Useful scripts

Some backup tools have problems with long names. So we have to check the length of the path + file name. This can be done with:
[cmd=]find . -type f -exec sh -c 'echo -n \"$@\"\, ; echo -n $@ | wc -c' x {} \; | awk -F \, '{ printf "%s %s", $2, $1 "\n" }' | sort |tail[/cmd]
 
Some of people want to ping some hosts and find which host is up

Code:
#! /usr/local/bin/bash
clear

da="`date`"
range=${1}
ttl=${2}
count=${3}
sub=$4
us="`id -u`"
if [ $us != "0" ];then
echo "SORRY U MUST BE ROOT"
exit
fi

alive="/usr/home/t4z3v4r3d/alive.txt"
if [ "${#}" != 4 ] ; then
echo "EXAMPLE ${0} 127.0.0.1 2 1"
echo -e "TARGET IP Count   TTL  Subrange \n 127.0.0  1    1      254"
exit 0
fi

if test -f $alive  ;then
echo -en "\033[1;32mFile OK  Startting with PID:$$ \033[0;0m"
else
echo "$alive Not found creating it"
touch $alive
fi

#############################
## Chekc state for nom of tarets
for ((i=1 ; i < 100000 ; i++));do
if [ "`cat $alive | grep "\["$i"\]"`" != "" ];then
let "i=i+1"

else
let "i=$i-1"
echo "starting target nom form $i "
break
fi
done

#############################
line=2
ln=2
sb=0
pinger(){
while [ "$sb" -le "$sub" ];do
        for ((counter=1 ; counter < 254 ;counter++));do
                if [ "`ping -c $count -t $ttl $range.$sb.$counter | grep icmp_seq= `" != "" ];then
                         let "j=j+1"
                         let "ln=$j+2"
                         let "line=$j+2"
                         let "k=$i+$j-1"
                         let "a=a+1"
                         echo -e "\033[1;37m\033[3;2f[+]$range.$sb.$counter                     Alive   [\033[1;32m$a\033[1;37m]\033[0;0m"
                         target[$k]=$range.$sb.$counter  # >> $alive
                else
                         let "d=d+1"
                         echo -e "\033[4;2f\033[1;31m[+]$range.$sb.$counter                     Dead    [$d]\033[0;0m"
                fi
        done
let "sb=$sb+1"
done
        echo -e "\033[4;1f...............................................................\033[0;0m"

}
## END SUB RANGE AND IP
chmod 666 $alive
pinger
let "l=$j+0"
if [ "$l" != "0" ];then
case $j in
        0) some="No  Target"
        ;;
        1) some=" $j Taregt"
        ;;
        *) some=" $j Targets  "
        ;;
esac

echo "Scanning done and $some founded"

som1=0
while [ "$som1" -le "$j" ];do
echo -e "\033[1;37m${target[$som1]}\033[0;0m"
let "som1=som1+1"
done

else
echo "Cant find any target or pinging faild !"
fi
 
Here's script that i use to backup my FreeBSD to flash :D
you must have root permissions to run it.
you need flash or other unmounted drive with ufs on it labeled backup

to backup run
sudo backup.sh --backup all
or
sudo backup.sh --backup usr var
your partitions must be labeled, because this script uses only labels created with newfs -L label

Using partition labels has a lot of advantages.

it will save compressed dump images to /tmp, so it must be big enough.

for me it takes up to 1.8GB per download.
It compresses on the fly

modify DEFAULT_BAK_FS to match out ufs labels


Code:
#!/bin/sh


DEFAULT_BAK_FS='root var home www usr'


if [ "$USER" = 'root' ]; then
	if [ -c /dev/ufs/backup ]; then

		if [ "$1" = '--backup' ]; then
			echo '*** starting backup ***'
			echo

			mkdir "/tmp/$(basename $0).$$"

			echo '*** saving kernel configuration ***'
			cat /usr/src/sys/i386/conf/killabsd | bzip2 > "/tmp/$(basename $0).$$/killabsd.bz2"

			if [ "$2" = 'all' ]; then
				for i in $DEFAULT_BAK_FS; do
					echo "*** dumping $i ***"
					dump -0Laf - "/dev/ufs/$i" | gzip > "/tmp/$(basename $0).$$/$i.dump.gz"
					shift
				done
			else
				while [ $2 ]; do
					echo "*** dumping $2 ***"
					dump -0Laf - "/dev/ufs/$2" | gzip > "/tmp/$(basename $0).$$/$2.dump.gz"
					shift
				done
			fi

			bakDate="$(date '+%Y-%m-%d')"

			echo '*** Mounting ks86backup ***'
			mount -o noatime /dev/ufs/backup /mnt

			echo '*** Saving Backups ***'
			if [ ! -d '/mnt/bak' ]; then mkdir '/mnt/bak'; fi
		
			if [ ! -d "/mnt/bak/$bakDate" ]; then rm -Rf "/mnt/bak/$bakDate"; fi
			mkdir "/mnt/bak/$bakDate"
		
			cp "/tmp/$(basename $0).$$/"* "/mnt/bak/$bakDate/"

			umount /mnt
			echo '*** ks86backup unmounted ***'

			echo '*** cleaning tmp ***'
			rm -Rf "/tmp/$(basename $0).$$"
			echo "*** backup $bakDate compleate ***"
			exit 0
		elif [ "$1" = '--restore' ]; then
			echo 'not implemented yet'
			exit 1
		else
			echo 'Err: unknown command'
			exit 1
		fi
	else
		echo "Err: backup drive ain't plugged"
		exit 1
	fi
else
	echo "Err: you're not root"
	exit 1
fi

echo "Err: you shouldn't naturally see this. A bug is somwhere."
exit 1
 
Extended storage Automatic Mounter

Code:
#!/usr/local/bin/bash
clear
echo "Looking for mountable devices"
if  [ "`ls -c /dev/da* | grep s`" = "" ] ;then
echo -e "\033[1;31mNo such device for mounting\033[0;0m"
exit
fi

for (( count =0; count <5 ;count++ ));do
        for ((counter=1 ;counter <7;counter++ ));do
                if [ -c "/dev/da""$count"s"$counter" ];then
                        if [ ! -d /mnt/usb${count}-$counter ];then
                        echo "/mnt/usb${count}-$counter  NOT EXITS CREATING IT ..."
                        mkdir /mnt/usb${count}-$counter
                        chmod -R 777 /mnt/usb${count}-$counter
                        chmod 666 /dev/da${count}s${counter}
                        fi
                        mount_msdosfs /dev/da${count}s${counter} /mnt/usb${count}-${counter}
                fi
        done
done
echo "_________________________________________"
echo
        mount -p -w | grep da
echo "_________________________________________"

Only run this script and you can mount your storage with write permission in X.
 
t4z3v4r3d said:
Code:
#!/usr/local/bin/bash
clear
echo "Looking for mountable devices"
if  [ "`ls -c /dev/da* | grep s`" = "" ] ;then
echo -e "\033[1;31mNo such device for mounting\033[0;0m"
exit
fi

for (( count =0; count <5 ;count++ ));do
        for ((counter=1 ;counter <7;counter++ ));do
                if [ -c "/dev/da""$count"s"$counter" ];then
                        if [ ! -d /mnt/usb${count}-$counter ];then
                        echo "/mnt/usb${count}-$counter  NOT EXITS CREATING IT ..."
                        mkdir /mnt/usb${count}-$counter
                        chmod -R 777 /mnt/usb${count}-$counter
                        chmod 666 /dev/da${count}s${counter}
                        fi
                        mount_msdosfs /dev/da${count}s${counter} /mnt/usb${count}-${counter}
                fi
        done
done
echo "_________________________________________"
echo
        mount -p -w | grep da
echo "_________________________________________"

Only run this script and you can mount your storage with write permission in X.

add to /etc/devfs.rules
Code:
[localrules=10]
add path 'da*' mode 0660 group users
add path 'md*' mode 0660 group users

add to /etc/devfs.conf
Code:
own acd0 root:users
perm acd0 0660

own cd0 root:users
perm cd0 0660

own mdctl root:users
perm mdctl 0660

own pass0 root:users
perm pass0 0660

add to /etc/rc.conf
Code:
devfs_system_ruleset="localrules"


do steps described above and you won't need to chmod devices anymore
also to mount msdosfs all you need to do, is create dir (for example ~/mnt)
and
mount -t msdosfs /dev/da0 ~/mnt
and you can read/write etc


p.s.
for more info about cd's/dvd's check
http://forums.freebsd.org/showthread.php?t=1195
 
Ok thank you but iwrote this scripts 2 years ago for training ;)
But thank you again . And i wanna lowest changes !.
Sorry for poor english
 
Not really useful, but nostalgic:

Code:
#!/bin/sh

# Edit UNIX text files with old MSDOS editor
# Requires: - Dosbox installed
#           - DOS binary EDIT.COM
#           - X 

EDITOR_BIN=/usr/files/EDIT.COM             # fix your path
CURDIR=$(pwd)

mkdir -p /tmp/dostmp
ln -s $EDITOR_BIN /tmp/dostmp/edit.com

if [ $1 ];
then
  cp $1 /tmp/dostmp/EDIT.TMP
  cd /tmp/dostmp
  dosbox -c "@mount c ." -c "@c:" -c "@c:\edit c:\EDIT.TMP" -c "@exit"
  cd $CURDIR
  (cat /tmp/dostmp/EDIT.TMP | tr -d '\015') > $1    #remove carriage returns
  rm /tmp/dostmp/EDIT.TMP                                                           
else
  cd /tmp/dostmp
  dosbox -c "@mount c ." -c "@c:" -c "@c:\edit" -c "@exit"
fi

cd /tmp/dostmp
rm ./edit.com

# in case more files are saved:
# (these will get XXXXXXXX.XXX DOS-filenames)
for REST in *;
do
   if [ -f $REST ];
   then
     (cat $REST | tr -d '\015') > $CURDIR/$REST
   fi
done

rm -rf /tmp/dostmp

Use at own risk :beergrin
 
If you're an owner of a digital camera and like to fiddle with those JPEG files in your console as often as I do :p then this lil' piece of a shell-script of mine would be useful for you.
It provides batch changing the date/time of given JPEG files according to their EXIF values.


Code:
#!/bin/sh
#
# redate.sh
#----------------------------------------------------------------------
#  This script changes modification and access time of the files
#  in the current folder, according to the EXIF metadata found inside.
#
#  No changes will be made in case no EXIF data could be found.
#
#  Also it drops file permissions to 0640 mode
#
#  Please be sure to have graphics/exiftags port installed before use.
#---------------------------------------------------------------------

exts="*.jpg *.jpeg *.JPG *.JPEG"
mask="0640"
exifcmd="/usr/local/bin/exiftags"
msg="Searching for ${exts} files..."




# Check for exiftags binary presense:
/usr/bin/which exiftags

if [ $? -ne 0  ]
then
    printf "\n -> graphics/exiftags is not found in ${exifcmd}\n\n"
    exit 1
else
    printf "\n -> found exiftags binary  (Ok!)"
fi




if [ $1 ]
then
    exts=$1
    msg="Searching for ${exts} files..."
fi


files=0
changed=0
failed=0

printf "\n${msg}\n"

for n in `ls ${exts} 2> /dev/null`

do

files=$((${files}+1))

    exifd=`${exifcmd} ${n} 2> /dev/null | grep Created`


    if [ "${exifd}" ]
    then

        exd=`echo ${exifd} | cut -d ' ' -f 3`

        y=`echo ${exd} | cut -d ':' -f 1`
        m=`echo ${exd} | cut -d ':' -f 2`
        d=`echo ${exd} | cut -d ':' -f 3`

        t=`echo ${exifd} | cut -d ' ' -f 4`

        hr=`echo ${t} | cut -d ':' -f 1`
        min=`echo ${t} | cut -d ':' -f 2`
        sec=`echo ${t} | cut -d ':' -f 3`

        printf "\n=> File: ${n} -> Exif Date: ${y}:${m}:${d} - Time: ${hr}:${min}:${sec} -> Set."

        touchd="${y}${m}${d}${hr}${min}.${sec}"

        touch -c -t ${touchd} ${n}

                if [ $? -eq 0 ]
                then
                        chmod ${mask} ${n}
                        changed=$((${changed}+1))
                fi
    else
        {
           printf "\n=> (!) File: ${n} -> No EXIF data ->  Skipped."

           failed=`echo "${failed}+1" | bc`
        }
    fi

done

echo
echo " -----------------------------------"
printf "Files processed:       $files \n"
printf "Successfully set:      $changed \n"
printf "Failed:                $failed \n"
echo

exit 0
 
mount(8) ISO image on FreeBSD/Solaris/Linux

[cmd=]usage: loop.sh image.iso /mnt/point[/cmd]

Code:
#! /bin/sh

[ ${#} -ne 2 ] && {
  echo "usage: $( basename ${0} ) image.iso /mnt/point"
  exit 1
}

__absolute() {
  if [ -f /${1} ]
  then
    echo "${1}"
  else
    echo "$( pwd )/${1}"
  fi
}

case $( uname ) in
  (FreeBSD)
    NODE=$( mdconfig -a -t vnode -f "${1}" )
    mount -t cd9660 /dev/${NODE} "${2}"
    ;;

  (SunOS)
    FILE=$(  __absolute "${1}" )
    POINT=$( __absolute "${2}" )
    lofiadm -d "${FILE}" 1> /dev/null
    NODE=$( lofiadm -a "${FILE}" )
    mount -F hsfs -o ro ${NODE} "${POINT}"
    ;;

  (Linux)
    mount -o loop "${1}" "${2}"
    ;;

  (*)
    echo "supported systems: FreeBSD Solaris Linux"
    exit 1
    ;;
esac
 
Code:
#!/bin/sh
# Copyright (c) 2009, Aldis Berjoza <killasmurf86@gmail.com>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
#   notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
#   copyright notice, this list of conditions and the following disclaimer
#   in the documentation and/or other materials provided with the
#   distribution.
# * Neither the name of the  nor the names of its
#   contributors may be used to endorse or promote products derived from
#   this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# This scrip will create 'wlist' file, that will contain IP of all
#   ftp servers found in ports collection
# You may use this script to generate ftp server whitlist for pf
#
# http://killasmurf86.blogspot.com

find /usr/ports -name Makefile > /tmp/.ftp_list_1
find /usr/ports/Mk -name bsd.*.mk >> /tmp/.ftp_list_1

for i in `cat /tmp/.ftp_list_1`; do 
	grep -e 'ftp://' $i >> /tmp/.ftp_list_2
done

sed 's/#.*$//g' /tmp/.ftp_list_2 | sed 's/^.*ftp:\/\///' | sed 's/\/.*$//' | sort | uniq - /tmp/.ftp_list_3

grep -E -e '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /tmp/.ftp_list_3 > /tmp/.ftp_list_4

for i in `cat /tmp/.ftp_list_3`; do
	dig +short "$i" | grep -E -e '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> /tmp/.ftp_list_4
done

sort /tmp/.ftp_list_4 | uniq - wlist
rm -f /tmp/.ftp_list_[1234]

exit

Here's script, I just wrote to generate ftp server white list used in ports.
I use generated list in my pf configuration, to enable ftp downloads

EDIT:
latest version can be downloaded from
http://aldis.git.bsdroot.lv/ftpwlist/
 
portupdater script

Note: if you're using PKGNG and the pkg tools, use the revised portupdater: viewtopic.php?f=35&t=737&p=260551&hilit=portupdater#p260551

\My 'portupdater' script for daily use. Requires ports-mgmt/portmaster and ports-mgmt/portaudit.

The script can be run from cron, which will invoke portsnap with a random sleep period of 0-60 minutes and does not require any intervention. It mails a summary to e.g. root.

It can also be run from the command-line when an extra argument is supplied (e.g. [cmd=]portupdater yes[/cmd] or [cmd=]portupdater now[/cmd]). This will make it run immediately, and with some extra functions that may require interaction.

The script will only update/maintain the ports tree and show a summary, it will not update ports. The ports that need updating are printed, of course.

The script can be made to work with ports-mgmt/portupgrade by just replacing the applicable commands. In fact, this script used to be portupgrade-based before I switched to portmaster.
Code:
#!/bin/sh
hostname=$(hostname)
date=$(/bin/date)

echo "
Updating portaudit first.
"
/usr/local/etc/periodic/security/410.portaudit

echo "
Portupdater for ${hostname} started at ${date}


========== Fetching latest ports snapshot from server. ==================
"

if [ $# -lt 1 ]
then
portvar="cron"
else
portvar="fetch"
fi

/usr/sbin/portsnap ${portvar} || exit 1

echo "
========== Updating ports tree with new snapshot. =======================
"
/usr/sbin/portsnap update || exit 1

echo "
============ Cleaning out all obsolete distfiles. =======================
"
/usr/local/sbin/portmaster -y --clean-distfiles || exit 1

if [ ${portvar} = "fetch" ]
then
echo "
Ah, you're actually here. Good.

Running some (possibly) interactive stuff.
"
/bin/sleep 5

echo "
============ Cleaning out stale ports. ==================================
"
/usr/local/sbin/portmaster -s || exit 1
echo "
============ Checking port dependencies. ================================
"
/usr/local/sbin/portmaster --check-depends || exit 1
echo "
============ Cleaning up /var/db/ports. =================================
"
/usr/local/sbin/portmaster --check-port-dbdir || exit 1
fi

echo "
=================== See which ports need updating. ======================
"
/usr/sbin/pkg_version -IvL '=' || exit 1

echo "
================= Warnings from /usr/ports/UPDATING. ====================
"
weekago=$( /bin/date -v-1w +%Y%m%d )
lastpkg=$( ls -D %Y%m%d -ltr /var/db/pkg | /usr/bin/tail -n1 | /usr/bin/tr -s " " "\t" | /usr/bin/cut -f 6 )
if [ ${weekago} -lt ${lastpkg} ]
 then usedate=${weekago}
 else usedate=${lastpkg}
fi
/usr/sbin/pkg_updating -d ${usedate}
echo "
See /usr/ports/UPDATING for further details.

========== Portupdater done. ============================================
"
 
killasmurf...

dontcha just hate it when your license is longer than your script?
:)

I remember the good old days when one would put useful info at the
top of source files!
 
Well AT&T used to put their license on false program

And all it did was return 1


If you want I can make special edition for you.... I can make that script take more lines than license ;)
 
Hi
and a script for cvsup ...

Code:
#!/usr/local/bin/bash
clear
echo -e "\033[1;30mGetting fastest server adress\n\033[1;33mPlease wait  ...\033[0;0m"
fastest_cvsup -c all >> /tmp/1
tail -n 3 /tmp/1 > /tmp/fs_cvs
echo -e "\033[1;32mGetting informations Done ...\nStarting update\033[0;0m"

cat << config > /root/stable_supfile.txt
###################################################################
##### Generated by $USER @ `date` ######
###################################################################
$(cat /tmp/fs_cvs  | while read line ;do echo *default host=$(echo $line | awk {' print $3 '}); done)
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_$(uname -r | cut -d . -f 1)_$(uname -r | cut -d . -f2 | cut -d - -f 1)
*default delete use-rel-suffix
*default compress
src-all
config
cvsup -g -L 2 /root/stable_supfile.txt
 
If you want to block known spam sources on your MX right at the firewall, not even bothering you MTA to check the incoming IPs you can use this script to put together a list of IPs to block.

Watch out: The script reloads your pf rules.
You should put:
Code:
table <spam.zen>        persist file "/etc/spam.zen"
(...)

block quick inet from <spam.zen>
into your pf.conf for the whole thing to work.

Code:
#!/bin/sh

fetch -q -o /tmp/zendrop.data http://www.spamhaus.org/drop/drop.lasso

cat /tmp/zendrop.data | sed -e 's/;.*//' > /tmp/spam.zen
rm /tmp/zendrop.data
MD1=`md5 -q /tmp/spam.zen`
if [ -f /etc/spam.zen ]; then
    MD2=`md5 -q /etc/spam.zen`
else
    MD2="nof"
fi

echo $MD1 | grep "$MD2" > /dev/null
if [ $? -eq 1 ]; then
    echo "New file: /tmp/spam.zen"
    sleep .5
    more /tmp/spam.zen
    echo -n "Do you want to replace previous version of /etc/spam.zen ? yes/[no]: "
    read reload
    echo $reload | grep yes > /dev/null
    if [ $? -eq 0 ]; then
        # yes
        mv /tmp/spam.zen /etc/
        pfctl -qf /etc/pf.conf
        echo "Your ZENDROP list has been updated."
    else
        # no
        echo "Your ZENDROP list has not been updated."
    fi
else
    rm /tmp/spam.zen
    echo "Your ZENDROP list is up-to-date."
fi
 
Miscellaneous/simple utilities I put together

Save yourself from mistyping during jail creation

Runs through the basic jail creation steps, as described in jail(8). The idea is it helps you avoid changing the path by mistake on one of the steps or doing something else silly. (Requires that you've built world on your base system first.)

Code:
#!/bin/sh

#
# Very simple - feed it jpath and let it create / mount for you. 
#
_jpath=/home/jail/basicjail

myprompt() {

  echo "Step finished. Return code: ${_rc}"
  echo '<press enter>'
  read _foo

}

echo 'Creating jail path...'
mkdir -p ${_jpath}
_rc=${?} ; myprompt

echo 'Installing world to jail...'
cd /usr/src && make installworld DESTDIR=${_jpath}
_rc=${?} ; myprompt

echo 'Making distribution in jail...'
cd /usr/src && make distribution DESTDIR=${_jpath}
_rc=${?} ; myprompt

echo 'Mounting devfs for jail...'
mount_devfs devfs ${_jpath}/dev
_rc=${?} ; myprompt

exit 0

------------------------------

Automating the aide HIDS

Requires the security/aide and security/gnupg1 ports. After initializing (and signing!) your aide db, set up a root cronjob that runs this daily with the "check" argument.

Code:
#!/bin/sh

### Variable assignments ### ---------------------------------------------------

PATH=/bin:/usr/bin:/usr/local/bin
DB=/var/db/aide/databases/aide.db

### Functions ### --------------------------------------------------------------

init_aide_db() { 

  aide -i

  if [ ${?} -ne 0 ] ; then 
    echo 'Initializing new db failed. Exiting now.'
    exit 1
  fi

  echo "Finished initializing db. When ready to implement and sign the db," 
  echo "please run: ${0} goprod"

}

implement_and_sign_db() {

  echo 'Moving newly initialized db to production db...'
  mv ${DB}.new ${DB}

  if [ ${?} -ne 0 ] ; then 
    echo 'Unable to copy new db to prod. Exiting now.'
    exit 1
  fi

  echo 'Signing db with GNUPG - password required...'
  gpg -u 'System Admin' --detach-sign ${DB}

}

run_aide_check() { 

  # check signature
  gpg --verify ${DB}.sig ${DB}

  if [ ${?} -ne 0 ] ; then 
    echo "Signature check against ${DB} failed!!!"
    exit 1
  fi
 

  aide -C

  if [ ${?} -ne 0 ] ; then 
    init_aide_db
  fi

}


### Main logic ### -------------------------------------------------------------

case "${1}" in

  'init'   ) init_aide_db ;;
  'goprod' ) implement_and_sign_db ;;
  'check'  ) run_aide_check ;;
  *        ) echo "Usage: ${0} (init|goprod|check)" ; exit 1 ;;

esac


exit 0

------------------------------

See the most common squid proxy TCP denied hosts

I like to check in every now and then on which hosts end users are trying to access (and getting denied). This provides a quick, sorted list. Obviously requires an actively used www/squid service.

Code:
#!/bin/sh

# ----------------------------------------------
# Quick audit
# ----------------------------------------------

if [ ! -e "${1}" ] ; then
  echo "Usage: ${0} squid_access_log"
  exit 1
fi

_acheck=`echo ${1} | grep 'access.log'`

if [ -z "${_acheck}" ] ; then
  echo "${0}: my author told me to only scan 'access.log' type files"
  exit 1
fi

# ----------------------------------------------
# Variable assignment
# ----------------------------------------------

_squidlog=${1}
_of1=/tmp/tcp-squid-baz.txt
_of2=/tmp/tcp-squid-boo.txt


# ----------------------------------------------
# Main logic
# ----------------------------------------------

grep 'TCP_DENIED' ${_squidlog} | awk '{print $7}' | sort > ${_of1}

if [ ${?} -ne 0 ] ; then
  echo "${0}: error during grep"
  exit 1
fi

for I in `uniq ${_of1}` ; do 

  _cnt=`grep "${I}" ${_of1} | wc -l`
  echo "${_cnt} : ${I}" >> ${_of2}

done

#
# Display results
#
sort -nr ${_of2}

#
# Cleanup
#
rm -f ${_of1} ${_of2}

exit 0
 
Anti-ddos. Script for getting bots ips from httpd/nginx/etc log.
Code:
#!/usr/bin/perl -w

use strict;
use warnings;
use POSIX qw(strftime);

my $pattern = "\"GET \/ HTTP\/"; # request index page pattern
my $httpd_log = "/var/log/httpd-access.log"; # log file 
my $ok = "1000"; # allowed connections per ip for $check_period
my $check_period = 1; # check period in hours

my $date = strftime("%d/%b/%Y:%H", localtime(time-$check_period*3600)); # date minus $check_period hours
my (%ips, $ip, $start);

open (LOG, $httpd_log) or die $!;
while (<LOG>) {
        next unless m/$date/ || $start; # skipping old records
        $start=1;
        if (/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*$pattern/go) { # getting ips
                $ips{$1}++;
        }
}
close LOG;

foreach $ip (keys %ips) {
        if ($ips{$ip} >= $ok) { #
                next if $ip =~ /^127/; # skip local address
                print "$ip = $ips{$ip}\n"; next; # comment out this line if you want to modify firewall rules and uncomment one of the following
                #system("/sbin/pfctl -t bots -T add $ip"); # adding address to table <bots> 
                #system("/sbin/ipfw table 5 add $ip"); # adding address to table 5
                #system("/sbin/iptables -A INPUT -s $ip -j REJECT"); # adding denying rule
        }
}
The shortest way to generate the random password. The slowest, also. =)
Code:
egrep -aoim1 '[a-z0-9]{8,}' /dev/random
 
I have a patchset against /usr/src (mostly low priority PRs waiting for approval) arranged in an overlay. This little function takes care of applying the patches after an update of src:

Code:
overlay="/home/pat/Projects/patchset"
find "${overlay}/usr/src/" -type f | \
  while read patchfile; do \
    srcdir=$(dirname ${patchfile});
    srcdir=${srcdir##$overlay};
    cd ${srcdir} && sudo patch < ${patchfile};
done
 
Code:
#!/usr/local/bin/bash

# turns a text-file into keyboard-controlled menu (basic example)
# use <UP> and <DOWN> arrows to choose, <RETURN> to confirm, <ESC> to abort
# scrolling is nog supported yet, so the menu may not contain more lines than your terminal screen
 
if [ ! -f "$1" ]
then
  printf "need input file\n"
  exit
fi

OLDIFS=$IFS
NOCOLOR='\033[0m'
YELLOW='\033[1;33;40m'
CHOICE=1
LASTLINE=$(cat $1 | wc -l)
UP=$'\x1b[A'
DOWN=$'\x1b[B'
KEY=''
ASCII=""
ESC=""
END=0

function xy                                   # cursor positioning
{
  printf "\033[$2;$1f"
}

printf "\x1B[?25l"                            # hide terminal cursor
clear
cat $1

while [ $END = 0 ]
do
  xy 0 $CHOICE
  printf $YELLOW
  cat $1 | head -n $CHOICE | tail -n 1        # highlight current option
  IFS=''                                      # don't convert any read chars to whitespace
  read -s -n1 KEY                           
  IFS=$OLDIFS
  ASCII=$(printf "%d" "'$KEY'")               # store ascii value of key

  if [ "$ASCII" = "27" ]                      # function key processing
  then
    read -t0.1 -s -n2 ESC                     # store 2 more bytes containing the escape code
    xy 0 $CHOICE
    printf $NOCOLOR                           # remove highlighting
    cat $1 | head -n $CHOICE | tail -n 1

    if [ "$ESC" = "" ]                        # <ESC>
    then
      END=1
    else
      case $ESC in
        "[A")                                 # <UP>
          if [ $CHOICE = 1 ]
          then
            CHOICE=$LASTLINE
          else
            (( CHOICE-=1 ))
          fi
        ;;
        "[B")                                 # <DOWN>
          if [ $CHOICE = $LASTLINE ]
          then
            CHOICE=1
          else
            (( CHOICE+=1 ))
          fi
        ;;
      esac
    fi
  fi

  if [ $ASCII = 39 ]  && [ "$KEY" != "'" ]    # <RETURN> 
  then
    xy 0 $(( $LASTLINE + 2 ))
    printf "${NOCOLOR}you have chosen option $CHOICE:\n  $(cat $1 | head -n $CHOICE | tail -n 1)\n\n"
    END=1
  fi
 
Code:
#!/usr/local/bin/bash

if [ ! -f "$1" ]; then
  ( 
    (cat|cut -c5-) << EOF
    ...................................................................
     txt2menu.sh - turn a textfile into a keyboard-controlled menu
     1.1 (improved with pgup/pgdown and positioning/scrolling support)     
    ...................................................................
     start with:
       #txt2menu.sh [file] [#line] [#column] [#width] [#height]
         'line' and 'column' are the coords. of the upper left
          corner of the menu box
     run without parameters to view this example menu or use custom 
     file with default pos/size:
       #txt2menu.sh /etc/motd              
     or with filename and 4 pos/size parameters:
       #txt2menu.sh /etc/motd 10 10 50 20
    ...................................................................
     menu control keys: <UP>,<DOWN>,<PGUP>,<PGDOWN>,<ESCAPE>,<RETURN>
     exit code contains users choice or 0 when aborted
    ...................................................................
EOF
  ) > /tmp/demo.tmp
  printf "\n\n\n\n\n\n\n\n\n\n\n\n\n\nthis is freeware\nby MG\n" >> /tmp/demo.tmp
  CONTENT=/tmp/demo.tmp
else
  CONTENT=$1
fi

stty -echo

CLEAR=1  # set to 0 to run over existing terminal content.
HEIGHT=18
WIDTH=70
COLUMN=5
LINE=3
OLDIFS=$IFS
NOCOLOR='\033[0m'
YELLOW='\033[1;33;40m'
CHOICE=1
LASTLINE=$(cat $CONTENT | wc -l)
KEY=''
ASCII=""
ESC_CODE=""
END=0
STARTLINE=1

if [ "$2" != "" ]; then LINE=$2; fi
if [ "$3" != "" ]; then COLUMN=$3; fi
if [ "$4" != "" ]; then WIDTH=$4; fi
if [ "$5" != "" ]; then HEIGHT=$5; fi
if [ $LASTLINE -lt $HEIGHT ]; then HEIGHT=$LASTLINE; fi
if [ $CLEAR = 1 ]; then clear; fi
function cur_xy { 
  printf "\033[$2;$1f"
 }

function printmenu {
  sed -n "${STARTLINE},$((STARTLINE+HEIGHT-1))p" $1 | awk '{
    printf $0
    width="'"$WIDTH"'"-length($0);
    for (i=1; i<=int(width); i++) printf "^";
    print ""
  }' 
}

function out_at_xy { 
  (
    COL=$1
    LINE=$2
    shift
    shift
    while [ "$1" != "" ]; do
      printf "\033[$LINE;${COL}f"
      printf "$1"
      shift
      (( LINE+=1 ))
    done
  ) | tr '^' ' '
}

printf "\x1B[?25l"                            # hide cursor
out_at_xy $COLUMN $LINE $(printmenu $CONTENT | tr ' ' '^')

while [ $END = 0 ]; do
  printf $YELLOW
  cur_xy $COLUMN $((LINE+(CHOICE-STARTLINE)))
  ACTIVE_LINE=$(head -n$CHOICE $CONTENT | tail -n1)

  if [ "$ACTIVE_LINE" != "" ]; then 
    printf "$ACTIVE_LINE"
  else
    printf "o"
  fi
  IFS=''                                      
  read -s -n1 KEY                           
  IFS=$OLDIFS
  ASCII=$(printf "%d" "'$KEY'")               
  if [ "$ASCII" = "27" ]; then
    read -t0.0001 -s -n2 ESC_CODE
    printf $NOCOLOR                           
    cur_xy $COLUMN $((LINE+(CHOICE-STARTLINE)))

    if [ "$ACTIVE_LINE" != "" ]; then 
      printf "$ACTIVE_LINE"
    else
      printf "."
    fi

    if [ "$ESC_CODE" = "" ]; then                       # just <ESCAPE>
      END=1
    else
      case $ESC_CODE in
        "[A")                                      # <UP>
          (( CHOICE-=1 ))
          if [ $CHOICE -lt $STARTLINE ]; then
            if [ $CHOICE -lt 1 ]; then
              CHOICE=1
            else
              (( STARTLINE-=1 ))
              out_at_xy $COLUMN $LINE $(printmenu $CONTENT | tr ' ' '^')
            fi
          fi
        ;;
        "[B")                                      # <DOWN>
          (( CHOICE+=1 ))
          if [ $CHOICE -gt $LASTLINE ]; then
            CHOICE=$LASTLINE
          fi
          if [ $CHOICE -gt $((STARTLINE+HEIGHT-1)) ]; then
            (( STARTLINE+=1 ))
            out_at_xy $COLUMN $LINE $(printmenu $CONTENT | tr ' ' '^')
          fi
        ;;
        "[5"|"[I")                                 # <PGUP>
          (( CHOICE-=25 ))
          if [ $CHOICE -lt 1 ]; then
            CHOICE=1
          fi
          if [ $CHOICE -lt $STARTLINE ]; then
            STARTLINE=$CHOICE
            if [ $STARTLINE -lt 1 ]; then
              STARTLINE=1
            fi 
            out_at_xy $COLUMN $LINE $(printmenu $CONTENT | tr ' ' '^')
          fi
        ;;
        "[6"|"[G")                                 # <PGDOWN>
          (( CHOICE+=25 ))
          if [ $CHOICE -gt $LASTLINE ]; then
            CHOICE=$LASTLINE
          fi
          if [ $CHOICE -gt $((STARTLINE+HEIGHT-1)) ]; then
            STARTLINE=$((CHOICE-HEIGHT+1))
            out_at_xy $COLUMN $LINE $(printmenu $CONTENT | tr ' ' '^')
          fi
        ;;           
      esac
    fi
  fi
  if [ $ASCII = 39 ]  && [ "$KEY" != "'" ]; then   # <RETURN> 
    END=1
  fi
  read -t0.0001 -s -n10                            # don't remember more keys
done

printf "\x1B[?25h"                                 # unhide cursor
cur_xy 0 $(( $LINE+$HEIGHT+3 ))
stty echo

if [ $ASCII = 27 ]; then                           # final result message, delete this for further use
  printf "aborted.\n\n"
  CHOICE=0
else
  printf "${NOCOLOR}you have chosen option $CHOICE:\n$YELLOW$(cat $CONTENT | head -n $CHOICE | tail -n 1)$NOCOLOR\n\n"
fi

rm -rf /tmp/demo.tmp
exit $CHOICE
 
pat said:
I have a patchset against /usr/src (mostly low priority PRs waiting for approval) arranged in an overlay. This little function takes care of applying the patches after an update of src:

Code:
overlay="/home/pat/Projects/patchset"
find "${overlay}/usr/src/" -type f | \
  while read patchfile; do \
    srcdir=$(dirname ${patchfile});
    srcdir=${srcdir##$overlay};
    cd ${srcdir} && sudo patch < ${patchfile};
done

Do you use this as a standalone script that you run before rebuilding your kernel or world? Or do place this on make.conf?

I'm asking this because I also apply 2 patches to /usr/src and wanted to reapply the patches whenever I synchronize sources.
 
Back
Top