#!/usr/local/bin/bash
CHKPARA=0
if [ -n "$1" ]; then
CCounter="$1"
shift
else
CHKPARA=1
fi
if [ -n "$1" ]; then
Seed="$1"
shift
else
CHKPARA=1
fi
if [ -n "$1" ]; then
Pass="$1"
shift
else
CHKPARA=1
fi
if [ -n "$1" ]; then
Mailto="$1"
shift
else
Mailto="ACCOUNT@DOMAIN.NAME"
fi
if [ $CHKPARA -eq 1 ]; then
echo "Usage: $0 CCounter Seed Pass [Mailto]"
echo "Example: $0 496 ma7133 hiugwhig"
exit 1
else
echo "Generate password now."
fi
echo "CCounter Seed "$CCounter" "$Seed
echo "Pass "$Pass
echo "Mailto "$Mailto
echo $Pass | opiekey -n 1 $CCounter $Seed | mail -s OTPKey $Mailto
Sunday, May 22, 2011
產生 OPIE key 的 script
程式 opiekey.sh
自動化抓衛星雲圖(全球及氣象局)
1. 程式 get_world_sunlight_map.sh
2. 在 crontab 加上(不用太常連線抓檔)
3. 想要在 Windows XP 換桌面可以改用 Desktop Earth.
#!/bin/sh
### http://www.opentopia.com/sunlightmaprect.html
### http://www.opentopia.com/sunlightmaphemi.html
DATESTR=`date "+%Y%m%d%H%M"`
BASEDIR="/usr/local/www/data/world_sunlight_map"
TEMPDIR="/tmp"
###中央氣象局衛星雲圖
CWBBASEDIR="/usr/local/www/data/CWBV6"
CWBDATE=`date +"%Y-%m-%d-%H-%M"`
USERAGENT='--user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"'
#下載全球衛星雲圖
/usr/local/bin/wget -q -O /usr/local/www/data/world_sunlight_map_ori.jpg http://www.opentopia.com/images/data/sunlight/world_sunlight_map_rectangular.jpg
/bin/rm -f /usr/local/www/data/world_sunlight_map_rectangular.jpg
/bin/mv /usr/local/www/data/world_sunlight_map_ori.jpg /usr/local/www/data/world_sunlight_map_rectangular.jpg
/bin/cp /usr/local/www/data/world_sunlight_map_rectangular.jpg ${BASEDIR}/world_sunlight_map_rectangular_${DATESTR}.jpg
/bin/cp /usr/local/www/data/world_sunlight_map_rectangular.jpg ${TEMPDIR}/original.jpg
#切割、合併圖片, 讓東亞在地圖中間
/usr/local/bin/convert ${TEMPDIR}/original.jpg -crop 600x887+0+0 ${TEMPDIR}/left.jpg
/usr/local/bin/convert ${TEMPDIR}/original.jpg -crop 1600x887+600+0 ${TEMPDIR}/right.jpg
/usr/local/bin/convert ${TEMPDIR}/right.jpg ${TEMPDIR}/left.jpg +append ${BASEDIR}/TW/world_sunlight_map.jpg
/bin/cp ${BASEDIR}/TW/world_sunlight_map.jpg ${BASEDIR}/TW/world_sunlight_map/world_sunlight_map_${DATESTR}.jpg
/bin/rm -f ${TEMPDIR}/original.jpg ${TEMPDIR}/left.jpg ${TEMPDIR}/right.jp
sleep 10
###中央氣象局衛星雲圖
# MTSAT 紅外線雲圖
/usr/local/bin/wget -q ${USERAGENT} -O ${CWBBASEDIR}/HS1P/HS1P-${CWBDATE}.jpg http://www.cwb.gov.tw/V6/observe/satellite/Data/HS1P/HS1P-${CWBDATE}.jpg
sleep 10
# MTSAT 紅外線 色調強化
/usr/local/bin/wget -q ${USERAGENT} -O ${CWBBASEDIR}/HS1Q/HS1Q-${CWBDATE}.jpg http://www.cwb.gov.tw/V6/observe/satellite/Data/HS1Q/HS1Q-${CWBDATE}.jpg
sleep 10
# MTSAT 紅色線 黑白
/usr/local/bin/wget -q ${USERAGENT} -O ${CWBBASEDIR}/HS1O/HS1O-${CWBDATE}.jpg http://www.cwb.gov.tw/V6/observe/satellite/Data/HS1O/HS1O-${CWBDATE}.jpg
sleep 10
# MTSAT 可見光
/usr/local/bin/wget -q ${USERAGENT} -O ${CWBBASEDIR}/HSAO/HSAO-${CWBDATE}.jpg http://www.cwb.gov.tw/V6/observe/satellite/Data/HSAO/HSAO-${CWBDATE}.jpg
# Remove empty file
find ${CWBBASEDIR}/ -type f -size 0 | xargs rm -f
2. 在 crontab 加上(不用太常連線抓檔)
30 */2 * * * root /PATH/TO/get_world_sunlight_map.sh
3. 想要在 Windows XP 換桌面可以改用 Desktop Earth.
Shell script 從 Apache log 使用關鍵字蒐集來源 IP
程式碼如下
#!/usr/local/bin/bash
if [ -n "$1" ]; then
keyword="$1"
shift
else
echo "Usage: $0 keyword"
echo "Example: $0 Googlebot"
exit 1
fi
touch /var/log/webot.$keyword
touch /var/log/$keyword.txt
#Backup old data
mv /usr/local/www/data/$keyword-*.txt /usr/local/www/data/webbots
cp -a /var/log/$keyword.txt /usr/local/www/data/$keyword-`date +"%Y%m%d"`.txt
#Process data
cat /var/log/$keyword.txt > /var/log/webot.$keyword
grep $keyword /var/log/httpd-access.log | awk '{ print $1 }' | sort -n | sort -u >> /var/log/webot.$keyword
cat /var/log/webot.$keyword | sort -n | sort -u > /var/log/$keyword.txt
#Remove temp file
rm -f /var/log/webot.$keyword
Shell script 搭配 ipfw table 阻擋入侵 sshd 攻擊
自己用來偷懶的 script. 自動化使用 ipfw table 阻擋 IP 也會在定義時間後判斷是否有繼續受到攻擊, 再決定是否將該 IP 解除鎖定.
1. ipfw table 語法
2. authlog_banip_init.sh (只需要執行一次)
3. authlog_banip.sh
4. 在 crontab 加上
5. 開機時執行 authlog_banip.sh
5.1. 在 /etc/rc.local 加上
### For Firewall
/PATH/to/authlog_banip_boot.sh
5.2. authlog_banip_boot.sh
1. ipfw table 語法
${fwcmd} add 06000 set 5 deny log tcp from table\(3\) to any dst-port PORT1,PORT2 in via ${INTIF}
${fwcmd} add 06000 set 5 deny log tcp from table\(4\) to any dst-port PORT11,PORT12 in via ${INTIF}
2. authlog_banip_init.sh (只需要執行一次)
#!/usr/local/bin/bash
LOGFILE="/var/log/auth.log"
PROCFOLDER="/var/log/auth_sshd_banip"
TOTALBANLOGFILE="/var/log/auth_sshd_banip.log"
TODAYLOGFM=`date +%b %d`
TODAY=`date +"%Y%m%d"`
OLDDAY=`date -v-30d +"%Y%m%d"`
OLDYEAR=`date -v-30d +"%Y"`
fwcmd="/sbin/ipfw"
echo "Prepare folder and file"
mkdir -p $PROCFOLDER
touch $TOTALBANLOGFILE
if [ `cat $LOGFILE | grep sshd | grep "Invalid user" | awk '{ print $10 }' | sort -n | sort -u | wc -l` -ne 0 ]; then
echo "Write pre-process file"
cat $LOGFILE | grep sshd | grep "Invalid user" | awk '{ print $10 }' | sort -n | sort -u > $PROCFOLDER/sshdpre-$TODAY.log
echo "Collect new ban IP"
for ip in $(awk '{ print }' $PROCFOLDER/sshdpre-$TODAY.log)
do
if [ `grep $ip $PROCFOLDER/sshd-*.log | wc -l` -gt 0 ]; then
echo $ip "Old bad boy"
else
echo $ip
touch $PROCFOLDER/sshd-$TODAY.log
echo $ip >> $PROCFOLDER/sshd-$TODAY.log
echo $ip >> $TOTALBANLOGFILE
fi
done
echo "Ban bad boy"
if [ -f $PROCFOLDER/sshd-$TODAY.log ]; then
for banip in $(awk '{ print }' $PROCFOLDER/sshd-$TODAY.log)
do
#Ban IP
echo $banip
${fwcmd} table 3 add $banip/32
${fwcmd} table 4 add $banip/32
done
else
echo "No bad boy"
fi
echo "Rescue good boy"
if [ -f $PROCFOLDER/sshd-$OLDDAY.log ]; then
for rescueip in $(awk '{ print }' $PROCFOLDER/sshd-$OLDDAY.log)
do
#Rescue IP
echo $rescueip
if [ `grep $rescueip $PROCFOLDER/sshd-*.log | wc -l` -eq 1 ]; then
${fwcmd} table 3 delete $rescueip/32
${fwcmd} table 4 delete $rescueip/32
grep -v $rescueip $TOTALBANLOGFILE > /tmp/stillbanip-$TODAY
cp /tmp/stillbanip-$TODAY $TOTALBANLOGFILE
echo "Rescued"
else
echo "Still bad boy"
fi
done
#Move to old folder
echo "Move old file to storage folder"
mkdir -p $PROCFOLDER/$OLDYEAR
mv $PROCFOLDER/sshd*-$OLDDAY.log $PROCFOLDER/$OLDYEAR
else
echo "No candidate file"
fi
else
echo "No bad boy"
fi
3. authlog_banip.sh
#!/usr/local/bin/bash
LOGFILE="/var/log/auth.log"
PROCFOLDER="/var/log/auth_sshd_banip"
TOTALBANLOGFILE="/var/log/auth_sshd_banip.log"
TODAYLOGFM=`date +%b %d`
TODAY=`date +"%Y%m%d"`
OLDDAY=`date -v-30d +"%Y%m%d"`
OLDYEAR=`date -v-30d +"%Y"`
fwcmd="/sbin/ipfw"
echo "Prepare folder and file"
mkdir -p $PROCFOLDER
touch $TOTALBANLOGFILE
if [ `cat $LOGFILE | grep "$TODAYLOGFM" | grep sshd | grep "Invalid user" | awk '{ print $10 }' | sort -n | sort -u | wc -l` -ne 0 ]; then
echo "Write pre-process file"
cat $LOGFILE | grep "$TODAYLOGFM" | grep sshd | grep "Invalid user" | awk '{ print $10 }' | sort -n | sort -u > $PROCFOLDER/sshdpre-$TODAY.log
echo "Collect new ban IP"
for ip in $(awk '{ print }' $PROCFOLDER/sshdpre-$TODAY.log)
do
if [ `grep $ip $PROCFOLDER/sshd-*.log | wc -l` -gt 0 ]; then
echo $ip "Old bad boy"
else
echo $ip
touch $PROCFOLDER/sshd-$TODAY.log
echo $ip >> $PROCFOLDER/sshd-$TODAY.log
echo $ip >> $TOTALBANLOGFILE
fi
done
echo "Ban bad boy"
if [ -f $PROCFOLDER/sshd-$TODAY.log ]; then
for banip in $(awk '{ print }' $PROCFOLDER/sshd-$TODAY.log)
do
#Ban IP
echo $banip
${fwcmd} table 3 add $banip/32
${fwcmd} table 4 add $banip/32
done
else
echo "No bad boy"
fi
echo "Rescue good boy"
if [ -f $PROCFOLDER/sshd-$OLDDAY.log ]; then
for rescueip in $(awk '{ print }' $PROCFOLDER/sshd-$OLDDAY.log)
do
#Rescue IP
echo $rescueip
if [ `grep $rescueip $PROCFOLDER/sshd-*.log | wc -l` -eq 1 ]; then
${fwcmd} table 3 delete $rescueip/32
${fwcmd} table 4 delete $rescueip/32
grep -v $rescueip $TOTALBANLOGFILE > /tmp/stillbanip-$TODAY
cp /tmp/stillbanip-$TODAY $TOTALBANLOGFILE
echo "Rescued"
else
echo "Still bad boy"
fi
done
#Move to old folder
echo "Move old file to storage folder"
mkdir -p $PROCFOLDER/$OLDYEAR
mv $PROCFOLDER/sshd*-$OLDDAY.log $PROCFOLDER/$OLDYEAR
else
echo "No candidate file"
fi
else
echo "No bad boy"
fi
4. 在 crontab 加上
59 23 * * * root /PATH/TO/authlog_banip.sh
5. 開機時執行 authlog_banip.sh
5.1. 在 /etc/rc.local 加上
### For Firewall
/PATH/to/authlog_banip_boot.sh
5.2. authlog_banip_boot.sh
#!/usr/local/bin/bash
TOTALBANLOGFILE="/var/log/auth_sshd_banip.log"
fwcmd="/sbin/ipfw"
if [ -f $TOTALBANLOGFILE ]; then
for banip in $(awk '{ print }' $TOTALBANLOGFILE)
do
#Ban IP
echo $banip
${fwcmd} table 3 add $banip/32
${fwcmd} table 4 add $banip/32
done
else
echo "No bad boy"
fi
Subscribe to:
Posts (Atom)