From 62aceeccb0c8c298f57c0466fe084984f46b8818 Mon Sep 17 00:00:00 2001 From: CM <5914364+ssep1ol@users.noreply.github.com> Date: Sat, 24 Apr 2021 01:05:59 +0200 Subject: [PATCH] 1st commit --- README.md | 2 +- f2b-statusall.sh | 14 +++ f2b.sh | 31 +++++++ f2bflush | 13 +++ load_cachet | 137 ++++++++++++++++++++++++++++ log2ram_uninst | 29 ++++++ nginx_dissite.sh | 203 ++++++++++++++++++++++++++++++++++++++++++ nginx_ensite.sh | 203 ++++++++++++++++++++++++++++++++++++++++++ postfix_disclaimer.sh | 45 ++++++++++ postfix_jumpstart.sh | 27 ++++++ postfix_log.sh | 32 +++++++ stuckpostfix.sh | 22 +++++ ufw-spamhaus-rm.sh | 19 ++++ ufw-spamhaus.sh | 48 ++++++++++ 14 files changed, 824 insertions(+), 1 deletion(-) create mode 100644 f2b-statusall.sh create mode 100644 f2b.sh create mode 100644 f2bflush create mode 100644 load_cachet create mode 100644 log2ram_uninst create mode 100644 nginx_dissite.sh create mode 100644 nginx_ensite.sh create mode 100644 postfix_disclaimer.sh create mode 100644 postfix_jumpstart.sh create mode 100644 postfix_log.sh create mode 100644 stuckpostfix.sh create mode 100644 ufw-spamhaus-rm.sh create mode 100644 ufw-spamhaus.sh diff --git a/README.md b/README.md index 524f331..ce81558 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ # bash-scripts - A collection of simple bash scripts, useful in server administration + A collection of simple bash scripts, useful mostly in a Debian (or Debian-like) server administration diff --git a/f2b-statusall.sh b/f2b-statusall.sh new file mode 100644 index 0000000..df8d595 --- /dev/null +++ b/f2b-statusall.sh @@ -0,0 +1,14 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'` +for JAIL in $JAILS +do +printf "\r\n\n\n"; fail2ban-client status $JAIL +done diff --git a/f2b.sh b/f2b.sh new file mode 100644 index 0000000..1e703df --- /dev/null +++ b/f2b.sh @@ -0,0 +1,31 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +DATE=$(date) +LOGPATH="" +LOGHTMLPATH="" + +rm -rf $LOGPATH + +touch $LOGPATH +/usr/bin/f2b-statusall > $LOGPATH +chmod 600 $LOGPATH +chown www-data:www-data $LOGPATH + +rm -rf $LOGHTMLPATH + +touch $LOGHTMLPATH +/usr/bin/f2b-statusall > $LOGHTMLPATH + +sed -i "1s;^;
\nLast updated: $DATE \n;" $LOGHTMLPATH
+echo '
' | tee -a $LOGHTMLPATH > /dev/null + + +chmod 600 $LOGHTMLPATH +chown www-data:www-data $LOGHTMLPATH diff --git a/f2bflush b/f2bflush new file mode 100644 index 0000000..bb1b154 --- /dev/null +++ b/f2bflush @@ -0,0 +1,13 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +service fail2ban stop +truncate -s 0 /var/log/fail2ban.log +rm /var/lib/fail2ban/fail2ban.sqlite3 +service fail2ban start diff --git a/load_cachet b/load_cachet new file mode 100644 index 0000000..39139e2 --- /dev/null +++ b/load_cachet @@ -0,0 +1,137 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +LOAD=$(uptime | awk -F'[a-z]:' '{ print $2}' | cut -f2 -d " " | sed 's/.$//' | tr -s , .) +#TIMEST=date '+%F %T' +CACHET_KEY="your_api_key" +CACHET_URL_M1="https://your-host/api/v1/metrics/1/points" +CACHET_URL_C1="https://your-host/api/v1/components/1" +STATUS_C1="0" + +generate_post_data() +{ +cat < /dev/null && pgrep -x "safe_asterisk" > /dev/null +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/2 \ + -d '{"status":1}' +else + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/2 \ + -d '{"status":4}' +fi + + +#EMBY #17 +if pgrep -x "EmbyServer" > /dev/null +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/17 \ + -d '{"status":1}' +else + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/17 \ + -d '{"status":4}' +fi + +LOAD_TIME_C17=$(/a2loadtime.sh your_emby_host 1 | grep "min=" | awk '{print $5}'| sed 2,2d | head -c-2 | sed 's/min=//' | tr ',' '.') + +BC_COMP_C17=$(echo "${LOAD_TIME_C17}>1" | bc) + +if [ "${BC_COMP_C17}" == 1 ] +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/17 \ + -d '{"status":2}' +fi + + +#curl -H "Content-Type:application/json" \ +# -H "X-Cachet-Token: ${CACHET_KEY}" \ +# -X PUT https://your-host/api/v1/components/3 \ +# -d '{"status":0}' + +#echo ${LOAD} + + +#DOVECOT #16 +if pgrep -x "dovecot" > /dev/null && nc -w 2 -z "imap.mulas.me" 143 +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/16 \ + -d '{"status":1}' +else + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/16 \ + -d '{"status":4}' +fi + + +#POSTFIX #6 +#/usr/lib/postfix/sbin/master -w +#qmgr -l -t unix -u +#tlsmgr -l -t unix -u -c +#pickup -l -t unix -u -c +#anvil -l -t unix -u -c + +if pgrep -x "master" > /dev/null && pgrep -x "qmgr" > /dev/null && pgrep -x "tlsmgr" > /dev/null && pgrep -x "pickup" > /dev/null && nc -w 2 -z "smtp.example.com" 25 +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/6 \ + -d '{"status":1}' +else + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/6 \ + -d '{"status":4}' +fi + +#ASTERISK IAX TRUNKS INTERCONNECTION #21 +serviceIsRunning=false +var1=$(/usr/sbin/asterisk -rx "iax2 show peers" |grep "TRUNK_NAME" |awk '{print $8}'| sed 2,2d) +var2=$(echo $data | awk '{print $2}') +if [ "$var1" == OK ] +then +serviceIsRunning=true + + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/21 \ + -d '{"status":1}' + +fi +if [ $serviceIsRunning == false ] +then + curl -H "Content-Type:application/json" \ + -H "X-Cachet-Token: ${CACHET_KEY}" \ + -X PUT https://your-host/api/v1/components/21 \ + -d '{"status":4}' + +fi diff --git a/log2ram_uninst b/log2ram_uninst new file mode 100644 index 0000000..5ac0677 --- /dev/null +++ b/log2ram_uninst @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +if [ "$(id -u)" -eq 0 ] +then + service log2ram stop + systemctl disable log2ram + rm /etc/systemd/system/log2ram.service + rm /usr/local/bin/log2ram + rm /etc/log2ram.conf + rm /etc/cron.hourly/log2ram + rm /etc/logrotate.d/log2ram + + if [ -d /var/hdd.log ]; then + rm -r /var/hdd.log + fi + echo "Log2Ram is uninstalled, removing the uninstaller in progress" + rm /usr/local/bin/uninstall-log2ram.sh + echo "##### Reboot isn't needed #####" +else + echo "You need to be ROOT (sudo can be used)" +fi + diff --git a/nginx_dissite.sh b/nginx_dissite.sh new file mode 100644 index 0000000..90ca4f6 --- /dev/null +++ b/nginx_dissite.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash + +### nginx_ensite --- Bash script to enable or disable a site in nginx. + +### Copyright (C) 2010, 2015 António P. P. Almeida + +### Author: António P. P. Almeida + +### Permission is hereby granted, free of charge, to any person obtaining a +### copy of this software and associated documentation files (the "Software"), +### to deal in the Software without restriction, including without limitation +### the rights to use, copy, modify, merge, publish, distribute, sublicense, +### and/or sell copies of the Software, and to permit persons to whom the +### Software is furnished to do so, subject to the following conditions: + +### The above copyright notice and this permission notice shall be included in +### all copies or substantial portions of the Software. + +### Except as contained in this notice, the name(s) of the above copyright +### holders shall not be used in advertising or otherwise to promote the sale, +### use or other dealings in this Software without prior written authorization. + +### THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +### IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +### FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +### THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +### LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +### FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +### DEALINGS IN THE SOFTWARE. + +SCRIPTNAME=${0##*/} + +## The nginx binary. Check if we're root or not. If we are get the +## path to nginx. If not hardcode the path. +if [ $(id -u) -eq 0 ]; then + IS_ROOT=1 + NGINX=$(command -v nginx) || exit 1 +else + STATUS=0 + NGINX=/usr/sbin/nginx +fi + +## Default value for the configuration directory. +NGINX_CONF_DIR=/etc/nginx + +function print_usage() { + echo "$SCRIPTNAME [-c default: /etc/nginx] [ -s default: service nginx reload] " +} + +## Extract the startup program name from a given argument. If it's a +## path to nginx then add the '-s reload' to the name. Otherwise just +## return the given argument. +## $1: the program name. +## Returns the proper startup program name, +function get_startup_program_name() { + local value="$1" + if [[ $1 =~ [[:alnum:]/-]]+nginx$ ]]; then + value="$1 -s reload" + elif [ -z "$1" ]; then + value="service nginx reload" + else + value=$1 + fi + echo "$value" +} + +## The default start up program is service. +STARTUP_PROGRAM_NAME=$(get_startup_program_name) + +## Create the relative path to the vhost file. +## $1: configuration file name (usually the vhost) +## $2: available sites directory name (usually sites-available) +## Returns the relative path from the sites-enabled directory. +function make_relative_path() { + printf '../%.0s%s/%s' $(eval echo {0..$(expr length "${1//[^\/]/}")}) $2 $1 +} + +## Checking the type of action we will perform. Enabling or disabling. +ACTION=$(echo $SCRIPTNAME | awk '$0 ~ /dissite/ {print "DISABLE"} $0 ~ /ensite/ {print "ENABLE"} $0 !~ /(dis|en)site/ {print "UNKNOWN"}') + +if [ "$ACTION" == "UNKNOWN" ]; then + echo "$SCRIPTNAME: Unknown action!" >&2 + print_usage + exit 2 +fi + +## Check the number of arguments. +if [ $# -lt 1 -o $# -gt 5 ]; then + print_usage >&2 + exit 3 +fi + +## Parse the getops arguments. +while getopts c:s: OPT; do + case $OPT in + c|+c) + NGINX_CONF_DIR=$(realpath "$OPTARG") + if [[ ! -d $NGINX_CONF_DIR ]]; then + echo "$NGINX_CONF_DIR directory not found." >&2 + exit 3 + fi + ;; + s|+s) + STARTUP_PROGRAM_NAME=$(get_startup_program_name "$OPTARG") + ;; + *) + print_usage >&2 + exit 4 + ;; + esac +done +shift $(( OPTIND - 1 )) +OPTIND=1 + +## The paths for both nginx configuration files and the sites +## configuration files and symbolic link destinations. +AVAILABLE_SITES_PATH="$NGINX_CONF_DIR/sites-available" +ENABLED_SITES_PATH="$NGINX_CONF_DIR/sites-enabled" + +## Check the number of arguments. +if [ $# -ne 1 ]; then + print_usage >&2 + exit 3 +else + SITE_AVAILABLE=$(make_relative_path "$1" ${AVAILABLE_SITES_PATH##*/}) + + ## If enabling the 'default' site then make sure that it's the + ## first to be loaded. + if [ $1 == "default" ]; then + SITE_ENABLED="$ENABLED_SITES_PATH/default" + else + SITE_ENABLED="$ENABLED_SITES_PATH/$1" + fi + ## Check if the directory where we will place the symlink + ## exists. If not create it. + [ -d ${SITE_ENABLED%/*} ] || mkdir -p ${SITE_ENABLED%/*} +fi + +## Check that the file corresponding to site exists if enabling or +## that the symbolic link exists if disabling. Perform the desired +## action if possible. If not signal an error and exit. +case $ACTION in + ENABLE) + # Change to the directory where we will place the symlink so that we + # see the relative path correctly. + cd "${SITE_ENABLED%/*}"; + if [ -r $SITE_AVAILABLE ]; then + ## Test for a well formed configuration only when we are + ## root. + if [ -n "$IS_ROOT" ]; then + echo "Pre-flight check..." + $NGINX -t + STATUS=$? + fi + if [ $STATUS -ne 0 ]; then + exit 5 + fi + ## Check the config testing status and if the link exists already. + if [ -h $SITE_ENABLED ]; then + ## If already enabled say it and exit. + echo "$1 is already enabled." + exit 0 + fi + ln -s $SITE_AVAILABLE $SITE_ENABLED + if [ -n "$IS_ROOT" ]; then + echo "New config check..." + $NGINX -t + STATUS=$? + fi + if [ $STATUS -eq 0 ]; then + echo "Site $1 has been enabled." + # printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME + echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes." + exit 0 + else + rm $SITE_ENABLED + echo "$1 not enabled" + exit 5 + fi + else + echo "Site configuration file $1 not found." >&2 + exit 6 + fi + + ;; + DISABLE) + if [ "$1" = "default" ] ; then + if [ -h "$ENABLED_SITES_PATH/default" ] ; then + SITE_ENABLED="$ENABLED_SITES_PATH/default" + fi + fi + if [ -h $SITE_ENABLED ]; then + rm $SITE_ENABLED + echo "Site $1 has been disabled." + # printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME + echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes." + exit 0 + else + echo "Site $1 doesn't exist." >&2 + exit 7 + fi + ;; +esac diff --git a/nginx_ensite.sh b/nginx_ensite.sh new file mode 100644 index 0000000..90ca4f6 --- /dev/null +++ b/nginx_ensite.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash + +### nginx_ensite --- Bash script to enable or disable a site in nginx. + +### Copyright (C) 2010, 2015 António P. P. Almeida + +### Author: António P. P. Almeida + +### Permission is hereby granted, free of charge, to any person obtaining a +### copy of this software and associated documentation files (the "Software"), +### to deal in the Software without restriction, including without limitation +### the rights to use, copy, modify, merge, publish, distribute, sublicense, +### and/or sell copies of the Software, and to permit persons to whom the +### Software is furnished to do so, subject to the following conditions: + +### The above copyright notice and this permission notice shall be included in +### all copies or substantial portions of the Software. + +### Except as contained in this notice, the name(s) of the above copyright +### holders shall not be used in advertising or otherwise to promote the sale, +### use or other dealings in this Software without prior written authorization. + +### THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +### IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +### FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +### THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +### LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +### FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +### DEALINGS IN THE SOFTWARE. + +SCRIPTNAME=${0##*/} + +## The nginx binary. Check if we're root or not. If we are get the +## path to nginx. If not hardcode the path. +if [ $(id -u) -eq 0 ]; then + IS_ROOT=1 + NGINX=$(command -v nginx) || exit 1 +else + STATUS=0 + NGINX=/usr/sbin/nginx +fi + +## Default value for the configuration directory. +NGINX_CONF_DIR=/etc/nginx + +function print_usage() { + echo "$SCRIPTNAME [-c default: /etc/nginx] [ -s default: service nginx reload] " +} + +## Extract the startup program name from a given argument. If it's a +## path to nginx then add the '-s reload' to the name. Otherwise just +## return the given argument. +## $1: the program name. +## Returns the proper startup program name, +function get_startup_program_name() { + local value="$1" + if [[ $1 =~ [[:alnum:]/-]]+nginx$ ]]; then + value="$1 -s reload" + elif [ -z "$1" ]; then + value="service nginx reload" + else + value=$1 + fi + echo "$value" +} + +## The default start up program is service. +STARTUP_PROGRAM_NAME=$(get_startup_program_name) + +## Create the relative path to the vhost file. +## $1: configuration file name (usually the vhost) +## $2: available sites directory name (usually sites-available) +## Returns the relative path from the sites-enabled directory. +function make_relative_path() { + printf '../%.0s%s/%s' $(eval echo {0..$(expr length "${1//[^\/]/}")}) $2 $1 +} + +## Checking the type of action we will perform. Enabling or disabling. +ACTION=$(echo $SCRIPTNAME | awk '$0 ~ /dissite/ {print "DISABLE"} $0 ~ /ensite/ {print "ENABLE"} $0 !~ /(dis|en)site/ {print "UNKNOWN"}') + +if [ "$ACTION" == "UNKNOWN" ]; then + echo "$SCRIPTNAME: Unknown action!" >&2 + print_usage + exit 2 +fi + +## Check the number of arguments. +if [ $# -lt 1 -o $# -gt 5 ]; then + print_usage >&2 + exit 3 +fi + +## Parse the getops arguments. +while getopts c:s: OPT; do + case $OPT in + c|+c) + NGINX_CONF_DIR=$(realpath "$OPTARG") + if [[ ! -d $NGINX_CONF_DIR ]]; then + echo "$NGINX_CONF_DIR directory not found." >&2 + exit 3 + fi + ;; + s|+s) + STARTUP_PROGRAM_NAME=$(get_startup_program_name "$OPTARG") + ;; + *) + print_usage >&2 + exit 4 + ;; + esac +done +shift $(( OPTIND - 1 )) +OPTIND=1 + +## The paths for both nginx configuration files and the sites +## configuration files and symbolic link destinations. +AVAILABLE_SITES_PATH="$NGINX_CONF_DIR/sites-available" +ENABLED_SITES_PATH="$NGINX_CONF_DIR/sites-enabled" + +## Check the number of arguments. +if [ $# -ne 1 ]; then + print_usage >&2 + exit 3 +else + SITE_AVAILABLE=$(make_relative_path "$1" ${AVAILABLE_SITES_PATH##*/}) + + ## If enabling the 'default' site then make sure that it's the + ## first to be loaded. + if [ $1 == "default" ]; then + SITE_ENABLED="$ENABLED_SITES_PATH/default" + else + SITE_ENABLED="$ENABLED_SITES_PATH/$1" + fi + ## Check if the directory where we will place the symlink + ## exists. If not create it. + [ -d ${SITE_ENABLED%/*} ] || mkdir -p ${SITE_ENABLED%/*} +fi + +## Check that the file corresponding to site exists if enabling or +## that the symbolic link exists if disabling. Perform the desired +## action if possible. If not signal an error and exit. +case $ACTION in + ENABLE) + # Change to the directory where we will place the symlink so that we + # see the relative path correctly. + cd "${SITE_ENABLED%/*}"; + if [ -r $SITE_AVAILABLE ]; then + ## Test for a well formed configuration only when we are + ## root. + if [ -n "$IS_ROOT" ]; then + echo "Pre-flight check..." + $NGINX -t + STATUS=$? + fi + if [ $STATUS -ne 0 ]; then + exit 5 + fi + ## Check the config testing status and if the link exists already. + if [ -h $SITE_ENABLED ]; then + ## If already enabled say it and exit. + echo "$1 is already enabled." + exit 0 + fi + ln -s $SITE_AVAILABLE $SITE_ENABLED + if [ -n "$IS_ROOT" ]; then + echo "New config check..." + $NGINX -t + STATUS=$? + fi + if [ $STATUS -eq 0 ]; then + echo "Site $1 has been enabled." + # printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME + echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes." + exit 0 + else + rm $SITE_ENABLED + echo "$1 not enabled" + exit 5 + fi + else + echo "Site configuration file $1 not found." >&2 + exit 6 + fi + + ;; + DISABLE) + if [ "$1" = "default" ] ; then + if [ -h "$ENABLED_SITES_PATH/default" ] ; then + SITE_ENABLED="$ENABLED_SITES_PATH/default" + fi + fi + if [ -h $SITE_ENABLED ]; then + rm $SITE_ENABLED + echo "Site $1 has been disabled." + # printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME + echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes." + exit 0 + else + echo "Site $1 doesn't exist." >&2 + exit 7 + fi + ;; +esac diff --git a/postfix_disclaimer.sh b/postfix_disclaimer.sh new file mode 100644 index 0000000..81077d8 --- /dev/null +++ b/postfix_disclaimer.sh @@ -0,0 +1,45 @@ +#!/bin/sh + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +#Adds custom user signature (e.g. corporate signature with corporate/user contacts) to outgoing mail + +INSPECT_DIR=/var/spool/filter +SENDMAIL=/usr/sbin/sendmail +UID=$(uuidgen) +DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses + +EX_TEMPFAIL=75 +EX_UNAVAILABLE=69 + +trap "rm -f in.$$" 0 1 2 3 15 + +cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit +$EX_TEMPFAIL; } + +cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } + +from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1` + +if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then +/etc/postfix/your_signature_generator_script --user=$from_address --uuid=$UID + +/usr/bin/altermime --input=in.$$ \ + --disclaimer=/etc/postfix/filter/$UID.txt \ + --disclaimer-html=/etc/postfix/filter/$UID.htm --force-for-bad-html --force-into-b64 + +rm /etc/postfix/filter/$UID.htm +rm /etc/postfix/filter/$UID.txt || \ + { echo Message content rejected; exit $EX_UNAVAILABLE; } +rm /etc/postfix/filter/$UID.htm +rm /etc/postfix/filter/$UID.txt +fi + +$SENDMAIL -oi "$@" + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +#Please don't run in short intervals if your server processes a truckload of emails, or it will restart postfix and amavis even when everything is ok, slowing down operations. +#This script is a dumb way to restart Amavis when it suddenly decides to commit suicide with no apparent reason, avoiding prevention of mail processing. It restarts daemons, then flushes your queue. +#For a more clever solution, you may use and properly configure Monit. +#mail@example.com is a mail address where you will be notified when a restart attempt occurs. + +QUEUE=$(mailq | grep -c "^[A-F0-9]") +TIME=$(date) + + +if [ "$QUEUE" -eq "0" ];then + echo "OK"; +else + echo "Stuck mail queue detected, restarting postfix..."; + systemctl restart amavis; + systemctl restart postfix; + mail -s "[$(hostname)] Mail server restarted due to stuck deferred messages in queue" mail@example.com <<< "There were $QUEUE messages stuck in Postfix's queue. An automatic mail server restart attempt has been done. Timestamp: $TIME"; + postqueue -f; +fi diff --git a/postfix_log.sh b/postfix_log.sh new file mode 100644 index 0000000..3244c67 --- /dev/null +++ b/postfix_log.sh @@ -0,0 +1,32 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +DATE=$(date) +LOGPATH="" +LOGHTMLPATH="" + +rm -rf $LOGPATH + +touch $LOGPATH + cat /var/log/mail.log* | pflogsumm > $LOGPATH +chmod 600 $LOGPATH +chown www-data:www-data $LOGPATH + +rm -rf $LOGHTMLPATH + +touch $LOGHTMLPATH + cat /var/log/mail.log* | pflogsumm -u 0 --smtpd_warning_detail=1 > $LOGHTMLPATH + +sed -i "1s;^;
\nLast updated: $DATE \n;" $LOGHTMLPATH
+echo '
' | tee -a $LOGHTMLPATH > /dev/null + +chmod 600 $LOGHTMLPATH +chown www-data:www-data $LOGHTMLPATH + + diff --git a/stuckpostfix.sh b/stuckpostfix.sh new file mode 100644 index 0000000..5848ed8 --- /dev/null +++ b/stuckpostfix.sh @@ -0,0 +1,22 @@ +#!/bin/bash + + # This file is part of a collection of bash scripts written and used by me which may be handy in server administration. + # + # (c) Corrado Mulas + # + # For the full copyright and license information, please view the LICENSE + # file that was distributed with this source code. + +QUEUE=$(mailq | grep -c "^[A-F0-9]") +TIME=$(date) +#echo $QUEUE + +if [ "$QUEUE" -eq "0" ];then + echo "OK"; +else + echo "Stuck mail queue detected, restarting postfix..."; + systemctl restart amavis; + systemctl restart postfix; + mail -s "[$(hostname)] Mail server restarted due to stuck deferred messages in queue" areait@runpolito.it <<< "There were $QUEUE messages stuck in Postfix's queue. An automatic mail server restart attempt has been done. Timestamp: $TIME"; + postqueue -f; +fi diff --git a/ufw-spamhaus-rm.sh b/ufw-spamhaus-rm.sh new file mode 100644 index 0000000..196f385 --- /dev/null +++ b/ufw-spamhaus-rm.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Thanks to @ank0m +EXEC_DATE=`date +%Y-%m-%d` +SPAMHAUS_DROP="/usr/local/src/drop.txt" +SPAMHAUS_eDROP="/usr/local/src/edrop.txt" +URL="https://www.spamhaus.org/drop/drop.txt" +eURL="https://www.spamhaus.org/drop/edrop.txt" +DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt" +eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt" +DROP_ARCHIVE_FILE="/usr/local/src/DROP_$EXEC_DATE" +eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_$EXEC_DATE" +# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org +##### +## To remove or revert these rules, keep the list of IPs! +## Run a command like so to remove the rules: + while read line; do ufw delete deny from $line; done < $DROP_ARCHIVE_FILE + while read line; do ufw delete deny from $line; done < $eDROP_ARCHIVE_FILE + +##### diff --git a/ufw-spamhaus.sh b/ufw-spamhaus.sh new file mode 100644 index 0000000..1734d13 --- /dev/null +++ b/ufw-spamhaus.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Thanks to @ank0m +EXEC_DATE=`date +%Y-%m-%d` +SPAMHAUS_DROP="/usr/local/src/drop.txt" +SPAMHAUS_eDROP="/usr/local/src/edrop.txt" +URL="https://www.spamhaus.org/drop/drop.txt" +eURL="https://www.spamhaus.org/drop/edrop.txt" +DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt" +eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt" +DROP_ARCHIVE_FILE="/usr/local/src/DROP_$EXEC_DATE" +eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_$EXEC_DATE" +# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org +echo "Start time: $(date)" +echo " " +echo "Download daily DROP file:" +wget -q -O - "$URL" > $SPAMHAUS_DROP +grep -v '^;' $SPAMHAUS_DROP | cut -d ' ' -f 1 > $DROP_ADD_TO_UFW +echo " " +echo "Extract DROP IP addresses and add to UFW:" +cat $DROP_ADD_TO_UFW | while read line +do +/usr/sbin/ufw insert 1 deny from "$line" comment 'DROP_Blacklisted_IPs' +done +echo " " +echo "Downloading eDROP list and import to UFW" +echo " " +echo "Download daily eDROP file:" +wget -q -O - "$eURL" > $SPAMHAUS_eDROP +grep -v '^;' $SPAMHAUS_eDROP | cut -d ' ' -f 1 > $eDROP_ADD_TO_UFW +echo " " +echo "Extract eDROP IP addresses and add to UFW:" +cat $eDROP_ADD_TO_UFW | while read line +do +/usr/sbin/ufw insert 1 deny from "$line" comment 'eDROP_Blacklisted_IPs' +done +echo " " +##### +## To remove or revert these rules, keep the list of IPs! +## Run a command like so to remove the rules: +# while read line; do ufw delete deny from $line; done < $ARCHIVE_FILE +##### +echo "Backup DROP IP address list:" +mv $DROP_ADD_TO_UFW $DROP_ARCHIVE_FILE +echo " " +echo "Backup eDROP IP address list:" +mv $eDROP_ADD_TO_UFW $eDROP_ARCHIVE_FILE +echo " " +echo End time: $(date)