KNEL/FetchApply
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity

re-factoring into my shell script framework.

Browse Source 
shifting away from invoking via curl and using a downloaded zip file or git clone.
This commit is contained in:
Charles N Wyble - admin
2025-06-30 13:07:25 -05:00
parent d64d75cb3b
commit d82c8733fa
66 changed files with 194 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ProjectCode/Agents/librenms/ntp-client.sh Normal file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
################################################################
# copy this script to somewhere like /opt and make chmod +x it #
# edit your snmpd.conf and include #
# extend ntp-client /opt/ntp-client.sh #
# restart snmpd and activate the app for desired host #
# please make sure you have the path/binaries below #
################################################################
# Binaries and paths required #
################################################################
BIN_NTPQ="$(command -v ntpq)"
BIN_GREP="$(command -v grep)"
BIN_TR="$(command -v tr)"
BIN_CUT="$(command -v cut)"
################################################################
# Don't change anything unless you know what are you doing #
################################################################
CMD1=`$BIN_NTPQ -c rv | $BIN_GREP 'jitter' | $BIN_TR '\n' ' '`
IFS=', ' read -r -a array <<< "$CMD1"
for value in 2 3 4 5 6
do
echo ${array["$value"]} | $BIN_CUT -d "=" -f 2
done

89
ProjectCode/Agents/librenms/ntp-server.sh Normal file
View File

@ -0,0 +1,89 @@
#!/bin/sh
# Please make sure the paths below are correct.
# Alternatively you can put them in $0.conf, meaning if you've named
# this script ntp-client.sh then it must go in ntp-client.sh.conf .
#
# NTPQV output version of "ntpq -c rv"
# p1 DD-WRT and some other outdated linux distros
# p11 FreeBSD 11 and any linux distro that is up to date
#
# If you are unsure, which to set, run this script and make sure that
# the JSON output variables match that in "ntpq -c rv".
#
BIN_NTPD='/usr/bin/env ntpd'
BIN_NTPQ='/usr/bin/env ntpq'
BIN_NTPDC='/usr/bin/env ntpdc'
BIN_GREP='/usr/bin/env grep'
BIN_TR='/usr/bin/env tr'
BIN_CUT='/usr/bin/env cut'
BIN_SED="/usr/bin/env sed"
BIN_AWK='/usr/bin/env awk'
NTPQV="p11"
################################################################
# Don't change anything unless you know what are you doing #
################################################################
CONFIG=$0".conf"
if [ -f $CONFIG ]; then
. $CONFIG
fi
VERSION=1
STRATUM=`$BIN_NTPQ -c rv | $BIN_GREP -Eow "stratum=[0-9]+" | $BIN_CUT -d "=" -f 2`
# parse the ntpq info that requires version specific info
NTPQ_RAW=`$BIN_NTPQ -c rv | $BIN_GREP jitter | $BIN_SED 's/[[:alpha:]=,_]/ /g'`
if [ $NTPQV = "p11" ]; then
OFFSET=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $3}'`
FREQUENCY=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $4}'`
SYS_JITTER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $5}'`
CLK_JITTER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $6}'`
CLK_WANDER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $7}'`
fi
if [ $NTPQV = "p1" ]; then
OFFSET=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $2}'`
FREQUENCY=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $3}'`
SYS_JITTER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $4}'`
CLK_JITTER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $5}'`
CLK_WANDER=`echo $NTPQ_RAW | $BIN_AWK -F ' ' '{print $6}'`
fi
VER=`$BIN_NTPD --version`
if [ "$VER" = '4.2.6p5' ]; then
USECMD=`echo $BIN_NTPDC -c iostats`
else
USECMD=`echo $BIN_NTPQ -c iostats localhost`
fi
CMD2=`$USECMD | $BIN_TR -d ' ' | $BIN_CUT -d : -f 2 | $BIN_TR '\n' ' '`
TIMESINCERESET=`echo $CMD2 | $BIN_AWK -F ' ' '{print $1}'`
RECEIVEDBUFFERS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $2}'`
FREERECEIVEBUFFERS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $3}'`
USEDRECEIVEBUFFERS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $4}'`
LOWWATERREFILLS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $5}'`
DROPPEDPACKETS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $6}'`
IGNOREDPACKETS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $7}'`
RECEIVEDPACKETS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $8}'`
PACKETSSENT=`echo $CMD2 | $BIN_AWK -F ' ' '{print $9}'`
PACKETSENDFAILURES=`echo $CMD2 | $BIN_AWK -F ' ' '{print $10}'`
INPUTWAKEUPS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $11}'`
USEFULINPUTWAKEUPS=`echo $CMD2 | $BIN_AWK -F ' ' '{print $12}'`
echo '{"data":{"offset":"'$OFFSET\
'","frequency":"'$FREQUENCY\
'","sys_jitter":"'$SYS_JITTER\
'","clk_jitter":"'$CLK_JITTER\
'","clk_wander":"'$CLK_WANDER\
'","stratum":"'$STRATUM\
'","time_since_reset":"'$TIMESINCERESET\
'","receive_buffers":"'$RECEIVEDBUFFERS\
'","free_receive_buffers":"'$FREERECEIVEBUFFERS\
'","used_receive_buffers":"'$USEDRECEIVEBUFFERS\
'","low_water_refills":"'$LOWWATERREFILLS\
'","dropped_packets":"'$DROPPEDPACKETS\
'","ignored_packets":"'$IGNOREDPACKETS\
'","received_packets":"'$RECEIVEDPACKETS\
'","packets_sent":"'$PACKETSSENT\
'","packet_send_failures":"'$PACKETSENDFAILURES\
'","input_wakeups":"'$PACKETSENDFAILURES\
'","useful_input_wakeups":"'$USEFULINPUTWAKEUPS\
'"},"error":"0","errorString":"","version":"'$VERSION'"}'

73
ProjectCode/Agents/librenms/os-updates.sh Normal file
View File

@ -0,0 +1,73 @@
#!/usr/bin/env bash
################################################################
# copy this script to /etc/snmp/ and make it executable: #
# chmod +x /etc/snmp/os-updates.sh #
# ------------------------------------------------------------ #
# edit your snmpd.conf and include: #
# extend osupdate /opt/os-updates.sh #
#--------------------------------------------------------------#
# restart snmpd and activate the app for desired host #
#--------------------------------------------------------------#
# please make sure you have the path/binaries below #
################################################################
BIN_WC='/usr/bin/wc'
BIN_GREP='/bin/grep'
CMD_GREP='-c'
CMD_WC='-l'
BIN_ZYPPER='/usr/bin/zypper'
CMD_ZYPPER='-q lu'
BIN_YUM='/usr/bin/yum'
CMD_YUM='-q check-update'
BIN_DNF='/usr/bin/dnf'
CMD_DNF='-q check-update'
BIN_APT='/usr/bin/apt-get'
CMD_APT='-qq -s upgrade'
BIN_PACMAN='/usr/bin/pacman'
CMD_PACMAN='-Sup'
################################################################
# Don't change anything unless you know what are you doing #
################################################################
if [ -f $BIN_ZYPPER ]; then
# OpenSUSE
UPDATES=`$BIN_ZYPPER $CMD_ZYPPER | $BIN_WC $CMD_WC`
if [ $UPDATES -ge 2 ]; then
echo $(($UPDATES-2));
else
echo "0";
fi
elif [ -f $BIN_DNF ]; then
# Fedora
UPDATES=`$BIN_DNF $CMD_DNF | $BIN_WC $CMD_WC`
if [ $UPDATES -ge 1 ]; then
echo $(($UPDATES-1));
else
echo "0";
fi
elif [ -f $BIN_PACMAN ]; then
# Arch
UPDATES=`$BIN_PACMAN $CMD_PACMAN | $BIN_WC $CMD_WC`
if [ $UPDATES -ge 1 ]; then
echo $(($UPDATES-1));
else
echo "0";
fi
elif [ -f $BIN_YUM ]; then
# CentOS / Redhat
UPDATES=`$BIN_YUM $CMD_YUM | $BIN_WC $CMD_WC`
if [ $UPDATES -ge 1 ]; then
echo $(($UPDATES-1));
else
echo "0";
fi
elif [ -f $BIN_APT ]; then
# Debian / Devuan / Ubuntu
UPDATES=`$BIN_APT $CMD_APT | $BIN_GREP $CMD_GREP 'Inst'`
if [ $UPDATES -ge 1 ]; then
echo $UPDATES;
else
echo "0";
fi
else
echo "0";
fi

13
ProjectCode/Agents/librenms/postfix-queues,sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
#Written by Valec 2006. Steal and share.
#Get postfix queue lengths
#extend mailq /opt/observer/scripts/getmailq.sh
QUEUES="incoming active deferred hold"
for i in $QUEUES; do
COUNT=`qshape $i | grep TOTAL | awk '{print $2}'`
printf "$COUNT\n"
done

545
ProjectCode/Agents/librenms/postfixdetailed.sh Normal file
View File

@ -0,0 +1,545 @@
#!/usr/bin/env perl
# add this to your snmpd.conf file as below
# extend postfixdetailed /etc/snmp/postfixdetailed
# The cache file to use.
my $cache='/var/cache/postfixdetailed';
# the location of pflogsumm
my $pflogsumm='/usr/bin/env pflogsumm';
#totals
# 847 received = received
# 852 delivered = delivered
# 0 forwarded = forwarded
# 3 deferred (67 deferrals)= deferred
# 0 bounced = bounced
# 593 rejected (41%) = rejected
# 0 reject warnings = rejectw
# 0 held = held
# 0 discarded (0%) = discarded
# 16899k bytes received = bytesr
# 18009k bytes delivered = bytesd
# 415 senders = senders
# 266 sending hosts/domains = sendinghd
# 15 recipients = recipients
# 9 recipient hosts/domains = recipienthd
######message deferral detail
#Connection refused = deferralcr
#Host is down = deferralhid
########message reject detail
#Client host rejected = chr
#Helo command rejected: need fully-qualified hostname = hcrnfqh
#Sender address rejected: Domain not found = sardnf
#Sender address rejected: not owned by user = sarnobu
#blocked using = bu
#Recipient address rejected: User unknown = raruu
#Helo command rejected: Invalid name = hcrin
#Sender address rejected: need fully-qualified address = sarnfqa
#Recipient address rejected: Domain not found = rardnf
#Recipient address rejected: need fully-qualified address = rarnfqa
#Improper use of SMTP command pipelining = iuscp
#Message size exceeds fixed limit = msefl
#Server configuration error = sce
#Server configuration problem = scp
#unknown reject reason = urr
my $old='';
#reads in the old data if it exists
if ( -f $cache ){
open(my $fh, "<", $cache) or die "Can't open '".$cache."'";
# if this is over 2048, something is most likely wrong
read($fh , $old , 2048);
close($fh);
}
my ( $received,
$delivered,
$forwarded,
$deferred,
$bounced,
$rejected,
$rejectw,
$held,
$discarded,
$bytesr,
$bytesd,
$senders,
$sendinghd,
$recipients,
$recipienthd,
$deferralcr,
$deferralhid,
$chr,
$hcrnfqh,
$sardnf,
$sarnobu,
$bu,
$raruu,
$hcrin,
$sarnfqa,
$rardnf,
$rarnfqa,
$iuscp,
$msefl,
$sce,
$scp,
$urr) = split ( /\n/, $old );
if ( ! defined( $received ) ){ $received=0; }
if ( ! defined( $delivered ) ){ $delivered=0; }
if ( ! defined( $forwarded ) ){ $forwarded=0; }
if ( ! defined( $deferred ) ){ $deferred=0; }
if ( ! defined( $bounced ) ){ $bounced=0; }
if ( ! defined( $rejected ) ){ $rejected=0; }
if ( ! defined( $rejectw ) ){ $rejectw=0; }
if ( ! defined( $held ) ){ $held=0; }
if ( ! defined( $discarded ) ){ $discarded=0; }
if ( ! defined( $bytesr ) ){ $bytesr=0; }
if ( ! defined( $bytesd ) ){ $bytesd=0; }
if ( ! defined( $senders ) ){ $senders=0; }
if ( ! defined( $sendinghd ) ){ $sendinghd=0; }
if ( ! defined( $recipients ) ){ $recipients=0; }
if ( ! defined( $recipienthd ) ){ $recipienthd=0; }
if ( ! defined( $deferralcr ) ){ $deferralcr=0; }
if ( ! defined( $deferralhid ) ){ $deferralhid=0; }
if ( ! defined( $chr ) ){ $chr=0; }
if ( ! defined( $hcrnfqh ) ){ $hcrnfqh=0; }
if ( ! defined( $sardnf ) ){ $sardnf=0; }
if ( ! defined( $sarnobu ) ){ $sarnobu=0; }
if ( ! defined( $bu ) ){ $bu=0; }
if ( ! defined( $raruu ) ){ $raruu=0; }
if ( ! defined( $hcrin ) ){ $hcrin=0; }
if ( ! defined( $sarnfqa ) ){ $sarnfqa=0; }
if ( ! defined( $rardnf ) ){ $rardnf=0; }
if ( ! defined( $rarnfqa ) ){ $rarnfqa=0; }
if ( ! defined( $iuscp ) ){ $iuscp=0; }
if ( ! defined( $msefl ) ){ $msefl=0; }
if ( ! defined( $sce ) ){ $sce=0; }
if ( ! defined( $scp ) ){ $scp=0; }
if ( ! defined( $urr ) ){ $urr=0; }
#init current variables
my $receivedC=0;
my $deliveredC=0;
my $forwardedC=0;
my $deferredC=0;
my $bouncedC=0;
my $rejectedC=0;
my $rejectwC=0;
my $heldC=0;
my $discardedC=0;
my $bytesrC=0;
my $bytesdC=0;
my $sendersC=0;
my $sendinghdC=0;
my $recipientsC=0;
my $recipienthdC=0;
my $deferralcrC=0;
my $deferralhidC=0;
my $chrC=0;
my $hcrnfqhC=0;
my $sardnfC=0;
my $sarnobuC=0;
my $buC=0;
my $raruuC=0;
my $hcrinC=0;
my $sarnfqaC=0;
my $rardnfC=0;
my $rarnfqaC=0;
my $iuscpC=0;
my $mseflC=0;
my $sceC=0;
my $scpC=0;
my $urrC=0;
sub newValue{
my $old=$_[0];
my $new=$_[1];
#if new is undefined, just default to 0... this should never happen
if ( !defined( $new ) ){
warn('New not defined');
return 0;
}
#sets it to 0 if old is not defined
if ( !defined( $old ) ){
warn('Old not defined');
$old=0;
}
#make sure they are both numberic and if not set to zero
if( $old !~ /^[0123456789]*$/ ){
warn('Old not numeric');
$old=0;
}
if( $new !~ /^[0123456789]*$/ ){
warn('New not numeric');
$new=0;
}
#log rotation happened
if ( $old > $new ){
return $new;
};
return $new - $old;
}
my $output=`$pflogsumm /var/log/mail.log`;
#holds client host rejected values till the end when it is compared to the old one
my $chrNew=0;
#holds RBL values till the end when it is compared to the old one
my $buNew=0;
# holds recipient address rejected values till the end when it is compared to the old one
my $raruuNew=0;
#holds the current values for checking later
my $current='';
my @outputA=split( /\n/, $output );
my $int=0;
while ( defined( $outputA[$int] ) ){
my $line=$outputA[$int];
$line=~s/^ *//;
$line=~s/ +/ /g;
$line=~s/\)$//;
my $handled=0;
#received line
if ( ( $line =~ /[0123456789] received$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$receivedC=$line;
$received=newValue( $received, $line );
$handled=1;
}
#delivered line
if ( ( $line =~ /[0123456789] delivered$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$deliveredC=$line;
$delivered=newValue( $delivered, $line );
$handled=1;
}
#forward line
if ( ( $line =~ /[0123456789] forwarded$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$forwardedC=$line;
$forwarded=newValue( $forwarded, $line );
$handled=1;
}
#defereed line
if ( ( $line =~ /[0123456789] deferred \(/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$deferredC=$line;
$deferred=newValue( $deferred, $line );
$handled=1;
}
#bounced line
if ( ( $line =~ /[0123456789] bounced$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$bouncedC=$line;
$bounced=newValue( $bounced, $line );
$handled=1;
}
#rejected line
if ( ( $line =~ /[0123456789] rejected \(/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$rejectedC=$line;
$rejected=newValue( $rejected, $line );
$handled=1;
}
#reject warning line
if ( ( $line =~ /[0123456789] reject warnings/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$rejectwC=$line;
$rejectw=newValue( $rejectw, $line );
$handled=1;
}
#held line
if ( ( $line =~ /[0123456789] held$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$heldC=$line;
$held=newValue( $held, $line );
$handled=1;
}
#discarded line
if ( ( $line =~ /[0123456789] discarded \(/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$discardedC=$line;
$discarded=newValue( $discarded, $line );
$handled=1;
}
#bytes received line
if ( ( $line =~ /[0123456789kM] bytes received$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$line=~s/k/000/;
$line=~s/M/000000/;
$bytesrC=$line;
$bytesr=newValue( $bytesr, $line );
$handled=1;
}
#bytes delivered line
if ( ( $line =~ /[0123456789kM] bytes delivered$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$line=~s/k/000/;
$line=~s/M/000000/;
$bytesdC=$line;
$bytesd=newValue( $bytesd, $line );
$handled=1;
}
#senders line
if ( ( $line =~ /[0123456789] senders$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$sendersC=$line;
$senders=newValue( $senders, $line );
$handled=1;
}
#sendering hosts/domains line
if ( ( $line =~ /[0123456789] sending hosts\/domains$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$sendinghdC=$line;
$sendinghd=newValue( $sendinghd, $line );
$handled=1;
}
#recipients line
if ( ( $line =~ /[0123456789] recipients$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$recipientsC=$line;
$recipients=newValue( $recipients, $line );
$handled=1;
}
#recipients line
if ( ( $line =~ /[0123456789] recipient hosts\/domains$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$recipienthdC=$line;
$recipienthd=newValue( $recipienthd, $line );
$handled=1;
}
# deferrals connectios refused
if ( ( $line =~ /[0123456789] 25\: Connection refused$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$deferralcrC=$line;
$deferralcr=newValue( $deferralcr, $line );
$handled=1;
}
# deferrals Host is down
if ( ( $line =~ /Host is down$/ ) && ( ! $handled ) ){
$line=~s/ .*//;
$deferralhidC=$line;
$deferralhid=newValue( $deferralhid, $line );
$handled=1;
}
# Client host rejected
if ( ( $line =~ /Client host rejected/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$chrNew=$chrNew + $line;
$handled=1;
}
#Helo command rejected: need fully-qualified hostname
if ( ( $line =~ /Helo command rejected\: need fully\-qualified hostname/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$hcrnfqhC=$line;
$hcrnfqh=newValue( $hcrnfqh, $line );
$handled=1;
}
#Sender address rejected: Domain not found
if ( ( $line =~ /Sender address rejected\: Domain not found/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$sardnfC=$line;
$sardnf=newValue( $sardnf, $line );
$handled=1;
}
#Sender address rejected: not owned by user
if ( ( $line =~ /Sender address rejected\: not owned by user/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$sarnobuC=$line;
$sarnobu=newValue( $sarnobu, $line );
$handled=1;
}
#blocked using
# These lines are RBLs so there will be more than one.
# Use $buNew to add them all up.
if ( ( $line =~ /blocked using/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$buNew=$buNew + $line;
$handled=1;
}
#Recipient address rejected: User unknown
if ( ( $line =~ /Recipient address rejected\: User unknown/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$raruuNew=$raruuNew + $line;
$handled=1;
}
#Helo command rejected: Invalid name
if ( ( $line =~ /Helo command rejected\: Invalid name/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$hcrinC=$line;
$hcrin=newValue( $hcrin, $line );
}
#Sender address rejected: need fully-qualified address
if ( ( $line =~ /Sender address rejected\: need fully-qualified address/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$sarnfqaC=$line;
$sarnfqa=newValue( $sarnfqa, $line );
}
#Recipient address rejected: Domain not found
if ( ( $line =~ /Recipient address rejected\: Domain not found/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$rardnfC=$line;
$rardnf=newValue( $rardnf, $line );
}
#Improper use of SMTP command pipelining
if ( ( $line =~ /Improper use of SMTP command pipelining/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$iuoscpC=$line;
$iuoscp=newValue( $iuoscp, $line );
}
#Message size exceeds fixed limit
if ( ( $line =~ /Message size exceeds fixed limit/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$mseflC=$line;
$msefl=newValue( $msefl, $line );
}
#Server configuration error
if ( ( $line =~ /Server configuration error/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$sceC=$line;
$sce=newValue( $sce, $line );
}
#Server configuration problem
if ( ( $line =~ /Server configuration problem/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$scpC=$line;
$scp=newValue( $scp, $line );
}
#unknown reject reason
if ( ( $line =~ /unknown reject reason/ ) && ( ! $handled ) ){
$line=~s/.*\: //g;
$urrC=$line;
$urr=newValue( $urr, $line );
}
$int++;
}
# final client host rejected total
$chr=newValue( $chr, $chrNew );
# final RBL total
$bu=newValue( $bu, $buNew );
# final recipient address rejected total
$raruu=newValue( $raruu, $raruuNew );
my $data=$received."\n".
$delivered."\n".
$forwarded."\n".
$deferred."\n".
$bounced."\n".
$rejected."\n".
$rejectw."\n".
$held."\n".
$discarded."\n".
$bytesr."\n".
$bytesd."\n".
$senders."\n".
$sendinghd."\n".
$recipients."\n".
$recipienthd."\n".
$deferralcr."\n".
$deferralhid."\n".
$chr."\n".
$hcrnfqh."\n".
$sardnf."\n".
$sarnobu."\n".
$bu."\n".
$raruu."\n".
$hcrin."\n".
$sarnfqa."\n".
$rardnf."\n".
$rarnfqa."\n".
$iuscp."\n".
$sce."\n".
$scp."\n".
$urr."\n";
$msefl."\n".
print $data;
my $current=$receivedC."\n".
$deliveredC."\n".
$forwardedC."\n".
$deferredC."\n".
$bouncedC."\n".
$rejectedC."\n".
$rejectwC."\n".
$heldC."\n".
$discardedC."\n".
$bytesrC."\n".
$bytesdC."\n".
$sendersC."\n".
$sendinghdC."\n".
$recipientsC."\n".
$recipienthdC."\n".
$deferralcrC."\n".
$deferralhidC."\n".
$chrNew."\n".
$hcrnfqhC."\n".
$sardnfC."\n".
$sarnobuC."\n".
$buNew."\n".
$raruuNew."\n".
$hcrinC."\n".
$sarnfqaC."\n".
$rardnfC."\n".
$rarnfqaC."\n".
$iuscpC."\n".
$mseflC."\n".
$sceC."\n".
$scpC."\n".
$urrC."\n";
open(my $fh, ">", $cache) or die "Can't open '".$cache."'";
print $fh $current;
close($fh);

363
ProjectCode/Agents/librenms/smart Normal file
View File

@ -0,0 +1,363 @@
#!/usr/bin/env perl
#Copyright (c) 2017, Zane C. Bowers-Hadley
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without modification,
#are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
#IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
#INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
#DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
#LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
#THE POSSIBILITY OF SUCH DAMAGE.
=for comment
Add this to snmpd.conf like below.
extend smart /etc/snmp/smart
Then add to root's cron tab, if you have more than a few disks.
*/3 * * * * /etc/snmp/smart -u
You will also need to create the config file, which defaults to the same path as the script,
but with .config appended. So if the script is located at /etc/snmp/smart, the config file
will be /etc/snmp/smart.config. Alternatively you can also specific a config via -c.
Anything starting with a # is comment. The format for variables is $variable=$value. Empty
lines are ignored. Spaces and tabes at either the start or end of a line are ignored. Any
line with out a = or # are treated as a disk.
#This is a comment
cache=/var/cache/smart
smartctl=/usr/local/sbin/smartctl
useSN=0
ada0
ada1
The variables are as below.
cache = The path to the cache file to use. Default: /var/cache/smart
smartctl = The path to use for smartctl. Default: /usr/bin/env smartctl
useSN = If set to 1, it will use the disks SN for reporting instead of the device name.
1 is the default. 0 will use the device name.
If you want to guess at the configuration, call it with -g and it will print out what it thinks
it should be.
=cut
##
## You should not need to touch anything below here.
##
use warnings;
use strict;
use Getopt::Std;
my $cache='/var/cache/smart';
my $smartctl='/usr/bin/env smartctl';
my @disks;
my $useSN=1;
$Getopt::Std::STANDARD_HELP_VERSION = 1;
sub main::VERSION_MESSAGE {
print "SMART SNMP extend 0.0.0\n";
};
sub main::HELP_MESSAGE {
print "\n".
"-u Update '".$cache."'\n".
"-g Guess at the config and print it to STDOUT.\n".
"-c <config> The config file to use.\n";
}
#gets the options
my %opts=();
getopts('ugc:', \%opts);
# guess if asked
if ( defined( $opts{g} ) ){
#get what path to use for smartctl
$smartctl=`which smartctl`;
chomp($smartctl);
if ( $? != 0 ){
warn("'which smartctl' failed with a exit code of $?");
exit 1;
}
#try to touch the default cache location and warn if it can't be done
system('touch '.$cache.'>/dev/null');
if ( $? != 0 ){
$cache='#Could not touch '.$cache. "You will need to manually set it\n".
"cache=?\n";
}else{
$cache='cache='.$cache."\n";
}
my %found_disks;
#check for drives named /dev/sd*
my @matches=glob('/dev/sd*');
@matches=grep(!/[0-9]/, @matches);
my $matches_int=0;
while ( defined( $matches[$matches_int] ) ){
my $device=$matches[$matches_int];
system( $smartctl.' -A '.$device.' > /dev/null' );
if ( $? == 0 ){
$device =~ s/\/dev\///;
$found_disks{$device}=1;
}
$matches_int++;
}
#check for drives named /dev/ada*
@matches=glob('/dev/ada*');
@matches=grep(!/[ps]/, @matches);
$matches_int=0;
while ( defined( $matches[$matches_int] ) ){
my $device=$matches[$matches_int];
system( $smartctl.' -A '.$device.' > /dev/null' );
if ( $? == 0 ){
$device =~ s/\/dev\///;
$found_disks{$device}=1;
}
$matches_int++;
}
#check for drives named /dev/da*
@matches=glob('/dev/da*');
@matches=grep(!/[ps]/, @matches);
$matches_int=0;
while ( defined( $matches[$matches_int] ) ){
my $device=$matches[$matches_int];
system( $smartctl.' -A '.$device.' > /dev/null' );
if ( $? == 0 ){
$device =~ s/\/dev\///;
$found_disks{$device}=1;
}
$matches_int++;
}
#have smartctl scan and see if it finds anythings not get found
my $scan_output=`$smartctl --scan-open`;
my @scan_outputA=split(/\n/, $scan_output);
@scan_outputA=grep(!/ses[0-9]/, @scan_outputA); # not a disk, but may or may not have SMART attributes
@scan_outputA=grep(!/pass[0-9]/, @scan_outputA); # very likely a duplicate and a disk under another name
$matches_int=0;
while ( defined( $scan_outputA[$matches_int] ) ){
my $device=$scan_outputA[$matches_int];
$device =~ s/ .*//;
system( $smartctl.' -A '.$device.' > /dev/null' );
if ( $? == 0 ){
$device =~ s/\/dev\///;
$found_disks{$device}=1;
}
$matches_int++;
}
print "useSN=0\n".'smartctl='.$smartctl."\n".
$cache.
join( "\n", keys(%found_disks) )."\n";
exit 0;
}
#get which config file to use
my $config=$0.'.config';
if ( defined( $opts{c} ) ){
$config=$opts{c};
}
#reads the config file, optionally
my $config_file='';
open(my $readfh, "<", $config) or die "Can't open '".$config."'";
read($readfh , $config_file , 1000000);
close($readfh);
#parse the config file and remove comments and empty lines
my @configA=split(/\n/, $config_file);
@configA=grep(!/^$/, @configA);
@configA=grep(!/^\#/, @configA);
@configA=grep(!/^[\s\t]*$/, @configA);
my $configA_int=0;
while ( defined( $configA[$configA_int] ) ){
my $line=$configA[$configA_int];
$line=~s/^[\t\s]+//;
$line=~s/[\t\s]+$//;
my ( $var, $val )=split(/=/, $line, 2);
if ( $var eq 'cache' ){
$cache=$val;
}
if ( $var eq 'smartctl' ){
$smartctl=$val;
}
if ( $var eq 'useSN' ){
$useSN=$val;
}
if ( !defined( $val ) ){
push(@disks, $var);
}
$configA_int++;
}
#if set to 1, no cache will be written and it will be printed instead
my $noWrite=0;
# if no -u, it means we are being called from snmped
if ( ! defined( $opts{u} ) ){
# if the cache file exists, print it, otherwise assume one is not being used
if ( -f $cache ){
my $old='';
open(my $readfh, "<", $cache) or die "Can't open '".$cache."'";
read($readfh , $old , 1000000);
close($readfh);
print $old;
exit 0;
}else{
$opts{u}=1;
$noWrite=1;
}
}
my $toReturn='';
my $int=0;
while ( defined($disks[$int]) ) {
my $disk=$disks[$int];
my $disk_sn=$disk;
my $output=`$smartctl -A /dev/$disk`;
my %IDs=( '5'=>'null',
'10'=>'null',
'173'=>'null',
'177'=>'null',
'183'=>'null',
'184'=>'null',
'187'=>'null',
'188'=>'null',
'190'=>'null',
'194'=>'null',
'196'=>'null',
'197'=>'null',
'198'=>'null',
'199'=>'null',
'231'=>'null',
'233'=>'null',
);
my @outputA=split( /\n/, $output );
my $outputAint=0;
while ( defined($outputA[$outputAint]) ) {
my $line=$outputA[$outputAint];
$line=~s/^ +//;
$line=~s/ +/ /g;
if ( $line =~ /^[0123456789]+ / ) {
my @lineA=split(/\ /, $line, 10);
my $raw=$lineA[9];
my $id=$lineA[0];
# single int raw values
if (
( $id == 5 ) ||
( $id == 10 ) ||
( $id == 173 ) ||
( $id == 177 ) ||
( $id == 183 ) ||
( $id == 184 ) ||
( $id == 187 ) ||
( $id == 196 ) ||
( $id == 197 ) ||
( $id == 198 ) ||
( $id == 199 ) ||
( $id == 231 ) ||
( $id == 233 )
) {
$IDs{$id}=$raw;
}
# 188, Command_Timeout
if ( $id == 188 ) {
my $total=0;
my @rawA=split( /\ /, $raw );
my $rawAint=0;
while ( defined( $rawA[$rawAint] ) ) {
$total=$total+$rawA[$rawAint];
$rawAint++;
}
$IDs{$id}=$total;
}
# 190, airflow temp
# 194, temp
if (
( $id == 190 ) ||
( $id == 194 )
) {
my ( $temp )=split(/\ /, $raw);
$IDs{$id}=$temp;
}
}
$outputAint++;
}
#get the selftest logs
$output=`$smartctl -l selftest /dev/$disk`;
@outputA=split( /\n/, $output );
my $completed=scalar grep(/Completed without error/, @outputA);
my $interrupted=scalar grep(/Interrupted/, @outputA);
my $read_failure=scalar grep(/read failure/, @outputA);
my $unknown_failure=scalar grep(/unknown failure/, @outputA);
my $extended=scalar grep(/Extended/, @outputA);
my $short=scalar grep(/Short/, @outputA);
my $conveyance=scalar grep(/Conveyance/, @outputA);
my $selective=scalar grep(/Selective/, @outputA);
# get the drive serial number, if needed
my $disk_id=$disk;
if ( $useSN ){
while (`$smartctl -i /dev/$disk` =~ /Serial Number:(.*)/g) {
$disk_id = $1;
$disk_id =~ s/^\s+|\s+$//g;
}
}
$toReturn=$toReturn.$disk_id.','.$IDs{'5'}.','.$IDs{'10'}.','.$IDs{'173'}.','.$IDs{'177'}.','.$IDs{'183'}.','.$IDs{'184'}.','.$IDs{'187'}.','.$IDs{'188'}
.','.$IDs{'190'} .','.$IDs{'194'}.','.$IDs{'196'}.','.$IDs{'197'}.','.$IDs{'198'}.','.$IDs{'199'}.','.$IDs{'231'}.','.$IDs{'233'}.','.
$completed.','.$interrupted.','.$read_failure.','.$unknown_failure.','.$extended.','.$short.','.$conveyance.','.$selective."\n";
$int++;
}
if ( ! $noWrite ){
open(my $writefh, ">", $cache) or die "Can't open '".$cache."'";
print $writefh $toReturn;
close($writefh);
}else{
print $toReturn;
}

3
ProjectCode/Agents/librenms/smart.config Normal file
View File

@ -0,0 +1,3 @@
smartctl=/usr/sbin/smartctl
cache=/var/cache/smart
sda

46
ProjectCode/ConfigFiles/AuditD/auditd.conf Normal file
View File

@ -0,0 +1,46 @@
#
# Known Element Enterprises Customized Config File
# auditd
# Initial version 2025-06-27
#
local_events = yes
write_logs = yes
log_file = /var/log/audit/audit.log
log_group = adm
log_format = ENRICHED
flush = INCREMENTAL_ASYNC
freq = 50
max_log_file = 8
num_logs = 5
priority_boost = 4
name_format = NONE
max_log_file_action = keep_logs
space_left = 75
space_left_action = email
action_mail_acct = root
admin_space_left_action = halt
disk_full_action = SUSPEND
disk_error_action = SUSPEND
admin_space_left = 50
verify_email = yes
use_libwrap = yes
tcp_listen_queue = 5
tcp_max_per_addr = 1
tcp_client_max_idle = 0
transport = TCP
distribute_network = no
q_depth = 2000
overflow_action = SYSLOG
max_restarts = 10
plugin_dir = /etc/audit/plugins.d
end_of_event_timeout = 2
##tcp_client_ports = 1024-65535
##tcp_listen_port = 60
##krb5_key_file = /etc/audit/audit.key
krb5_principal = auditd
##name = mydomain

0
ProjectCode/ConfigFiles/AuditD/rules.d/time-change.rules Normal file
View File

5
ProjectCode/ConfigFiles/BANNERS/issue Normal file
View File

@ -0,0 +1,5 @@
This system is the property of Known Element Enterprises LLC.
Authorized uses only. All activity may be monitored and reported.
All activities subject to monitoring/recording/review in real time and/or at a later time.

5
ProjectCode/ConfigFiles/BANNERS/issue.net Normal file
View File

@ -0,0 +1,5 @@
This system is the property of Known Element Enterprises LLC.
Authorized uses only. All activity may be monitored and reported.
All activities subject to monitoring/recording/review in real time and/or at a later time.

5
ProjectCode/ConfigFiles/BANNERS/motd Normal file
View File

@ -0,0 +1,5 @@
This system is the property of Known Element Enterprises LLC.
Authorized uses only. All activity may be monitored and reported.
All activities subject to monitoring/recording/review in real time and/or at a later time.

6
ProjectCode/ConfigFiles/DHCP/dhclient.conf Normal file
View File

@ -0,0 +1,6 @@
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, host-name,
rfc3442-classless-static-routes;

23
ProjectCode/ConfigFiles/Logrotate/logrotate.conf Normal file
View File

@ -0,0 +1,23 @@
# see "man logrotate" for details
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create 0640 root utmp
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.

1
ProjectCode/ConfigFiles/ModProbe/cramfs.conf Normal file
View File

@ -0,0 +1 @@
install cramfs /bin/true

1
ProjectCode/ConfigFiles/ModProbe/dccp.conf Normal file
View File

@ -0,0 +1 @@
install dccp /bin/true

1
ProjectCode/ConfigFiles/ModProbe/freevxfs.conf Normal file
View File

@ -0,0 +1 @@
install freevxfs /bin/true

1
ProjectCode/ConfigFiles/ModProbe/hfs.conf Normal file
View File

@ -0,0 +1 @@
install hfs /bin/true

1
ProjectCode/ConfigFiles/ModProbe/hfsplus.conf Normal file
View File

@ -0,0 +1 @@
install hfsplus /bin/true

1
ProjectCode/ConfigFiles/ModProbe/jffs2.conf Normal file
View File

@ -0,0 +1 @@
install jffs2 /bin/true

1
ProjectCode/ConfigFiles/ModProbe/rds.conf Normal file
View File

@ -0,0 +1 @@
install rds /bin/true

1
ProjectCode/ConfigFiles/ModProbe/sctp.conf Normal file
View File

@ -0,0 +1 @@
install sctp /bin/true

1
ProjectCode/ConfigFiles/ModProbe/squashfs.conf Normal file
View File

@ -0,0 +1 @@
install squashfs /bin/true

1
ProjectCode/ConfigFiles/ModProbe/tipc.conf Normal file
View File

@ -0,0 +1 @@
install tipc /bin/true

1
ProjectCode/ConfigFiles/ModProbe/udf.conf Normal file
View File

@ -0,0 +1 @@
install udf /bin/true

1
ProjectCode/ConfigFiles/ModProbe/usb_storage.conf Normal file
View File

@ -0,0 +1 @@
install usb-storage /bin/true

5
ProjectCode/ConfigFiles/NTP/ntp.conf Normal file
View File

@ -0,0 +1,5 @@
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
server pfv-netboot.knel.net
restrict 127.0.0.1
restrict ::1

3
ProjectCode/ConfigFiles/SMTP/aliases Normal file
View File

@ -0,0 +1,3 @@
# See man 5 aliases for format
postmaster: root
root: coo@turnsys.com

1
ProjectCode/ConfigFiles/SMTP/postfix_generic Normal file
View File

@ -0,0 +1 @@
/.*/ tsysrootaccount@knel.net

1
ProjectCode/ConfigFiles/SNMP/snmp-sudo.conf Normal file
View File

@ -0,0 +1 @@
Debian-snmp ALL = NOPASSWD: /bin/cat

45
ProjectCode/ConfigFiles/SNMP/snmpd-physicalhost.conf Normal file
View File

@ -0,0 +1,45 @@
##########################################################################
# snmpd.conf
# Created by CNW on 11/3/2018 via snmpconf wizard and manual post tweaks
###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
# disk: Check for disk space usage of a partition.
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
#
load 3 3 3
rocommunity kn3lmgmt
sysservices 76
#syslocation Rack, Room, Building, City, Country [Lat, Lon]
syslocation R4, Server Room, SITER, Pflugerville, United States
syscontact coo@turnsys.com
#NTP
extend ntp-client /usr/local/librenms/ntp-client.sh
#SMTP
extend mailq /usr/local/librenms/postfix-queues
extend postfixdetailed /usr/local/librenms/postfixdetailed
#OS Distribution Detection
extend distro /usr/local/bin/distro
extend osupdate /usr/local/librenms/os-updates.sh
#Hardware Detection
extend manufacturer /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/sys_vendor
extend hardware /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/product_name
extend serial /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/product_serial
#SMART
extend smart /bin/cat /var/cache/smart
#Temperature
pass_persist .1.3.6.1.4.1.9.9.13.1.3 /usr/local/bin/temper-snmp
# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX
# smuxpeer .1.3.6.1.4.1.674.10892.1

37
ProjectCode/ConfigFiles/SNMP/snmpd-rpi.conf Normal file
View File

@ -0,0 +1,37 @@
##########################################################################
# snmpd.conf
# Created by CNW on 11/3/2018 via snmpconf wizard and manual post tweaks
###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
# disk: Check for disk space usage of a partition.
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
#
load 3 3 3
rocommunity kn3lmgmt
sysservices 76
#syslocation Rack, Room, Building, City, Country [Lat, Lon]
syslocation SITER, Pflugerville, United States
syscontact coo@turnsys.com
#NTP
extend ntp-client /usr/local/librenms/ntp-client.sh
#SMTP
extend mailq /usr/local/librenms/postfix-queues
extend postfixdetailed /usr/local/librenms/postfixdetailed
#OS Distribution Detection
extend distro /usr/local/bin/distro
extend osupdate /usr/local/librenms/os-updates.sh
#Hardware Detection
extend hardware /usr/bin/sudo /usr/bin/cat /sys/firmware/devicetree/base/model
extend serial /usr/bin/sudo /usr/bin/cat /sys/firmware/devicetree/base/serial-number
# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX
# smuxpeer .1.3.6.1.4.1.674.10892.1

40
ProjectCode/ConfigFiles/SNMP/snmpd.conf Normal file
View File

@ -0,0 +1,40 @@
##########################################################################
# snmpd.conf
# Created by CNW on 11/3/2018 via snmpconf wizard and manual post tweaks
###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
# disk: Check for disk space usage of a partition.
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
#
load 3 3 3
rocommunity kn3lmgmt
sysservices 76
#syslocation Rack, Room, Building, City, Country [Lat, Lon]
syslocation R4, Server Room, SITER, Pflugerville, United States
syscontact coo@turnsys.com
#NTP
extend ntp-client /usr/local/librenms/ntp-client.sh
#SMTP
extend mailq /usr/local/librenms/postfix-queues
extend postfixdetailed /usr/local/librenms/postfixdetailed
#OS Distribution Detection
extend distro /usr/local/bin/distro
extend osupdate /usr/local/librenms/os-updates.sh
#Hardware Detection
# (uncomment for x86 platforms)
extend manufacturer /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/sys_vendor
extend hardware /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/product_name
extend serial /usr/bin/sudo /usr/bin/cat /sys/devices/virtual/dmi/id/product_serial
# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX
# smuxpeer .1.3.6.1.4.1.674.10892.1

2
ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys Normal file
View File

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHaBNuLS+GYGRPc9wne63Ocr+R+/Q01Y9V0FTv0RnG3
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyMR0lFgiMKhQJ5aqy68nR0BQp1cNzi/wIThyuTV4a8 tsyscto@ultix-control

2
ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys Normal file
View File

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHaBNuLS+GYGRPc9wne63Ocr+R+/Q01Y9V0FTv0RnG3
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyMR0lFgiMKhQJ5aqy68nR0BQp1cNzi/wIThyuTV4a8 tsyscto@ultix-control

19
ProjectCode/ConfigFiles/SSH/Configs/ssh-audit_hardening.conf Normal file
View File

@ -0,0 +1,19 @@
# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com
# hardening guide.
KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,gss-curve25519-sha256-,diffie-hellman-group16-sha512,gss-group16-sha512-,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
RequiredRSASize 3072
CASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-group16-sha512-
HostbasedAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256
PubkeyAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256

20
ProjectCode/ConfigFiles/SSH/Configs/tsys-sshd-config Normal file
View File

@ -0,0 +1,20 @@
Include /etc/ssh/sshd_config.d/*.conf
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KbdInteractiveAuthentication no
PrintMotd no
PasswordAuthentication no
AllowTcpForwarding no
X11Forwarding no
ChallengeResponseAuthentication no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Banner /etc/issue.net
MaxAuthTries 2
MaxStartups 10:30:100
PermitRootLogin prohibit-password
ClientAliveInterval 300
ClientAliveCountMax 3
AllowUsers root localuser subodev
LoginGraceTime 60

6
ProjectCode/ConfigFiles/Syslog/rsyslog.conf Normal file
View File

@ -0,0 +1,6 @@
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
*.* @tsys-librenms.knel.net:514
:omusrmsg:EOF

31
ProjectCode/ConfigFiles/Systemd/journald.conf Normal file
View File

@ -0,0 +1,31 @@
[Journal]
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
#Audit=no
Storage=persistent

258
ProjectCode/ConfigFiles/ZSH/tsys-zshrc Normal file
View File

@ -0,0 +1,258 @@
# ~/.zshrc file for zsh interactive shells.
# see /usr/share/doc/zsh/examples/zshrc for examples
setopt autocd # change directory just by typing its name
#setopt correct # auto correct mistakes
setopt interactivecomments # allow comments in interactive mode
setopt magicequalsubst # enable filename expansion for arguments of the form anything=expression
setopt nonomatch # hide error message if there is no match for the pattern
setopt notify # report the status of background jobs immediately
setopt numericglobsort # sort filenames numerically when it makes sense
setopt promptsubst # enable command substitution in prompt
WORDCHARS=${WORDCHARS//\/} # Don't consider certain characters part of the word
# hide EOL sign ('%')
PROMPT_EOL_MARK=""
# configure key keybindings
bindkey -v # emacs key bindings
bindkey ' ' magic-space # do history expansion on space
bindkey '^U' backward-kill-line # ctrl + U
bindkey '^[[3;5~' kill-word # ctrl + Supr
bindkey '^[[3~' delete-char # delete
bindkey '^[[1;5C' forward-word # ctrl + ->
bindkey '^[[1;5D' backward-word # ctrl + <-
bindkey '^[[5~' beginning-of-buffer-or-history # page up
bindkey '^[[6~' end-of-buffer-or-history # page down
bindkey '^[[H' beginning-of-line # home
bindkey '^[[F' end-of-line # end
bindkey '^[[Z' undo # shift + tab undo last action
# enable completion features
autoload -Uz compinit
compinit -d ~/.cache/zcompdump
zstyle ':completion:*:*:*:*:*' menu select
zstyle ':completion:*' auto-description 'specify: %d'
zstyle ':completion:*' completer _expand _complete
zstyle ':completion:*' format 'Completing %d'
zstyle ':completion:*' group-name ''
zstyle ':completion:*' list-colors ''
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}'
zstyle ':completion:*' rehash true
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' use-compctl false
zstyle ':completion:*' verbose true
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
# History configurations
HISTFILE=~/.zsh_history
HISTSIZE=10000
SAVEHIST=200000
setopt hist_expire_dups_first # delete duplicates first when HISTFILE size exceeds HISTSIZE
setopt hist_ignore_dups # ignore duplicated commands history list
setopt hist_ignore_space # ignore commands that start with space
setopt hist_verify # show command with history expansion to user before running it
#setopt share_history # share command history data
# force zsh to show the complete history
alias history="history 0"
# configure `time` format
TIMEFMT=$'\nreal\t%E\nuser\t%U\nsys\t%S\ncpu\t%P'
# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
configure_prompt() {
prompt_symbol=㉿
# Skull emoji for root terminal
#[ "$EUID" -eq 0 ] && prompt_symbol=💀
case "$PROMPT_ALTERNATIVE" in
twoline)
PROMPT=$'%F{%(#.blue.green)}┌──${debian_chroot:+($debian_chroot)─}${VIRTUAL_ENV:+($(basename $VIRTUAL_ENV))─}(%B%F{%(#.red.blue)}%n'$prompt_symbol$'%m%b%F{%(#.blue.green)})-[%B%F{reset}%(6~.%-1~/…/%4~.%5~)%b%F{%(#.blue.green)}]\n└─%B%(#.%F{red}#.%F{blue}$)%b%F{reset} '
# Right-side prompt with exit codes and background processes
#RPROMPT=$'%(?.. %? %F{red}%B%b%F{reset})%(1j. %j %F{yellow}%B⚙%b%F{reset}.)'
;;
oneline)
PROMPT=$'${debian_chroot:+($debian_chroot)}${VIRTUAL_ENV:+($(basename $VIRTUAL_ENV))}%B%F{%(#.red.blue)}%n@%m%b%F{reset}:%B%F{%(#.blue.green)}%~%b%F{reset}%(#.#.$) '
RPROMPT=
;;
backtrack)
PROMPT=$'${debian_chroot:+($debian_chroot)}${VIRTUAL_ENV:+($(basename $VIRTUAL_ENV))}%B%F{red}%n@%m%b%F{reset}:%B%F{blue}%~%b%F{reset}%(#.#.$) '
RPROMPT=
;;
esac
unset prompt_symbol
}
# The following block is surrounded by two delimiters.
# These delimiters must not be modified. Thanks.
# START KALI CONFIG VARIABLES
PROMPT_ALTERNATIVE=twoline
NEWLINE_BEFORE_PROMPT=yes
# STOP KALI CONFIG VARIABLES
if [ "$color_prompt" = yes ]; then
# override default virtualenv indicator in prompt
VIRTUAL_ENV_DISABLE_PROMPT=1
configure_prompt
# enable syntax-highlighting
if [ -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh ]; then
. /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
ZSH_HIGHLIGHT_HIGHLIGHTERS=(main brackets pattern)
ZSH_HIGHLIGHT_STYLES[default]=none
ZSH_HIGHLIGHT_STYLES[unknown-token]=underline
ZSH_HIGHLIGHT_STYLES[reserved-word]=fg=cyan,bold
ZSH_HIGHLIGHT_STYLES[suffix-alias]=fg=green,underline
ZSH_HIGHLIGHT_STYLES[global-alias]=fg=green,bold
ZSH_HIGHLIGHT_STYLES[precommand]=fg=green,underline
ZSH_HIGHLIGHT_STYLES[commandseparator]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[autodirectory]=fg=green,underline
ZSH_HIGHLIGHT_STYLES[path]=bold
ZSH_HIGHLIGHT_STYLES[path_pathseparator]=
ZSH_HIGHLIGHT_STYLES[path_prefix_pathseparator]=
ZSH_HIGHLIGHT_STYLES[globbing]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[history-expansion]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[command-substitution]=none
ZSH_HIGHLIGHT_STYLES[command-substitution-delimiter]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[process-substitution]=none
ZSH_HIGHLIGHT_STYLES[process-substitution-delimiter]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[single-hyphen-option]=fg=green
ZSH_HIGHLIGHT_STYLES[double-hyphen-option]=fg=green
ZSH_HIGHLIGHT_STYLES[back-quoted-argument]=none
ZSH_HIGHLIGHT_STYLES[back-quoted-argument-delimiter]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[single-quoted-argument]=fg=yellow
ZSH_HIGHLIGHT_STYLES[double-quoted-argument]=fg=yellow
ZSH_HIGHLIGHT_STYLES[dollar-quoted-argument]=fg=yellow
ZSH_HIGHLIGHT_STYLES[rc-quote]=fg=magenta
ZSH_HIGHLIGHT_STYLES[dollar-double-quoted-argument]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[back-double-quoted-argument]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[back-dollar-quoted-argument]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[assign]=none
ZSH_HIGHLIGHT_STYLES[redirection]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[comment]=fg=black,bold
ZSH_HIGHLIGHT_STYLES[named-fd]=none
ZSH_HIGHLIGHT_STYLES[numeric-fd]=none
ZSH_HIGHLIGHT_STYLES[arg0]=fg=cyan
ZSH_HIGHLIGHT_STYLES[bracket-error]=fg=red,bold
ZSH_HIGHLIGHT_STYLES[bracket-level-1]=fg=blue,bold
ZSH_HIGHLIGHT_STYLES[bracket-level-2]=fg=green,bold
ZSH_HIGHLIGHT_STYLES[bracket-level-3]=fg=magenta,bold
ZSH_HIGHLIGHT_STYLES[bracket-level-4]=fg=yellow,bold
ZSH_HIGHLIGHT_STYLES[bracket-level-5]=fg=cyan,bold
ZSH_HIGHLIGHT_STYLES[cursor-matchingbracket]=standout
fi
else
PROMPT='${debian_chroot:+($debian_chroot)}%n@%m:%~%(#.#.$) '
fi
unset color_prompt force_color_prompt
toggle_oneline_prompt(){
if [ "$PROMPT_ALTERNATIVE" = oneline ]; then
PROMPT_ALTERNATIVE=twoline
else
PROMPT_ALTERNATIVE=oneline
fi
configure_prompt
zle reset-prompt
}
zle -N toggle_oneline_prompt
bindkey ^P toggle_oneline_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty)
TERM_TITLE=$'\e]0;${debian_chroot:+($debian_chroot)}${VIRTUAL_ENV:+($(basename $VIRTUAL_ENV))}%n@%m: %~\a'
;;
*)
;;
esac
precmd() {
# Print the previously configured title
print -Pnr -- "$TERM_TITLE"
# Print a new line before the prompt, but only if it is not the first line
if [ "$NEWLINE_BEFORE_PROMPT" = yes ]; then
if [ -z "$_NEW_LINE_BEFORE_PROMPT" ]; then
_NEW_LINE_BEFORE_PROMPT=1
else
print ""
fi
fi
}
# enable color support of ls, less and man, and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
export LS_COLORS="$LS_COLORS:ow=30;44:" # fix ls color for folders with 777 permissions
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
alias diff='diff --color=auto'
alias ip='ip --color=auto'
export LESS_TERMCAP_mb=$'\E[1;31m' # begin blink
export LESS_TERMCAP_md=$'\E[1;36m' # begin bold
export LESS_TERMCAP_me=$'\E[0m' # reset bold/blink
export LESS_TERMCAP_so=$'\E[01;33m' # begin reverse video
export LESS_TERMCAP_se=$'\E[0m' # reset reverse video
export LESS_TERMCAP_us=$'\E[1;32m' # begin underline
export LESS_TERMCAP_ue=$'\E[0m' # reset underline
# Take advantage of $LS_COLORS for completion as well
zstyle ':completion:*' list-colors "${(s.:.)LS_COLORS}"
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
fi
# some more ls aliases
alias ll='ls -l'
alias la='ls -A'
alias l='ls -CF'
# enable auto-suggestions based on the history
if [ -f /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh ]; then
. /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
# change suggestion color
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=#999'
fi
# enable command-not-found if installed
if [ -f /etc/zsh_command_not_found ]; then
. /etc/zsh_command_not_found
fi

23
ProjectCode/Dell/Server/fixeth.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#magic to detect main int
echo "Determining management interface..."
#export MAIN_INT=$(brctl show $(netstat -rn|grep 0.0.0.0|head -n1|awk '{print $NF}') | awk '{print $NF}'|tail -1|awk -F '.' '{print $1}')
export MAIN_INT=$(brctl show|grep vmbr0|awk '{print $NF}'|awk -F '.' '{print $1}')
echo "Management interface is: $MAIN_INT"
#fix the issue
echo "Fixing management interface..."
ethtool -K $MAIN_INT tso off
ethtool -K $MAIN_INT gro off
ethtool -K $MAIN_INT gso off
ethtool -K $MAIN_INT tx off
ethtool -K $MAIN_INT rx off
#https://forum.proxmox.com/threads/e1000-driver-hang.58284/
#https://serverfault.com/questions/616485/e1000e-reset-adapter-unexpectedly-detected-hardware-unit-hang

34
ProjectCode/Dell/Server/omsa.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
#curl -s http://dl.turnsys.net/omsa.sh|/bin/bash
gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-key 1285491434D8786F
gpg -a --export 1285491434D8786F | apt-key add -
echo "deb http://linux.dell.com/repo/community/openmanage/930/bionic bionic main" > /etc/apt/sources.list.d/linux.dell.com.sources.list
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-curl-client-transport1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-client4_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-server1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-sfcc/libcimcclient0_2.2.8-0ubuntu2_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/openwsman_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/multiverse/c/cim-schema/cim-schema_2.48.0-0ubuntu1_all.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-sfc-common/libsfcutil0_1.0.1-0ubuntu4_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/multiverse/s/sblim-sfcb/sfcb_1.4.9-0ubuntu5_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-cmpi-devel/libcmpicppimpl0_2.0.3-0ubuntu2_amd64.deb
dpkg -i libwsman-curl-client-transport1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman-client4_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman-server1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libcimcclient0_2.2.8-0ubuntu2_amd64.deb
dpkg -i openwsman_2.6.5-0ubuntu3_amd64.deb
dpkg -i cim-schema_2.48.0-0ubuntu1_all.deb
dpkg -i libsfcutil0_1.0.1-0ubuntu4_amd64.deb
dpkg -i sfcb_1.4.9-0ubuntu5_amd64.deb
dpkg -i libcmpicppimpl0_2.0.3-0ubuntu2_amd64.deb
apt update
apt -y install srvadmin-all
touch /opt/dell/srvadmin/lib64/openmanage/IGNORE_GENERATION
#logout,login, then run
# srvadmin-services.sh enable && srvadmin-services.sh start

10
ProjectCode/Dell/fixcpuperf.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
#Script to set performance.
cpufreq-set -r -g performance
cpupower frequency-set --governor performance

0
ProjectCode/Modules/Auth/auth-cloudron-ldap.sh Normal file
View File

81
ProjectCode/Modules/RandD/sslStackFromSource.sh Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
#Made from instructions at https://www.tunetheweb.com/performance/http2/
OPENSSL_URL_BASE="https://www.openssl.org/source/"
OPENSSL_FILE="openssl-1.1.0h.tar.gz"
NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/"
NGHTTP_FILE="nghttp2-1.31.0.tar.gz"
APR_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
APR_FILE="apr-1.6.3.tar.gz"
APR_UTIL_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
APR_UTIL_FILE="apr-util-1.6.1.tar.gz"
APACHE_URL_BASE="http://mirrors.whoishostingthis.com/apache/httpd/"
APACHE_FILE="httpd-2.4.33.tar.gz"
CURL_URL_BASE="https://curl.haxx.se/download/"
CURL_FILE="curl-7.60.0.tar.gz"
#Download and install latest version of openssl
wget $OPENSSL_URL_BASE/$OPENSSL_FILE
tar xzf $OPENSSL_FILE
cd openssl-1.1.0h
./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h ; make ; make install
ln -s /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl
cd -
#Download and install nghttp2 (needed for mod_http2).
wget $NGHTTP_URL_BASE/$NGHTTP_FILE
tar xzf $NGHTTP_FILE
cd nghttp2-1.31.0
./configure --prefix=/usr/local/custom-ssl/nghttp ; make ; make install
cd -
#Updated ldconfig so curl build
cat <<custom-ssl > /etc/ld.so.conf.d/custom-ssl.conf
/usr/local/custom-ssl/openssl-1.1.0h/lib
/usr/local/custom-ssl/nghttp/lib
custom-ssl
ldconfig
#Download and install curl
wget $CURL_URL_BASE/$CURL_FILE
tar xzf curl-7.60.0.tar.gz
cd curl-7.60.0
./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ ; make ; make install
cd -
#Download and install latest apr
wget $APR_URL_BASE/$APR_FILE
tar xzf $APR_FILE
cd apr-1.6.3
./configure --prefix=/usr/local/custom-ssl/apr ; make ; make install
cd -
#Download and install latest apr-util
wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE
tar xzf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr ; make; make install
cd -
#Download and install apache
wget $APACHE_URL_BASE/$APACHE_FILE
tar xzf httpd-2.4.33.tar.gz
cd httpd-2.4.33
cp -r ../apr-1.6.3 srclib/apr
cp -r ../apr-util-1.6.1 srclib/apr-util
./configure --prefix=/usr/local/custom-ssl/apache --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ --with-pcre=/usr/bin/pcre-config --enable-unique-id --enable-ssl --enable-so --with-included-apr --enable-http2 --with-nghttp2=/usr/local/custom-ssl/nghttp/
make
make install
ln -s /usr/local/custom-ssl/apache /usr/local/apache
cd -

10
ProjectCode/Modules/Security/secharden-2fa.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
#secharden-2fa
#Coming very soon, 2fa for webmin/cockpit/ssh
#libpam-google-authenticator
#https://www.ogselfhosting.com/index.php/2024/03/21/enabling-2fa-for-cockpit/
#https://webmin.com/docs/modules/webmin-configuration/#two-factor-authentication
#https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-18-04

52
ProjectCode/Modules/Security/secharden-audit-agents.sh Normal file
View File

@ -0,0 +1,52 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
set -o functrace
export PS4='(${BASH_SOURCE}:${LINENO}): - [${SHLVL},${BASH_SUBSHELL},$?] $ '
function error_out()
{
echo "Bailing out. See above for reason...."
exit 1
}
function handle_failure() {
local lineno=$1
local fn=$2
local exitstatus=$3
local msg=$4
local lineno_fns=${0% 0}
if [[ "$lineno_fns" != "-1" ]] ; then
lineno="${lineno} ${lineno_fns}"
fi
echo "${BASH_SOURCE[0]}: Function: ${fn} Line Number : [${lineno}] Failed with status ${exitstatus}: $msg"
}
trap 'handle_failure "${BASH_LINENO[*]}" "$LINENO" "${FUNCNAME[*]:-script}" "$?" "$BASH_COMMAND"' ERR
export DL_ROOT
DL_ROOT="https://dl.knownelement.com/KNEL/FetchApply/"
# Material herein Sourced from
# https://cisofy.com/documentation/lynis/
# https://jbcsec.com/configure-linux-ssh/
# https://opensource.com/article/20/5/linux-security-lynis
# https://forum.greenbone.net/t/ssh-authentication/13536
# openvas
#lynis
#Auditd
curl --silent ${DL_ROOT}/ConfigFiles/AudidD/auditd.conf > /etc/audit/auditd.conf
# Systemd
curl --silent ${DL_ROOT}/ConfigFiles/Systemd/journald.conf > /etc/systemd/journald.conf
# logrotate
curl --silent ${DL_ROOT}/ConfigFiles/Logrotate/logrotate.conf > /etc/logrotate.conf

3
ProjectCode/Modules/Security/secharden-auto-upgrade.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/bash
# Sourced from https://wiki.debian.org/UnattendedUpgrades

133
ProjectCode/Modules/Security/secharden-scap-stig.sh Normal file
View File

@ -0,0 +1,133 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
set -o functrace
export PS4='(${BASH_SOURCE}:${LINENO}): - [${SHLVL},${BASH_SUBSHELL},$?] $ '
function error_out()
{
echo "Bailing out. See above for reason...."
exit 1
}
function handle_failure() {
local lineno=$1
local fn=$2
local exitstatus=$3
local msg=$4
local lineno_fns=${0% 0}
if [[ "$lineno_fns" != "-1" ]] ; then
lineno="${lineno} ${lineno_fns}"
fi
echo "${BASH_SOURCE[0]}: Function: ${fn} Line Number : [${lineno}] Failed with status ${exitstatus}: $msg"
}
trap 'handle_failure "${BASH_LINENO[*]}" "$LINENO" "${FUNCNAME[*]:-script}" "$?" "$BASH_COMMAND"' ERR
function pi-detect()
{
echo Now running "$FUNCNAME"....
if [ -f /sys/firmware/devicetree/base/model ] ; then
export IS_RASPI="1"
fi
if [ ! -f /sys/firmware/devicetree/base/model ] ; then
export IS_RASPI="0"
fi
echo Completed running "$FUNCNAME"
}
# Actual script logic starts here
export DL_ROOT
DL_ROOT="https://dl.knownelement.com/KNEL/FetchApply/"
# Sourced from
# https://complianceascode.readthedocs.io/en/latest/manual/developer/01_introduction.html
# https://github.com/ComplianceAsCode/content
# https://github.com/ComplianceAsCode
#apparmor
#enforcing
#enabled in bootloader config
#aide
#auditd
#disable auto mounting
#disable usb storage
#motd
#remote login warning banner
#Ensure time sync is working
#systemd-timesync
#ntp
#chrony
#password complexity
#password expiration warning
#password expiration time
#password hashing algo
#fix grub perms
if [ "$IS_RASPI" = 0 ] ; then
chown root:root /boot/grub/grub.cfg
chmod og-rwx /boot/grub/grub.cfg
chmod 0400 /boot/grub/grub.cfg
fi
#disable auto mounting
systemctl --now disable autofs || true
apt purge autofs || true
#disable usb storage
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/usb_storage.conf > /etc/modprobe.d/usb_storage.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/dccp.conf > /etc/modprobe.d/dccp.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/rds.conf > /etc/modprobe.d/rds.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/sctp.conf > /etc/modprobe.d/sctp.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/tipc.conf > /etc/modprobe.d/tipc.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/cramfs.conf > /etc/modprobe.d/cramfs.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/freevxfs.conf > /etc/modprobe.d/freevxfs.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/hfs.conf > /etc/modprobe.d/hfs.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/hfsplus.conf > /etc/modprobe.d/hfsplus.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/jffs2.conf > /etc/modprobe.d/jffs2.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/squashfs.conf > /etc/modprobe.d/squashfs.conf
curl --silent ${DL_ROOT}/ConfigFiles/ModProbe/udf.conf > /etc/modprobe.d/udf.conf
#banners
curl --silent ${DL_ROOT}/ConfigFiles/BANNERS/issue > /etc/issue
curl --silent ${DL_ROOT}/ConfigFiles/BANNERS/issue.net > /etc/issue.net
curl --silent ${DL_ROOT}/ConfigFiles/BANNERS/motd > /etc/motd
#Cron perms
rm /etc/cron.deny || true
touch /etc/cron.allow
chmod g-wx,o-rwx /etc/cron.allow
chown root:root /etc/cron.allow
chmod og-rwx /etc/crontab
chmod og-rwx /etc/cron.hourly/
chmod og-rwx /etc/cron.daily/
chmod og-rwx /etc/cron.weekly/
chmod og-rwx /etc/cron.monthly/
chown root:root /etc/cron.d/
chmod og-rwx /etc/cron.d/
# At perms
rm -f /etc/at.deny || true
touch /etc/at.allow
chmod g-wx,o-rwx /etc/at.allow
chown root:root /etc/at.allow

13
ProjectCode/Modules/Security/secharden-ssh.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
curl --silent ${DL_ROOT}/ConfigFiles/SSH/Configs/tsys-sshd-config > /etc/ssh/sshd_config
curl --silent ${DL_ROOT}/ConfigFiles/SSH/Configs/ssh-audit_hardening.conf > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
# Perms on sshd_config
chmod og-rwx /etc/ssh/sshd_config
chmod og-rwx /etc/ssh/sshd_config.d/*
#todo
# root login disabled
# only strong mAC algos are used

27
ProjectCode/Modules/Security/secharden-wazuh.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
# We don't want to run this on the wazuh server, otherwise bad things happen...
export TSYS_NSM_CHECK
TSYS_NSM_CHECK="$(hostname |grep -c tsys-nsm ||true)"
if [ "$TSYS_NSM_CHECK" -eq 0 ]; then
if [ -f /usr/share/keyrings/wazuh.gpg ]; then
rm -f /usr/share/keyrings/wazuh.gpg
fi
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import
chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list
apt-get update
WAZUH_MANAGER="tsys-nsm.knel.net" apt-get -y install wazuh-agent
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
echo "wazuh-agent hold" | dpkg --set-selections
fi

522
ProjectCode/SetupNewSystem.sh Normal file
View File

@ -0,0 +1,522 @@
#!/usr/bin/bash
export CURRENT_TIMESTAMP
CURRENT_TIMESTAMP="$(date +%A-%Y-%m-%d-%T)"
export LOGFILENAME
LOGFILENAME="SetupNewSystem.${CURRENT_TIMESTAMP}.$$"
# Standard strict mode and error handling boilderplate...
set -o errexit
set -o nounset
set -o pipefail
set -o functrace
export PS4='(${BASH_SOURCE}:${LINENO}): - [${SHLVL},${BASH_SUBSHELL},$?] $ '
function print_info()
{
GREEN='\033[0;32m'
NC='\033[0m'
tput bold
echo -e "$GREEN $1${NC}"
echo -e "$GREEN $1${NC}" >> "$LOGFILENAME"
tput sgr0
}
function print_error()
{
RED='\033[0;31m'
NC='\033[0m'
tput bold
echo -e "$RED $1${NC}"
echo "$1"
echo -e "$RED $1${NC}" >> "$LOGFILENAME"
tput sgr0
}
log_info_message() {
local message="$1"
local logfile="/var/log/my_script.log" # Define your log file path
echo "$message" | tee -a "$logfile"
}
function error_out()
{
print_error "$1"
print_error "Bailing out. See above for reason...."
exit 1
}
function handle_failure() {
local lineno=$1
local fn=$2
local exitstatus=$3
local msg=$4
local lineno_fns=${0% 0}
if [[ "$lineno_fns" != "-1" ]] ; then
lineno="${lineno} ${lineno_fns}"
fi
echo "${BASH_SOURCE[0]}: Function: ${fn} Line Number : [${lineno}] Failed with status ${exitstatus}: $msg"
}
trap 'handle_failure "${BASH_LINENO[*]}" "$LINENO" "${FUNCNAME[*]:-script}" "$?" "$BASH_COMMAND"' ERR
function PreflightCheck()
{
export curr_user="$USER"
export user_check
user_check="$(echo "$curr_user" | grep -c root)"
if [ $user_check -ne 1 ]; then
print_error "Must run as root."
error_out
fi
print_info "All checks passed...."
}
# Start actual script logic here...
#################
#Global variables
#################
export IS_PHYSICAL_HOST
IS_PHYSICAL_HOST="$(dmidecode -t System|grep -c Dell ||true)"
export SUBODEV_CHECK
SUBODEV_CHECK="$(getent passwd|grep -c subodev || true)"
export LOCALUSER_CHECK
LOCALUSER_CHECK="$(getent passwd|grep -c localuser || true)"
export DL_ROOT
DL_ROOT="https://dl.knownelement.com/KNEL/FetchApply/"
#######################
# Support functions
#######################
function pi-detect()
{
print_info "Now running "$FUNCNAME"...."
if [ -f /sys/firmware/devicetree/base/model ] ; then
export IS_RASPI="1"
fi
if [ ! -f /sys/firmware/devicetree/base/model ] ; then
export IS_RASPI="0"
fi
print_info "Now completed running "$FUNCNAME"...."
}
function global-oam()
{
print_info "Now running "$FUNCNAME"...."
curl --silent ${DL_ROOT}/scripts/distro > /usr/local/bin/distro && chmod +x /usr/local/bin/distro
curl --silent ${DL_ROOT}/scripts/up2date.sh > /usr/local/bin/up2date.sh && chmod +x /usr/local/bin/up2date.sh
print_info "Setting up librenms agent..."
if [ ! -d /usr/local/librenms-agent ]; then
mkdir -p /usr/local/librenms-agent
fi
curl --silent ${DL_ROOT}/Agents/librenms/ntp-client.sh > /usr/local/librenms-agent/ntp-client.sh
curl --silent ${DL_ROOT}/Agents/librenms/ntp-server.sh > /usr/local/librenms-agent/ntp-server.sh
curl --silent ${DL_ROOT}/Agents/librenms/os-updates.sh > /usr/local/librenms-agent/os-updates.sh
curl --silent ${DL_ROOT}/Agents/librenms/postfixdetailed.sh > /usr/local/librenms-agent/postfixdetailed.sh
curl --silent ${DL_ROOT}/Agents/librenms/postfix-queues.sh > /usr/local/librenms-agent/postfixdetailed.sh
curl --silent ${DL_ROOT}/Agents/librenms/smart > /usr/local/librenms-agent/smart
curl --silent ${DL_ROOT}/Agents/librenms/smart.config > /usr/local/librenms-agent/smart.config
print_info "Completed running "$FUNCNAME""
}
function global-systemServiceConfigurationFiles()
{
print_info "Now running "$FUNCNAME"...."
curl --silent ${DL_ROOT}/ConfigFiles/ZSH/tsys-zshrc > /etc/zshrc
curl --silent ${DL_ROOT}/ConfigFiles/SMTP/aliases > /etc/aliases
curl --silent ${DL_ROOT}/ConfigFiles/Syslog/rsyslog.conf > /etc/rsyslog.conf
export ROOT_SSH_DIR="/root/.ssh"
export LOCALUSER_SSH_DIR="/home/localuser/.ssh"
export SUBODEV_SSH_DIR="/home/subodev/.ssh"
if [ ! -d $ROOT_SSH_DIR ]; then
mkdir /root/.ssh/
fi
curl --silent ${DL_ROOT}/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys > /root/.ssh/authorized_keys
chmod 400 /root/.ssh/authorized_keys
chown root: /root/.ssh/authorized_keys
if [ "$LOCALUSER_CHECK" -gt 0 ]; then
if [ ! -d $LOCALUSER_SSH_DIR ]; then
mkdir -p /home/localuser/.ssh/
fi
curl --silent ${DL_ROOT}/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \
&& chown localuser /home/localuser/.ssh/authorized_keys \
&& chmod 400 /home/localuser/.ssh/authorized_keys
fi
if [ "$SUBODEV_CHECK" = 1 ]; then
if [ ! -d $SUBODEV_SSH_DIR ]; then
mkdir /home/subodev/.ssh/
fi
curl --silent ${DL_ROOT}/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \
&& chmod 400 /home/subodev/.ssh/authorized_keys \
&& chown subodev: /home/subodev/.ssh/authorized_keys
fi
newaliases
print_info "Completed running "$FUNCNAME""
}
function global-installPackages()
{
print_info "Now running "$FUNCNAME"...."
# Setup webmin repo, used for RBAC/2fa PAM
curl https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh > /tmp/webmin-setup.sh
sh /tmp/webmin-setup.sh -f && rm -f /tmp/webmin-setup.sh
# Setup lynis repo, used for sec ops/compliance
if [ -f /etc/apt/trusted.gpg.d/cisofy-software-public.gpg ]; then
rm -f /etc/apt/trusted.gpg.d/cisofy-software-public.gpg
fi
curl -fsSL https://packages.cisofy.com/keys/cisofy-software-public.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/cisofy-software-public.gpg
echo "deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/cisofy-software-public.gpg] https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
# Setup tailscale
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
#
#Patch the system
#
/usr/local/bin/up2date.sh
#Remove stuff we don't want
apt-get --yes --purge remove systemd-timesyncd chrony telnet inetutils-telnet
#export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes -o Dpkg::Options::="--force-confold" --purge remove nano
# add stuff we want
print_info ""Now installing all the packages...""
DEBIAN_FRONTEND="noninteractive" apt-get -qq --yes -o Dpkg::Options::="--force-confold" install \
virt-what \
auditd \
audispd-plugins \
aide \
htop \
dstat \
snmpd \
ncdu \
iftop \
acct \
nethogs \
sysstat \
ngrep \
lsb-release \
screen \
tailscale \
tmux \
vim \
command-not-found \
lldpd \
net-tools \
dos2unix \
gpg \
molly-guard \
lshw \
fzf \
ripgrep \
sudo \
mailutils \
clamav \
sl \
rsyslog \
logwatch \
git \
net-tools \
tshark \
tcpdump \
lynis \
glances \
zsh \
zsh-autosuggestions \
zsh-syntax-highlighting \
fonts-powerline \
webmin \
usermin \
iotop \
tuned \
cockpit \
iptables \
netfilter-persistent \
iptables-persistent \
postfix
export KALI_CHECK
KALI_CHECK="$(distro |grep -c kali ||true)"
if [ "$KALI_CHECK" = 0 ]; then
export DEBIAN_FRONTEND="noninteractive" ; apt-get -qq --yes -o Dpkg::Options::="--force-confold" install \
ntpdate \
ntp
fi
if [ "$KALI_CHECK" = 1 ]; then
export DEBIAN_FRONTEND="noninteractive" ; apt-get -qq --yes -o Dpkg::Options::="--force-confold" install \
ntpsec-ntpdate \
ntpsec
fi
export VIRT_TYPE
VIRT_TYPE="$(virt-what)"
export IS_VIRT_GUEST
IS_VIRT_GUEST="$(echo "$VIRT_TYPE"|egrep -c 'hyperv|kvm' ||true )"
export IS_KVM_GUEST
IS_KVM_GUEST="$(echo "$VIRT_TYPE"|grep -c 'kvm' || true)"
if [[ $IS_KVM_GUEST = 1 ]]; then
apt -y install qemu-guest-agent
fi
if [[ $IS_PHYSICAL_HOST -gt 0 ]]; then
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes -o Dpkg::Options::="--force-confold" install \
i7z \
thermald \
cpufrequtils \
linux-cpupower
# power-profiles-daemon
fi
print_info "Completed running "$FUNCNAME""
}
function global-postPackageConfiguration()
{
print_info "Now running "$FUNCNAME""
systemctl --now enable auditd
systemctl stop postfix
curl --silent ${DL_ROOT}/ConfigFiles/SMTP/postfix_generic> /etc/postfix/generic
postmap /etc/postfix/generic
postconf -e "inet_protocols = ipv4"
postconf -e "inet_interfaces = 127.0.0.1"
postconf -e "mydestination= 127.0.0.1"
postconf -e "relayhost = tsys-cloudron.knel.net"
postconf -e "smtp_generic_maps = hash:/etc/postfix/generic"
# smtp_generic_maps = hash:/etc/postfix/generic
systemctl restart postfix
#This is under test/dev and may fail
echo "hi from root to root" | mail -s "hi directly to root from $(hostname)" root
chsh -s $(which zsh) root
if [ "$LOCALUSER_CHECK" -gt 0 ]; then
chsh -s "$(which zsh)" localuser
fi
if [ "$SUBODEV_CHECK" -gt 0 ]; then
chsh -s "$(which zsh)" subodev
fi
###Post package deployment bits
curl --silent ${DL_ROOT}/ConfigFiles/DHCP/dhclient.conf > /etc/dhcp/dhclient.conf
systemctl stop snmpd && /etc/init.d/snmpd stop
curl --silent ${DL_ROOT}/ConfigFiles/SNMP/snmp-sudo.conf > /etc/sudoers.d/Debian-snmp
sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
pi-detect
if [ "$IS_RASPI" = 1 ] ; then
curl --silent ${DL_ROOT}/ConfigFiles/SNMP/snmpd-rpi.conf > /etc/snmp/snmpd.conf
fi
if [ "$IS_PHYSICAL_HOST" = 1 ] ; then
curl --silent ${DL_ROOT}/ConfigFiles/SNMP/snmpd-physicalhost.conf > /etc/snmp/snmpd.conf
fi
if [ "$IS_VIRT_GUEST" = 1 ] ; then
curl --silent ${DL_ROOT}/ConfigFiles/SNMP/snmpd.conf > /etc/snmp/snmpd.conf
fi
systemctl daemon-reload && systemctl restart snmpd && /etc/init.d/snmpd restart
systemctl stop rsyslog
systemctl start rsyslog
if [ "$KALI_CHECK" = 0 ]; then
curl --silent ${DL_ROOT}/ConfigFiles/NTP/ntp.conf > /etc/ntp.conf
systemctl restart ntp
fi
if [ "$KALI_CHECK" = 1 ]; then
curl --silent ${DL_ROOT}/ConfigFiles/NTP/ntp.conf > /etc/ntpsec/ntp.conf
systemctl restart ntpsec.service
fi
systemctl stop postfix
systemctl start postfix
/usr/sbin/accton on
if [ "$IS_PHYSICAL_HOST" -gt 0 ]; then
cpufreq-set -r -g performance
cpupower frequency-set --governor performance
# Potentially merge the below if needed.
# power-profiles-daemon
# powerprofilesctl set performance
#tsys1# systemctl enable power-profiles-daemon
#tsys1# systemctl start power-profiles-daemon
fi
if [ "$IS_VIRT_GUEST" = 1 ]; then
tuned-adm profile virtual-guest
fi
print_info "Completed running "$FUNCNAME""
}
####################################################################################################
# Run various modules
####################################################################################################
####################################################################################################
# Security Hardening
####################################################################################################
# SSH
function secharden-ssh()
{
print_info "Now running "$FUNCNAME""
curl --silent ${DL_ROOT}/Modules/Security/secharden-ssh.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
function secharden-wazuh()
{
print_info "Now running "$FUNCNAME""
curl --silent ${DL_ROOT}/Modules/Security/secharden-wazuh.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
function secharden-auto-upgrades()
{
print_info "Now running "$FUNCNAME""
#curl --silent ${DL_ROOT}/Modules/Security/secharden-ssh.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
function secharden-2fa()
{
print_info "Now running "$FUNCNAME""
#curl --silent ${DL_ROOT}/Modules/Security/secharden-2fa.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
function secharden-agents()
{
print_info "Now running "$FUNCNAME""
#curl --silent ${DL_ROOT}/Modules/Security/secharden-audit-agents.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
function secharden-scap-stig()
{
print_info "Now running "$FUNCNAME""
curl --silent ${DL_ROOT}/Modules/Security/secharden-scap-stig.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
####################################################################################################
# Authentication
####################################################################################################
function auth-cloudron-ldap()
{
print_info "Now running "$FUNCNAME""
#curl --silent ${DL_ROOT}/Modules/Auth/auth-cloudron-ldap.sh|$(which bash)
print_info "Completed running "$FUNCNAME""
}
####################################################################################################
# RUn the various functions in the correct order
####################################################################################################
echo > $LOGFILENAME
print_info "Execution starting at $CURRENT_TIMESTAMP..."
PreflightCheck
global-oam
global-installPackages
global-systemServiceConfigurationFiles
global-postPackageConfiguration
secharden-ssh
secharden-wazuh
secharden-scap-stig
#secharden-agents
#secharden-auto-upgrades
#secharden-2fa
#auth-cloudron-ldap
print_info "Execution ended at $CURRENT_TIMESTAMP..."

4
ProjectCode/legacy/profiled-tmux.sh Normal file
View File

@ -0,0 +1,4 @@
if command -v tmux &> /dev/null && [ -n "$PS1" ] && [[ ! "$TERM" =~ screen ]] && [[ ! "$TERM" =~ tmux ]] && [ -z "$TMUX" ]; then
tmux a -t default || exec tmux new -s default && exit;
fi

1
ProjectCode/legacy/profiled-tsys-shell.sh Normal file
View File

@ -0,0 +1 @@
export HISTTIMEFORMAT="%m/%d/%Y %T "

9
ProjectCode/legacy/prox7.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
rm -f /etc/apt/sources.list.d/*
echo "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
wget http://download.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
apt update && apt -y full-upgrade
apt-get -y install ifupdown2 ipmitool ethtool net-tools lshw
#curl -s http://dl.turnsys.net/newSrv.sh|/bin/bash

114
ProjectCode/scripts/distro Normal file
View File

@ -0,0 +1,114 @@
#!/usr/bin/env bash
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
OS=`uname -s`
REV=`uname -r`
MACH=`uname -m`
if [ "${OS}" = "SunOS" ] ; then
OS=Solaris
ARCH=`uname -p`
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
elif [ "${OS}" = "AIX" ] ; then
OSSTR="${OS} `oslevel` (`oslevel -r`)"
elif [ "${OS}" = "Linux" ] ; then
KERNEL=`uname -r`
if [ -f /etc/fedora-release ]; then
DIST=$(cat /etc/fedora-release | awk '{print $1}')
REV=`cat /etc/fedora-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/redhat-release ] ; then
DIST=$(cat /etc/redhat-release | awk '{print $1}')
if [ "${DIST}" = "CentOS" ]; then
DIST="CentOS"
elif [ "${DIST}" = "Mandriva" ]; then
DIST="Mandriva"
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/oracle-release ]; then
DIST="Oracle"
else
DIST="RedHat"
fi
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/mandrake-release ] ; then
DIST='Mandrake'
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/devuan_version ] ; then
DIST="Devuan `cat /etc/devuan_version`"
REV=""
elif [ -f /etc/debian_version ] ; then
DIST="Debian `cat /etc/debian_version`"
REV=""
ID=`lsb_release -i | awk -F ':' '{print $2}' | sed 's/ //g'`
if [ "${ID}" = "Raspbian" ] ; then
DIST="Raspbian `cat /etc/debian_version`"
fi
elif [ -f /etc/gentoo-release ] ; then
DIST="Gentoo"
REV=$(tr -d '[[:alpha:]]' </etc/gentoo-release | tr -d " ")
elif [ -f /etc/arch-release ] ; then
DIST="Arch Linux"
REV="" # Omit version since Arch Linux uses rolling releases
IGNORE_LSB=1 # /etc/lsb-release would overwrite $REV with "rolling"
elif [ -f /etc/os-release ] ; then
DIST=$(grep '^NAME=' /etc/os-release | cut -d= -f2- | tr -d '"')
REV=$(grep '^VERSION_ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
elif [ -f /etc/openwrt_version ] ; then
DIST="OpenWrt"
REV=$(cat /etc/openwrt_version)
elif [ -f /etc/pld-release ] ; then
DIST=$(cat /etc/pld-release)
REV=""
elif [ -f /etc/SuSE-release ] ; then
DIST=$(echo SLES $(grep VERSION /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
REV=$(echo SP$(grep PATCHLEVEL /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
fi
if [ -f /etc/lsb-release -a "${IGNORE_LSB}" != 1 ] ; then
LSB_DIST=$(lsb_release -si)
LSB_REV=$(lsb_release -sr)
if [ "$LSB_DIST" != "" ] ; then
DIST=$LSB_DIST
fi
if [ "$LSB_REV" != "" ] ; then
REV=$LSB_REV
fi
fi
if [ "`uname -a | awk '{print $(NF)}'`" = "DD-WRT" ] ; then
DIST="dd-wrt"
fi
if [ -n "${REV}" ]
then
OSSTR="${DIST} ${REV}"
else
OSSTR="${DIST}"
fi
elif [ "${OS}" = "Darwin" ] ; then
if [ -f /usr/bin/sw_vers ] ; then
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
fi
elif [ "${OS}" = "FreeBSD" ] ; then
OSSTR=`/usr/bin/uname -mior`
fi
echo ${OSSTR}

16
ProjectCode/scripts/up2date.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
echo "Running apt-get update"
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes update
echo "Running apt-get dist-upgrade"
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes dist-upgrade
echo "Running apt-get upgrade"
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes upgrade
echo "Running apt-get purge"
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --purge autoremove --yes
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq autoclean --yes