reachableceo/ReachableCEO-ShellScriptPortfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

and the rest of it...

Browse Source
This commit is contained in:
Charles N Wyble 2024-12-11 13:03:15 -06:00
parent c2b1b821f7
commit f759149c11
26 changed files with 9767 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Set_User.xml Normal file
View File

@ -0,0 +1,29 @@
<!-- file used for configuring admin privileges with hponcfg -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="secretcred"/>
<ADMIN_PRIV value="Yes"/>
<REMOTE_CONS_PRIV value="Yes"/>
<RESET_SERVER_PRIV value="Yes"/>
<VIRTUAL_MEDIA_PRIV value="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
<!-- Firmware support infomation for next 6 tags: -->
<!-- iLO 2 - None. -->
<!-- iLO - Version earlier than 1.40. -->
<!-- RILOE II - None. -->
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
<!-- <EMS_PRIV value="Yes"/> -->
<!-- <UPDATE_ILO_PRIV value="No"/> -->
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
<!-- <DIAG_PRIV value="Yes"/> -->
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

29
commandWrapSafe Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
#Wrapper for various items which play traffic.
#tcpreplay,tomahawk,isic suite
#Check for presence of eth0 in passed arguments and abort/alert
OPTIONS="$@"
function ABORT()
{
#red bg 0;41
#white text 1;37
chmod 400 $0.real
chmod 400 $0
MESSAGE="You have attempted to execute an action which will result in harm to the system. The system is now terminating all shell sessions on this host and alerting support personnel. You will lose any unsaved work."
echo -e "\e[0;41m$MESSAGE\e[1;37"
mailsend -q -smtp RELAYHOST -t PAGEREMAIL -f ALERTFROMEMAIL -sub "$0 using eth0 activity on $(hostname)" -M "$(hostname) attempted to play traffic using $0 out of eth0 at $(date)."
killall -g -9 bash
}
ETH0_CHECK=$(echo $OPTIONS | grep eth0 -c)
if [ $ETH0_CHECK -gt 0 ];
then
ABORT
fi
#If all checks pass, go ahead and execute the invoking program
$0.real $OPTIONS

141
config-iLO Normal file
View File

@ -0,0 +1,141 @@
#!/bin/bash
#Script for configuring iLO - modified version, works with hponcfg-4.2.0-0.i386.rpm
#set -x
function configure-ilo()
{
echo "Now running $FUNCNAME...."
#Install hponcfg
#yum install -y hponcfg
#Reset to factory defaults (just in case)
hponcfg -r
#Dynamic values for the generated XML
ILONAME="$(hostname -s)-iLO"
ILOIP="$(dig -x @DNS_SERVER_IP $ILONAME.$TLD +short)"
#VLAN verification and configuration
case $ILOIP in
172.16.10*.*)
GATEWAY=172.16.103.254
NETMASK=255.255.252.0
ENABLEV=Y
VLAN=101
;;
172.16.11*.*)
GATEWAY=172.16.115.254
NETMASK=255.255.252.0
ENABLEV=Y
VLAN=112
;;
172.17.1.*)
GATEWAY=0.0.0.0
NETMASK=255.255.252.0
ENABLEV=N
VLAN=243
;;
172.17.2.*)
GATEWAY=0.0.0.0
NETMASK=255.255.252.0
ENABLEV=N
VLAN=243
;;
esac
#Build xml config file for ILO
cat > /tmp/ilo.dat <<ENDILO
<!-- HPONCFG VERSION = "1.9" -->
<!-- Generated 1/31/2013 16:8:49 -->
<RIBCL VERSION="2.1">
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
<DIR_INFO MODE="write">
<MOD_DIR_CONFIG>
<DIR_AUTHENTICATION_ENABLED VALUE = "No"/>
<DIR_LOCAL_USER_ACCT VALUE = "Y"/>
<DIR_SERVER_ADDRESS VALUE = ""/>
<DIR_SERVER_PORT VALUE = "636"/>
<DIR_OBJECT_DN VALUE = ""/>
<DIR_OBJECT_PASSWORD VALUE = ""/>
<DIR_USER_CONTEXT_1 VALUE = ""/>
<DIR_USER_CONTEXT_2 VALUE = ""/>
<DIR_USER_CONTEXT_3 VALUE = ""/>
</MOD_DIR_CONFIG>
</DIR_INFO>
<RIB_INFO MODE="write">
<MOD_NETWORK_SETTINGS>
<DHCP_ENABLE VALUE = "No"/>
<SPEED_AUTOSELECT VALUE = "Yes"/>
<NIC_SPEED VALUE = "10"/>
<FULL_DUPLEX VALUE = "Y"/>
<IP_ADDRESS VALUE = "$ILOIP"/>
<SUBNET_MASK VALUE = "$NETMASK"/>
<GATEWAY_IP_ADDRESS VALUE = "$GATEWAY"/>
<DNS_NAME VALUE = "$ILONAME"/>
<PRIM_DNS_SERVER value = "10.207.12.78"/>
<DOMAIN_NAME VALUE = "tplab.tippingpoint.com"/>
<DHCP_GATEWAY VALUE = "No"/>
<DHCP_DNS_SERVER VALUE = "No"/>
<DHCP_STATIC_ROUTE VALUE = "No"/>
<DHCP_WINS_SERVER VALUE = "No"/>
<REG_WINS_SERVER VALUE = "No"/>
<PRIM_WINS_SERVER VALUE = ""/>
<SHARED_NETWORK_PORT VALUE="Y"/>
<VLAN_ENABLED VALUE = "$ENABLEV"/>
<VLAN_ID VALUE = "$VLAN"/>
</MOD_NETWORK_SETTINGS>
<!-- iLO Advanced Activation -->
<LICENSE>
<ACTIVATE KEY="3GMPZW29YQP242466Q99355BM" />
</LICENSE>
</RIB_INFO>
<USER_INFO MODE="write">
<ADD_USER
USER_NAME="Guest"
USER_LOGIN="Guest"
PASSWORD="Wund3rB4r!!">
<ADMIN_PRIV value="Y"/>
<REMOTE_CONS_PRIV value="Y"/>
<RESET_SERVER_PRIV value="Y"/>
<VIRTUAL_MEDIA_PRIV value="Y"/>
<CONFIG_ILO_PRIV value="Y"/>
</ADD_USER>
</USER_INFO>
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="admin11=="/>
<ADMIN_PRIV value="N"/>
<REMOTE_CONS_PRIV value="Y"/>
<RESET_SERVER_PRIV value="Y"/>
<VIRTUAL_MEDIA_PRIV value="N"/>
<CONFIG_ILO_PRIV value="N"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply config to the ILO card
hponcfg -f /tmp/ilo.dat
echo "iLO configured on $ILONAME, IP: $ILOIP"
}
#configure-ilo
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo "Configuring iLo on $ILONAME at $(date)"
configure-ilo
}
main

23
disk_space/duc_automated.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Create index
time duc index / --fs-exclude=nfs
#Produce report
cd /root
TODAY="$(date +%m-%d)"
REPORT_FILENAME="$(hostname).$TODAY.png"
duc graph /
mv duc.png $REPORT_FILENAME
#Send report to central server
scp -i /root/.ssh/duc_rsa $REPORT_FILENAME duc_user@txn04-slack-master.tplab.tippingpoint.com:/var/www/html/space/

45
disk_space/install_duc.sh Normal file
View File

@ -0,0 +1,45 @@
#!/bin/bash
#A script to install duc onto any KNEL managed system
duc-install()
{
echo "Installing duc..."
wget --quiet https://github.com/zevv/duc/releases/download/1.4.1/duc-1.4.1.tar.gz -O /tmp/duc.tar.gz
cd /tmp
tar xfz duc.tar.gz
cd duc-1.4.1
./configure
make
make install
cd /tmp
rm -rvf duc-1.4.1
rm -rvf duc.tar.gz
echo "Installed duc"
}
main-ubuntu()
{
apt-get install -y tokyocabinet-bin libncursesw5-dev libcairo2-dev libpango1.0-dev build-essential libtokyocabinet-dev
duc-install
}
main-centos()
{
yum -y install pango-devel cairo-devel tokyocabinet-devel gcc ncurses-devel
duc-install
}
#######################################################################################################################################################
#Step 1: Figure out what distro we are, call the appropriate function which begins execution
#######################################################################################################################################################
wget --quiet https://dl.turnsys.com/bootstrap/bin/distro -O /usr/bin/distro
chmod +x /usr/bin/distro
DISTRO_TYPE="$(distro |awk -F '|' '{print $4}'|tr '[:upper:]' '[:lower:]')"
if [ $DISTRO_TYPE = "ubuntu" ] ; then main-ubuntu ; fi
if [ $DISTRO_TYPE = "centos" ] ; then main-centos ; fi

8
generateComprehensiveInventory.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
#A script to generate a comprehensive list of responsive hosts
OUTPUT_FILE="/tmp/network-scan"
for subnet in $(cat ../input/SubnetList); do
zmap -M icmp_echoscan -o $OUTPUT_FILE $subnet
done

99
iLO-admin-priv Normal file
View File

@ -0,0 +1,99 @@
#!/bin/bash
#Standalone script for setting Administrator Privileges
#set -x
#Checks to see if the server is a HP
function server-check()
{
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
if [ $SERVER_TYPE -eq 0 ]; then
echo This is not a HP server, exiting.
exit
fi
if [ $SERVER_TYPE -eq 1 ]; then
echo Server is a HP, checking admin privileges
#yum install -y hponcfg
ilo-check
fi
}
#Checks the status of iLO on the server
function ilo-check()
{
#Generates the XML file for checking iLO
cat > /tmp/ilo.check << ENDCHECK
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="read">
<GET_USER USER_LOGIN="Administrator"/>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDCHECK
#iLO Status variable
ILOSTATUS="$(hponcfg -f /tmp/ilo.check | grep ADMIN_PRIV |grep -i y -c)"
if [ $ILOSTATUS -eq 0 ]; then
echo Administrator does not have admin privileges. Enabling...
configure-ilo
fi
if [ $ILOSTATUS -eq 1 ]; then
echo Administrator has admin privileges, exiting
fi
}
function configure-ilo()
{
#Build xml config file for ILO
cat > /tmp/ilo.dat <<ENDILO
<!-- HPONCFG VERSION = "1.9" -->
<!-- Generated 1/31/2013 16:8:49 -->
<RIBCL VERSION="2.1">
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="admin11=="/>
<ADMIN_PRIV value="Yes"/>
<REMOTE_CONS_PRIV value="Yes"/>
<RESET_SERVER_PRIV value="Yes"/>
<VIRTUAL_MEDIA_PRIV value="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
<!-- Firmware support infomation for next 6 tags: -->
<!-- iLO 2 - None. -->
<!-- iLO - Version earlier than 1.40. -->
<!-- RILOE II - None. -->
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
<!-- <EMS_PRIV value="Yes"/> -->
<!-- <UPDATE_ILO_PRIV value="No"/> -->
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
<!-- <DIAG_PRIV value="Yes"/> -->
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply config to the iLO card
hponcfg -f /tmp/ilo.dat
echo "Admin Privileges enabled on $(hostname)"
}
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo "iLO Admin Privilege checker initiated on $(hostname) at $(date)"
server-check
}
main

71
ilo-password-changer Normal file
View File

@ -0,0 +1,71 @@
#This is a test change
#!/bin/bash
#iLO Password Updater script
#set -x
function iLO-password-updater()
{
#Build xml config file for ILO
cat << ENDILO > /tmp/ilo.pass
<!-- RIBCL Sample Script for HP Lights-Out Products -->
<!--Copyright (c) 2003,2008 Hewlett-Packard Development Company, L.P.-->
<!-- Description: This is a sample XML script to change a user's -->
<!-- password in the database of local users on -->
<!-- following devices: -->
<!-- Integrated Lights-Out 2 (iLO 2) -->
<!-- Integrated Lights-Out (iLO) -->
<!-- Remote Insight Lights-Out Edition II (RILOE II) -->
<!-- NOTE: You will need to replace the values inside the quote -->
<!-- marks with values that are appropriate for your -->
<!-- environment. -->
<!-- Use CPQLOCFG.EXE ver 2.26 or greater with this script -->
<!-- This script was written for iLO 2 firmware version 1.30. -->
<!-- release. -->
<!-- See "HP Integrated Lights-Out Management Processor -->
<!-- Scripting and Command Line Resource Guide" for more -->
<!-- information on scripting and the syntax of the RIBCL -->
<!-- XML. -->
<!-- Firmware support infomation for this script: -->
<!-- iLO 2 - All versions. -->
<!-- iLO - All versions. -->
<!-- RILOE II - All versions. -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="secretcred"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply new password to the iLO card
hponcfg -f /tmp/ilo.pass
echo "iLO password changed on $(hostname)"
}
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo -e "iLO password changer initiated on $(hostname) at $(date)\n"
iLO-password-updater
}
main

30
iloFwUp Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#Checks to see if the server is a HP, exit if not
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
if [ $SERVER_TYPE -eq 0 ]; then
echo This is not a HP server, exiting.
exit
fi
#FWDLURL="https://dl.server.domain/fwdir"
#Upgrade ILO firmware to latest version as of 02/10/2015
hponcfg -g
VERSION=$(hponcfg -g|grep type|awk -F 'type' '{print $2}'|awk '{print $3}')
echo "Upgrading firmware...."
if [ $VERSION -eq "4" ]; then
curl --silent $FWDLURL/ilo/HPILO4 > /tmp/HPILO4
chmod +x /tmp/HPILO4
/tmp/HPILO4
fi
if [ $VERSION -eq "2" ]; then
curl --silent $FWDLURL/ilo/HPILO2 > /tmp/HPILO2
chmod +x /tmp/HPILO2
/tmp/HPILO2
fi

90
iloUpdater.sh Normal file
View File

@ -0,0 +1,90 @@
#!/bin/bash
#Standalone iLO updater script - Jason Mak 6/25/2018
#Defines the latest version of iLO
ilo2latest="2.33"
ilo4latest="2.61"
#Checks server type, only proceeds on HP servers
function server-check()
{
ISHP=$(dmidecode -t System | grep Manufacturer | grep HP -c)
ISDELL=$(dmidecode -t System | grep Manufacturer | grep Dell -c)
if [ $ISDELL -eq 1 ]; then
echo "Server is a Dell, exiting"
server-cleanup
exit
fi
if [ $ISHP -eq 1 ]; then
echo "Server is an HP, proceeding"
ilogeneration=$(hponcfg | grep -i "ilo" | awk -F= '{print $3}' | awk '{print $2}')
iloversionraw=$(hponcfg | grep -i "ilo" | awk -F= '{print $2}' | awk '{print $1}')
iloversion=${iloversionraw//.}
ilo-versioncheck
fi
}
#Checks iLO generation and version, updates as necessary
function ilo-versioncheck()
{
if [ $ilogeneration -eq "2" ]; then
if [ $(echo $iloversion -lt ${ilo2latest//.}) ]; then
echo "iLO2 firmware:" $iloversionraw "latest version is:" $ilo2latest "updating..."
wget http://172.16.99.121/iLO/ilo2_${ilo2latest//.}.bin -O /tmp/iloFW.bin
update-ilo
server-cleanup
else
echo "iLO 2 is up to date, exiting"
server-cleanup
exit
fi
fi
if [ $ilogeneration -eq "4" ]; then
if [ $(echo $iloversion -lt ${ilo4latest//.}) ]; then
echo "iLO4 firmware:" $iloversionraw "latest version is:" $ilo4latest "updating..."
wget http://172.16.99.121/iLO/ilo4_${ilo4latest//.}.bin -O /tmp/iloFW.bin
update-ilo
server-cleanup
else
echo "iLO 4 is up to date, exiting"
server-cleanup
exit
fi
fi
}
#xml file that performs the update
function update-ilo()
{
cat > /tmp/ilo_update.xml << EOF
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<RIB_INFO MODE="write">
<!-- Firmware support information for next tag: -->
<!-- iLO 2 - 1.70 and later. For servers with TPM enabled. -->
<!-- iLO - None -->
<!-- Riloe II - None -->
<TPM_ENABLED VALUE="Yes"/>
<UPDATE_RIB_FIRMWARE IMAGE_LOCATION="/tmp/iloFW.bin"/>
</RIB_INFO>
</LOGIN>
</RIBCL>
EOF
hponcfg -f /tmp/ilo_update.xml
}
#Clean-up
function server-cleanup()
{
rm -vf /tmp/iloFW.bin
rm -vf /tmp/ilo_update.xml
rm -vf /tmp/iloUpdater.sh
}
#Control logic
main ()
{
server-check
}
main

156
ldif/genUser.sh Normal file
View File

@ -0,0 +1,156 @@
#!/bin/bash
#A script to generate a LDIF file of random users and associated organizational units
#supports emitting ldif files for: Active Directory, eDirectory, OpenLDAP
################################################################################
#Change these variables as needed #
################################################################################
#Number of users to generate
#Valid range is from 1 to 10,000
NUMUSERS="11"
#Type of directory server to generate ldif for
#Valid types (case sensitive):
#OPENLDAP
#ACTIVEDIRECTORY
#EDIRECTORY
DIRSERVERTYPE="OPENLDAP"
################################################################################
#!!!!!!!!!!!!!!!!!!!!DO NOT CHANGE ANYTHING BEYOND THIS LINE!!!!!!!!!!!!!!!!!!!#
################################################################################
USERCOUNTER="1"
NAMESOURCEFILE="./names.txt"
OUSOURCEFILE="./ou.txt"
OUTPUTFILE="bulkUserLoad-$DIRSERVERTYPE-$(date +%m%d%Y).ldif"
function ldifEmit-OpenLDAP()
#Code to emit an OpenLDAP compliant ldif
#Bits and bobs sourced from:
#
#
#
{
cat<<OpenLDAP >>$OUTPUTFILE
$FIRSTNAME
$LASTNAME
$OU
OpenLDAP
}
function ldifEmit-ActiveDirectory()
#Code to emit an Active Directory compliant ldif
#Bits and bobs sourced from:
#
#
#
{
echo "Emitting ActiveDirectory ldif..."
cat<<ActiveDirectory >>$OUTPUTFILE
$FIRSTNAME
$LASTNAME $OU
ActiveDirectory
ActiveDirectory
}
function ldifEmit-eDirectory()
#Code to emit an eDirectory compliant ldif
#Bits and bobs sourced from:
#
#
#
{
echo "Emitting eDirectory ldif..."
cat<<eDirectory >>$OUTPUTFILE
$FIRSTNAME $LASTNAME $OU
eDirectory
eDirectory
}
function main()
{
#Range / value check on user supplied variables
if [ $NUMUSERS -lt 1 -o $NUMUSERS -gt 50000 ]; then
echo "Number of users not correctly specified"
echo "Valid range is from 1 to 10,000"
echo "Exiting now...."
exit 1
fi
echo "Number of user range is ok..."
if [ -z $NUMUSERS ]; then
echo "Number of users not specified."
echo "A value of 1 to 10,000 must be specififed."
echo "Exiting now...."
exit 1
fi
if [ -z $DIRSERVERTYPE ]; then
echo "Directory server type not specified."
echo "Exiting now...."
exit 1
fi
rm -f $OUTPUTFILE
cat <<RUNNING
Generating LDIF file:
Formatted for $DIRSERVERTYPE with a user count of $NUMUSERS.
Output will be at $OUTPUTFILE
Please wait...
RUNNING
while [ $USERCOUNTER -le $NUMUSERS ]
do
#Get a random first/last name
NAMELINECOUNT=$(cat $NAMESOURCEFILE | wc -l)
NAMERANDNUM1=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
NAMERANDNUM2=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
NAME1=$(expr $NAMERANDNUM1 % $NAMELINECOUNT + 1)
NAME2=$(expr $NAMERANDNUM2 % $NAMELINECOUNT + 1)
FIRSTNAME=$(head -$NAME1 $NAMESOURCEFILE | tail -1)
LASTNAME=$(head -$NAME2 $NAMESOURCEFILE | tail -1)
#Get a random OU
OULINECOUNT=$(cat $OUSOURCEFILE | wc -l)
OURANDNUM=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
OUNUM=$(expr $OURANDNUM % $OULINECOUNT + 1)
OU=$(head -$OUNUM $OUSOURCEFILE | tail -1)
#Emit ldif
if [ $DIRSERVERTYPE = "OPENLDAP" ]; then
ldifEmit-OpenLDAP $FIRSTNAME $LASTNAME $OU
elif [ $DIRSERVERTYPE = "ACTIVEDIRECTORY" ]; then
ldifEmit-ActiveDirectory $FIRSTNAME $LASTNAME $OU
elif [ $DIRSERVERTYPE = "EDIRECTORY" ]; then
ldifEmit-eDirectory $FIRSTNAME $LASTNAME $OU
fi
#Increment counter
USERCOUNTER=$(( $USERCOUNTER + 1 ))
done
}
#Kick it all off
main

8727
ldif/names.txt Normal file
View File

File diff suppressed because it is too large Load Diff

11
ldif/ou.txt Normal file
View File

@ -0,0 +1,11 @@
Sales
Accounting
Finance
Support
Bizops
IT
SWDEV
Manufacturing
Backoffice
ESP

33
librenmsPollScripts/discoveryWrap.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
#Source common functions/variables
source /var/observium/CMDB/pollScripts/discoveryWrapControl
source /var/observium/CMDB/pollScripts/discoveryWrapCommon.sh
function discover()
#Perform discovery of hosts with pattern passed in via $1
{
logger "Performing discovery of node type: $1"
/var/observium/observium/discovery.php -h *$1*
if [ $? -ne 0 ]; then
error_out fatal "discovery.php run for $1 failed"
fi
}
function main()
#Main execution body
{
for arg in "${commandline_args[@]}"; do
preflight "$arg"
touch /tmp/discovery-$arg.lock
discover "$arg"
rm -f /tmp/discovery-$arg.lock
logger "Completed discovery."
done
}
#Kick it all off
commandline_args=("$@")
main

26
librenmsPollScripts/discoveryWrapCommon.sh Normal file
View File

@ -0,0 +1,26 @@
function error_out()
#Handle error conditions
#Takes two arguments:
#Error type (fatal,nonfatal)
#Error message
{
if [ $1 == "fatal" ]; then
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium discovery fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
exit 1
elif [ $1 == "nonfatal" ]; then
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium discovery non fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
fi
}
function preflight()
#Perform preflight checks for all scan types
{
logger "Performing preflight checks for discovery of node type: $1"
echo "Performing preflight checks for discovery of node type: $1"
if [ -f /tmp/discovery-$1.lock ]; then
error_out fatal "lock file /tmp/discovery-$1.lock exists. Bailing out."
fi
}

3
librenmsPollScripts/discoveryWrapControl Normal file
View File

@ -0,0 +1,3 @@
DATE=$(date +%m/%d/%Y-%H:%M)
ERROR_FROM=""
ERROR_TO=""

33
librenmsPollScripts/pollerWrap.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
#Source common functions/variables
source /var/observium/CMDB/pollScripts/pollerWrapControl
source /var/observium/CMDB/pollScripts/pollerWrapCommon.sh
function poller()
#Perform scan
{
logger "Performing polling of node type: $1"
/var/observium/observium/poller.php -h *$1*
if [ $? -ne 0 ]; then
error_out fatal "poller.php run for $1 failed"
fi
}
function main()
#Main execution body
{
for arg in "${commandline_args[@]}"; do
preflight "$arg"
touch /tmp/poll-$arg.lock
poller "$arg"
rm -f /tmp/poll-$arg.lock
logger "Completed polling."
done
}
#Kick it all off
commandline_args=("$@")
main

27
librenmsPollScripts/pollerWrapCommon.sh Normal file
View File

@ -0,0 +1,27 @@
function error_out()
#Handle error conditions
#Takes two arguments:
#Error type (fatal,nonfatal)
#Error message
{
if [ $1 == "fatal" ]; then
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium polling fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
exit 1
elif [ $1 == "nonfatal" ]; then
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium polling non fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
fi
}
function preflight()
#Perform preflight checks for all scan types
{
echo "Performing preflight checks for polling of: $1"
logger "Performing preflight checks for polling of: $1"
if [ -f /tmp/poll-$1.lock ]; then
error_out fatal "Poll lock file /tmp/poll-$1.lock exists."
fi
}

3
librenmsPollScripts/pollerWrapControl Normal file
View File

@ -0,0 +1,3 @@
DATE=$(date +%m/%d/%Y-%H:%M)
ERROR_FROM=""
ERROR_TO=""

41
makeIPAMUsr.sh Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
export AD_DOMAIN="test"
export DOMAIN_TLD="testco.tld"
export AD_QUERY_USERNAME="ldapquery"
export AD_QUERY_PASSWORD="Ldap01-^"
export AD_DC="testdc"
#-b "cn=users,dc=test,dc=testco,dc=tld" \
# Make these into the appropriate components of above string
export DCPART1=""
export DCPART2=""
export DCPART3=""
AD_DOMAIN_FQDN="$AD_DOMAIN.$DOMAIN_TLD"
DOMAIN_CONTROLLER_FQDN="$AD_DC.$AD_DOMAIN_FQDN"
for domain_user in $(cat $AD_DOMAIN-userlist);
do
ademail=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" mail|grep "mail\:" | awk -F ":" '{print $2}')
realname=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" name|grep "name\:" |awk -F ":" '{print $2}')
adname=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" uid|grep "uid\:" |awk -F ":" '{print $2}')
echo "INSERT INTO users (username, authMethod, password, groups, role, real_name, email, domainUser) VALUES ('$adname', 3, NULL, '{\"4\":\"4\"}', 'User', '$realname', '$ademail', 0);"
done

20
sitrep.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
#A script to produce a current situation report for a server
echo -e "\e[1;34;47mSystem uptime/load:\e[0m" ; uptime;
echo -e "\e[1;34;47mSystem hostname and IP address:\e[0m"; hostname && hostname -i;
echo -e "\e[1;34;47mDisk usage:\e[0m"; df -i; df -h;
echo -e "\e[1;34;47mPHP process count:\e[0m" ;ps faux |grep php | wc -l;
echo -e "\e[1;34;47mMemory:\e[0m"; free -m; cat /proc/meminfo | egrep 'MemTotal|MemFree';
echo -e "\e[1;34;47mNumber of and model ofCPU:\e[0m"; cat /proc/cpuinfo | grep processor | wc -l; cat /proc/cpuinfo | grep "model name";
echo -e "\e[1;34;47mSoftware Versions:\e[0m"; php -v; mysql --version; httpd -v;
echo -e "\e[1;34;47mExim Message Count:\e[0m"; exim -bpc;
echo -e "\e[1;34;47mFTP Connection Count:\e[0m"; netstat -pan |grep :21|wc -l;
echo -e "\e[1;34;47mApache Connection Count:\e[0m";netstat -pan|grep :80|wc -l;
echo -e "\e[1;34;47mSSH Connection Count:\e[0m"; netstat -pan|grep :22|wc -l;
for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -q|tail -n 1 ; done;for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -r|tail -n 1 ; done;
if [ -e /proc/user_beancounters ]; then echo -e "\e[1;34;47mUser Beancounters:\e[0m" && cat /proc/user_beancounters | awk '{if ($NF>0){print$0}}';fi;
echo -e "\e[1;34;47mrunning processes:\e[0m" ; ps faux|egrep -v 'init|watchdog|iscsi|cqueue|kmpath|iscsid|syslogd|kpsmoused|auditd|irqbalance|rpc.idmapd|hcid|kmpathd|ib_cm|rpciod|migration|kjournald|scsi_eh_0|scsi_eh_1|khubd|kswapd0|kedac|kauditd|udevd|named|mingetty|agetty|dbus|kacpid|kblockd|pdflush|ksoftirqd|khelper|kthread|kseriod|klogd|acpid|spamd|cpsrvd|pure-authd|/usr/sbin/courierlogger|/usr/lib/courier-imap';blockcount=$(ip ro |grep blackhole | wc -l); if [ $blockcount -gt 0 ]; then echo -e "\e[1;34;47mBlocked IP Addresses:\e[0m"; ip ro |grep blackhole; fi

1
ssh-handlers/generic-authorized_keys Normal file
View File

@ -0,0 +1 @@
command="/home/user/restricted-handler.sh",from="ALLOWED_HOST_FQDN",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty PUBLICKEY

23
ssh-handlers/generic-restricted-handler.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
set $SSH_ORIGINAL_COMMAND
case "$1" in
ls)
;;
scp)
;;
/bin/scp)
;;
rm)
;;
/path/to/custom/command)
;;
*)
logger -s -t restricted-command -- "Invalid command $@"
exit 1
;;
esac
logger -t restricted-command -- "Executing $@"
exec "$@"

1
ssh-handlers/slack-authorized_keys Normal file
View File

@ -0,0 +1 @@
command="/home/slack-lab/bin/restricted-handler.sh" SSHPUBKEY

16
ssh-handlers/slack-restricted-handler.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
set $SSH_ORIGINAL_COMMAND
case "$1" in
rsync)
;;
*)
logger -s -t restricted-command -- "Invalid command $@"
echo "An attempt was made to utilize the private key on a KNEL managed server to access control and execute the following command: $@" | mail -s "SECURITY BREACH ON control for slack account: $USER" BREACHPAGEEMAIL
exit 1
;;
esac
exec "$@"

81
sslStackFromSource.sh Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
#Made from instructions at https://www.tunetheweb.com/performance/http2/
OPENSSL_URL_BASE="https://www.openssl.org/source/"
OPENSSL_FILE="openssl-1.1.0h.tar.gz"
NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/"
NGHTTP_FILE="nghttp2-1.31.0.tar.gz"
APR_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
APR_FILE="apr-1.6.3.tar.gz"
APR_UTIL_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
APR_UTIL_FILE="apr-util-1.6.1.tar.gz"
APACHE_URL_BASE="http://mirrors.whoishostingthis.com/apache/httpd/"
APACHE_FILE="httpd-2.4.33.tar.gz"
CURL_URL_BASE="https://curl.haxx.se/download/"
CURL_FILE="curl-7.60.0.tar.gz"
#Download and install latest version of openssl
wget $OPENSSL_URL_BASE/$OPENSSL_FILE
tar xzf $OPENSSL_FILE
cd openssl-1.1.0h
./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h ; make ; make install
ln -s /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl
cd -
#Download and install nghttp2 (needed for mod_http2).
wget $NGHTTP_URL_BASE/$NGHTTP_FILE
tar xzf $NGHTTP_FILE
cd nghttp2-1.31.0
./configure --prefix=/usr/local/custom-ssl/nghttp ; make ; make install
cd -
#Updated ldconfig so curl build
cat <<custom-ssl > /etc/ld.so.conf.d/custom-ssl.conf
/usr/local/custom-ssl/openssl-1.1.0h/lib
/usr/local/custom-ssl/nghttp/lib
custom-ssl
ldconfig
#Download and install curl
wget $CURL_URL_BASE/$CURL_FILE
tar xzf curl-7.60.0.tar.gz
cd curl-7.60.0
./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ ; make ; make install
cd -
#Download and install latest apr
wget $APR_URL_BASE/$APR_FILE
tar xzf $APR_FILE
cd apr-1.6.3
./configure --prefix=/usr/local/custom-ssl/apr ; make ; make install
cd -
#Download and install latest apr-util
wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE
tar xzf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr ; make; make install
cd -
#Download and install apache
wget $APACHE_URL_BASE/$APACHE_FILE
tar xzf httpd-2.4.33.tar.gz
cd httpd-2.4.33
cp -r ../apr-1.6.3 srclib/apr
cp -r ../apr-util-1.6.1 srclib/apr-util
./configure --prefix=/usr/local/custom-ssl/apache --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ --with-pcre=/usr/bin/pcre-config --enable-unique-id --enable-ssl --enable-so --with-included-apr --enable-http2 --with-nghttp2=/usr/local/custom-ssl/nghttp/
make
make install
ln -s /usr/local/custom-ssl/apache /usr/local/apache
cd -