprobe ipt_LOG
# /sbin/modprobe ipt_limit
# /sbin/modprobe ipt_MASQUERADE
# /sbin/modprobe ipt_owner
# /sbin/modprobe ipt_REJECT
# /sbin/modprobe ipt_mark
# /sbin/modprobe ipt_tcpmss
# /sbin/modprobe multiport
# /sbin/modprobe ipt_state
# /sbin/modprobe ipt_unclean
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
else
$SYSCTL net.ipv4.ip_forward="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
$SYSCTL net.ipv4.tcp_syncookies="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
$SYSCTL net.ipv4.conf.all.rp_filter="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
else
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
else
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
fi
#if [ "$SYSCTL" = "" ]
#then
# echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
#else
# $SYSCTL net.ipv4.conf.all.log_martians="1"
#fi
###############################################################################
echo "Flushing Tables ..."
# Reset Default Policies
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
if [ "$1" = "stop" ]
then
echo "Firewall completely flushed! Now running with no firewall."
exit 0
fi
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
###############################################################################
$IPT -N bad_packets
$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
$IPT -A bad_packets -p tcp -j bad_tcp_packets
$IPT -A bad_packets -p ALL -j RETURN
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A bad_tcp_packets -p tcp -j RETURN
### ICMP
#$IPT -A icmp_packets --fragment -p ICMP -j LOG \
# --log-prefix "fp=icmp_packets:1 a=DROP "
#$IPT -A icmp_packets --fragment -p ICMP -j DROP
#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#$IPT -A icmp_packets -p ICMP -j RETURN
$IPT -A icmp_packets -p ICMP -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 53 -j ACCEPT
$IPT -A udp_inbound -p UDP -j RETURN
$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10000 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10001 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 22 -j ACCEPT
$IPT -A tcp_inbound -p TCP -j RETURN
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
###############################################################################
echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
#$IPT -A INPUT -p TCP -i $INET_IFACE2 -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
###############################################################################
echo "Process FORWARD chain ..."
$IPT -A FORWARD -p ALL -j bad_packets
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
###############################################################################
echo "Process OUTPUT chain ..."
#$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
#$IPT -A OUTPUT -p ALL -o $INET_IFACE2 -j ACCEPT
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
###############################################################################
echo "Load rules for nat table ..."
### MASQUERADE
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
###
###
###
echo "Loading additiona rules ..."
### VPN
#$IPT -I INPUT -i tun+ -j ACCEPT
#$IPT -I OUTPUT -o tun+ -j ACCEPT

127
scripts/mpd-playlists.sh Normal file
View file

@ -0,0 +1,127 @@
#!/bin/bash
#
# kozunak.sh - kozunak.org radio sheduler by afx
# Usage: kozunak.sh <subdir>
#SETTINGS
radiodir="/srv/sftp/radio" #location of the music parent dir
mpdconf="/usr/local/etc/musicpd.conf" #location of mpd.conf
alwaysrestart=0 #debug purpouses
################################################
#BOOT
prefix="kozunak.sh: [`date "+%H:%M"`]"
if [ ! -d $radiodir/$1 ] || [ "$1" == "" ] ; then
echo "$prefix no such playlist $1"
exit
fi
if [ ! -x $mpdconf ] ; then
echo "cant find musicpd.conf!"
exit
fi
hour=`date +%H`
if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then
echo "$prefix server restart"
musicpd --kill
sleep 2
rm -f /var/run/mpd/database
#mpd --create-db $mpdconf
musicpd $mpdconf
fi
#FIX
IFS='
'
for i in 1 2
do
#SCAN FILES
find "$radiodir/$1/" -depth 1 -name "*.flac" | while read flac ; do
tmp1flac_a=`metaflac --show-tag=Artist "$flac"`
tmp2flac_a=${tmp1flac_a:7}
tmp1flac_n=`metaflac --show-tag=Title "$flac"`
tmp2flac_n=${tmp1flac_n:6}
baseflac=$(basename "$flac")
dirflac=$(dirname "$flac")
newflac=$(echo "$tmp2flac_a - $tmp2flac_n.flac" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n')
if [ "$tmp2flac_a" == "" ] || [ "$tmp2flac_n" == "" ] ; then
if [ "${baseflac:0:2}" == "__" ] ; then
newflac=$(echo "$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
else
newflac=$(echo "__$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
fi
fi
if [ "$baseflac" != "$newflac" ] ; then
echo "$prefix found $baseflac -> $newflac"
mv "$flac" "$dirflac/$newflac"
fi
done
find "$radiodir/$1/" -depth 1 -name "*.mp3" | while read mp3 ; do
tmpmp3_a=`id3info "$mp3" | grep -i '^=== TPE1 ' | sed 's/^=== TPE1.*: //'`
if [ "$tmpmp3_a" == "" ] ; then
tmpmp3_a=`id3v2 -l "$mp3" | grep -i '^TP1 ' | sed 's/^TP1.*: //'`
fi
tmpmp3_n=`id3info "$mp3" | grep -i '^=== TIT2 ' | sed 's/^=== TIT2.*: //'`
if [ "$tmpmp3_n" == "" ] ; then
tmpmp3_n=`id3v2 -l "$mp3" | grep -i '^TT2 ' | sed 's/^TT2.*: //'`
fi
basemp3=$(basename "$mp3")
dirmp3=$(dirname "$mp3")
newmp3=$(echo "$tmpmp3_a - $tmpmp3_n.mp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n')
if [ "$tmpmp3_a" == "" ] || [ "$tmpmp3_n" == "" ] ; then
if [ "${basemp3:0:2}" == "__" ] ; then
newmp3=$(echo "$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
else
newmp3=$(echo "__$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
fi
fi
if [ "$basemp3" != "$newmp3" ] ; then
echo "$prefix found $basemp3 -> $newmp3"
mv "$mp3" "$dirmp3/$newmp3"
fi
done
done
unset IFS
#INIT MPD
musicdir=`awk '/^music_directory/ {print $2}' $mpdconf | cut -d '"' -f2`
crnt=`mpc -f %file% | head -n 1`
find $musicdir/* -not -name "$crnt" -exec rm {} +
mpc --no-status crop
#IMPORT IN MPD
count=0
find "$radiodir/$1/" -depth 1 -name "*" > /tmp/kozunak.temp
while read fle ; do
bsfile=$(basename "$fle")
if [ "$bsfile" = "$crnt" ] ; then
continue
fi
ln -s "$fle" "$musicdir/$bsfile"
chown nobody:ftpsrv "$musicdir/$bsfile"
chmod g+w "$musicdir/$bsfile"
let "count+=1"
done < /tmp/kozunak.temp
mpc --no-status --wait update
sleep 20
mpc ls | mpc add
mpc --no-status random on
mpc --no-status repeat on
if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then
mpc --no-status play
else
mpc --no-status next
mpc --no-status next
sleep 2
mpc --no-status del 1
rm "$musicdir/$crnt"
fi
#CHANGE BACKGROUND
#rnd=`/root/scripts/devrandom 1 4`
#ln -fs /usr/local/www/nginx/purple$rnd.jpg /usr/local/www/nginx/purple.jpg

25
scripts/mssqldump.bat Normal file
View file

@ -0,0 +1,25 @@
@ECHO ON
SETLOCAL
del c:\sqlbackup\*.bak
REM Get date in format YYYY-MM-DD (assumes the locale is the United States)
FOR /F "tokens=1,2,3,4 delims=/ " %%A IN ('Date /T') DO SET NowDate=%%D-%%B-%%C
REM Build a list of databases to backup
SET DBList=%SystemDrive%SQLDBList.txt
SqlCmd -E -S DBHOSTNAME -h-1 -W -Q "SET NoCount ON; SELECT Name FROM master.dbo.sysDatabases WHERE [Name] NOT IN ('master','model','msdb','tempdb')" > "%DBList%"
REM Backup each database, prepending the date to the filename
FOR /F "tokens=*" %%I IN (%DBList%) DO (
ECHO Backing up database: %%I
SqlCmd -E -S DBHOSTNAME -Q "BACKUP DATABASE [%%I] TO Disk='C:\sqlbackup\%NowDate%_%%I.bak'"
ECHO.
)
#pause
REM Clean up the temp file
IF EXIST "%DBList%" DEL /F /Q "%DBList%"
ENDLOCAL

3
scripts/rdb.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
rdiff-backup --print-statistics --exclude /proc --exclude /mnt --exclude /media --exclude /sys --exclude /dev $@

78
scripts/rec-tape.sh Normal file
View file

@ -0,0 +1,78 @@
#!/bin/bash
# afx tape backup from proxmox dumps
TAPE=/dev/nst0
SOURCE=(
"/srv/proxmox/1/dump"
"/srv/proxmox/2/dump"
)
###
human_print(){
while read B dummy; do
[ $B -lt 1024 ] && echo ${B} B && break
KB=$(((B+512)/1024))
[ $KB -lt 1024 ] && echo ${KB} KB && break
MB=$(((KB+512)/1024))
[ $MB -lt 1024 ] && echo ${MB} MB && break
GB=$(((MB+512)/1024))
[ $GB -lt 1024 ] && echo ${GB} GB && break
echo $(((GB+512)/1024)) TB
done
}
echo "--- tape backup by afx ---"
rm /tmp/reclist.txt 2> /dev/null
#mt -f $TAPE defcompression 1
for srcpath in "${SOURCE[@]}"
do
vmids=()
if [ "$(ls -A $srcpath)" ]; then
echo "[ok] $srcpath"
cd $srcpath
else
echo "[skip] $srcpath"
echo ""
continue
fi
vmids+=`ls -1d *.vma.lzo 2> /dev/null | cut -d "-" -f3 | sort | uniq`
vmids+=`ls -1d *.vma.gz 2> /dev/null | cut -d "-" -f3 | sort | uniq`
for vmid in $vmids
do
last=`ls -1rt $srcpath | grep -E ".lzo$|.gz$" | grep -E "vzdump.*-$vmid-" | tail -1`
size=`stat -c %s $last | human_print`
echo "VM $vmid last backup is $last ($size)"
echo "$srcpath/$last" >> /tmp/reclist.txt
done
echo ""
done
cat /tmp/reclist.txt | while read file
do
du "$file"
done | awk '{i+=$1} END {print "Total bytes: " i / 1048576 " GB"}'
read -r -p "Do you want record this list? [y/N] " response
if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]
then
echo "[`date +'%Y-%m-%d %T'`]: << REWIND"
mt -f $TAPE rewind
echo "[`date +'%Y-%m-%d %T'`]: () REC"
#tar -cvf - -T /tmp/reclist.txt | dd of=$TAPE bs=2M
#blocksize 256k (lto-4 default) -b n*512
tar -b 512 -cvf $TAPE -T /tmp/reclist.txt
echo ""
echo "[`date +'%Y-%m-%d %T'`]: [] STOP"
echo "file list" > /root/tape-`date +'%Y-%m-%d'`.log
echo "---" >> /root/tape-`date +'%Y-%m-%d'`.log
cat /tmp/reclist.txt >> /root/tape-`date +'%Y-%m-%d'`.log
read -n 1 -s -p "Press any key to display smart & tape info and quit..."
smartctl -a $TAPE
tapeinfo -f $TAPE
fi
echo "Bye."

81
scripts/rsync-weekly.sh Normal file
View file

@ -0,0 +1,81 @@
#!/bin/bash [40/1057]
#find the full backups and rsync them to remote host
SOURCE=(
"/srv/nfs-backup/host1/dump"
"/srv/nfs-backup/host2/dump"
)
HOST=1.2.3.4
ENCSRC="/srv/nfs-backup/latest-hardlink"
ENCTARGET="/tmp/latest-encfs"
ENCCONFIG="/etc/scripts/.encfs6.xml"
ENCPASS=my_strong_password
###
human_print(){
while read B dummy; do
[ $B -lt 1024 ] && echo ${B} B && break
KB=$(((B+512)/1024))
[ $KB -lt 1024 ] && echo ${KB} KB && break
MB=$(((KB+512)/1024))
[ $MB -lt 1024 ] && echo ${MB} MB && break
GB=$(((MB+512)/1024))
[ $GB -lt 1024 ] && echo ${GB} GB && break
echo $(((GB+512)/1024)) TB
done
}
rm /tmp/reclist.txt 2> /dev/null
mkdir $ENCSRC
mkdir $ENCTARGET
for srcpath in "${SOURCE[@]}"
do
vmids=()
if [ "$(ls -A $srcpath)" ]; then
echo "[ok] $srcpath"
cd $srcpath
else
echo "[skip] $srcpath"
echo ""
continue
fi
host=`echo $srcpath | rev | cut -d'/' -f 2 | rev`
mkdir "$ENCSRC/$host"
vmids+=`ls -1d *.vma.lzo 2> /dev/null | cut -d "-" -f3 | sort | uniq`
vmids+=`ls -1d *.vma.gz 2> /dev/null | cut -d "-" -f3 | sort | uniq`
for vmid in $vmids
do
last=`ls -1rt $srcpath | grep -E ".lzo$|.gz$" | grep -E "vzdump.*-$vmid-" | tail -1`
size=`stat -c %s $last | human_print`
echo "VM $vmid last backup is $last ($size)"
ln $srcpath/$last $ENCSRC/$host/
echo "$srcpath/$last" >> /tmp/reclist.txt
done
echo ""
done
cat /tmp/reclist.txt | while read file
do
du "$file"
done | awk '{i+=$1} END {print "Total bytes: " i / 1048576 " GB"}'
#reverse encfs
echo $ENCPASS | ENCFS6_CONFIG=$ENCCONFIG encfs --reverse --idle=60 -o ro --stdinpass $ENCSRC $ENCTARGET
#sync
#rsync -vap -e 'ssh -p 2222' --files-from=/tmp/reclist.txt / backup@$HOST:/srv/backup
rsync -vap --copy-links -e 'ssh -p 2222' $ENCTARGET/ backup@$HOST:/srv/backup/weekly-encfs
rsync -vap -e 'ssh -p 2222' $ENCCONFIG backup@$HOST:/srv/backup/weekly-encfs/.encfs6.xml
#cleanup
fusermount -u $ENCTARGET
rmdir $ENCTARGET
rm -fr $ENCSRC

24
scripts/thinkpad_cooldown.sh Normal file
View file

@ -0,0 +1,24 @@
#!/bin/bash
# install:
# echo "options thinkpad_acpi fan_control=1" >> /etc/modprobe.d/thinkpad_acpi.conf
echo "-- ] thinkpad cooldown swtich [ --"
echo ""
echo ""
while true; do
echo level disengaged > /proc/acpi/ibm/fan
echo
echo "> max speed"
echo "Press key to return to switch mode..."
read -n 1
echo level auto > /proc/acpi/ibm/fan
echo
echo "> auto"
echo "Press key to return to switch mode..."
read -n 1
done

125
squid-with-clam-and-qlproxy-test.conf Normal file
View file

@ -0,0 +1,125 @@
# squid.conf by afx
#ports
http_port 192.168.10.1:3128 intercept
https_port 192.168.10.1:3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/opt/quintolabs/qlproxy/afx.pem capath=/etc/ssl/certs
http_port 192.168.10.1:8080
#generic
visible_hostname proxy.deflax.net
icp_port 0
dns_v4_first on
pid_filename /var/run/squid.pid
#cache_effective_user proxy
#cache_effective_group proxy
error_default_language bg
coredump_dir /var/spool/squid
icon_directory /usr/share/squid/icons
cache_mgr admin@fqdn.com
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pinger_enable on
pinger_program /usr/lib/squid/pinger
netdb_filename /var/log/squid/netdb.state
sslcrtd_program /bin/ssl_crtd -s /var/spool/squid_ssldb -M 4MB -b 2048
sslcrtd_children 25
sslproxy_capath /etc/ssl/certs
#timeouts
peer_connect_timeout 2 minutes
persistent_request_timeout 2 minutes
#logfile_rotate 0
#debug_options rotate=0
#acl
acl localnet src 192.168.10.0/24 # RFC1918 possible internal network
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535
acl sslports port 443 563
acl purge method PURGE
acl connect method CONNECT
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.10.0/24
acl dynamic urlpath_regex cgi-bin \?
#ssl
always_direct allow all
#acl broken_ip dst "/etc/squid/ip_whitelist.acl"
acl broken_sites dstdomain "/etc/squid/ssl_whitelist.acl"
#ssl_bump none localhost
ssl_bump none broken_sites
#ssl_bump none broken_ip
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all
uri_whitespace strip
#cache settings
cache_dir ufs /var/spool/squid/cache/squid 14000 16 256
#cache deny dynamic
cache deny all
cache_mem 8 MB
maximum_object_size_in_memory 1024 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 10 KB
offline_mode off
memory_pools off
#httpaccess
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Facebook Like Button Denial
#acl facebook dstdomain .facebook.com
#acl facebook_like urlpath_regex -i ^\/plugins\/like\.php
#deny_info error-facebook-like facebook_like
#http_access deny facebook facebook_like
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc
icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Client-Username
icap_service qlproxy1 reqmod_precache bypass=1 icap://127.0.0.1:1344/reqmod
icap_service qlproxy2 respmod_precache bypass=1 icap://127.0.0.1:1344/respmod
icap_service squidclamav1 reqmod_precache bypass=1 icap://127.0.0.1:1345/squidclamav
icap_service squidclamav2 respmod_precache bypass=1 icap://127.0.0.1:1345/squidclamav
#acl qlproxy_icap_edomains dstdomain "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_domains.conf"
#acl qlproxy_icap_etypes rep_mime_type "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_contenttypes.conf"
adaptation_service_chain svcRequest qlproxy1 squidclamav1
adaptation_service_chain svcResponse qlproxy2 squidclamav2
adaptation_access svcRequest allow all
adaptation_access svcResponse allow all
#no clamav
#adaptation_access svcRequest deny qlproxy_icap_edomains
#adaptation_access svcResponse deny qlproxy_icap_edomains
#adaptation_access svcResponse deny qlproxy_icap_etypes
#adaptation_access qlproxy1 allow all
#adaptation_access qlproxy2 allow all
http_access allow allowed_subnets
http_access allow localhost
http_access deny allsrc

3
thinkfan/cputemp.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
cat /sys/devices/virtual/hwmon/hwmon1/temp1_input | head -c2

3
thinkfan/fanspeed.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
cat /proc/acpi/ibm/fan | grep ^speed | cut -d ':' -f 2 | sed -e 's/[[:space:]]*//'

11
thinkfan/thinkfan.conf Normal file
View file

@ -0,0 +1,11 @@
hwmon /sys/devices/virtual/hwmon/hwmon1/temp1_input
tp_fan /proc/acpi/ibm/fan
(0, 0, 25)
(2, 20, 30)
(3, 25, 31)
(4, 30, 36)
(5, 35, 41)
(6, 40, 47)
(7, 46, 53)
(126, 50, 32767)

43
thinkfan/ubuntu-debian-HOWTO.txt Normal file
View file

@ -0,0 +1,43 @@
#/etc/thinkfan.conf:
hwmon /sys/devices/virtual/hwmon/hwmon0/temp1_input
tp_fan /proc/acpi/ibm/fan
(0, 0, 25)
(1, 20, 30)
(2, 25, 31)
(3, 30, 36)
(4, 35, 41)
(5, 40, 47)
(6, 46, 50)
(7, 49, 56)
(126, 55, 32767)
#/etc/systemd/system/thinkfan.service
[Unit]
Description=simple and lightweight fan control program
After=syslog.target
[Service]
Type=forking
ExecStart=/usr/local/sbin/thinkfan
PIDFile=/var/run/thinkfan.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
#INSTALL (as root)
echo "options thinkpad_acpi fan_control=1" >> /etc/modprobe.d/thinkpad.conf
reboot
apt install lm-sensors cmake-curses-gui libyaml-cpp-dev libboost-all-dev
wget https://github.com/vmatare/thinkfan/archive/0.9.3.tar.gz
tar xzvf 0.9.3.tar.gz
cd thinkfan-0.9.3
mkdir build; cd build
cmake -D CMAKE_BUILD_TYPE:STRING=Debug ..
make
cp thinkfan /usr/local/sbin
sudo systemctl enable thinkfan.service
sudo systemctl start thinkfan.service