From d30dd2fc84bd7d0505725ecfdc6380f5457bef49 Mon Sep 17 00:00:00 2001 From: deflax Date: Fri, 15 Sep 2017 21:11:31 +0300 Subject: [PATCH] initial commit --- Oracle Siebel 15.0.txt | 250 +++++++++++++++++++ README.md | 1 + Redundant-BGP.txt | 116 +++++++++ Windows Oracle env vars.txt | 17 ++ configs/.tmux.conf | 138 +++++++++++ configs/putty-base16-irblack.reg | 50 ++++ plesk-wordpress-web.config.txt | 44 ++++ scripts/aclset.sh | 116 +++++++++ scripts/arduino.py | 33 +++ scripts/blackhole.py | 76 ++++++ scripts/clean-maildir.sh | 29 +++ scripts/cronic.sh | 49 ++++ scripts/iptables-vlan.sh | 333 ++++++++++++++++++++++++++ scripts/iptables.sh | 267 +++++++++++++++++++++ scripts/mpd-playlists.sh | 127 ++++++++++ scripts/mssqldump.bat | 25 ++ scripts/rdb.sh | 3 + scripts/rec-tape.sh | 78 ++++++ scripts/rsync-weekly.sh | 81 +++++++ scripts/thinkpad_cooldown.sh | 24 ++ squid-with-clam-and-qlproxy-test.conf | 125 ++++++++++ thinkfan/cputemp.sh | 3 + thinkfan/fanspeed.sh | 3 + thinkfan/thinkfan.conf | 11 + thinkfan/ubuntu-debian-HOWTO.txt | 43 ++++ 25 files changed, 2042 insertions(+) create mode 100644 Oracle Siebel 15.0.txt create mode 100644 README.md create mode 100644 Redundant-BGP.txt create mode 100644 Windows Oracle env vars.txt create mode 100644 configs/.tmux.conf create mode 100644 configs/putty-base16-irblack.reg create mode 100644 plesk-wordpress-web.config.txt create mode 100644 scripts/aclset.sh create mode 100644 scripts/arduino.py create mode 100644 scripts/blackhole.py create mode 100644 scripts/clean-maildir.sh create mode 100644 scripts/cronic.sh create mode 100644 scripts/iptables-vlan.sh create mode 100644 scripts/iptables.sh create mode 100644 scripts/mpd-playlists.sh create mode 100644 scripts/mssqldump.bat create mode 100644 scripts/rdb.sh create mode 100644 scripts/rec-tape.sh create mode 100644 scripts/rsync-weekly.sh create mode 100644 scripts/thinkpad_cooldown.sh create mode 100644 squid-with-clam-and-qlproxy-test.conf create mode 100644 thinkfan/cputemp.sh create mode 100644 thinkfan/fanspeed.sh create mode 100644 thinkfan/thinkfan.conf create mode 100644 thinkfan/ubuntu-debian-HOWTO.txt diff --git a/Oracle Siebel 15.0.txt b/Oracle Siebel 15.0.txt new file mode 100644 index 0000000..1253132 --- /dev/null +++ b/Oracle Siebel 15.0.txt @@ -0,0 +1,250 @@ +Siebel HOST: SIEBELHOST +- install telnet +- install iis +- install jre-8u71-windows-x64 + +0. Prepare Siebel Install Image using snic.bat from the zips. +java -jar snic.jar also works + +1. Install 64bit Oracle Database 11g. + +global database name:SIEBELDB +db administrative pass:SiebelDb1password1 + +The Database Control URL is https://localhost:1158/em +user: SYS +connect as: SYSDBA + +create tablespaces: +size 5GB + +SBLDATA +SBLDATA01.DBF + +SBLINDX +SBLINDX01.DBF + + +2. Install 32bit Oracle Database 11g Client + +Type: Administrator + +Place tnsnames.ora into C:\Oracle\product\11.2.0\client_1\network\admin + +tnsnames.ora contents: + +SIEBELDB = + (DESCRIPTION = + (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521)) + (CONNECT_DATA = + (SERVER = DEDICATED) + (SERVICE_NAME = SIEBELDB) + ) + ) + + + +3. Create Users (based on oracle grantusr.sql) +cmd.exe +sqlplus sys@siebeldb as sysdba + +create role sse_role; +grant create session to sse_role; + +create role tblo_role; +grant ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE INDEXTYPE, + CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE SESSION, + CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE TYPE, CREATE VIEW, + CREATE DIMENSION, CREATE MATERIALIZED VIEW, QUERY REWRITE, ON COMMIT REFRESH +to tblo_role; + +create user SIEBEL identified by sadmin1password1; +grant tblo_role to SIEBEL; +grant sse_role to SIEBEL; +alter user SIEBEL quota 0 on SYSTEM quota 0 on SYSAUX; +alter user SIEBEL default tablespace SBLDATA; +alter user SIEBEL temporary tablespace temp; +alter user SIEBEL quota unlimited on SBLDATA; +alter user SIEBEL quota unlimited on SBLINDX; + +create user SADMIN identified by sadmin1password1; +grant sse_role to SADMIN; +alter user SADMIN default tablespace sbldata; +alter user SADMIN temporary tablespace temp; +alter user SADMIN quota unlimited on SBLDATA; +alter user SADMIN quota unlimited on SBLINDX; + +---- + +4. INSTALL SIEBEL SERVER from Network Image. General Config: + +Oracle Home Name: SES_HOME +Location: c:\Siebel\15.0.0.0.0\ses +-gateway name server +-siebel server +-database configuration utilities +Program folder name: Siebel Enterprise Server 15.0.0.0.0 + +5. SIEBEL ENTERPRISE CONFIGURATION + +5.1. Install new gateway name + +5.2. Install new enterprise in a gateway name server: + +Gateway Name server port: 2320 +name server account name: SADMIN +pass: sadmin1password1 +enterprise name: SBA_82 + +Siebel File system: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs +database table owner: SIEBEL +sqlnet connect string: SIEBELDB +user name: SADMIN +pass: sadmin1password1 + +6. DATABASE SERVER CONFIGURATION + +Make desktop shortcut to C:\Windows\SysWOW64\odbcad32.exe +run as admin and get ODBC Data Source Name: SBA_82_DSN + +db username: SADMIN +pass: sadmin1password1 +db table owner: SIEBEL +pass: sadmin1password1 + +index tables space name: SBLINDX +table space name: SBLDATA + +Wait 3 hours max. + +Check Program Files\Oracle\Inventory\logs for errors + +7. SIEBEL SERVER CONFIGURATION +gateway login: SADMIN + +Enable Open UI -> NO. +Component Groups: +-CallCenter +-Remote +-ORCL +-WorkFlow +-Communications + +broker port: 2321 +tcp/ip for syncronization manager: 40400 + +8. SIEBEL ENTERPRISE CONFIGURATION - SWSE Profile + +Enterprise Name: SBA_82 + +Path: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver + +HI Employee User: SIEBANON +HI pass: siebanon123 + +SI contact user: SIEBANON +pass: siebanon123c + +token: 615 112 419 907 (spaces are just for readability here) +statistic page: _stats.swe + +http port: 8080 +https port: 8443 + +9. POPULATE THE FS DIR: + +Copy all files from C:\Siebel\15.0.0.0.0\ses\dbsrvr\FILES +to: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs\att + +10. INSTALL SIEBEL WEB SERVER EXTENSION + +C:\Siebel_Install_Image\15.0.0.0\Windows\Server\Siebel_Web_Server_Extension\Disk1\install + +swse seed: 612 451 241 125 121 (again spaces are for readability) + +11. Siebel Web Server Extension Configuration + +Load balancing: Single Siebel Server +profile location : C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver + +12. Fix Permission +Go to C:\Siebel\15.0.0.0.0\eappweb +Right click properties -> sharing -> advanced sharing. +share this folder. + +permissions -> add -> advanced -> find and add: +IUSR +IIS_IUSRS + +with full permissions. + +13. Setup ISS + +cmd.exe -> +iisreset + +14. INSTALL WEB CLIENT: + +C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Web_Client\Disk1\install +start setup.bat + +name: CLIENT_HOME +path: C:\Siebel\15.0.0.0.0\Client + +select: developer web client +enable openui: no +db alias: SIEBELDB +owner: SIEBEL +siebel FS: C:\SIEBEL_FS +gateway addr: SIEBELHOST +enterprise: SBA_82 +request: SIEBELHOST + +15. Install Siebel Tools: + +C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Tools\Disk1\install +start setup.bat +home: TOOLS_HOME +c:\Siebel\15.0.0.0.0\Tools + +db alias: SIEBELDB +owner: SIEBEL +siebel FS: C:\SIEBEL_FS + +gateway addr: SIEBELHOST +enterprise: SBA_82 + +installation spawns C:\Siebel\15.0.0.0.0\Client\PUBLIC\enu\predeploy.htm +unblock active x on your IE + +16. Web Access +login using the start menu shortcuts is: +userid: SADMIN +pass: sadmin1password1 +connect to: Server + +add http://siebelhost:8080 to trusted sites +(http://siebelhost.crm.example.com:8080/start.swe should also be trusted in my case...) + +and in internet tools setup low security profile to start activex controls automatically + +17. Setup anon user: +Go to Site map -> Administration User -> Employees +click New and add: + +Last Name: SIEBANON +First Name: SIEBANON +User ID: SIEBANON + +Position: Siebel Administrator (?) +Ctrl+S to save. + +cmd.exe -> sqlplus sys@siebeldb as sysdba + +create user SIEBANON identified by siebanon123; + +grant sse_role to SIEBANON; + +exit + +iisreset diff --git a/README.md b/README.md new file mode 100644 index 0000000..ea9320e --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +A collection of files I have used for various tasks. diff --git a/Redundant-BGP.txt b/Redundant-BGP.txt new file mode 100644 index 0000000..b1422e0 --- /dev/null +++ b/Redundant-BGP.txt @@ -0,0 +1,116 @@ +Redundant BGP with 2 ISPs, VRRP and Bird. + +/etc/sysctl.conf: +net.ipv4.conf.all.rp_filter=0 +net.ipv4.conf.lo.rp_filter=0 +net.ipv4.conf.default.rp_filter=0 +net.ipv4.conf.eth1.rp_filter=1 +net.ipv4.ip_forward=1 +net.ipv4.conf.default.forwarding=1 +net.ipv4.conf.all.forwarding=1 + +my as = 2000 + + + as 321 as2000 as 123 + + ebgp ibgp ebgp + isp2 ------> RT2 <------> RT1 <------ isp1 + | .22 .21 | + eth0 . eth1 | eth0 + . | + ^ + vrrp .1 + + +/etc/keepalived/keepalived.conf: +vrrp_instance VI_1 { + state MASTER + #state BACKUP #RT2 + + interface eth1 #interconnect + virtual_router_id 51 + + priority 100 + #priority 150 #RT2 + + advert_int 1 + + authentication { + auth_type PASS + auth_pass + } + + virtual_ipaddress { + x.x.x.1 dev eth1 + } + + #notify /script.sh #misc +} + + +/etc/bird/bird.conf: +log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; +#log stderr all; +#log "tmp" all; +debug protocols all; + +# Router ID +router id x.x.x.21; +#router id x.x.x.22; #RT2 + +protocol kernel RT1 { + learn; # Learn all alien routes from the kernel + persist; # Don't remove routes on bird shutdown + scan time 0; # Scan kernel routing table every 20 seconds, 0 disables the scanning and only netlink is used to send/receive kernel routes + import all; # Default is import all + export all; # Default is export none + device routes; + graceful restart; +} + +protocol device { + scan time 60; + } + +protocol static { + route x.x.x.0/24 via x.x.x.1; +} + +# Import all directly connected routes. These come in with RTS_DEVICE +protocol direct evrdirect { + interface "*"; + export all; +} + +filter bgp_out +{ + #dont poison the ISPs with anything else except your prefix + if net = x.x.x.0/24 then accept; + else reject; +} + +protocol bgp RT1 { + local as 2000; + neighbor x.x.x.22 as 2000; # iBGP peering + #neighbor x.x.x.x.21 as 2000; on RT2 + keepalive time 5; + graceful restart; + import all; + export all; + preference 50; # highest preference "wins". + direct; + gateway direct; +} + +protocol bgp MAIN { + local as 2000; + neighbor y.y.y.y as 123; + #neighbor z.z.z.z as 321; on RT1 + keepalive time 5; + graceful restart; + import all; + export filter bgp_out; + hold time 30; + preference 100; +} diff --git a/Windows Oracle env vars.txt b/Windows Oracle env vars.txt new file mode 100644 index 0000000..b50d73b --- /dev/null +++ b/Windows Oracle env vars.txt @@ -0,0 +1,17 @@ +some tips i've found in stack overflow. could be useful: + +fix symbolic links: + +cd c:\windows\system32 +mklink /d ora112 c:\Oracle\product\11.2.0\dbhome_1 +cd c:\Windows\sysWOW64 +mklink /d ora112 c:\Oracle\product\11.2.0\client_1 + +PATH=C:\windows\System32\ora112\bin;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\ + +ORACLE_HOME=c:\windows\system32\ora112 +Set Registry value HKLM\Software\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to: +C:\Windows\System32\ora112 + +Set Registry value HKLM\Software\Wow6432Node\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to: +C:\Windows\System32\ora112 (not C:\Windows\SysWOW64\System32\ora112) diff --git a/configs/.tmux.conf b/configs/.tmux.conf new file mode 100644 index 0000000..2057b27 --- /dev/null +++ b/configs/.tmux.conf @@ -0,0 +1,138 @@ +# afx .tmux.conf 2017 + +# unbind all does not recover the default binds but we can list them +# and fill the 'gaps' with manual rebind in the conf file using this command: +# tmux -f /dev/null -L temp start-server \; list-keys +unbind-key -a + +set-option -g prefix F2 # ctrl+b => F2 +#bind-key a send-key M-a # alt+a = alt+a+a +bind-key Left send-key M-Left +bind-key Right send-key M-Right + +#set tab names +set-window-option -g automatic-rename on +set-option -g set-titles on + +set -g base-index 1 #0 is too far from ` ;) +set -g status-keys vi +set -g history-limit 10000 +set -sg escape-time 0 #No delay for escape key press +set -g terminal-overrides "screen.xterm-new" #disable italic in searches +setw -g mode-keys vi +#setw -g mode-mouse off #tmux 1.9 +#set-option -g mouse on #tmux 2.1 + +bind-key r source-file ~/.tmux.conf +bind-key R refresh-client + +bind-key : command-prompt +bind-key c new-window +bind-key w list-window +bind-key Space next-layout +bind-key d detach +bind-key t clock-mode +bind-key n command-prompt 'rename-window %%' +bind-key x confirm-before -p "kill-pane #W? (y/n)" kill-pane +bind-key X confirm-before -p "kill-window #W? (y/n)" kill-window +bind-key N command-prompt 'rename-session %%' +bind-key f command-prompt "find-window '%%'" +bind-key i display-message +bind-key l last-window +bind-key w choose-window +bind-key Escape copy-mode -u +bind-key Up copy-mode -u + +bind-key | split-window -h +bind-key \ split-window -h +bind-key = split-window -v +bind-key - split-window -v +#bind-key < swap-window -t :- +#bind-key > swap-window -t :+ +bind-key 0 select-window -t :0 +bind-key 1 select-window -t :1 +bind-key 2 select-window -t :2 +bind-key 3 select-window -t :3 +bind-key 4 select-window -t :4 +bind-key 5 select-window -t :5 +bind-key 6 select-window -t :6 +bind-key 7 select-window -t :7 +bind-key 8 select-window -t :8 +bind-key 9 select-window -t :9 + +# pane selection with Ctrl+ArrowKeys +bind -n C-Left select-pane -L +bind -n C-Right select-pane -R +bind -n C-Up select-pane -U +bind -n C-Down select-pane -D + +# pane resize with Shift+ArrowKeys +bind -n S-Left resize-pane -L +bind -n S-Right resize-pane -R +bind -n S-Up resize-pane -U +bind -n S-Down resize-pane -D + +# switch tabs with Alt+Comma and Alt+Dot +bind -n M-, previous-window +bind -n M-. next-window + +# loud or quiet? +set-option -g visual-activity off +set-option -g visual-bell off +set-option -g visual-silence off +set-window-option -g monitor-activity on +set-option -g bell-action none + +# THEME +set -g default-terminal "screen-256color" +set -g status-position top +set -g status-left '' +set -g status-utf8 on +# Basic status bar colors +set -g status-fg colour240 +set -g status-bg colour233 +# Left side of status bar +set -g status-left-bg colour233 +set -g status-left-fg colour243 +set -g status-left-length 40 +set -g status-left "#[fg=colour232,bg=colour39,bold] #S #[fg=colour233,bg=colour240] #(whoami) #[fg=colour240,bg=colour235] #I:#P " +# Right side of status bar +set -g status-right-bg colour233 +set -g status-right-fg colour243 +set -g status-right-length 150 +set -g status-right "#[fg=colour235,bg=colour233]#[fg=colour240,bg=colour235] %H:%M:%S #[fg=colour240,bg=colour235]#[fg=colour233,bg=colour240] %d-%b-%y #[fg=colour245,bg=colour240]#[fg=colour232,bg=colour245,bold] #H " +# Window status +set -g window-status-format " #I:#W#F " +set -g window-status-current-format " #I:#W#F " +# Current window status +set -g window-status-current-bg colour39 +set -g window-status-current-fg colour232 +# Window with activity status +set -g window-status-activity-bg colour75 # fg and bg are flipped here due to +set -g window-status-activity-fg colour233 # a bug in tmux +# Window separator +set -g window-status-separator "" +# Window status alignment +set -g status-justify centre +# Pane border +set -g pane-border-bg default +set -g pane-border-fg colour238 +# Active pane border +set -g pane-active-border-bg default +set -g pane-active-border-fg colour39 +# Pane number indicator +set -g display-panes-colour colour233 +set -g display-panes-active-colour colour245 +# Clock mode +set -g clock-mode-colour colour39 +set -g clock-mode-style 24 +# Message +set -g message-bg colour39 +set -g message-fg black +# Command message +set -g message-command-bg colour233 +set -g message-command-fg black +# Mode +set -g mode-bg colour39 +set -g mode-fg colour232 + diff --git a/configs/putty-base16-irblack.reg b/configs/putty-base16-irblack.reg new file mode 100644 index 0000000..9c8e01e --- /dev/null +++ b/configs/putty-base16-irblack.reg @@ -0,0 +1,50 @@ +Windows Registry Editor Version 5.00 + + + +[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\Base16-IR Black] + + +"Colour0"="145,143,136" + +"Colour1"="181,179,170" + +"Colour2"="0,0,0" + +"Colour3"="36,36,34" + +"Colour4"="0,0,0" + +"Colour5"="217,215,204" + +"Colour6"="0,0,0" + +"Colour7"="108,108,102" + +"Colour8"="255,108,96" + +"Colour9"="233,192,98" + +"Colour10"="168,255,96" + +"Colour11"="36,36,34" + +"Colour12"="255,255,182" + +"Colour13"="72,72,68" + +"Colour14"="150,203,254" + +"Colour15"="145,143,136" + +"Colour16"="255,115,253" + +"Colour17"="217,215,204" + +"Colour18"="198,197,254" + +"Colour19"="177,138,61" + +"Colour20"="181,179,170" + +"Colour21"="253,251,238" diff --git a/plesk-wordpress-web.config.txt b/plesk-wordpress-web.config.txt new file mode 100644 index 0000000..9197406 --- /dev/null +++ b/plesk-wordpress-web.config.txt @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/scripts/aclset.sh b/scripts/aclset.sh new file mode 100644 index 0000000..5f9bf48 --- /dev/null +++ b/scripts/aclset.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +# afx acl setup + +### vars + +watchdir="/srv/test" +domainadmin="afx" +password="CHANGEME" + +### + +#init +controlfile="control.txt" +passfile="password.txt" +aclset=""; +acldel=""; +old_IFS=$IFS # save the field separator +IFS=$'\n' # new field separator, the end of line +exec > /tmp/afxacl.log 2>&1 + +mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.1.tmp +mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.1.tmp +updatedb --database-root=$watchdir --output /tmp/afxacl.db -l 0 +mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.2.tmp +mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.2.tmp + +setlist=`diff /tmp/afxacl.set.1.tmp /tmp/afxacl.set.2.tmp` +aclset=`echo "$setlist" | grep '>'` +dellist=`diff /tmp/afxacl.del.1.tmp /tmp/afxacl.del.2.tmp` +acldel=`echo "$dellist" | grep '>'` + +#del +if [ -n "$acldel" ] +then + while read dline; + do + curcontroldel=`echo "$dline" | cut -c 3-`; + echo "unlocking $curcontroldel" + ccut=`expr ${#passfile} + 1` + cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev` + echo "" + if [ -d "$cdir" ]; + then + if grep -q $password "$curcontroldel"; + then + echo "password accepted" + chattr -i "$cdir/$controlfile" + rm "$cdir/$controlfile" + setfacl -R --remove-all "$cdir" + chmod 770 "$cdir" + echo "" + echo "current permissions:" + getfacl "$cdir" + rm "$curcontroldel" + else + echo "invalid password!" + rm "$curcontroldel" + fi + else + echo "warning: whole dir was deleted" + fi + echo "" + echo "" + done < <(echo "$acldel") +fi + +# set +if [ -n "$aclset" ] +then + while read cline; + do + curcontrolset=`echo "$cline" | cut -c 3-`; + echo "setting up acl from $curcontrolset" + ccuser=`stat -c "%U" "$curcontrolset"` + if [ "$ccuser" != "$domainadmin" ]; + then + echo "$ccuser is not a valid admin!" + rm $curcontrolset + continue; + fi + + echo "" + ccut=`expr ${#controlfile} + 1` + cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev` + chmod 700 "$cdir" + for uline in $(cat "$curcontrolset") + do + echo "add user $uline ..." + setfacl -R -n -m u:$uline:rwx "$cdir" + done + echo "add admin $domainadmin ..." + setfacl -R -n -m u:$domainadmin:rwx "$cdir" + setfacl -R -n -m m::rwx "$cdir" + + chattr +i "$curcontrolset" + echo "" + echo "current permissions:" + getfacl "$cdir" + echo "" + echo "" + done < <(echo "$aclset") + +fi + +IFS=$old_IFS # restore default field separator + +if [ -s /tmp/afxacl.log ]; +then + mutt -s "setacl.sh notice" mailbox@server.com < /tmp/afxacl.log +fi + +#cleantmp +rm /tmp/afxacl.set* +rm /tmp/afxacl.del* + diff --git a/scripts/arduino.py b/scripts/arduino.py new file mode 100644 index 0000000..0a7e9f1 --- /dev/null +++ b/scripts/arduino.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" arduino reader by afx """ + +import time, serial +from sys import argv + +def query_arduino(): + global serial + serial = serial.Serial('/dev/ttyACM0', 9600) + serial.write('1') + query = serial.readline().strip('\r\n').split() + fo = open('/etc/scripts/.arduino.db', 'wb') + fo.write(','.join(query)) + fo.close() + +def print_arduino(pmode): + fr = open('/etc/scripts/.arduino.db', 'r+') + rquery = fr.read(100); + print(rquery.split(',')[pmode]) + fr.close() + +if __name__ == "__main__": + mode = argv + if mode[1] == 'temp': + print_arduino(0) + elif mode[1] == 'humid': + print_arduino(1) + elif mode[1] == 'query': + query_arduino() + else: + print('Usage: script.py [temp] [humid]') + diff --git a/scripts/blackhole.py b/scripts/blackhole.py new file mode 100644 index 0000000..b4c0988 --- /dev/null +++ b/scripts/blackhole.py @@ -0,0 +1,76 @@ +#!/usr/bin/python3 + +# simple ip blackhole list :) +# afx Nov 2016 +# +# requires Pygtail +# should be installed to iptables filtered machine with DROP and LOG policy +# the idea is that any traffic coming to this serviceless machine can be assumed +# as bad and then listed for further processing + +from pygtail import Pygtail + +import sys +import signal +import re +import time +import json + +kernlog = '/var/log/kern.log' +dbfile = '/var/www/html/blacklist.txt' + +#add whitelisted ips here: +whitelist = [ '1.2.3.4', + '5.6.7.8' ] + +###### + +def signal_handler(signal, frame): + print('You\'ve pressed Ctrl+C. Listing stats and exiting...') + print('') + print(json.dumps(stats)) + sys.exit(0) + +signal.signal(signal.SIGINT, signal_handler) + +print('.o.oOo.o. blackhole.py by afx .o.oOo.o.') +print('^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^') +print('Whitelist: {}'.format(whitelist)) +blacklist = [] +stats = {} +try: + blackfile = open(dbfile, 'r') + for item in blackfile: + blacklist.append(item.strip()) + blackfile.close() + print('Blacklist: {}'.format(blacklist)) +except Exception as e: + print(e) + print('Blacklist empty.') +print('') + +while True: + time.sleep(1) + for line in Pygtail(kernlog): + query = re.findall( r'SRC=[0-9]+(?:\.[0-9]+){3}', line ) + newip = query[0][4:] + if newip in whitelist: + print('{} whitelisted'.format(newip)) + continue + elif newip in blacklist: + try: + oldcounter = stats[newip] + except: + oldcounter = 0 + counter = oldcounter + 1 + stats.update({ newip: counter }) + print('{} -> {}'.format(newip, str(stats[newip]))) + else: + print('{} blackholed'.format(newip)) + blacklist.append(newip) + blackfile = open(dbfile, 'w') + for item in blacklist: + blackfile.write("%s\n" % item) + blackfile.close() + +#EOF diff --git a/scripts/clean-maildir.sh b/scripts/clean-maildir.sh new file mode 100644 index 0000000..b3c720f --- /dev/null +++ b/scripts/clean-maildir.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# Time to wait before removing mails from the Junk folder (Default: 7 days) Set 0 to turn off. +junk_max_hours=$((24*2)) +# Time to wait before removing mails from the Trash folder (Default: 30 days) Set 0 to turn off. +trash_max_hours=$((24*10)) +for domain in /var/vmail/* +do + if [ -d "$domain" ] + then + for user in $domain/* + do + if [ "$junk_max_hours" -gt "0" ] + then + if [ -d "$user/Maildir/.Junk" ] + then + tmpreaper -m $junk_max_hours $user/Maildir/.Junk/{cur,new} + fi + fi + if [ "$trash_max_hours" -gt "0" ] + then + if [ -d "$user/Maildir/.Trash" ] + then + tmpreaper -m $trash_max_hours $user/Maildir/.Trash/{cur,new} + fi + fi + done + fi +done + diff --git a/scripts/cronic.sh b/scripts/cronic.sh new file mode 100644 index 0000000..6bc823c --- /dev/null +++ b/scripts/cronic.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Cronic v2 - cron job report wrapper +# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever. +# Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/ + +set -eu + +OUT=/tmp/cronic.out.$$ +ERR=/tmp/cronic.err.$$ +TRACE=/tmp/cronic.trace.$$ + +set +e +"$@" >$OUT 2>$TRACE +RESULT=$? +set -e + +PATTERN="^${PS4:0:1}\\+${PS4:1}" +if grep -aq "$PATTERN" $TRACE +then + ! grep -av "$PATTERN" $TRACE > $ERR +else + ERR=$TRACE +fi + +if [ $RESULT -ne 0 -o -s "$ERR" ] + then + echo "Cronic detected failure or error output for the command:" + echo "$@" + echo + echo "RESULT CODE: $RESULT" + echo + echo "ERROR OUTPUT:" + cat "$ERR" + echo + echo "STANDARD OUTPUT:" + cat "$OUT" + if [ $TRACE != $ERR ] + then + echo + echo "TRACE-ERROR OUTPUT:" + cat "$TRACE" + fi +fi + +rm -f "$OUT" +rm -f "$ERR" +rm -f "$TRACE" + diff --git a/scripts/iptables-vlan.sh b/scripts/iptables-vlan.sh new file mode 100644 index 0000000..384f549 --- /dev/null +++ b/scripts/iptables-vlan.sh @@ -0,0 +1,333 @@ +#!/bin/bash + +SYSCTL="/sbin/sysctl -w" + +IPT="/sbin/iptables" +IPTS="/sbin/iptables-save" +IPTR="/sbin/iptables-restore" + +# Internet Interface +INET_IFACE="eth1" +INET_IP="1.2.3.4" +INET_ADMIN="2.3.4.5" + +VPN_IFACE="tun+" +VPN_IP="10.8.0.1" +VPN_NET="10.8.0.0/8" +VPN_BCAST="10.255.255.255" + +# Local Interface Information +LOCAL_IFACE="eth0" +LOCAL_IP="192.168.5.1" +LOCAL_NET="192.168.5.0/24" +LOCAL_BCAST="192.168.5.255" + +EVOIP_IFACE="vlan1234" +EVOIP_IP="10.20.5.50" +EVOIP_NET="10.20.5.48/29" +EVOIP_BCAST="10.20.5.55" + +VIDEO_IFACE="vlan1015" +VIDEO_IP="192.168.15.1" +VIDEO_NET="192.168.15.0/24" +VIDEO_BCAST="192.168.15.255" + +VOIP_IFACE="vlan1016" +VOIP_IP="192.168.16.1" +VOIP_NET="192.168.16.0/24" +VOIP_BCAST="192.168.16.255" + +WIFI_IFACE="vlan1017" +WIFI_IP="192.168.17.1" +WIFI_NET="192.168.17.0/24" +WIFI_BCAST="192.168.17.255" + +# Localhost Interface + +LO_IFACE="lo" +LO_IP="127.0.0.1" + +# Save and Restore arguments handled here +if [ "$1" = "save" ] +then + echo -n "Saving firewall to /etc/sysconfig/iptables ... " + $IPTS > /etc/scripts/iptables + echo "done" + exit 0 +elif [ "$1" = "restore" ] +then + echo -n "Restoring firewall from /etc/sysconfig/iptables ... " + $IPTR < /etc/scripts/iptables + echo "done" + exit 0 +fi + +echo "Loading kernel modules ..." + +/sbin/modprobe ip_tables +/sbin/modprobe ip_conntrack +/sbin/modprobe iptable_filter +/sbin/modprobe iptable_mangle +/sbin/modprobe iptable_nat +/sbin/modprobe ipt_LOG +/sbin/modprobe ipt_limit +/sbin/modprobe ipt_MASQUERADE +#/sbin/modprobe ipt_owner +#/sbin/modprobe ipt_REJECT +#/sbin/modprobe ipt_mark +#/sbin/modprobe ipt_tcpmss +/sbin/modprobe multiport +/sbin/modprobe ipt_state +#/sbin/modprobe ipt_unclean +/sbin/modprobe ip_nat_ftp +/sbin/modprobe ip_conntrack_ftp +#/sbin/modprobe ip_conntrack_irc + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/ip_forward +else + $SYSCTL net.ipv4.ip_forward="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/tcp_syncookies +else + $SYSCTL net.ipv4.tcp_syncookies="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter +else + $SYSCTL net.ipv4.conf.all.rp_filter="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +else + $SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route +else + $SYSCTL net.ipv4.conf.all.accept_source_route="0" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects +else + $SYSCTL net.ipv4.conf.all.secure_redirects="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/conf/all/log_martians +else + $SYSCTL net.ipv4.conf.all.log_martians="1" +fi + +############################################################################### +echo "Flushing Tables ..." + +# Reset Default Policies +$IPT -P INPUT ACCEPT +$IPT -P FORWARD ACCEPT +$IPT -P OUTPUT ACCEPT +$IPT -t nat -P PREROUTING ACCEPT +$IPT -t nat -P POSTROUTING ACCEPT +$IPT -t nat -P OUTPUT ACCEPT +$IPT -t mangle -P PREROUTING ACCEPT +$IPT -t mangle -P OUTPUT ACCEPT + +$IPT -F +$IPT -t nat -F +$IPT -t mangle -F +$IPT -X +$IPT -t nat -X +$IPT -t mangle -X + +if [ "$1" = "stop" ] +then + echo "Firewall completely flushed! Now running with no firewall." + exit 0 +fi + +$IPT -P INPUT DROP +$IPT -P OUTPUT DROP +$IPT -P FORWARD DROP +############################################################################### + +#$IPT -N bad_packets +#$IPT -N bad_tcp_packets +$IPT -N icmp_packets +$IPT -N udp_inbound +$IPT -N udp_outbound +$IPT -N tcp_inbound +$IPT -N tcp_outbound + +#$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP " +$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP +#$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP " +$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP +$IPT -A bad_packets -p tcp -j bad_tcp_packets +$IPT -A bad_packets -p ALL -j RETURN + +$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN +#$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP " +$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP +#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP +$IPT -A bad_tcp_packets -p tcp -j RETURN + +#$IPT -A icmp_packets --fragment -p ICMP -j LOG --log-prefix "fp=icmp_packets:1 a=DROP " +$IPT -A icmp_packets --fragment -p ICMP -j DROP +$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP +$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT +$IPT -A icmp_packets -p ICMP -j RETURN +#$IPT -A icmp_packets -p ICMP -j ACCEPT + +$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP +$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP +$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT +$IPT -A udp_inbound -m state --state NEW -p UDP -s 0/0 --destination-port 1194 -j ACCEPT #vpn +$IPT -A udp_inbound -p UDP -j RETURN + +$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 2222 -j ACCEPT #ssh +$IPT -A tcp_inbound -p TCP -j RETURN + +$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT +$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT + +############################################################################### +echo "Process INPUT chain ..." + +$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT +#$IPT -A INPUT -p ALL -j bad_packets +$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT +$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT + +$IPT -A INPUT -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT +$IPT -A INPUT -p ALL -i $WIFI_IFACE -d $WIFI_BCAST -j ACCEPT + +$IPT -A INPUT -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT +$IPT -A INPUT -p ALL -i $VIDEO_IFACE -d $VIDEO_BCAST -j ACCEPT + +$IPT -A INPUT -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT +$IPT -A INPUT -p ALL -i $VOIP_IFACE -d $VOIP_BCAST -j ACCEPT + +$IPT -A INPUT -p ALL -i $VPN_IFACE -j ACCEPT +$IPT -A INPUT -p ALL -i $EVOIP_IFACE -j ACCEPT + +$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT + +$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound +$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound +$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets + +#$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP +#$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP " + +############################################################################### +echo "Process FORWARD chain ..." + +#$IPT -A FORWARD -p ALL -j bad_packets +$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound +$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound +$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT + +#forward VIDEO vlan1015 to internet but not to the local network! +###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP " +###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j DROP +$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j ACCEPT +$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT + +#forward VOIP vlan1016 to internet but not to the local network! +$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP " +$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j DROP +$IPT -A FORWARD -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT + +#forward WIFI vlan1017 to internet but not to the local network! +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP " +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j DROP +#wifi to DVR allowed: +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.2 -j ACCEPT +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.1 -j ACCEPT +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VIDEO_NET -j DROP +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP " +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j DROP +$IPT -A FORWARD -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT + +#forward VPN +$IPT -A FORWARD -p ALL -i $VPN_IFACE -s $VPN_NET -j ACCEPT +#$IPT -A FORWARD -i $VPN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT +$IPT -A FORWARD -i $EVOIP_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT +$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT +$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP " + +############################################################################### +echo "Process OUTPUT chain ..." + +$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP +$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -s $VIDEO_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $VIDEO_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -s $WIFI_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $WIFI_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -s $VOIP_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $VOIP_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -o $VPN_IFACE -j ACCEPT + +$IPT -A OUTPUT -p ALL -o $EVOIP_IFACE -j ACCEPT +$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT +$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP " + +############################################################################### +echo "Load rules for nat table ..." + +$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE +$IPT -t nat -A POSTROUTING -o $EVOIP_IFACE -j MASQUERADE +$IPT -t nat -A POSTROUTING -s $VPN_NET -o $INET_IFACE -j MASQUERADE #vpn + +### +echo "Loading extra rules ..." + +#VOIP +$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 5060 -j ACCEPT +$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 5060 -j DNAT --to 192.168.16.2:5060 +$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 10000:20000 -j ACCEPT +$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 10000:20000 -j DNAT --to 192.168.16.2:10000-20000 + +#NVR +$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 8001 -j ACCEPT +$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 8001 -j DNAT --to 192.168.15.251:8001 +$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 8001 -j DNAT --to 192.168.15.251:8001 +$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 8001 -j SNAT --to $INET_IP +#substream +$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 554 -j ACCEPT +$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 554 -j DNAT --to 192.168.15.251:554 +$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 554 -j DNAT --to 192.168.15.250:554 +$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 554 -j SNAT --to $INET_IP diff --git a/scripts/iptables.sh b/scripts/iptables.sh new file mode 100644 index 0000000..4e162f1 --- /dev/null +++ b/scripts/iptables.sh @@ -0,0 +1,267 @@ +#!/bin/bash + +### iptables.sh for ipv4 + +SYSCTL="/sbin/sysctl -w" + +IPT="/sbin/iptables" +IPTS="/sbin/iptables-save" +IPTR="/sbin/iptables-restore" + +# Internet Interface +INET_IFACE="pub" +#INET_IFACE2="pub2" +INET_ADMIN="1.2.3.4" +INET_ORB="2.3.4.5" + +# Local Interface Information +LOCAL_IFACE="dmz" +LOCAL_IP="192.168.0.5" +LOCAL_NET="192.168.0.0/24" +LOCAL_BCAST="192.168.0.255" + +# Localhost Interface + +LO_IFACE="lo" +LO_IP="127.0.0.1" + +# Save and Restore arguments handled here +if [ "$1" = "save" ] +then + echo -n "Saving firewall to /etc/sysconfig/iptables ... " + $IPTS > /etc/scripts/iptables + echo "done" + exit 0 +elif [ "$1" = "restore" ] +then + echo -n "Restoring firewall from /etc/sysconfig/iptables ... " + $IPTR < /etc/scripts/iptables + echo "done" + exit 0 +fi + +echo "Loading kernel modules ..." + +/sbin/modprobe ip_tables +/sbin/modprobe ip_conntrack +# /sbin/modprobe iptable_filter +# /sbin/modprobe iptable_mangle +# /sbin/modprobe iptable_nat +# /sbin/modprobe ipt_LOG +# /sbin/modprobe ipt_limit +# /sbin/modprobe ipt_MASQUERADE +# /sbin/modprobe ipt_owner +# /sbin/modprobe ipt_REJECT +# /sbin/modprobe ipt_mark +# /sbin/modprobe ipt_tcpmss +# /sbin/modprobe multiport +# /sbin/modprobe ipt_state +# /sbin/modprobe ipt_unclean +/sbin/modprobe ip_nat_ftp +/sbin/modprobe ip_conntrack_ftp +/sbin/modprobe ip_conntrack_irc + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/ip_forward +else + $SYSCTL net.ipv4.ip_forward="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/tcp_syncookies +else + $SYSCTL net.ipv4.tcp_syncookies="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter +else + $SYSCTL net.ipv4.conf.all.rp_filter="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +else + $SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1" +fi + +if [ "$SYSCTL" = "" ] +then + echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route +else + $SYSCTL net.ipv4.conf.all.accept_source_route="0" +fi + +if [ "$SYSCTL" = "" ] +then + echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects +else + $SYSCTL net.ipv4.conf.all.secure_redirects="1" +fi + +#if [ "$SYSCTL" = "" ] +#then +# echo "1" > /proc/sys/net/ipv4/conf/all/log_martians +#else +# $SYSCTL net.ipv4.conf.all.log_martians="1" +#fi + + +############################################################################### + +echo "Flushing Tables ..." + +# Reset Default Policies +$IPT -P INPUT ACCEPT +$IPT -P FORWARD ACCEPT +$IPT -P OUTPUT ACCEPT +$IPT -t nat -P PREROUTING ACCEPT +$IPT -t nat -P POSTROUTING ACCEPT +$IPT -t nat -P OUTPUT ACCEPT +$IPT -t mangle -P PREROUTING ACCEPT +$IPT -t mangle -P OUTPUT ACCEPT + +$IPT -F +$IPT -t nat -F +$IPT -t mangle -F +$IPT -X +$IPT -t nat -X +$IPT -t mangle -X + +if [ "$1" = "stop" ] +then + echo "Firewall completely flushed! Now running with no firewall." + exit 0 +fi + +$IPT -P INPUT DROP +$IPT -P OUTPUT DROP +$IPT -P FORWARD DROP + +############################################################################### + +$IPT -N bad_packets +$IPT -N bad_tcp_packets +$IPT -N icmp_packets +$IPT -N udp_inbound +$IPT -N udp_outbound +$IPT -N tcp_inbound +$IPT -N tcp_outbound + +$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP " +$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP + +$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP " +$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP +$IPT -A bad_packets -p tcp -j bad_tcp_packets +$IPT -A bad_packets -p ALL -j RETURN + +$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN + +$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP " +$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP + +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP " +$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP + +$IPT -A bad_tcp_packets -p tcp -j RETURN + +### ICMP +#$IPT -A icmp_packets --fragment -p ICMP -j LOG \ +# --log-prefix "fp=icmp_packets:1 a=DROP " +#$IPT -A icmp_packets --fragment -p ICMP -j DROP +#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP +#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT +#$IPT -A icmp_packets -p ICMP -j RETURN +$IPT -A icmp_packets -p ICMP -j ACCEPT + +$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP +$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP +$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT +$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 53 -j ACCEPT +$IPT -A udp_inbound -p UDP -j RETURN + +$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10000 -j ACCEPT +$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10001 -j ACCEPT +$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 22 -j ACCEPT +$IPT -A tcp_inbound -p TCP -j RETURN + +$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT +$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT + + +############################################################################### +echo "Process INPUT chain ..." + +$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT +$IPT -A INPUT -p ALL -j bad_packets +$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT +$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT +$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \ + -j ACCEPT + +$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound +#$IPT -A INPUT -p TCP -i $INET_IFACE2 -j tcp_inbound +$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound +$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets + +$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP +$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP " + +############################################################################### +echo "Process FORWARD chain ..." + +$IPT -A FORWARD -p ALL -j bad_packets +$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound +$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound +$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT +$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \ + -j ACCEPT +$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP " + +############################################################################### +echo "Process OUTPUT chain ..." + +#$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP +$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT +$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT +$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT +$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT +#$IPT -A OUTPUT -p ALL -o $INET_IFACE2 -j ACCEPT +$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP " + +############################################################################### +echo "Load rules for nat table ..." + +### MASQUERADE +$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE + +### +### +### +echo "Loading additiona rules ..." + +### VPN +#$IPT -I INPUT -i tun+ -j ACCEPT +#$IPT -I OUTPUT -o tun+ -j ACCEPT + diff --git a/scripts/mpd-playlists.sh b/scripts/mpd-playlists.sh new file mode 100644 index 0000000..7500773 --- /dev/null +++ b/scripts/mpd-playlists.sh @@ -0,0 +1,127 @@ +#!/bin/bash +# +# kozunak.sh - kozunak.org radio sheduler by afx + +# Usage: kozunak.sh + +#SETTINGS +radiodir="/srv/sftp/radio" #location of the music parent dir +mpdconf="/usr/local/etc/musicpd.conf" #location of mpd.conf +alwaysrestart=0 #debug purpouses + +################################################ + +#BOOT +prefix="kozunak.sh: [`date "+%H:%M"`]" +if [ ! -d $radiodir/$1 ] || [ "$1" == "" ] ; then + echo "$prefix no such playlist $1" + exit +fi + +if [ ! -x $mpdconf ] ; then + echo "cant find musicpd.conf!" + exit +fi + +hour=`date +%H` +if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then + echo "$prefix server restart" + musicpd --kill + sleep 2 + rm -f /var/run/mpd/database + #mpd --create-db $mpdconf + musicpd $mpdconf +fi + +#FIX +IFS=' +' +for i in 1 2 +do + +#SCAN FILES +find "$radiodir/$1/" -depth 1 -name "*.flac" | while read flac ; do + tmp1flac_a=`metaflac --show-tag=Artist "$flac"` + tmp2flac_a=${tmp1flac_a:7} + tmp1flac_n=`metaflac --show-tag=Title "$flac"` + tmp2flac_n=${tmp1flac_n:6} + baseflac=$(basename "$flac") + dirflac=$(dirname "$flac") + newflac=$(echo "$tmp2flac_a - $tmp2flac_n.flac" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n') + if [ "$tmp2flac_a" == "" ] || [ "$tmp2flac_n" == "" ] ; then + if [ "${baseflac:0:2}" == "__" ] ; then + newflac=$(echo "$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_') + else + newflac=$(echo "__$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_') + fi + fi + if [ "$baseflac" != "$newflac" ] ; then + echo "$prefix found $baseflac -> $newflac" + mv "$flac" "$dirflac/$newflac" + fi +done +find "$radiodir/$1/" -depth 1 -name "*.mp3" | while read mp3 ; do + tmpmp3_a=`id3info "$mp3" | grep -i '^=== TPE1 ' | sed 's/^=== TPE1.*: //'` + if [ "$tmpmp3_a" == "" ] ; then + tmpmp3_a=`id3v2 -l "$mp3" | grep -i '^TP1 ' | sed 's/^TP1.*: //'` + fi + tmpmp3_n=`id3info "$mp3" | grep -i '^=== TIT2 ' | sed 's/^=== TIT2.*: //'` + if [ "$tmpmp3_n" == "" ] ; then + tmpmp3_n=`id3v2 -l "$mp3" | grep -i '^TT2 ' | sed 's/^TT2.*: //'` + fi + basemp3=$(basename "$mp3") + dirmp3=$(dirname "$mp3") + newmp3=$(echo "$tmpmp3_a - $tmpmp3_n.mp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n') + if [ "$tmpmp3_a" == "" ] || [ "$tmpmp3_n" == "" ] ; then + if [ "${basemp3:0:2}" == "__" ] ; then + newmp3=$(echo "$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_') + else + newmp3=$(echo "__$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_') + fi + fi + if [ "$basemp3" != "$newmp3" ] ; then + echo "$prefix found $basemp3 -> $newmp3" + mv "$mp3" "$dirmp3/$newmp3" + fi +done +done +unset IFS + +#INIT MPD +musicdir=`awk '/^music_directory/ {print $2}' $mpdconf | cut -d '"' -f2` +crnt=`mpc -f %file% | head -n 1` +find $musicdir/* -not -name "$crnt" -exec rm {} + +mpc --no-status crop + +#IMPORT IN MPD +count=0 +find "$radiodir/$1/" -depth 1 -name "*" > /tmp/kozunak.temp +while read fle ; do + bsfile=$(basename "$fle") + if [ "$bsfile" = "$crnt" ] ; then + continue + fi + ln -s "$fle" "$musicdir/$bsfile" + chown nobody:ftpsrv "$musicdir/$bsfile" + chmod g+w "$musicdir/$bsfile" + let "count+=1" +done < /tmp/kozunak.temp +mpc --no-status --wait update +sleep 20 +mpc ls | mpc add +mpc --no-status random on +mpc --no-status repeat on +if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then + mpc --no-status play +else + mpc --no-status next + mpc --no-status next + sleep 2 + mpc --no-status del 1 + rm "$musicdir/$crnt" +fi + +#CHANGE BACKGROUND +#rnd=`/root/scripts/devrandom 1 4` + +#ln -fs /usr/local/www/nginx/purple$rnd.jpg /usr/local/www/nginx/purple.jpg diff --git a/scripts/mssqldump.bat b/scripts/mssqldump.bat new file mode 100644 index 0000000..0a8fe6a --- /dev/null +++ b/scripts/mssqldump.bat @@ -0,0 +1,25 @@ +@ECHO ON +SETLOCAL + +del c:\sqlbackup\*.bak + +REM Get date in format YYYY-MM-DD (assumes the locale is the United States) +FOR /F "tokens=1,2,3,4 delims=/ " %%A IN ('Date /T') DO SET NowDate=%%D-%%B-%%C + +REM Build a list of databases to backup +SET DBList=%SystemDrive%SQLDBList.txt +SqlCmd -E -S DBHOSTNAME -h-1 -W -Q "SET NoCount ON; SELECT Name FROM master.dbo.sysDatabases WHERE [Name] NOT IN ('master','model','msdb','tempdb')" > "%DBList%" + +REM Backup each database, prepending the date to the filename +FOR /F "tokens=*" %%I IN (%DBList%) DO ( +ECHO Backing up database: %%I +SqlCmd -E -S DBHOSTNAME -Q "BACKUP DATABASE [%%I] TO Disk='C:\sqlbackup\%NowDate%_%%I.bak'" +ECHO. +) + +#pause + +REM Clean up the temp file +IF EXIST "%DBList%" DEL /F /Q "%DBList%" + +ENDLOCAL diff --git a/scripts/rdb.sh b/scripts/rdb.sh new file mode 100644 index 0000000..132263e --- /dev/null +++ b/scripts/rdb.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +rdiff-backup --print-statistics --exclude /proc --exclude /mnt --exclude /media --exclude /sys --exclude /dev $@ diff --git a/scripts/rec-tape.sh b/scripts/rec-tape.sh new file mode 100644 index 0000000..1f47173 --- /dev/null +++ b/scripts/rec-tape.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# afx tape backup from proxmox dumps + +TAPE=/dev/nst0 +SOURCE=( + "/srv/proxmox/1/dump" + "/srv/proxmox/2/dump" +) + +### +human_print(){ +while read B dummy; do + [ $B -lt 1024 ] && echo ${B} B && break + KB=$(((B+512)/1024)) + [ $KB -lt 1024 ] && echo ${KB} KB && break + MB=$(((KB+512)/1024)) + [ $MB -lt 1024 ] && echo ${MB} MB && break + GB=$(((MB+512)/1024)) + [ $GB -lt 1024 ] && echo ${GB} GB && break + echo $(((GB+512)/1024)) TB +done +} + +echo "--- tape backup by afx ---" +rm /tmp/reclist.txt 2> /dev/null +#mt -f $TAPE defcompression 1 + +for srcpath in "${SOURCE[@]}" +do + vmids=() + + if [ "$(ls -A $srcpath)" ]; then + echo "[ok] $srcpath" + cd $srcpath + else + echo "[skip] $srcpath" + echo "" + continue + fi + + vmids+=`ls -1d *.vma.lzo 2> /dev/null | cut -d "-" -f3 | sort | uniq` + vmids+=`ls -1d *.vma.gz 2> /dev/null | cut -d "-" -f3 | sort | uniq` + for vmid in $vmids + do + last=`ls -1rt $srcpath | grep -E ".lzo$|.gz$" | grep -E "vzdump.*-$vmid-" | tail -1` + size=`stat -c %s $last | human_print` + echo "VM $vmid last backup is $last ($size)" + echo "$srcpath/$last" >> /tmp/reclist.txt + done + echo "" +done + +cat /tmp/reclist.txt | while read file +do + du "$file" +done | awk '{i+=$1} END {print "Total bytes: " i / 1048576 " GB"}' + +read -r -p "Do you want record this list? [y/N] " response +if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]] +then + echo "[`date +'%Y-%m-%d %T'`]: << REWIND" + mt -f $TAPE rewind + echo "[`date +'%Y-%m-%d %T'`]: () REC" + #tar -cvf - -T /tmp/reclist.txt | dd of=$TAPE bs=2M + #blocksize 256k (lto-4 default) -b n*512 + tar -b 512 -cvf $TAPE -T /tmp/reclist.txt + echo "" + echo "[`date +'%Y-%m-%d %T'`]: [] STOP" + echo "file list" > /root/tape-`date +'%Y-%m-%d'`.log + echo "---" >> /root/tape-`date +'%Y-%m-%d'`.log + cat /tmp/reclist.txt >> /root/tape-`date +'%Y-%m-%d'`.log + read -n 1 -s -p "Press any key to display smart & tape info and quit..." + smartctl -a $TAPE + tapeinfo -f $TAPE +fi + +echo "Bye." diff --git a/scripts/rsync-weekly.sh b/scripts/rsync-weekly.sh new file mode 100644 index 0000000..142a416 --- /dev/null +++ b/scripts/rsync-weekly.sh @@ -0,0 +1,81 @@ +#!/bin/bash [40/1057] + +#find the full backups and rsync them to remote host + +SOURCE=( + "/srv/nfs-backup/host1/dump" + "/srv/nfs-backup/host2/dump" +) +HOST=1.2.3.4 + +ENCSRC="/srv/nfs-backup/latest-hardlink" +ENCTARGET="/tmp/latest-encfs" +ENCCONFIG="/etc/scripts/.encfs6.xml" + +ENCPASS=my_strong_password + +### +human_print(){ +while read B dummy; do + [ $B -lt 1024 ] && echo ${B} B && break + KB=$(((B+512)/1024)) + [ $KB -lt 1024 ] && echo ${KB} KB && break + MB=$(((KB+512)/1024)) + [ $MB -lt 1024 ] && echo ${MB} MB && break + GB=$(((MB+512)/1024)) + [ $GB -lt 1024 ] && echo ${GB} GB && break + echo $(((GB+512)/1024)) TB +done +} + +rm /tmp/reclist.txt 2> /dev/null +mkdir $ENCSRC +mkdir $ENCTARGET + +for srcpath in "${SOURCE[@]}" +do + vmids=() + + if [ "$(ls -A $srcpath)" ]; then + echo "[ok] $srcpath" + cd $srcpath + else + echo "[skip] $srcpath" + echo "" + continue + fi + + host=`echo $srcpath | rev | cut -d'/' -f 2 | rev` + mkdir "$ENCSRC/$host" + + vmids+=`ls -1d *.vma.lzo 2> /dev/null | cut -d "-" -f3 | sort | uniq` + vmids+=`ls -1d *.vma.gz 2> /dev/null | cut -d "-" -f3 | sort | uniq` + for vmid in $vmids + do + last=`ls -1rt $srcpath | grep -E ".lzo$|.gz$" | grep -E "vzdump.*-$vmid-" | tail -1` + size=`stat -c %s $last | human_print` + echo "VM $vmid last backup is $last ($size)" + ln $srcpath/$last $ENCSRC/$host/ + echo "$srcpath/$last" >> /tmp/reclist.txt + done + echo "" +done + +cat /tmp/reclist.txt | while read file +do + du "$file" +done | awk '{i+=$1} END {print "Total bytes: " i / 1048576 " GB"}' + +#reverse encfs +echo $ENCPASS | ENCFS6_CONFIG=$ENCCONFIG encfs --reverse --idle=60 -o ro --stdinpass $ENCSRC $ENCTARGET + +#sync +#rsync -vap -e 'ssh -p 2222' --files-from=/tmp/reclist.txt / backup@$HOST:/srv/backup +rsync -vap --copy-links -e 'ssh -p 2222' $ENCTARGET/ backup@$HOST:/srv/backup/weekly-encfs +rsync -vap -e 'ssh -p 2222' $ENCCONFIG backup@$HOST:/srv/backup/weekly-encfs/.encfs6.xml + +#cleanup +fusermount -u $ENCTARGET +rmdir $ENCTARGET +rm -fr $ENCSRC + diff --git a/scripts/thinkpad_cooldown.sh b/scripts/thinkpad_cooldown.sh new file mode 100644 index 0000000..df6682e --- /dev/null +++ b/scripts/thinkpad_cooldown.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# install: + +# echo "options thinkpad_acpi fan_control=1" >> /etc/modprobe.d/thinkpad_acpi.conf + +echo "-- ] thinkpad cooldown swtich [ --" +echo "" +echo "" + +while true; do + echo level disengaged > /proc/acpi/ibm/fan + echo + echo "> max speed" + echo "Press key to return to switch mode..." + read -n 1 + + echo level auto > /proc/acpi/ibm/fan + echo + echo "> auto" + echo "Press key to return to switch mode..." + read -n 1 +done + diff --git a/squid-with-clam-and-qlproxy-test.conf b/squid-with-clam-and-qlproxy-test.conf new file mode 100644 index 0000000..9579b51 --- /dev/null +++ b/squid-with-clam-and-qlproxy-test.conf @@ -0,0 +1,125 @@ +# squid.conf by afx + +#ports +http_port 192.168.10.1:3128 intercept +https_port 192.168.10.1:3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/opt/quintolabs/qlproxy/afx.pem capath=/etc/ssl/certs +http_port 192.168.10.1:8080 + +#generic +visible_hostname proxy.deflax.net +icp_port 0 +dns_v4_first on +pid_filename /var/run/squid.pid +#cache_effective_user proxy +#cache_effective_group proxy +error_default_language bg +coredump_dir /var/spool/squid +icon_directory /usr/share/squid/icons +cache_mgr admin@fqdn.com +access_log /var/log/squid/access.log +cache_log /var/log/squid/cache.log +cache_store_log none +pinger_enable on +pinger_program /usr/lib/squid/pinger +netdb_filename /var/log/squid/netdb.state +sslcrtd_program /bin/ssl_crtd -s /var/spool/squid_ssldb -M 4MB -b 2048 +sslcrtd_children 25 +sslproxy_capath /etc/ssl/certs + +#timeouts +peer_connect_timeout 2 minutes +persistent_request_timeout 2 minutes + +#logfile_rotate 0 +#debug_options rotate=0 + +#acl +acl localnet src 192.168.10.0/24 # RFC1918 possible internal network +acl allsrc src all +acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 +acl sslports port 443 563 +acl purge method PURGE +acl connect method CONNECT +acl HTTP proto HTTP +acl HTTPS proto HTTPS +acl allowed_subnets src 192.168.10.0/24 +acl dynamic urlpath_regex cgi-bin \? + +#ssl +always_direct allow all +#acl broken_ip dst "/etc/squid/ip_whitelist.acl" +acl broken_sites dstdomain "/etc/squid/ssl_whitelist.acl" +#ssl_bump none localhost +ssl_bump none broken_sites +#ssl_bump none broken_ip +sslproxy_cert_error allow all +sslproxy_flags DONT_VERIFY_PEER +ssl_bump server-first all + +uri_whitespace strip + +#cache settings +cache_dir ufs /var/spool/squid/cache/squid 14000 16 256 +#cache deny dynamic +cache deny all +cache_mem 8 MB +maximum_object_size_in_memory 1024 KB +memory_replacement_policy heap GDSF +cache_replacement_policy heap LFUDA +minimum_object_size 0 KB +maximum_object_size 10 KB +offline_mode off +memory_pools off + +#httpaccess +http_access allow manager localhost +http_access deny manager +http_access allow purge localhost +http_access deny purge +http_access deny !safeports +http_access deny CONNECT !sslports + +# Facebook Like Button Denial +#acl facebook dstdomain .facebook.com +#acl facebook_like urlpath_regex -i ^\/plugins\/like\.php +#deny_info error-facebook-like facebook_like +#http_access deny facebook facebook_like + +request_body_max_size 0 KB +delay_pools 1 +delay_class 1 2 +delay_parameters 1 -1/-1 -1/-1 +delay_initial_bucket_level 100 +delay_access 1 allow allsrc + +icap_enable on +icap_preview_enable on +icap_preview_size 4096 +icap_persistent_connections on +icap_send_client_ip on +icap_send_client_username on +icap_client_username_header X-Client-Username +icap_service qlproxy1 reqmod_precache bypass=1 icap://127.0.0.1:1344/reqmod +icap_service qlproxy2 respmod_precache bypass=1 icap://127.0.0.1:1344/respmod +icap_service squidclamav1 reqmod_precache bypass=1 icap://127.0.0.1:1345/squidclamav +icap_service squidclamav2 respmod_precache bypass=1 icap://127.0.0.1:1345/squidclamav + +#acl qlproxy_icap_edomains dstdomain "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_domains.conf" +#acl qlproxy_icap_etypes rep_mime_type "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_contenttypes.conf" + +adaptation_service_chain svcRequest qlproxy1 squidclamav1 +adaptation_service_chain svcResponse qlproxy2 squidclamav2 +adaptation_access svcRequest allow all +adaptation_access svcResponse allow all + +#no clamav +#adaptation_access svcRequest deny qlproxy_icap_edomains +#adaptation_access svcResponse deny qlproxy_icap_edomains +#adaptation_access svcResponse deny qlproxy_icap_etypes +#adaptation_access qlproxy1 allow all +#adaptation_access qlproxy2 allow all + +http_access allow allowed_subnets +http_access allow localhost +http_access deny allsrc + diff --git a/thinkfan/cputemp.sh b/thinkfan/cputemp.sh new file mode 100644 index 0000000..f4a5159 --- /dev/null +++ b/thinkfan/cputemp.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +cat /sys/devices/virtual/hwmon/hwmon1/temp1_input | head -c2 diff --git a/thinkfan/fanspeed.sh b/thinkfan/fanspeed.sh new file mode 100644 index 0000000..450d7e6 --- /dev/null +++ b/thinkfan/fanspeed.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +cat /proc/acpi/ibm/fan | grep ^speed | cut -d ':' -f 2 | sed -e 's/[[:space:]]*//' diff --git a/thinkfan/thinkfan.conf b/thinkfan/thinkfan.conf new file mode 100644 index 0000000..0577ea6 --- /dev/null +++ b/thinkfan/thinkfan.conf @@ -0,0 +1,11 @@ +hwmon /sys/devices/virtual/hwmon/hwmon1/temp1_input +tp_fan /proc/acpi/ibm/fan + +(0, 0, 25) +(2, 20, 30) +(3, 25, 31) +(4, 30, 36) +(5, 35, 41) +(6, 40, 47) +(7, 46, 53) +(126, 50, 32767) diff --git a/thinkfan/ubuntu-debian-HOWTO.txt b/thinkfan/ubuntu-debian-HOWTO.txt new file mode 100644 index 0000000..7ff61ee --- /dev/null +++ b/thinkfan/ubuntu-debian-HOWTO.txt @@ -0,0 +1,43 @@ +#/etc/thinkfan.conf: +hwmon /sys/devices/virtual/hwmon/hwmon0/temp1_input +tp_fan /proc/acpi/ibm/fan + +(0, 0, 25) +(1, 20, 30) +(2, 25, 31) +(3, 30, 36) +(4, 35, 41) +(5, 40, 47) +(6, 46, 50) +(7, 49, 56) +(126, 55, 32767) + + +#/etc/systemd/system/thinkfan.service +[Unit] +Description=simple and lightweight fan control program +After=syslog.target + +[Service] +Type=forking +ExecStart=/usr/local/sbin/thinkfan +PIDFile=/var/run/thinkfan.pid +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + + +#INSTALL (as root) +echo "options thinkpad_acpi fan_control=1" >> /etc/modprobe.d/thinkpad.conf +reboot +apt install lm-sensors cmake-curses-gui libyaml-cpp-dev libboost-all-dev +wget https://github.com/vmatare/thinkfan/archive/0.9.3.tar.gz +tar xzvf 0.9.3.tar.gz +cd thinkfan-0.9.3 +mkdir build; cd build +cmake -D CMAKE_BUILD_TYPE:STRING=Debug .. +make +cp thinkfan /usr/local/sbin +sudo systemctl enable thinkfan.service +sudo systemctl start thinkfan.service