corrado/bash-scripts
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

1st commit

Browse Source
This commit is contained in:
CM
2021-04-24 01:05:59 +02:00
parent 32148341e2
commit 62aceeccb0
14 changed files with 824 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -1,2 +1,2 @@
# bash-scripts # bash-scripts
A collection of simple bash scripts, useful in server administration A collection of simple bash scripts, useful mostly in a Debian (or Debian-like) server administration

14
f2b-statusall.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
printf "\r\n\n\n"; fail2ban-client status $JAIL
done

31
f2b.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
DATE=$(date)
LOGPATH=""
LOGHTMLPATH=""
rm -rf $LOGPATH
touch $LOGPATH
/usr/bin/f2b-statusall > $LOGPATH
chmod 600 $LOGPATH
chown www-data:www-data $LOGPATH
rm -rf $LOGHTMLPATH
touch $LOGHTMLPATH
/usr/bin/f2b-statusall > $LOGHTMLPATH
sed -i "1s;^;<pre>\nLast updated: $DATE \n;" $LOGHTMLPATH
echo '</pre>' | tee -a $LOGHTMLPATH > /dev/null
chmod 600 $LOGHTMLPATH
chown www-data:www-data $LOGHTMLPATH

13
f2bflush Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
service fail2ban stop
truncate -s 0 /var/log/fail2ban.log
rm /var/lib/fail2ban/fail2ban.sqlite3
service fail2ban start

137
load_cachet Normal file
View File

@@ -0,0 +1,137 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
LOAD=$(uptime | awk -F'[a-z]:' '{ print $2}' | cut -f2 -d " " | sed 's/.$//' | tr -s , .)
#TIMEST=date '+%F %T'
CACHET_KEY="your_api_key"
CACHET_URL_M1="https://your-host/api/v1/metrics/1/points"
CACHET_URL_C1="https://your-host/api/v1/components/1"
STATUS_C1="0"
generate_post_data()
{
cat <<EOF
{"value": ${LOAD}}
EOF
}
#METRICS
curl --silent -H "Content-Type: application/json;" POST -H "X-Cachet-Token: ${CACHET_KEY}" --url ${CACHET_URL_M1} --data '{"value": '${LOAD}'}'
#COMPONENTS
#curl --silent -H "Content-Type: application/json;" DELETE -H "X-Cachet-Token: ${CACHET_KEY}" --url ${CACHET_URL_C1} --data '{"value": '${STATUS_C1}'}'
#ASTERISK #2
if pgrep -x "asterisk" > /dev/null && pgrep -x "safe_asterisk" > /dev/null
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/2 \
-d '{"status":1}'
else
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/2 \
-d '{"status":4}'
fi
#EMBY #17
if pgrep -x "EmbyServer" > /dev/null
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/17 \
-d '{"status":1}'
else
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/17 \
-d '{"status":4}'
fi
LOAD_TIME_C17=$(/a2loadtime.sh your_emby_host 1 | grep "min=" | awk '{print $5}'| sed 2,2d | head -c-2 | sed 's/min=//' | tr ',' '.')
BC_COMP_C17=$(echo "${LOAD_TIME_C17}>1" | bc)
if [ "${BC_COMP_C17}" == 1 ]
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/17 \
-d '{"status":2}'
fi
#curl -H "Content-Type:application/json" \
# -H "X-Cachet-Token: ${CACHET_KEY}" \
# -X PUT https://your-host/api/v1/components/3 \
# -d '{"status":0}'
#echo ${LOAD}
#DOVECOT #16
if pgrep -x "dovecot" > /dev/null && nc -w 2 -z "imap.mulas.me" 143
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/16 \
-d '{"status":1}'
else
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/16 \
-d '{"status":4}'
fi
#POSTFIX #6
#/usr/lib/postfix/sbin/master -w
#qmgr -l -t unix -u
#tlsmgr -l -t unix -u -c
#pickup -l -t unix -u -c
#anvil -l -t unix -u -c
if pgrep -x "master" > /dev/null && pgrep -x "qmgr" > /dev/null && pgrep -x "tlsmgr" > /dev/null && pgrep -x "pickup" > /dev/null && nc -w 2 -z "smtp.example.com" 25
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/6 \
-d '{"status":1}'
else
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/6 \
-d '{"status":4}'
fi
#ASTERISK IAX TRUNKS INTERCONNECTION #21
serviceIsRunning=false
var1=$(/usr/sbin/asterisk -rx "iax2 show peers" |grep "TRUNK_NAME" |awk '{print $8}'| sed 2,2d)
var2=$(echo $data | awk '{print $2}')
if [ "$var1" == OK ]
then
serviceIsRunning=true
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/21 \
-d '{"status":1}'
fi
if [ $serviceIsRunning == false ]
then
curl -H "Content-Type:application/json" \
-H "X-Cachet-Token: ${CACHET_KEY}" \
-X PUT https://your-host/api/v1/components/21 \
-d '{"status":4}'
fi

29
log2ram_uninst Normal file
View File

@@ -0,0 +1,29 @@
#!/usr/bin/env sh
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
if [ "$(id -u)" -eq 0 ]
then
service log2ram stop
systemctl disable log2ram
rm /etc/systemd/system/log2ram.service
rm /usr/local/bin/log2ram
rm /etc/log2ram.conf
rm /etc/cron.hourly/log2ram
rm /etc/logrotate.d/log2ram
if [ -d /var/hdd.log ]; then
rm -r /var/hdd.log
fi
echo "Log2Ram is uninstalled, removing the uninstaller in progress"
rm /usr/local/bin/uninstall-log2ram.sh
echo "##### Reboot isn't needed #####"
else
echo "You need to be ROOT (sudo can be used)"
fi

203
nginx_dissite.sh Normal file
View File

@@ -0,0 +1,203 @@
#!/usr/bin/env bash
### nginx_ensite --- Bash script to enable or disable a site in nginx.
### Copyright (C) 2010, 2015 António P. P. Almeida <appa@perusio.net>
### Author: António P. P. Almeida <appa@perusio.net>
### Permission is hereby granted, free of charge, to any person obtaining a
### copy of this software and associated documentation files (the "Software"),
### to deal in the Software without restriction, including without limitation
### the rights to use, copy, modify, merge, publish, distribute, sublicense,
### and/or sell copies of the Software, and to permit persons to whom the
### Software is furnished to do so, subject to the following conditions:
### The above copyright notice and this permission notice shall be included in
### all copies or substantial portions of the Software.
### Except as contained in this notice, the name(s) of the above copyright
### holders shall not be used in advertising or otherwise to promote the sale,
### use or other dealings in this Software without prior written authorization.
### THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
### IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
### FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
### THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
### LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
### FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
### DEALINGS IN THE SOFTWARE.
SCRIPTNAME=${0##*/}
## The nginx binary. Check if we're root or not. If we are get the
## path to nginx. If not hardcode the path.
if [ $(id -u) -eq 0 ]; then
IS_ROOT=1
NGINX=$(command -v nginx) || exit 1
else
STATUS=0
NGINX=/usr/sbin/nginx
fi
## Default value for the configuration directory.
NGINX_CONF_DIR=/etc/nginx
function print_usage() {
echo "$SCRIPTNAME [-c <nginx configuration base directory> default: /etc/nginx] [ -s <startup program name> default: service nginx reload] <site name>"
}
## Extract the startup program name from a given argument. If it's a
## path to nginx then add the '-s reload' to the name. Otherwise just
## return the given argument.
## $1: the program name.
## Returns the proper startup program name,
function get_startup_program_name() {
local value="$1"
if [[ $1 =~ [[:alnum:]/-]]+nginx$ ]]; then
value="$1 -s reload"
elif [ -z "$1" ]; then
value="service nginx reload"
else
value=$1
fi
echo "$value"
}
## The default start up program is service.
STARTUP_PROGRAM_NAME=$(get_startup_program_name)
## Create the relative path to the vhost file.
## $1: configuration file name (usually the vhost)
## $2: available sites directory name (usually sites-available)
## Returns the relative path from the sites-enabled directory.
function make_relative_path() {
printf '../%.0s%s/%s' $(eval echo {0..$(expr length "${1//[^\/]/}")}) $2 $1
}
## Checking the type of action we will perform. Enabling or disabling.
ACTION=$(echo $SCRIPTNAME | awk '$0 ~ /dissite/ {print "DISABLE"} $0 ~ /ensite/ {print "ENABLE"} $0 !~ /(dis|en)site/ {print "UNKNOWN"}')
if [ "$ACTION" == "UNKNOWN" ]; then
echo "$SCRIPTNAME: Unknown action!" >&2
print_usage
exit 2
fi
## Check the number of arguments.
if [ $# -lt 1 -o $# -gt 5 ]; then
print_usage >&2
exit 3
fi
## Parse the getops arguments.
while getopts c:s: OPT; do
case $OPT in
c|+c)
NGINX_CONF_DIR=$(realpath "$OPTARG")
if [[ ! -d $NGINX_CONF_DIR ]]; then
echo "$NGINX_CONF_DIR directory not found." >&2
exit 3
fi
;;
s|+s)
STARTUP_PROGRAM_NAME=$(get_startup_program_name "$OPTARG")
;;
*)
print_usage >&2
exit 4
;;
esac
done
shift $(( OPTIND - 1 ))
OPTIND=1
## The paths for both nginx configuration files and the sites
## configuration files and symbolic link destinations.
AVAILABLE_SITES_PATH="$NGINX_CONF_DIR/sites-available"
ENABLED_SITES_PATH="$NGINX_CONF_DIR/sites-enabled"
## Check the number of arguments.
if [ $# -ne 1 ]; then
print_usage >&2
exit 3
else
SITE_AVAILABLE=$(make_relative_path "$1" ${AVAILABLE_SITES_PATH##*/})
## If enabling the 'default' site then make sure that it's the
## first to be loaded.
if [ $1 == "default" ]; then
SITE_ENABLED="$ENABLED_SITES_PATH/default"
else
SITE_ENABLED="$ENABLED_SITES_PATH/$1"
fi
## Check if the directory where we will place the symlink
## exists. If not create it.
[ -d ${SITE_ENABLED%/*} ] || mkdir -p ${SITE_ENABLED%/*}
fi
## Check that the file corresponding to site exists if enabling or
## that the symbolic link exists if disabling. Perform the desired
## action if possible. If not signal an error and exit.
case $ACTION in
ENABLE)
# Change to the directory where we will place the symlink so that we
# see the relative path correctly.
cd "${SITE_ENABLED%/*}";
if [ -r $SITE_AVAILABLE ]; then
## Test for a well formed configuration only when we are
## root.
if [ -n "$IS_ROOT" ]; then
echo "Pre-flight check..."
$NGINX -t
STATUS=$?
fi
if [ $STATUS -ne 0 ]; then
exit 5
fi
## Check the config testing status and if the link exists already.
if [ -h $SITE_ENABLED ]; then
## If already enabled say it and exit.
echo "$1 is already enabled."
exit 0
fi
ln -s $SITE_AVAILABLE $SITE_ENABLED
if [ -n "$IS_ROOT" ]; then
echo "New config check..."
$NGINX -t
STATUS=$?
fi
if [ $STATUS -eq 0 ]; then
echo "Site $1 has been enabled."
# printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME
echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes."
exit 0
else
rm $SITE_ENABLED
echo "$1 not enabled"
exit 5
fi
else
echo "Site configuration file $1 not found." >&2
exit 6
fi
;;
DISABLE)
if [ "$1" = "default" ] ; then
if [ -h "$ENABLED_SITES_PATH/default" ] ; then
SITE_ENABLED="$ENABLED_SITES_PATH/default"
fi
fi
if [ -h $SITE_ENABLED ]; then
rm $SITE_ENABLED
echo "Site $1 has been disabled."
# printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME
echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes."
exit 0
else
echo "Site $1 doesn't exist." >&2
exit 7
fi
;;
esac

203
nginx_ensite.sh Normal file
View File

@@ -0,0 +1,203 @@
#!/usr/bin/env bash
### nginx_ensite --- Bash script to enable or disable a site in nginx.
### Copyright (C) 2010, 2015 António P. P. Almeida <appa@perusio.net>
### Author: António P. P. Almeida <appa@perusio.net>
### Permission is hereby granted, free of charge, to any person obtaining a
### copy of this software and associated documentation files (the "Software"),
### to deal in the Software without restriction, including without limitation
### the rights to use, copy, modify, merge, publish, distribute, sublicense,
### and/or sell copies of the Software, and to permit persons to whom the
### Software is furnished to do so, subject to the following conditions:
### The above copyright notice and this permission notice shall be included in
### all copies or substantial portions of the Software.
### Except as contained in this notice, the name(s) of the above copyright
### holders shall not be used in advertising or otherwise to promote the sale,
### use or other dealings in this Software without prior written authorization.
### THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
### IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
### FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
### THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
### LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
### FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
### DEALINGS IN THE SOFTWARE.
SCRIPTNAME=${0##*/}
## The nginx binary. Check if we're root or not. If we are get the
## path to nginx. If not hardcode the path.
if [ $(id -u) -eq 0 ]; then
IS_ROOT=1
NGINX=$(command -v nginx) || exit 1
else
STATUS=0
NGINX=/usr/sbin/nginx
fi
## Default value for the configuration directory.
NGINX_CONF_DIR=/etc/nginx
function print_usage() {
echo "$SCRIPTNAME [-c <nginx configuration base directory> default: /etc/nginx] [ -s <startup program name> default: service nginx reload] <site name>"
}
## Extract the startup program name from a given argument. If it's a
## path to nginx then add the '-s reload' to the name. Otherwise just
## return the given argument.
## $1: the program name.
## Returns the proper startup program name,
function get_startup_program_name() {
local value="$1"
if [[ $1 =~ [[:alnum:]/-]]+nginx$ ]]; then
value="$1 -s reload"
elif [ -z "$1" ]; then
value="service nginx reload"
else
value=$1
fi
echo "$value"
}
## The default start up program is service.
STARTUP_PROGRAM_NAME=$(get_startup_program_name)
## Create the relative path to the vhost file.
## $1: configuration file name (usually the vhost)
## $2: available sites directory name (usually sites-available)
## Returns the relative path from the sites-enabled directory.
function make_relative_path() {
printf '../%.0s%s/%s' $(eval echo {0..$(expr length "${1//[^\/]/}")}) $2 $1
}
## Checking the type of action we will perform. Enabling or disabling.
ACTION=$(echo $SCRIPTNAME | awk '$0 ~ /dissite/ {print "DISABLE"} $0 ~ /ensite/ {print "ENABLE"} $0 !~ /(dis|en)site/ {print "UNKNOWN"}')
if [ "$ACTION" == "UNKNOWN" ]; then
echo "$SCRIPTNAME: Unknown action!" >&2
print_usage
exit 2
fi
## Check the number of arguments.
if [ $# -lt 1 -o $# -gt 5 ]; then
print_usage >&2
exit 3
fi
## Parse the getops arguments.
while getopts c:s: OPT; do
case $OPT in
c|+c)
NGINX_CONF_DIR=$(realpath "$OPTARG")
if [[ ! -d $NGINX_CONF_DIR ]]; then
echo "$NGINX_CONF_DIR directory not found." >&2
exit 3
fi
;;
s|+s)
STARTUP_PROGRAM_NAME=$(get_startup_program_name "$OPTARG")
;;
*)
print_usage >&2
exit 4
;;
esac
done
shift $(( OPTIND - 1 ))
OPTIND=1
## The paths for both nginx configuration files and the sites
## configuration files and symbolic link destinations.
AVAILABLE_SITES_PATH="$NGINX_CONF_DIR/sites-available"
ENABLED_SITES_PATH="$NGINX_CONF_DIR/sites-enabled"
## Check the number of arguments.
if [ $# -ne 1 ]; then
print_usage >&2
exit 3
else
SITE_AVAILABLE=$(make_relative_path "$1" ${AVAILABLE_SITES_PATH##*/})
## If enabling the 'default' site then make sure that it's the
## first to be loaded.
if [ $1 == "default" ]; then
SITE_ENABLED="$ENABLED_SITES_PATH/default"
else
SITE_ENABLED="$ENABLED_SITES_PATH/$1"
fi
## Check if the directory where we will place the symlink
## exists. If not create it.
[ -d ${SITE_ENABLED%/*} ] || mkdir -p ${SITE_ENABLED%/*}
fi
## Check that the file corresponding to site exists if enabling or
## that the symbolic link exists if disabling. Perform the desired
## action if possible. If not signal an error and exit.
case $ACTION in
ENABLE)
# Change to the directory where we will place the symlink so that we
# see the relative path correctly.
cd "${SITE_ENABLED%/*}";
if [ -r $SITE_AVAILABLE ]; then
## Test for a well formed configuration only when we are
## root.
if [ -n "$IS_ROOT" ]; then
echo "Pre-flight check..."
$NGINX -t
STATUS=$?
fi
if [ $STATUS -ne 0 ]; then
exit 5
fi
## Check the config testing status and if the link exists already.
if [ -h $SITE_ENABLED ]; then
## If already enabled say it and exit.
echo "$1 is already enabled."
exit 0
fi
ln -s $SITE_AVAILABLE $SITE_ENABLED
if [ -n "$IS_ROOT" ]; then
echo "New config check..."
$NGINX -t
STATUS=$?
fi
if [ $STATUS -eq 0 ]; then
echo "Site $1 has been enabled."
# printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME
echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes."
exit 0
else
rm $SITE_ENABLED
echo "$1 not enabled"
exit 5
fi
else
echo "Site configuration file $1 not found." >&2
exit 6
fi
;;
DISABLE)
if [ "$1" = "default" ] ; then
if [ -h "$ENABLED_SITES_PATH/default" ] ; then
SITE_ENABLED="$ENABLED_SITES_PATH/default"
fi
fi
if [ -h $SITE_ENABLED ]; then
rm $SITE_ENABLED
echo "Site $1 has been disabled."
# printf '\nRun "%s" to apply the changes.\n' $STARTUP_PROGRAM_NAME
echo "Run '$STARTUP_PROGRAM_NAME' to apply the changes."
exit 0
else
echo "Site $1 doesn't exist." >&2
exit 7
fi
;;
esac

45
postfix_disclaimer.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
#Adds custom user signature (e.g. corporate signature with corporate/user contacts) to outgoing mail
INSPECT_DIR=/var/spool/filter
SENDMAIL=/usr/sbin/sendmail
UID=$(uuidgen)
DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
trap "rm -f in.$$" 0 1 2 3 15
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }
cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1`
if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then
/etc/postfix/your_signature_generator_script --user=$from_address --uuid=$UID
/usr/bin/altermime --input=in.$$ \
--disclaimer=/etc/postfix/filter/$UID.txt \
--disclaimer-html=/etc/postfix/filter/$UID.htm --force-for-bad-html --force-into-b64
rm /etc/postfix/filter/$UID.htm
rm /etc/postfix/filter/$UID.txt || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }
rm /etc/postfix/filter/$UID.htm
rm /etc/postfix/filter/$UID.txt
fi
$SENDMAIL -oi "$@" <in.$$
exit $?

27
postfix_jumpstart.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
#Please don't run in short intervals if your server processes a truckload of emails, or it will restart postfix and amavis even when everything is ok, slowing down operations.
#This script is a dumb way to restart Amavis when it suddenly decides to commit suicide with no apparent reason, avoiding prevention of mail processing. It restarts daemons, then flushes your queue.
#For a more clever solution, you may use and properly configure Monit.
#mail@example.com is a mail address where you will be notified when a restart attempt occurs.
QUEUE=$(mailq | grep -c "^[A-F0-9]")
TIME=$(date)
if [ "$QUEUE" -eq "0" ];then
echo "OK";
else
echo "Stuck mail queue detected, restarting postfix...";
systemctl restart amavis;
systemctl restart postfix;
mail -s "[$(hostname)] Mail server restarted due to stuck deferred messages in queue" mail@example.com <<< "There were $QUEUE messages stuck in Postfix's queue. An automatic mail server restart attempt has been done. Timestamp: $TIME";
postqueue -f;
fi

32
postfix_log.sh Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
DATE=$(date)
LOGPATH=""
LOGHTMLPATH=""
rm -rf $LOGPATH
touch $LOGPATH
cat /var/log/mail.log* | pflogsumm > $LOGPATH
chmod 600 $LOGPATH
chown www-data:www-data $LOGPATH
rm -rf $LOGHTMLPATH
touch $LOGHTMLPATH
cat /var/log/mail.log* | pflogsumm -u 0 --smtpd_warning_detail=1 > $LOGHTMLPATH
sed -i "1s;^;<pre>\nLast updated: $DATE \n;" $LOGHTMLPATH
echo '</pre>' | tee -a $LOGHTMLPATH > /dev/null
chmod 600 $LOGHTMLPATH
chown www-data:www-data $LOGHTMLPATH

22
stuckpostfix.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# This file is part of a collection of bash scripts written and used by me which may be handy in server administration.
#
# (c) Corrado Mulas <tlc@mulas.me>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
QUEUE=$(mailq | grep -c "^[A-F0-9]")
TIME=$(date)
#echo $QUEUE
if [ "$QUEUE" -eq "0" ];then
echo "OK";
else
echo "Stuck mail queue detected, restarting postfix...";
systemctl restart amavis;
systemctl restart postfix;
mail -s "[$(hostname)] Mail server restarted due to stuck deferred messages in queue" areait@runpolito.it <<< "There were $QUEUE messages stuck in Postfix's queue. An automatic mail server restart attempt has been done. Timestamp: $TIME";
postqueue -f;
fi

19
ufw-spamhaus-rm.sh Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
# Thanks to @ank0m
EXEC_DATE=`date +%Y-%m-%d`
SPAMHAUS_DROP="/usr/local/src/drop.txt"
SPAMHAUS_eDROP="/usr/local/src/edrop.txt"
URL="https://www.spamhaus.org/drop/drop.txt"
eURL="https://www.spamhaus.org/drop/edrop.txt"
DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt"
eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt"
DROP_ARCHIVE_FILE="/usr/local/src/DROP_$EXEC_DATE"
eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_$EXEC_DATE"
# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org
#####
## To remove or revert these rules, keep the list of IPs!
## Run a command like so to remove the rules:
while read line; do ufw delete deny from $line; done < $DROP_ARCHIVE_FILE
while read line; do ufw delete deny from $line; done < $eDROP_ARCHIVE_FILE
#####

48
ufw-spamhaus.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
# Thanks to @ank0m
EXEC_DATE=`date +%Y-%m-%d`
SPAMHAUS_DROP="/usr/local/src/drop.txt"
SPAMHAUS_eDROP="/usr/local/src/edrop.txt"
URL="https://www.spamhaus.org/drop/drop.txt"
eURL="https://www.spamhaus.org/drop/edrop.txt"
DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt"
eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt"
DROP_ARCHIVE_FILE="/usr/local/src/DROP_$EXEC_DATE"
eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_$EXEC_DATE"
# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org
echo "Start time: $(date)"
echo " "
echo "Download daily DROP file:"
wget -q -O - "$URL" > $SPAMHAUS_DROP
grep -v '^;' $SPAMHAUS_DROP | cut -d ' ' -f 1 > $DROP_ADD_TO_UFW
echo " "
echo "Extract DROP IP addresses and add to UFW:"
cat $DROP_ADD_TO_UFW | while read line
do
/usr/sbin/ufw insert 1 deny from "$line" comment 'DROP_Blacklisted_IPs'
done
echo " "
echo "Downloading eDROP list and import to UFW"
echo " "
echo "Download daily eDROP file:"
wget -q -O - "$eURL" > $SPAMHAUS_eDROP
grep -v '^;' $SPAMHAUS_eDROP | cut -d ' ' -f 1 > $eDROP_ADD_TO_UFW
echo " "
echo "Extract eDROP IP addresses and add to UFW:"
cat $eDROP_ADD_TO_UFW | while read line
do
/usr/sbin/ufw insert 1 deny from "$line" comment 'eDROP_Blacklisted_IPs'
done
echo " "
#####
## To remove or revert these rules, keep the list of IPs!
## Run a command like so to remove the rules:
# while read line; do ufw delete deny from $line; done < $ARCHIVE_FILE
#####
echo "Backup DROP IP address list:"
mv $DROP_ADD_TO_UFW $DROP_ARCHIVE_FILE
echo " "
echo "Backup eDROP IP address list:"
mv $eDROP_ADD_TO_UFW $eDROP_ARCHIVE_FILE
echo " "
echo End time: $(date)