roger
/
bashscripts
1
0
Fork 0
Code Issues 3 Pull Requests Releases Activity

Compare commits

base: roger:master
Branches Tags
roger:master
roger:dev
..
compare: roger:dev
Branches Tags
roger:master
roger:dev

1 Commits
master ... dev

Author SHA1 Message Date
Roger Pàmies Fabra 6a7de97c63 test scripts and examples 2023-07-20 09:42:40 +02:00
17 changed files with 315 additions and 265 deletions
Show Stats Expand all files Collapse all files

49
README.md
View File

@ -1,66 +1,29 @@
# Bash Scripts collection
TODO: Need install packages for each script
wget -O init_scripts.sh https://git.studi7.com/roger/bashscripts/raw/branch/master/init_scripts.sh && chmod +x init_scripts.sh && ./init_scripts.sh
## Permanent enviroment variables in ~/.profile
Append file `~/.profile` with this variables:
```
# E7 Scripts
# ClamAV scan script
export E7S_CLAM_LOGPATH="/path/to/logs/"
# Multiple folders separate by space
export E7S_CLAM_DIRSTOSCAN="/path/to/target/"
# Global script variables
export E7S_GOTIFY_SERVER_URL="https://push.example.com"
export E7S_LOGS_PRESERVE_DAYS=30
export ES7_LOGS_SERVER_SSH="server.example.com"
export ES7_LOGS_PATH="/path/to/web/root/"
export ES7_LOGS_URL="https://logs.example.com"
```
## Scripts
### utils/gotifypush.sh
## gotifypush.sh
Send markdown notifications to gotify channel throught curl
* Usage: `./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
### utils/logger.sh
Save logs into remote server and publish it into web server
* Usage: `./logger.sh <logfile> <relativepath>`
### scan_chk.sh
## scan_chk.sh
Scan rootkits into system with chkrootkit
* Usage: `./scan_chk.sh`
### scan_rkh.sh
## scan_rkh.sh
Scan rootkits into system with rkhunter
* Usage: `./scan_rkh.sh`
### scan_clam.sh
## scan_clam.sh
Scan virus and malware into system with clamav
* Usage: `./scan_clam.sh`
### updates_notifier.sh
TODO!
## Some tips
* https://www.appsloveworld.com/bash/100/6/how-have-both-local-and-remote-variable-inside-an-ssh-command
* https://stackoverflow.com/questions/27932694/shell-script-ssh-server-eof (script detect expire users)
* use xargs: https://www.baeldung.com/linux/xargs-multiple-arguments
* load env vars in cron: https://www.baeldung.com/linux/load-env-variables-in-cron-job
* crontab need path sometimes: https://askubuntu.com/questions/117978/script-doesnt-run-via-crontab-but-works-fine-standalone
* errors and best practices: https://tecadmin.net/resolved-unary-operator-expected-error-in-bash/
**NOTE:** Need set paths (DIRTOSCAN variable) to scan

19
backup_gitea.sh
View File

@ -1,19 +0,0 @@
#!/bin/bash
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
GOTIFY_TOKEN="token"
GOTIFY_MESSAGE="Backup task init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GITEA_DIR="/path/to/gitea"
BACKUP_FILE="gitea-backup_"`date +\%Y\%m\%d`".zip"
REMOTE_SERVER="remote.example.com"
REMOTE_PATH="/path/to/remote/store/backups/"
# gitea
su - gitea -s /bin/bash -c "$GITEA_DIR/gitea dump -c $GITEA_DIR/custom/conf/app.ini --file $BACKUP_FILE --tempdir $GITEA_DIR/"
rsync -AaxzPh --remove-source-files "$GITEA_DIR/$BACKUP_FILE" "$REMOTE_SERVER:$REMOTE_PATH"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Backup task end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
# send gotify notification
sh ./gotifypush.sh "Gitea $(hostname) Backup" "$GOTIFY_MESSAGE" 5 "$GOTIFY_TOKEN"

94
backup_nc.sh
View File

@ -1,94 +0,0 @@
#!/bin/bash
###################################################################################
# Nextcloud Backups as incremental mode, using rdiff-backup
#
# 1. Backup database and send to remote backups server throught rsync using
# ssh public/private key configuration.
# 2. Set X days to preserve db backups
# 3. Backup data folder of nextcloud using rdiff-backup (https://rdiff-backup.net/)
# 4. Set X days to preserve rdiff-backups increments
# 5. Get report statistics of rdiff-backup and send push message throught gotify
# self-hosted server (https://gotify.net/).
#
# Tools needed: mysqldump, gzip. rsync, rdiff-backup, curl
# TODO: save current version 'sudo -u www-data php /var/www/html/nextcloud/occ config:system:get version'
###################################################################################
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables push notifications
readonly GOTIFY_TOKEN="<GOTIFY_TOKEN>"
readonly GOTIFY_HOST="<GOTIFY_HOST>"
readonly GOTIFY_PRIORITY=5
# backup db variables
readonly BACKUP_DB_FILE="nextcloud-sqlbkp-"`date +\%Y\%m\%d`".sql"
readonly DB_HOST="<DB_HOST>"
readonly DB_USER="<DB_USER>"
readonly DB_PASS="<DB_PASS>"
readonly DB_NAME="<DB_NAME>"
# backup data variables
readonly NEXTCLOUD_DATA="<NEXTCLOUD_DATA>"
readonly NEXTCLOUD_DIR="<NEXTCLOUD_DIR>"
readonly INCLUDE_LIST="include-list"
# remote settings
readonly REMOTE_SERVER="<REMOTE_SERVER>"
# TODO: Use $(hostname) "/path/to/example/"`hostname`"/nextcloud"
readonly REMOTE_PATH="<REMOTE_PATH>"
readonly REMOTE_NC_DATA_FOLDER="files"
readonly REMOTE_NC_DB_FOLDER="db"
readonly REMOTE_NC_DIR_FOLDER="dir"
readonly BACKUP_PRESERVE_DAYS=60
# create include list file and set exclude logs
touch $INCLUDE_LIST
cat > $INCLUDE_LIST <<EOF
- **nextcloud.log
- **nextcloud.log*
- **updater.log
EOF
# init notification message
MESSAGE="Backup task init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
# dump and backup db nextcloud handycat and rsync deleting origin
mysqldump --single-transaction --verbose -h $DB_HOST -u $DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DB_FILE
gzip $BACKUP_DB_FILE
# TODO: force create multiple paths (mkdir -p) if not exist with rsync trick
# https://www.schwertly.com/2013/07/forcing-rsync-to-create-a-remote-path-using-rsync-path/
rsync -AaxzPh --remove-source-files "$BACKUP_DB_FILE.gz" "$REMOTE_SERVER:$REMOTE_PATH/$REMOTE_NC_DB_FOLDER"
# clear X days old remote db backups
ssh $REMOTE_SERVER 'bash -s' << EOF
find "$REMOTE_PATH/$REMOTE_NC_DB_FOLDER" -maxdepth 1 -mtime +$BACKUP_PRESERVE_DAYS -print -exec "rm" -R {} \;
EOF
# rdiff-backup all dir of nextcloud
rdiff-backup backup $NEXTCLOUD_DIR "$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DIR_FOLDER"
# clear X days old increments of backup dir
rdiff-backup remove increments --older-than "${BACKUP_PRESERVE_DAYS}D" "$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DIR_FOLDER"
# rdiff-backup all data of nextcloud
OUT=$(rdiff-backup backup --print-statistics --include-globbing-filelist $INCLUDE_LIST $NEXTCLOUD_DATA \
"$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DATA_FOLDER")
# set output lines into array and append notification message
readarray -t stats <<<"$OUT"
for val in "${stats[@]}"; do
line=$(echo $val | tr -d '-')
MESSAGE="${MESSAGE} $line \r"
done
# clear X days old increments of backup data
rdiff-backup remove increments --older-than "${BACKUP_PRESERVE_DAYS}D" \
"$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DATA_FOLDER"
MESSAGE="${MESSAGE} Backup task end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
rm $INCLUDE_LIST
# send gotify notification
TITLE="NC $(hostname) Backup"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" \
-d "{ \"message\": \"${MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"

46
backup_nextcloud.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
# A script to perform incremental backups using rsync
set -o errexit
set -o nounset
set -o pipefail
readonly SOURCE_DIR="/home/roger/prova"
readonly BACKUP_DIR="/home/roger/backups"
readonly DATETIME="$(date '+%Y-%m-%d_%H:%M:%S')"
readonly BACKUP_PATH="${BACKUP_DIR}/${DATETIME}"
readonly LATEST_LINK="${BACKUP_DIR}/latest"
mkdir -p "${BACKUP_DIR}"
rsync -av --delete \
"${SOURCE_DIR}/" \
--link-dest "${LATEST_LINK}" \
--exclude=".cache" \
"${BACKUP_PATH}"
rm -rf "${LATEST_LINK}"
ln -s "${BACKUP_PATH}" "${LATEST_LINK}"
#rsync -AaxzvPh --delete /home/roger/prova/ --link-dest /home/roger/latest /home/roger/prova_inc1
#ln -s /home/roger/prova_inc1 /home/roger/latest
# add file into prova
rsync -rti --delete --dry-run /home/roger/prova/ /home/roger/latest/ 2>&1 | grep -v '^[^*]d' | head -
n1
#rsync -rtiv --link-dest "../latest/" "/home/roger/prova/" "/home/roger/provabkp_inc1"
sending incremental file list
created directory /home/roger/backups/provabkp_inc1
cd+++++++++ prova/
>f+++++++++ prova/file1.txt
>f+++++++++ prova/file2.txt
>f+++++++++ prova/file3.txt
>f+++++++++ prova/file4.txt

10
colors.sh Executable file
View File

@ -0,0 +1,10 @@
#! /usr/bin/env bash
RED="\e[31m"
GREEN="\e[32m"
ENDCOLOR="\e[0m"
echo -e "${RED}This is some red text, ${ENDCOLOR}"
echo -e "${GREEN}And this is some green text${ENDCOLOR}"
#https://misc.flogisoft.com/bash/tip_colors_and_formatting

24
f2b_unban_ip.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
#Use ./unbanipcloud.sh <ip>
echo $#
JAIL_NAME=$ES7_F2B_JAIL_NAME
REMOTE_SERVER="estudiset.nextcloud.handycat"
UNBAN_IP=$1
if [ $# -eq 0 ]; then
echo "Falta la IP a desbloquejar com a argument. Per exemple: $0 X.X.X.X"
exit 1
elif [ $# -eq 2 ]; then
JAIL_NAME=$2
fi
# unban with fail2ban
out=$(ssh $REMOTE_SERVER "sudo fail2ban-client set $JAIL_NAME unbanip $UNBAN_IP")
if [ "$out" -eq "1" ]; then
echo "La IP [$UNBAN_IP] s'ha desbloquejat correctament"
else
echo "No s'ha trobat la IP [$UNBAN_IP] a la llista de bloquejos"
fi

9
utils/gotifypush.sh → gotifypush.sh
View File

@ -2,14 +2,14 @@
#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
# uncomment when use script from cron
#uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# Gotify notification parameters
TITLE=$1
MESSAGE=$2
PRIORITY=$3
URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
URL="https://push.example.com/message?token=$4"
#if url passed by parameter, set to extras
if [ -n "$5" ]
then
@ -18,11 +18,6 @@ else
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
fi
# prevent gotify post error: invalid character '\\n' in string literal
# scape \\n newlines for json
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
# better curl usage https://github.com/gotify/server/issues/68
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"

111
init_scripts.sh Normal file
View File

@ -0,0 +1,111 @@
#!/bin/bash
# Functions
show_cron_help () {
echo "--------------------------------------------"
echo "* * * * * command to be executed"
echo "- - - - -"
echo "| | | | |"
echo "| | | | ----- Day of week (0 - 7) (Sunday=0 or 7)"
echo "| | | ------- Month (1 - 12)"
echo "| | --------- Day of month (1 - 31)"
echo "| ----------- Hour (0 - 23)"
echo "------------- Minute (0 - 59)"
echo "Examples:"
echo "(predefined) @annually | @yearly | @monthly | @weekly | @daily | @hourly | @reboot"
echo "(every) @every 5s | @every 20h30m"
echo "(custom) 10 20 * * * | 0 3 * * 1-5"
echo -e "--------------------------------------------\n"
}
get_cron () {
cron=false
while [ "$cron" != "true" ]
do
read -p 'Escriu el periode del cron: ' CRON
case $CRON in
("") echo "El cron no pot ser buit";;
(*) cron=true #echo "just numeric";;
esac
done
echo "$CRON"
}
# End functions
readonly SCRIPTS_FOLDER="e7scripts"
readonly GOTIFY_SCRIPT_NAME="gotifypush.sh"
readonly GOTIFY_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/gotifypush.sh"
readonly UPDATES_SCRIPT_NAME="updates_notifier.sh"
readonly UPDATES_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/updates_notifier.sh"
#verify run as root or sudo
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
#set -f
#func_result="$(get_cron)"
#echo $func_result
#set +f
echo "/////////////////////////////////////////"
echo "Benvingut a l'instalador d'Scripts"
echo -e "/////////////////////////////////////\n"
finished=false
while [ "$finished" != "true" ]
do
# Choose script to install
echo "0) Sortir de l'instalador"
echo "1) Notificador dels resultats dels scripts (Gotify Push Notifications)"
echo "2) Notificador d'actualitzacions"
echo "3) Escaneig de rootkits amb RK Hunter"
echo "4) Escaneig de rootkits amb CHK Rootkit"
echo -e "5) Escaneig de virus amb ClamAV\n"
choosed=false
while [ "$choosed" != "true" ]
do
read -p 'Indica quin script vols instal·lar (0 per sortir): ' SCRIPT_NUM
case $SCRIPT_NUM in
("") echo "El número no pot ser buit";;
(*[!0-9]*) echo "Has d'introduir un número";;
(*) choosed=true #echo "just numeric";;
esac
done
if [ "$SCRIPT_NUM" = "0" ]; then
finished=true
exit 0
elif [ "$SCRIPT_NUM" = "1" ]; then
mkdir -p $SCRIPTS_FOLDER
wget -O "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME" $GOTIFY_SCRIPT_URL
read -p 'Indica el domini de gotify: ' GOTIFY_DOMAIN
sed -i "s/push.example.com/$GOTIFY_DOMAIN/" "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME"
chmod +x "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME"
echo -e "Script instal·lat correctament\n"
elif [ "$SCRIPT_NUM" = "2" ];then
mkdir -p $SCRIPTS_FOLDER
wget -O "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" $UPDATES_SCRIPT_URL
read -p 'Indica el token del canal de gotify: ' TOKEN
sed -i "s/<TOKEN_GOTIFY_APP>/$TOKEN/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
sed -i "s/Hostname/$(hostname)/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
chmod +x "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
echo -e "\nAFEGEIX EL CRON\n"
show_cron_help
cron="$(get_cron)"
#https://stackoverflow.com/questions/878600/how-to-create-a-cron-job-using-bash-automatically-without-the-interactive-editor
#remove previous crontab
(crontab -l | grep -v -F "$UPDATES_SCRIPT_NAME") | crontab -
#add crontab
(crontab -l ; echo "$cron cd $(pwd)/$SCRIPTS_FOLDER/ && ./$UPDATES_SCRIPT_NAME 2>&1") | crontab -
echo -e "Script instal·lat correctament\n"
#TODO Function cron get period
else
echo -e "Aquest número d'script no existeix. Tornar a intentar-ho\n"
fi
done

17
nextcloud_updater.sh Executable file
View File

@ -0,0 +1,17 @@
sudo -u www-data php /mnt/md0/nextcloud/updater/updater.phar --no-interaction
if no sudo:
su -l www-data -s /bin/bash -c 'php /opt/nextcloud/updater/updater.phar --no-interaction'
----- no updates ----
Nextcloud Updater - version: v20.0.0beta4-11-g68fa0d4
Current version is 23.0.12.
No update available.
Nothing to do.
--------

10
remote_updater.sh
View File

@ -73,12 +73,14 @@ elevate_cmd () {
}
remote_update () {
ssh $1 << EOF
ssh -t $1 << EOF
$(typeset -f has_sudo)
$(typeset -f elevate_cmd)
elevate_cmd apt update -qq
elevate_cmd apt upgrade -y
elevate_cmd apt autoremove
elevate_cmd apt-get update -qq
elevate_cmd echo 'debconf debconf/frontend select Noninteractive' | elevate_cmd debconf-set-selections
elevate_cmd apt-get upgrade -y
elevate_cmd apt-get autoremove
elevate_cmd echo 'debconf debconf/frontend select Dialog' | elevate_cmd debconf-set-selections
EOF
}

23
scan_chk.sh
View File

@ -1,15 +1,11 @@
#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
# vars gotify
readonly TOKEN="<TOKEN_GOTIFY_APP>"
# vars chkrootkit
#vars chkrootkit
SNIFFERS_WHITELIST="dhclient"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
@ -20,20 +16,7 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
issues=$(echo "$OUT" | wc -l)
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
echo $OUT > "./$LOGFILE"
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
sh ./gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
else
echo "[chkrootkit] system clean"
fi

37
scan_clam.sh
View File

@ -1,47 +1,32 @@
#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
MALWARE_FOUND=false
LOGDIR="/var/log/clamav/scan/";
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
readonly TOKEN="<TOKEN_GOTIFY_APP>";
LOG_PRESERVE_DAYS=30;
mkdir -p $E7S_CLAM_LOGPATH
mkdir -p $LOGDIR
for S in ${E7S_CLAM_DIRSTOSCAN}; do
for S in ${DIRTOSCAN}; do
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
clamscan -ri "$S" >> "$LOGDIR$LOGFILE";
echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE";
# get the value of "Infected lines"
MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3);
# if the value is not equal to zero, send an email with the log file attached
if [ "$MALWARE" -ne "0" ];then
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Found **$MALWARE** infected files into **$S** \r"
MALWARE_FOUND=true
sh ./gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
else
echo "[clamav] No infected files found."
fi
done
if $MALWARE_FOUND
then
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
fi
#clean old logs files
find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
exit 0

23
scan_rkh.sh
View File

@ -1,29 +1,14 @@
#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
#vars rkhunter
readonly TOKEN="<TOKEN_GOTIFY_APP>"
OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
OUT=$(rkhunter -c -sk --rwo)
if [ -n "$OUT" ]
then
issues=$(echo "$OUT" | wc -l)
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
sh ./gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
else
echo "[rkhunter] system clean"
echo "[rkhunter] system clean"
fi

70
spinner.sh Executable file
View File

@ -0,0 +1,70 @@
#!/usr/bin/env bash
FRAME=("⠋" "⠙" "⠹" "⠸" "⠼" "⠴" "⠦" "⠧" "⠇" "⠏")
FRAME_INTERVAL=0.1
RED="\e[31m"
GREEN="\e[32m"
ENDCOLOR="\e[0m"
start_spinner() {
#local step=0
local CMD=$1
local STEP=$2
tput civis -- invisible
#while [ "$step" -lt "${#CMDS[@]}" ]; do
#${CMDS[$step]} & pid=$!
$CMD & pid=$!
#status=$($CMD & pid=$!)
#status=$?
#pid=$!
while ps -p $pid &>/dev/null; do
#while kill -0 $pid 2>/dev/null; do
#echo -ne "\\r[ ] ${STEPS[$step]} ..."
echo -ne "\\r[ ] $STEP ..."
for k in "${!FRAME[@]}"; do
echo -ne "\\r[ ${FRAME[k]} ] "
sleep $FRAME_INTERVAL
done
done
wait "$pid"; status=$!
#echo "${PIPESTATUS[0]} ${PIPESTATUS[1]}"
#echo -ne "\\r[ ✔ ] ${STEPS[$step]}\\n"
#re='^[0-9]+$'
#if ! [[ $status =~ $re ]]; then
# echo $status
#else
if [ $status -eq 0 ]; then
echo -ne "\\r[ ${GREEN}${ENDCOLOR} ] $STEP\\n"
else
echo -ne "\\r[ ${RED}${ENDCOLOR} ] $STEP\\n"
fi
#fi
#step=$((step + 1))
#done
tput cnorm -- normal
}
start_spinner "apt update -qq" "Search for updates"
start_spinner "apt upgrade -qq -y" "Apply updates"
start_spinner "./testsleep.sh" "Testing fail" #ha de donar FAIL!!
start_spinner "rm *.mp3" "Testing fail"
./testsleep.sh
echo $?
#/usr/bin/scp me@website.com:file somewhere 2>/dev/null &
#apt update -qq > /dev/null 2>/dev/null & pid=$! # Process Id of the previous running command
#spin='-\|/'
#i=0
#while kill -0 $pid 2>/dev/null
#do
# i=$(( (i+1) %4 ))
# printf "\r${spin:$i:1}"
# sleep .1
#done

4
testsleep.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
sleep 3
exit 1

11
updates_notifier.sh
View File

@ -1,6 +1,5 @@
#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
#verify run as root or sudo
@ -10,9 +9,7 @@ if [[ $EUID -ne 0 ]]; then
fi
# vars gotify
readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
readonly GOTIFY_HOST="<GOTIFY_HOST>"
readonly GOTIFY_PRIORITY=5
readonly TOKEN="<TOKEN_GOTIFY_APP>"
apt update -qq
@ -28,9 +25,5 @@ else
updates=$(echo $updates|tr -d '\n')
OUT="There are **$num** updates: \r"
OUT="${OUT} Packages: *$updates*"
# send gotify notification
TITLE="$(hostname) pending updates"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${OUT}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
sh ./gotifypush.sh "Hostname pending updates" "$OUT" 5 $TOKEN
fi

23
wordpress_cpanel_updater.sh Normal file
View File

@ -0,0 +1,23 @@
#!/usr/bin/env bash
#require:
#wp-cli https://wp-cli.org/#installing
#wp-updater https://github.com/keesiemeijer/wp-update
#get accounts and domains
/usr/local/cpanel/scripts/updateuserdomains
cat /etc/trueuserdomains
#https://docs.cpanel.net/whm/scripts/whm-scripts/
#https://docs.cpanel.net/whm/account-functions/manage-shell-access/
#https://support.cpanel.net/hc/en-us/articles/360051992634-Differences-Between-Normal-and-Jailed-Shell
#https://www.cyberciti.biz/tips/how-do-i-find-out-what-shell-im-using.html
#get bash from user
grep "^$USER" /etc/passwd
awk -F: '/$USER/ { print $7}' /etc/passwd
#change shell
usermod -s /bin/false $USER
#https://github.com/layfellow/cpanel-cli (?)