.
bash
[BASH] Script BAN iptables -ipset V.2
#!/bin/bash
# Script name : Ban/Unban IP with Iptables
# iptables -I INPUT 1 -m set --match-set portsentry src -j DROP
ipsetmyips="/var/log/ipset_Myips_ip.txt"
ipsetips="/var/log/ipset_all_ip.txt"
badips="/var/log/banip.log"
mybadips="/var/log/banip_perso.log"
ipsetlm=`ipset list Myips | grep "$ZTARGET"`
mylistip=`grep "$ZTARGET" $mybadips`
### color
NC=$(tput sgr0)
NOC=$(tput sgr0)
reset=$(tput sgr0)
GREEN=$(tput setaf 2)
PINK=$(tput setaf 5)
BLUE=$(tput setaf 6)
RED=$(tput setaf 1)
YELLOW=$(tput setaf 3)
ORANGE=$(tput setaf 166)
#GRIS="\e[38;5;8m"
GRIS=$(tput setaf 246)
CNoir=$(tput setaf 0)
CRouge=$(tput setaf 1)
CVert=$(tput setaf 2)
Jaune=$(tput setaf 3)
CBeu=$(tput setaf 4)
CRose=$(tput setaf 5)
CCyan=$(tput setaf 6)
CBlanc=$(tput setaf 7)
CGris=$(tput setaf 8)
CFade=$(tput setaf 75)
CGris1=$(tput setaf 235)
On_Red=$(tput setab 124)
On_Green=$(tput setab 28) # ou 40
CALERT="$(tput setaf 0)$(tput setab 124)" # Bold White on red background
CAlert="${CBlanc}${On_Red}"
Cokvb="${CBlanc}${On_Green}"
Cokv="${CNoir}${On_Green}"
Cokvo="${CBlanc}${On_Green} OK $(tput sgr0)"
Cko="$(tput setaf 1)X$(tput sgr0)"
Cok="$(tput setaf 2)✔$(tput sgr0)"
txtred=$(tput setaf 1)
txtyel=$(tput setaf 3)
txtcya=$(tput setaf 6)
txtrst=$(tput sgr0)
ipset_Myips_check(){
IPSET_LIST_NAME="Myips"
# create the ipset if needed (or abort if does not exists and FORCE=no)
if ! ipset list -n|command grep -q "$IPSET_LIST_NAME"; then
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: ipset does not exist yet, add it using:"
echo >&2 "# ipset create $IPSET_LIST_NAME -exist hash:net family inet hashsize ${HASHSIZE:-16384} maxelem ${MAXELEM:-65536}"
# exit 1
fi
# if ! ipset create "$IPSET_LIST_NAME" -exist hash:net family inet hashsize "${HASHSIZE:-16384}" maxelem "${MAXELEM:-65536}"; then
# echo >&2 "Error: while creating the initial ipset"
# exit 1
# fi
fi
# create the iptables binding if needed (or abort if does not exists and FORCE=no)
if ! iptables -nvL INPUT|command grep -q "match-set $IPSET_LIST_NAME"; then
# we may also have assumed that INPUT rule n°1 is about packets statistics (traffic monitoring)
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: iptables does not have the needed ipset INPUT rule, add it using:"
echo >&2 "# iptables -I INPUT ${IPTABLES_IPSET_RULE_NUMBER:-1} -m set --match-set $IPSET_LIST_NAME src -j DROP"
# exit 1
fi
# if ! iptables -I INPUT "${IPTABLES_IPSET_RULE_NUMBER:-1}" -m set --match-set "$IPSET_LIST_NAME" src -j DROP; then
# echo >&2 "Error: while adding the --match-set ipset rule to iptables"
# exit 1
# fi
fi
echo -e "$Cok ipset ${CGris} $IPSET_LIST_NAME $(tput sgr0) checked"
unset IPSET_LIST_NAME
#echo "test IPSET_LIST_NAME $IPSET_LIST_NAME"
}
ipset_blockip_check(){
IPSET_LIST_NAME="blockip"
# create the ipset if needed (or abort if does not exists and FORCE=no)
if ! ipset list -n|command grep -q "$IPSET_LIST_NAME"; then
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: ipset does not exist yet, add it using:"
echo >&2 "# ipset create $IPSET_LIST_NAME -exist hash:net family inet hashsize ${HASHSIZE:-16384} maxelem ${MAXELEM:-65536}"
# exit 1
fi
# if ! ipset create "$IPSET_LIST_NAME" -exist hash:net family inet hashsize "${HASHSIZE:-16384}" maxelem "${MAXELEM:-65536}"; then
# echo >&2 "Error: while creating the initial ipset"
# exit 1
# fi
fi
# create the iptables binding if needed (or abort if does not exists and FORCE=no)
if ! iptables -nvL INPUT|command grep -q "match-set $IPSET_LIST_NAME"; then
# we may also have assumed that INPUT rule n°1 is about packets statistics (traffic monitoring)
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: iptables does not have the needed ipset INPUT rule, I will add it:"
echo >&2 " iptables -I INPUT ${IPTABLES_IPSET_RULE_NUMBER:-1} -m set --match-set $IPSET_LIST_NAME src -j DROP"
iptables -I INPUT ${IPTABLES_IPSET_RULE_NUMBER:-1} -m set --match-set $IPSET_LIST_NAME src -j DROP
# exit 1
fi
# if ! iptables -I INPUT "${IPTABLES_IPSET_RULE_NUMBER:-1}" -m set --match-set "$IPSET_LIST_NAME" src -j DROP; then
# echo >&2 "Error: while adding the --match-set ipset rule to iptables"
# exit 1
# fi
fi
echo -e "$Cok ipset ${CGris} $IPSET_LIST_NAME $(tput sgr0) checked"
unset IPSET_LIST_NAME
#echo "test $IPSET_LIST_NAME"
}
ipset_portsentry_check(){
IPSET_LIST_NAME="portsentry"
# create the ipset if needed (or abort if does not exists and FORCE=no)
if ! ipset list -n|command grep -q "$IPSET_LIST_NAME"; then
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: ipset does not exist yet, add it using:"
echo >&2 "# ipset create $IPSET_LIST_NAME -exist hash:net family inet hashsize ${HASHSIZE:-16384} maxelem ${MAXELEM:-65536}"
# exit 1
fi
# if ! ipset create "$IPSET_LIST_NAME" -exist hash:net family inet hashsize "${HASHSIZE:-16384}" maxelem "${MAXELEM:-65536}"; then
# echo >&2 "Error: while creating the initial ipset"
# exit 1
# fi
fi
# create the iptables binding if needed (or abort if does not exists and FORCE=no)
if ! iptables -nvL INPUT|command grep -q "match-set $IPSET_LIST_NAME"; then
# we may also have assumed that INPUT rule n°1 is about packets statistics (traffic monitoring)
if [[ ${FORCE:-no} != yes ]]; then
echo >&2 "Error: iptables does not have the needed ipset INPUT rule, add it using:"
echo >&2 "# iptables -I INPUT ${IPTABLES_IPSET_RULE_NUMBER:-1} -m set --match-set $IPSET_LIST_NAME src -j DROP"
# exit 1
fi
# if ! iptables -I INPUT "${IPTABLES_IPSET_RULE_NUMBER:-1}" -m set --match-set "$IPSET_LIST_NAME" src -j DROP; then
# echo >&2 "Error: while adding the --match-set ipset rule to iptables"
# exit 1
# fi
fi
echo -e "$Cok ipset ${CGris} $IPSET_LIST_NAME $(tput sgr0) checked"
unset IPSET_LIST_NAME
#echo "test IPSET_LIST_NAME $IPSET_LIST_NAME"
}
ipset_check_(){
ipset_Myips_check
ipset_blockip_check
#ipset_portsentry_check
}
save_myips() {
# iptables -I INPUT -m set --match-set Myips src -j DROP
# [ -s `iptables -nL | grep "match-set Myips"` ] iptables -I INPUT -m set --match-set Myips src -j DROP || echo "Check iptables:"; iptables -nL | grep "match-set Myips"
echo -e "iptables rules for Myips: $Cok"
ipset save Myips | tail -n +2 > $ipsetmyips
echo -e " ipset save Myips > $ipsetmyips\n"
ipset save | tail -n +2 > $ipsetips
echo -e " ipset save > $ipsetips\n"
# Backup HOME / ipset perso
# /sbin/ipset -exist create Myips hash:ip hashsize 4096
/sbin/ipset save > /home/backup/ipset_save_all_$HOSTNAME_$(date "+%d.%m.%Y").txt
/sbin/ipset save Myips > /home/backup/ipset_Myips_save_$HOSTNAME_$(date "+%d.%m.%Y").txt
/sbin/ipset -exist create portsentry hash:ip hashsize 4096
/sbin/ipset save portsentry > /home/backup/ipset_portsentry_save_$HOSTNAME_$(date "+%d.%m.%Y").txt
/sbin/iptables-save > /home/backup/iptables-save.$HOSTNAME-$(date "+%d.%m.%Y")
# Backup iptables-persistant reboot
/sbin/iptables-save > /etc/iptables/rules.v4
/sbin/ip6tables-save > /etc/iptables/rules.v6 ; /usr/sbin/ip6tables-legacy-save > /etc/iptables/rules_legacy.v6
/sbin/ipset save > /etc/iptables/ipsets
/usr/sbin/netfilter-persistent save
# /sbin/ipset -exist create blacklist hash:ip hashsize 4096
}
function help {
echo -e "\nSyntax: $0 -[L][u] target(s)"
echo -e " ${CGris} Parameters come first. Target is expressed as an IP address.$(tput sgr0)"
echo -e " ${CGris} No specified parameter will ban the IP.$(tput sgr0)"
echo -e " ${txtyel} -L $(tput sgr0)to list currently banned IPs. $(tput sgr0)"
echo -e " ${txtyel} -D $(tput sgr0)to De/unban IP(s). $(tput sgr0)"
echo -e " ${txtyel} -C $(tput sgr0)Check if ip is already ban. $(tput sgr0)"
echo -e " ${txtyel} -U $(tput sgr0)Check Rules & Update ip files & blacklist.$(tput sgr0)"
echo -e " ${txtyel} -S $(tput sgr0)Save all IPs.$(tput sgr0)"
echo -e " ${txtyel} -B $(tput sgr0)Ban list $(tput sgr0)\n"
exit 1
}
#/home/tools/SH/banip.sh $(/home/tools/SH/secu-apache-ban-grep.sh -i)
# If no arguments are passed, call the "help" function.
if [ -z "$1" ]; then
help
fi
# Define some variables
ACTION="-A"
while getopts "hCDLUSBI" OPTION
do
case $OPTION in
h)
help
;;
D)
ACTION="-D"
shift $(($OPTIND - 1))
;;
L)
ACTION="-L"
shift $(($OPTIND - 1))
;;
I)
ACTION="-I"
shift $(($OPTIND - 1))
;;
C)
ACTION="-C"
shift $(($OPTIND - 1))
;;
U)
ACTION="-U"
shift $(($OPTIND - 1))
;;
S)
ACTION="-S"
shift $(($OPTIND - 1))
;;
B)
ACTION="-B"
shift $(($OPTIND - 1))
;;
\?)
help
;;
esac
done
##############################
# Deban ip
if [ $ACTION == "-D" ]; then
for ZTARGET in "$@"
do
ipsetlm=`ipset list Myips | grep "$ZTARGET"`
mylistip=`grep "$ZTARGET" $mybadips`
if [ "$ZTARGET" = "$ipsetlm" ]
then
echo -e " IPSET ${CGris}Myips $(tput sgr0)"
echo -e " $CRouge IP found ($ZTARGET) $txtrst"
ipset del Myips "$ZTARGET"; echo -e " ${Cokvb} REMOVED! ($ZTARGET) $(tput sgr0)"
else
echo -e "\n IPSET : ${CGris}(Myips)\n $Cokvb No ban IP found or already removed! $(tput sgr0)"
fi
echo -en " Myfile: ${CGris}($mybadips)\n"; [ -z "$mylistip" ] && echo -e " $Cokvb ($ZTARGET) NOT found $(tput sgr0)\n" || echo -e " $CRouge IP found ($ZTARGET) $(tput sgr0)\n ${Cokvb} REMOVED! ($ZTARGET) $(tput sgr0)" ; sed -i "/$ZTARGET/d" "$mybadips"
done
exit 1
fi
##############################
# Ban list with /home/tools/SH/secu-apache-ban-grep.sh
if [ $ACTION == "-B" ]; then
# mylistip=$(/home/tools/SH/secu-apache-ban-grep.sh -i)
mylistip=$(/home/tools/SH/secu-apache-grep-log.sh -i)
echo $mylistip
#iptables -I INPUT 1 -m set --match-set Myips src -j DROP
exit
fi
##############################
# Save all ip ipset
if [ $ACTION == "-S" ]; then
/home/tools/SH/iptables-save_all.sh
exit
fi
###############################
# Check if ip is already ban.
if [ $ACTION == "-C" ]; then
#ipset_Myips_check
for ZTARGET in "$@"
do
#check_ipset_ip $1
mylistip=`grep "$ZTARGET" $mybadips | uniq`
# [ -z "$mylistip" ] && echo -e " $CAlert no IP to check, exit!$(tput sgr0)" ; exit 1 || echo -e " $CAlert IP found $(tput sgr0)"
ipsetlm=`ipset list Myips | grep "$ZTARGET"`
if [ "$ZTARGET" = "$ipsetlm" ]
then
echo -e " ${Cok} ${Cokvb} IP ALREADY BAN $txtrst "
echo -e " ${Cok} ${Cokvb} IP FOUND $(tput sgr0) ${CAlert} `ipset list Myips| grep "$ZTARGET"` $(tput sgr0) on ${Jaune} Myips $txtrst "
# ipset list Myips| grep "$ZTARGET"
else
echo -e " ${Cok} ${Cokvb} NO IP found $(tput sgr0) ipset ${CGris}Myips$(tput sgr0)"
fi
[ -z "$mylistip" ] && echo -e " ${Cok} ${Cokvb} NO IP found $(tput sgr0) ${Cok} (${CGris}$mybadips$(tput sgr0))" || echo -e " ${Cok} ${Cokvb} IP FOUND $(tput sgr0) ${CAlert} `grep ${ZTARGET} $mybadips | uniq | wc -L` $(tput sgr0) on ${Jaune} $(echo $mybadips) $(tput sgr0)"
# sed '/^ $ZTARGET/d' $mybadips
done
[ -z `ipset list | grep $ZTARGET | wc -L` ] && echo -e " ${Cok} ${Cokvb} NO IP found on ipset list $(tput sgr0)" || echo -e " ${Cok} ${Cokvb} IP FOUND $(tput sgr0) ${CAlert} `ipset list | grep ${ZTARGET} | wc -L` $(tput sgr0) on ALL ipset list $(tput sgr0)"
#if [ "$ZTARGET" = `ipset list | grep "$ZTARGET"` ]
# then
# echo " Check all list"
# ipset list | grep $ZTARGET
exit 1
fi
if [ $ACTION == "-I" ]; then
echo
echo "$(tput setaf 166)"
date
echo " $(tput sgr0)"
echo
echo -e "$CGris\n##################$(tput sgr0)"
echo -e "$Cokv ipset list Myips $(tput sgr0)\n"
ipset list Myips
echo -e "$CGris\n############################$(tput sgr0)"
fi
###############################
if [ $ACTION == "-L" ]; then
echo
echo "$(tput setaf 166)"
date
echo " $(tput sgr0)"
echo
awk '{print $1}' $mybadips | sort | uniq > $badips
ipset_check_
echo -e "$CGris\n################$(tput sgr0)"
echo -e "$Cokv Rules iptables $(tput sgr0)"
echo -e "$CCyan"
# iptables -L INPUT -v -n | grep DROP | uniq -c | sort
iptables -L INPUT -v -n | grep multiport
iptables -L INPUT -v -n | grep match-set
iptables -L INPUT -v -n | grep "f2b-"
echo -e "$CGris\n################$(tput sgr0)"
echo -e "$Cokv ipset list all $(tput sgr0)\n"
echo -en $txtrst; ipset list | grep "Name:" | head -n1 && echo -en $txtred; ipset list | grep "entries:" | head -n1
echo -en $txtrst; ipset list | grep "Name:" | head -n2 | tail -n1 && echo -en $txtred; ipset list | grep "entries:" | head -n2 | tail -n1
echo -en $txtrst; ipset list | grep "Name:" | head -n3 | tail -n1 && echo -en $txtred; ipset list | grep "entries:" | head -n3 | tail -n1
echo -en $txtrst; ipset list | grep "Name:" | head -n4 | tail -n1 && echo -en $txtred; ipset list | grep "entries:" | head -n4 | tail -n1
# echo -en $txtrst; ipset list | grep "Name:" | head -n5 | tail -n1 && echo -en $txtred; ipset list | grep "entries:" | head -n5 | tail -n1
# echo -e "$Cokv List of MY Personal ip ban $(tput sgr0) $badips ( ${CAlert}`awk '{print $1}' $mybadips | sort | uniq | wc -l` $(tput sgr0) )\n"
# remove first line
# echo -e "$Cokv List of MY Personal ip ban $(tput sgr0) $badips (${CAlert}`awk '{print $1}' $mybadips | sort | uniq | tail -n +2 | wc -l`$(tput sgr0))\n"
# awk '{print $1}' $mybadips | sort | uniq > $badips
# cat $badips
else
# ban work loop
for ZTARGET in "$@"
do
# Check Myips rules in iptables.
# ipset_check_
# ADD entry to Myips
echo -e "$ZTARGET" >> $mybadips
# ipset -exist create Myips hash:ip hashsize 4096 -!
# not verbode with -!
# ipset add Myips "$ZTARGET" -!
ipsetlm=`ipset list Myips | grep "$ZTARGET"`
if [ "$ZTARGET" = "$ipsetlm" ]
then echo -e "$Cok IP ${Cokvb} Already Banned! $(tput sgr0) --> $ZTARGET $(tput sgr0)"
else ipset add Myips "$ZTARGET" -! && echo -en "$Cok IP Banned: `ipset list Myips | grep "$ZTARGET"`$(tput sgr0)\n"
fi
# iptables -I INPUT -m set --match-set Myips src -j DROP
# let's go to ban (iptables)
# Uncomment this if you want to use iptables!
# echo $txtcya"Applying action $txtred$ACTION$txtcya to $txtyel$ZTARGET"$txtrst
# iptables $ACTION INPUT -s $ZTARGET -j DROP
done
fi
##############################
if [ $ACTION == "-U" ]; then
echo -e "\n"
ipset_check_
echo -e "\n${CGris}Make clean log (remove blank line) on$(tput sgr0) $mybadips"
echo -e " Before (`cat $mybadips | wc -l`) lines."
sed -i '/^$/d' $mybadips
echo -e "$Cok After (`cat $mybadips | wc -l`) lines.\n"
echo -e "\n$txtcya Populate Blacklist $txtrst"
echo -e "$(tput sgr0)\n"
fi
#####################################################
#iptables -I INPUT -m set --match-set Myips src -j DROP
#iptables -I INPUT -m set --match-set blockip src -j DROP
#iptables -I INPUT -m set --match-set portsentry src -j DROP
######################################################
updateblacklist() {
echo -e "\n$txtcya Populate Date$txtrst"
/etc/ipset-blacklist/update-blacklist.sh /etc/ipset-blacklist/ipset-blacklist.conf
echo -e "...$(tput sgr0)"
# echo $txtcya"Applying action $txtred$ACTION$txtcya to $txtyel$ZTARGET"$txtrst
# iptables $ACTION INPUT -s $ZTARGET -j DROP
}
secu bash ip iptables
<iframe width="100%" height="8246" src="https://snippet.echosystem.fr?embed=618aaf8632175" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 09/11/2021
[BASH] Script to check in apache log for some BAD requests.
#!/bin/bash
#
# Check-appa-log.sh // Script By E32
# how to run this script: $ bash Check-appa-log.sh
#ADD your own ip or ip you don't want to ban.
ipowner="82.46.24.92"
ipowner2="202.03.13.20"
varlog(){
loge=/var/log/apache2/error.log
loga=/var/log/apache2/access.log
grepfiltre=" [0-9]\+[.][0-9]\+[.][0-9]\+[.][0-9]\+"
#filterse="alert("
filterse="String\(|passwd|tar|zip|rar|gz|sql|xmlrpc.php|/wp"
#filterse="String|passwd"
filtersa="String\(|/wp|/.env |xmlrpc.php"
}
#####################################
checkip_loga(){
varlog
echo -e "$(tput setaf 1)🌍$(tput setaf 3) IP $(tput setaf 1)💢$(tput setaf 4) ${filtersa} $(tput setaf 3)👉$(tput setaf 2) $loga$(tput sgr0) "
}
checkip_loge(){
varlog
echo -e "$(tput setaf 1)🌍$(tput setaf 3) IP $(tput setaf 1)💢$(tput setaf 4) ${filterse} $(tput setaf 3)👉$(tput setaf 2) $loge$(tput sgr0) "
}
showipa() {
varlog
# grep 404
check_ipa=$(egrep -i "$filtersa" $loga | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g")
echo -e " $check_ipa" | tr "\n" " "
}
showipe() {
varlog
check_ipe=$(egrep -i "$filterse" $loge | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g")
echo -e " $check_ipe" | tr "\n" " "
}
##########
logecount(){
varlog
tbante=`egrep -i $filterse $loge | grep -o "$grepfiltre" | uniq | wc -l`
echo -ne " $(tput setaf 3)»$(tput setaf 1) 🏆$(tput setaf 3) $tbante $(tput sgr0)"
}
logacount(){
varlog
tbanta=`egrep -i $filtersa $loga | grep -o "$grepfiltre" | uniq | wc -l`
echo -ne " $(tput setaf 3)»$(tput setaf 1) 🏆$(tput setaf 3) $tbanta $(tput sgr0)"
}
countips() {
logecount
checkip_loge
# echo -e "\n"
logacount
checkip_loga
}
checkverboseall(){
checkip_loge
logecount
echo -ne "$(tput setaf 3) » $(tput setaf 1)List $(tput sgr0) "
showipe
echo
echo
checkip_loga
logacount
echo -ne "$(tput setaf 3) » $(tput setaf 1)List $(tput sgr0) "
showipa
echo
}
checkverbose(){
countips
echo
}
checkall(){
echo -e "\n -- CHECK --\n"
checkip_loge
logecount
echo
echo -ne "$(tput setaf 3) » $(tput setaf 1)List $(tput sgr0) "
showipe
echo -e "\n$(tput setaf 3) » $(tput setaf 1)Logs $(tput sgr0) "
egrep -i --color=always ${filterse} $loge | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g"
echo -e " \n --------------------------------------------------\n"
checkip_loga
logacount
echo -ne "$(tput setaf 3) » $(tput setaf 1)List $(tput sgr0) "
showipa
echo -e "\n$(tput setaf 3) » $(tput setaf 1)Logs $(tput sgr0)\n"
egrep -i --color=always ${filtersa} $loga | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g"
}
show_cli() {
echo -e "\n secu-apache CLI"
echo -e "$(tput setaf 3) Usage:\n $(realpath $0) [arguments] $(tput sgr0)\n"
echo -e " Arguments:"
echo -e " --help (-h): Display this help message"
echo -e " --all (-a): Ip list color"
echo -e " --ip (-i): Ip list"
echo -e " --count (-c): Count IPs"
echo -e " --check (-C): Check Logs"
echo -e " --Ban (-B): TEST ban"
echo ""
}
case "$1" in
-h | --help)
show_cli
exit
;;
-c | --count)
countips
exit
;;
-a | --all)
echo
checkverboseall
echo
exit
;;
-i | --ip)
showipe
showipa
echo
exit
;;
-B | --Ban)
# need other script to include //
;;
-C | --Check)
checkall
echo
exit
;;
-F | --Filtre)
checkverbose
echo
exit
;;
*)
echo -ne " \n Check with -h for more option \n\n$(tput setaf 1) 🔍$(tput sgr0) Check "
[ -z "showipe" ] && echo -e "Logs Clean $(tput setaf 4) ✅$(tput sgr0)" || echo -e "$(tput setaf 1)🚨$(tput sgr0) Ban FOUND $(tput setaf 1)⁉️$(tput sgr0) \n $(tput setaf 3)👉to check:$(tput sgr0) $0 -C\n $(tput setaf 3)👉to ban :$(tput sgr0) $0 -B"
echo
checkverbose
echo
;;
esac
################################################################
# ignore CTRL+C, CTRL+Z and quit singles using the trap
# trap '' SIGINT SIGQUIT SIGTSTP
trap "clear; exit" SIGHUP SIGINT SIGTERM
bash shell youtube
<iframe width="100%" height="3350" src="https://snippet.echosystem.fr?embed=61866a9c414a1" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 06/11/2021
[BASH] SSH_CLIENT warning connection
#!/bin/bash
# called from login scripts such as /etc/profile
if [ "${SSH_CLIENT%.*}" != "10.3.38" ]
then
logger -t warn -p info.warn "$SSH_CLIENT connnection"
fi
bash shell
<iframe width="100%" height="326" src="https://snippet.echosystem.fr?embed=60e3329491fc9" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 02/11/2021
[Bash] Duration execution script
#!/bin/bash
# Stats run script
function time_executiom_script() {
echo "This script took $SECONDS seconds to execute"
}
# your function / stuff here
time_executiom_script
##########################################################
#!/bin/bash
# your function / stuff here
format_time() {
((h=${1}/3600))
((m=(${1}%3600)/60))
((s=${1}%60))
printf "%02d:%02d:%02d\n" $h $m $s
}
echo "Script completed in $(format_time $SECONDS)"
##########################################################
#!/bin/bash
START1="$(date +%s)"
sleep 2
END1="$(date +%s)"
sleep 2
START2="$(date +%s)"
sleep 3
END2="$(date +%s)"
DURATION1=$[ ${END1} - ${START1} ]
DURATION2=$[ ${END2} - ${START2} ]
echo "The 1st part of the code took: ${DURATION1}"
echo "The 2nd part of the code took: ${DURATION2}"
##########################################################
#!/bin/bash
my_sleep_function(){
sleep 1
}
OVERALL_START="$(date +%s)"
FUNCTION_START="$(date +%s)"
my_sleep_function
FUNCTION_END="$(date +%s)"
sleep 2
OVERALL_END="$(date +%s)"
echo "The function part of the code took: $[ ${FUNCTION_END} - ${FUNCTION_START} ] seconds to run"
echo "The overall code took: $[ ${OVERALL_END} - ${OVERALL_START} ] seconds to run"
bash shell
<iframe width="100%" height="1352" src="https://snippet.echosystem.fr?embed=5fa2bdafdd9fd" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 02/11/2021
[BASH] updater-netdata.sh
#!/bin/bash
#
# Script Updater for netdata
#
# - Dependencies: Wring package (NPM)
#
# By Erreur32 - 2018
#
service=netdata
releasehub=https://github.com/netdata/netdata/releases
VERT="\\033[1;32m"
NORMAL="\\033[0;39m"
ROUGE="\\033[1;31m"
ROSE="\\033[1;35m"
BLEU="\\033[1;34m"
BLANC="\\033[0;02m"
BLANCLAIR="\\033[1;08m"
JAUNE="\\033[1;33m"
CYAN="\\033[1;36m"
NOC=$(tput sgr0)
NC=$(tput sgr0)
## Check if wring is installed
if [ -f "/usr/bin/wring" ] || [ -f "/usr/local/bin/wring" ]
then
echo -e "\n\e[34m - Wring package \e[0m>> founded.\e[0m\n"
else
echo -e "\n\e[92m - Install Wring with NPM \e[0m\n"
npm install --global wring && echo "Success install Wring" || echo "failure to install Wring"
echo -e "\n\e[34m - .\e[0m\n"
fi
# need to check in other way... /usr/sbin/netdata -V | cut -c"9-" | cut -c "1-6"
VersionInstalled="$(/usr/sbin/netdata -v | cut -c"9-" | cut -c "1-6")"
VersionAvailable="$(curl -s $releasehub | wring text - '.css-truncate-target' | sed -n 5p)"
echo -e "$ROSE Checking $service version ... "
echo -e "$JAUNE Version installed = v$VersionInstalled"
echo -e "$JAUNE Version Available = $VersionAvailable"
echo ""
if [ -z "$VersionInstalled" ]
then
echo -e "$service is not installed - exit "
exit
fi
if [[ "$VersionAvailable" = "v$VersionInstalled" ]]
then
echo -e "$service is already up-to-date (version $VersionInstalled) ... Bye! "
exit
fi
echo -e "$VERT Start install New Updater from Netdata $NC"
if [ -f "/opt/netdata-last-installer.sh" ]
then
rm /opt/netdata-last-installer.sh -f
wget https://my-netdata.io/kickstart.sh -O /opt/netdata-last-installer.sh --no-verbose && echo -e "$CYAN Get success last installer " || echo "failure"
chmod +x /opt/netdata-last-installer.sh
else
wget https://my-netdata.io/kickstart.sh -O /opt/netdata-last-installer.sh --no-verbose && echo -e "$CYAN Get success last installer " || echo "failure"
chmod +x /opt/netdata-last-installer.sh
fi
echo -e " $NC"
echo -e "$JAUNE Start Updating Netdata..."
/bin/bash /opt/netdata-last-installer.sh && echo -e " Updating Netdata Successfully!" || echo "failure"
echo ""
echo -e " $VERT Update ✔ Netdata..."
echo -e " $NC"
bash shell
https://gist.github.com/Erreur32/64108b6fa940bb93654a205503b36f76
<iframe width="100%" height="1550" src="https://snippet.echosystem.fr?embed=5be81b20c9972" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 02/11/2021
[SHELL] Show ip debîan
#!/bin/sh
#
# Show ip debîan (9/10) for 2 interfaces (eth0, eth1)
# ipv4
hostname --ip-address | awk '{ print $2 }'
# ipv6
hostname --ip-address | awk '{ print $1 }'
# OR
ip=`hostname --ip-address`
echo $ip
bash ip shell
echosystem.fr
<iframe width="100%" height="488" src="https://snippet.echosystem.fr?embed=5980ef59459ab" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 09/11/2021
unban ip denyhost
#!/bin/bash
if [ -z "$1" ]; then
echo -e "Error:\n\tProvide IP as the first param"
echo -e "Usage:\n\t$0 <IP>"
exit 1
fi
/etc/init.d/denyhosts stop
echo '
/var/lib/denyhosts/hosts
/var/lib/denyhosts/hosts-restricted
/var/lib/denyhosts/hosts-root
/var/lib/denyhosts/hosts-valid
/var/lib/denyhosts/users-hosts
/etc/hosts.deny
' | grep -v "^$" | xargs sed -i "/$1/d"
/etc/init.d/denyhosts start
bash shell
<iframe width="100%" height="524" src="https://snippet.echosystem.fr?embed=569fab3e94971" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 03/11/2021
[BASH] Checking the Validity Date of an SSL Certificate
# Checking Validity
echo | openssl s_client -connect site:port 2>/dev/null | openssl x509 -noout -dates
@ Extract all information
echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text
bash shell ssl tls
http://www.shellhacks.com/en/HowTo-Check-SSL-Certificate-Expiration-Date-from-the-Linux-Shell
<iframe width="100%" height="290" src="https://snippet.echosystem.fr?embed=5678747e4eff2" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 09/11/2021
[BASH] Find + remplace string
# Find "string" and replace with other string in BASH
find <mydir> -type f -exec sed -i 's/<string1>/<string2>/g' {} \;
bash shell
<iframe width="100%" height="272" src="https://snippet.echosystem.fr?embed=564d7cefdd60f" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 02/11/2021
[BASH] Script BAN iptables V.1
#!/bin/bash
# Script name : Ban/Unban IP with Iptables
function help {
echo "Syntax: $0 -[L][u] target(s)"
echo " Parameters come first. Target is expressed as an IP address."
echo " No specified parameter will ban the IP."
echo " -L to list currently banned IPs."
echo " -u to unban IP(s)."
exit 1
}
# If no arguments are passed, call the "help" function.
if [ -z "$1" ]; then
help
fi
# Define some variables
ACTION="-A"
txtred=$(tput setaf 1)
txtyel=$(tput setaf 3)
txtcya=$(tput setaf 6)
txtrst=$(tput sgr0)
while getopts "huL" OPTION
do
case $OPTION in
h)
help
;;
u)
ACTION="-D"
shift $(($OPTIND - 1))
;;
L)
ACTION="-L"
shift $(($OPTIND - 1))
;;
\?)
help
;;
esac
done
if [ $ACTION == "-L" ]; then
echo $txtcya"List of Banned IPs:"$txtrst
iptables -L INPUT -v -n | grep DROP
else
# ban work loop
for ZTARGET in "$@"
do
echo $txtcya"Applying action $txtred$ACTION$txtcya to $txtyel$ZTARGET"$txtrst
iptables $ACTION INPUT -s $ZTARGET -j DROP
done
fi
bash iptables shell
<iframe width="100%" height="1190" src="https://snippet.echosystem.fr?embed=563a18e9c39ed" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 03/11/2021
[Bash] tips function()
## you can put in eg: .bashrc_function
function bashtips {
cat <<EOF
DIRECTORIES
-----------
~- Previous working directory
pushd tmp Push tmp && cd tmp
popd Pop && cd
GLOBBING AND OUTPUT SUBSTITUTION
--------------------------------
ls a[b-dx]e Globs abe, ace, ade, axe
ls a{c,bl}e Globs ace, able
\$(ls) \`ls\` (but nestable!)
HISTORY MANIPULATION
--------------------
!! Last command
!?foo Last command containing \`foo'
^foo^bar^ Last command containing \`foo', but substitute \`bar'
!!:0 Last command word
!!:^ Last command's first argument
!\$ Last command's last argument
!!:* Last command's arguments
!!:x-y Arguments x to y of last command
C-s search forwards in history
C-r search backwards in history
LINE EDITING
------------
M-d kill to end of word
C-w kill to beginning of word
C-k kill to end of line
C-u kill to beginning of line
M-r revert all modifications to current line
C-] search forwards in line
M-C-] search backwards in line
C-t transpose characters
M-t transpose words
M-u uppercase word
M-l lowercase word
M-c capitalize word
COMPLETION
----------
M-/ complete filename
M-~ complete user name
M-@ complete host name
M-\$ complete variable name
M-! complete command name
M-^ complete history
EOF
}
bash shell
<iframe width="100%" height="1190" src="https://snippet.echosystem.fr?embed=5638829042e88" type="text/html"></iframe>
Texte seul - Permalink - Snippet public posté le 03/11/2021