Forked from daplie-snippets
This commit is contained in:
commit
68db3b59f9
|
@ -0,0 +1,27 @@
|
||||||
|
# determined-server-setup (dss)
|
||||||
|
|
||||||
|
determined-server-setup is a script that installs needed utilities/software on servers so you don't need to.
|
||||||
|
|
||||||
|
# Requirements
|
||||||
|
|
||||||
|
# Installation
|
||||||
|
|
||||||
|
You can install it by running:
|
||||||
|
|
||||||
|
`curl -s "https://git.coolaj86.com/josh/raw/master/dss/setup.sh" | bash`
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
|
||||||
|
This script is in the ALPHA stage. Use at your own risk.
|
||||||
|
```
|
||||||
|
dss --init # Update your server and install server utilities, setup automatic updates and harden SSH.
|
||||||
|
dss --clean # Update the server and cleanup unneeded files and programs. Use with caution.
|
||||||
|
dss --log # Print the system log.`
|
||||||
|
dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server.
|
||||||
|
dss --user USERNAME init # Setup server with server utilities and enable automatic security updates.
|
||||||
|
```
|
||||||
|
You can run: `dss help` for a list of all commands.
|
||||||
|
|
||||||
|
# Automatic Updates
|
||||||
|
|
||||||
|
When prompted to setup automatic updates, hit "yes" and when prompted with a text box, replace all references to "Debian" with the name of your distro. If you're running Ubuntu, you should replace all references of Debian with Ubuntu.
|
|
@ -0,0 +1,75 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Determined Create User Script v2.0.3
|
||||||
|
# Written by AJ Oneal -- edited by Joshua Mudge
|
||||||
|
|
||||||
|
# Exit on any error
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z "$(which openssl)" ]; then
|
||||||
|
echo "ERROR: 'openssl' is not found.";
|
||||||
|
echo "Please install openssl. It is used to generate a random password."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$(grep '^PermitRootLogin prohibit-password$' /etc/ssh/sshd_config)" ] && [ -z "$(grep '^PermitRootLogin no$' /etc/ssh/sshd_config)" ] && [ -z "$(grep '^PermitRootLogin without-password$' /etc/ssh/sshd_config)" ]; then
|
||||||
|
echo "SECURITY ERROR: 'PermitRootLogin prohibit-password' is not set in /etc/ssh/sshd_config";
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$(grep '^PasswordAuthentication no$' /etc/ssh/sshd_config)" ]; then
|
||||||
|
echo "SECURITY ERROR: 'PasswordAuthentication no' is not set in /etc/ssh/sshd_config";
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# http://stackoverflow.com/questions/43481923/security-audit-how-to-check-if-ssh-server-asks-for-a-password/43482975#43482975
|
||||||
|
if [ -n "$(ssh -v -o Batchmode=yes DOES_NOT_EXIST@localhost 2>/dev/null | grep password)" ]; then
|
||||||
|
echo "SECURITY ERROR: 'PasswordAuthentication no' has not taken affect. Try 'sudo service ssh restart'";
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# exit if there are any unbound variables
|
||||||
|
set -u
|
||||||
|
|
||||||
|
USER=$1
|
||||||
|
USER=$(basename $USER .pub)
|
||||||
|
|
||||||
|
# If they try to create root, exit.
|
||||||
|
|
||||||
|
if test $USER = "root"
|
||||||
|
then
|
||||||
|
echo "You cannot create the root user, it already exists."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
# TODO allow optional gecos i.e. create-user.bash bobs.pub 'Bob Smith'
|
||||||
|
|
||||||
|
# password will be set later in the script
|
||||||
|
#adduser --disabled-password --gecos '' $USER
|
||||||
|
sudo adduser --disabled-login --gecos '' $USER
|
||||||
|
sudo adduser $USER sudo # if sudo is needed
|
||||||
|
|
||||||
|
# FAIL before getting here via set -e
|
||||||
|
sudo mkdir -p /home/$USER/.ssh
|
||||||
|
sudo chmod 700 /home/$USER/.ssh
|
||||||
|
sudo touch /home/$USER/.ssh/authorized_keys
|
||||||
|
sudo chmod 600 /home/$USER/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# PRE-REQ: get the user's ssh public key and store it in whoever.pub
|
||||||
|
sudo bash -c "cat $USER.pub >> /home/$USER/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
sudo chown $USER:$USER /home/$USER
|
||||||
|
sudo chown $USER:$USER -R /home/$USER/.ssh/
|
||||||
|
|
||||||
|
PASSWD=$(openssl rand -hex 20)
|
||||||
|
#echo "$PASSWD" | passwd "$USER" --stdin
|
||||||
|
echo "$USER:$PASSWD" | sudo chpasswd
|
||||||
|
#echo "The temporary password for '"$USER"' is '"$PASSWD"'"
|
||||||
|
sudo passwd -d $USER
|
||||||
|
echo "'$USER'" has been added with key-only authentication and a password must be set on first login
|
||||||
|
sudo chage -d 0 $USER
|
||||||
|
|
||||||
|
# Other Methods as per https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/
|
||||||
|
#
|
||||||
|
# Linux
|
||||||
|
# date "+%s.%N" | md5sum
|
||||||
|
#
|
||||||
|
# macOS
|
||||||
|
# date "+%s.%N" | md5
|
|
@ -0,0 +1,186 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# determined-server-setup (dss)
|
||||||
|
# Written by Josh Mudge
|
||||||
|
# Ad Mejorem Dei Glorium
|
||||||
|
|
||||||
|
version=$(curl -s https://git.coolaj86.com/josh/raw/master/dss/VERSION | cat)
|
||||||
|
|
||||||
|
# Get options from CLI arguments
|
||||||
|
|
||||||
|
usr=$USER
|
||||||
|
init=0
|
||||||
|
clean=0
|
||||||
|
log=0
|
||||||
|
authlog=0
|
||||||
|
update=0
|
||||||
|
mon=0
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]
|
||||||
|
do
|
||||||
|
key="$1"
|
||||||
|
|
||||||
|
case $key in
|
||||||
|
--init)
|
||||||
|
init=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--clean)
|
||||||
|
clean=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--log)
|
||||||
|
log=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--authlog)
|
||||||
|
authlog="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user)
|
||||||
|
usr="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user2)
|
||||||
|
user2="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user3)
|
||||||
|
user3="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--update)
|
||||||
|
update=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--monitor)
|
||||||
|
mon=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--mon-setup)
|
||||||
|
mon=2
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--email)
|
||||||
|
email=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--logfile)
|
||||||
|
logfile=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
blacklist)
|
||||||
|
blacklist="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
-h|help)
|
||||||
|
echo "dss $version"
|
||||||
|
echo "Usage: dss [OPTION]"
|
||||||
|
echo "You can run the following commands:"
|
||||||
|
echo "dss --clean # Update the server and cleanup uneeded files and programs. Use with caution."
|
||||||
|
echo "dss --log # Print the system log."
|
||||||
|
echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server."
|
||||||
|
echo "dss --user USERNAME --init # Setup server with server utilities and enable automatic security updates."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
-v|version)
|
||||||
|
echo "dss $version"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# unknown option
|
||||||
|
if test -z "${unknown}"
|
||||||
|
then
|
||||||
|
unknown=$1
|
||||||
|
else
|
||||||
|
echo "dss $version"
|
||||||
|
echo "dss --user USERNAME --init # Setup server with server utilities and enable automatic security updates."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift # past argument or value
|
||||||
|
done
|
||||||
|
|
||||||
|
if test $init = 1
|
||||||
|
then
|
||||||
|
# Update server
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get upgrade -y
|
||||||
|
|
||||||
|
# Install server utilities
|
||||||
|
sudo apt-get install -y screen curl nano htop fail2ban rsync man shellcheck git software-properties-common
|
||||||
|
|
||||||
|
# Prompt user to set up automatic security updates.
|
||||||
|
sudo apt-get install -y unattended-upgrades
|
||||||
|
sudo dpkg-reconfigure -plow unattended-upgrades
|
||||||
|
|
||||||
|
# Harden ssh
|
||||||
|
if determined-harden-ssh --user $usr
|
||||||
|
then
|
||||||
|
echo "dss" | sudo tee /home/.dssv1.7
|
||||||
|
else
|
||||||
|
"You cannot create root user and disable root login, that won't work... See 'dss help'"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
elif test $log = 1
|
||||||
|
then
|
||||||
|
|
||||||
|
sudo cat /var/log/syslog
|
||||||
|
|
||||||
|
elif test $authlog = 1
|
||||||
|
then
|
||||||
|
sudo cat /var/log/auth.log
|
||||||
|
|
||||||
|
elif test $authlog = attacks
|
||||||
|
then
|
||||||
|
sudo cat /var/log/auth.log | grep "Invalid user"
|
||||||
|
sudo cat /var/log/auth.log | grep "Connection closed"
|
||||||
|
exit
|
||||||
|
|
||||||
|
elif test ! -z $blacklist
|
||||||
|
then
|
||||||
|
echo "Note to self: add blacklist function, empty elif is not allowed in BASH."
|
||||||
|
# Blacklist code
|
||||||
|
|
||||||
|
elif test $update = 1
|
||||||
|
then
|
||||||
|
# Update Linux and determined-setup
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get upgrade
|
||||||
|
curl -s "https://git.coolaj86.com/josh/raw/master/dss/setup.sh" | bash
|
||||||
|
|
||||||
|
elif test $clean = 1
|
||||||
|
then
|
||||||
|
# Update
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get upgrade
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
sudo apt-get clean
|
||||||
|
sudo apt-get autoremove
|
||||||
|
|
||||||
|
elif test $mon = 1
|
||||||
|
then
|
||||||
|
|
||||||
|
cd /home
|
||||||
|
./sysmon.sh -- email $email
|
||||||
|
|
||||||
|
elif test $mon = 2
|
||||||
|
then
|
||||||
|
|
||||||
|
dss init
|
||||||
|
curl -sO "https://git.coolaj86.com/josh/raw/master/dss/sysmon.sh"
|
||||||
|
sudo mv sysmon.sh /home/.sysmon.sh
|
||||||
|
( sudo crontab -l ; echo "14 1 * * * /bin/bash -c "/home/.sysmon.sh --email $email"" &> "$logfile" ) | sudo crontab -
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "dss $version"
|
||||||
|
echo "Usage: dss [OPTION]"
|
||||||
|
echo "You can run the following commands:"
|
||||||
|
echo "dss --clean # Update the server and cleanup uneeded files and programs. Use with caution."
|
||||||
|
echo "dss --log # Print the system log."
|
||||||
|
echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server."
|
||||||
|
echo "dss --user USERNAME init # Setup server with server utilities and enable automatic security updates."
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -0,0 +1,150 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Determined SSH Hardening
|
||||||
|
# Written by Josh Mudge
|
||||||
|
# Ad Mejorem Dei Glorium
|
||||||
|
|
||||||
|
usr=$USER
|
||||||
|
version="v1.4.1 Alpha"
|
||||||
|
#keyserver=""
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]
|
||||||
|
do
|
||||||
|
key="$1"
|
||||||
|
|
||||||
|
case $key in
|
||||||
|
setup)
|
||||||
|
setup=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user)
|
||||||
|
usr="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user2)
|
||||||
|
user2="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user3)
|
||||||
|
user3="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user4)
|
||||||
|
user4="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--user5)
|
||||||
|
user5="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
-h|--help)
|
||||||
|
echo determined-harden-ssh $version
|
||||||
|
echo "Usage: determined-harden-ssh --user USERNAME"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# unknown option
|
||||||
|
if [ -z "${user}" ]; then
|
||||||
|
echo determined-harden-ssh $version
|
||||||
|
echo "No admin user specified."
|
||||||
|
echo "Usage: determined-harden-ssh --user USERNAME"
|
||||||
|
else
|
||||||
|
echo "unrecognized option '$1'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift # past argument or value
|
||||||
|
done
|
||||||
|
|
||||||
|
if test ! -z $usr
|
||||||
|
then
|
||||||
|
|
||||||
|
echo "Installing fail2ban and hardening SSH configuration."
|
||||||
|
# Install fail2ban
|
||||||
|
sudo apt-get install -y fail2ban curl openssh-server > /dev/null
|
||||||
|
|
||||||
|
echo "Creating new user by the username $usr"
|
||||||
|
|
||||||
|
echo "Disabling password based logins in favor of SSH keys."
|
||||||
|
|
||||||
|
# SSH keys only, no passwords.
|
||||||
|
|
||||||
|
sudo sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
|
||||||
|
sudo sed -i "s/#PasswordAuthentication no/PasswordAuthentication no/g" /etc/ssh/sshd_config
|
||||||
|
sudo sed -i "s/PermitRootLogin yes/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
mkdir .tssh
|
||||||
|
|
||||||
|
cd .tssh
|
||||||
|
|
||||||
|
curl -sLO https://git.coolaj86.com/josh/raw/master/dss/create-user.bash
|
||||||
|
|
||||||
|
curl -sLO https://$keyserver/$usr.pub
|
||||||
|
|
||||||
|
sudo mv create-user.bash /usr/local/bin/determined-create-user
|
||||||
|
|
||||||
|
sudo chmod +x /usr/local/bin/determined-create-user
|
||||||
|
|
||||||
|
if determined-create-user $usr;
|
||||||
|
then
|
||||||
|
echo "Setting up non-root admin user(s)"
|
||||||
|
else
|
||||||
|
echo "User creation failed. Please fix the above error and try again."
|
||||||
|
cd ..
|
||||||
|
rm -rf .tssh
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z $user2
|
||||||
|
then
|
||||||
|
|
||||||
|
curl -sLO https://$keyserver/$user2.pub
|
||||||
|
|
||||||
|
./create-user.bash $user2
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z $user3
|
||||||
|
then
|
||||||
|
|
||||||
|
curl -sLO https://$keyserver/$user3.pub
|
||||||
|
|
||||||
|
./create-user.bash $user3
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z $user4
|
||||||
|
then
|
||||||
|
|
||||||
|
curl -sLO https://$keyserver/$user4.pub
|
||||||
|
|
||||||
|
./create-user.bash $user4
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z $user5
|
||||||
|
then
|
||||||
|
|
||||||
|
curl -sLO https://$keyserver/$user5.pub
|
||||||
|
|
||||||
|
./create-user.bash $user5
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd ..
|
||||||
|
rm -rf .tssh
|
||||||
|
|
||||||
|
echo "Disabling root login."
|
||||||
|
|
||||||
|
sudo sed -i "s/PermitRootLogin prohibit-password/PermitRootLogin no/g" /etc/ssh/sshd_config
|
||||||
|
sudo sed -i "s/PermitRootLogin without-password/PermitRootLogin no/g" /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
echo "That's it, we're done :)"
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
echo determined-harden-ssh $version
|
||||||
|
echo "No admin user specified."
|
||||||
|
echo "Usage: ./harden-server.sh --user USERNAME"
|
||||||
|
|
||||||
|
fi
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Setup for determined-server-setup
|
||||||
|
# Written by Josh Mudge
|
||||||
|
# Ad Mejorem Dei Glorium
|
||||||
|
|
||||||
|
version=$(curl -s https://git.coolaj86.com/josh/raw/master/dss/VERSION | cat)
|
||||||
|
|
||||||
|
echo "Installing dss $version"
|
||||||
|
|
||||||
|
curl -sO https://git.coolaj86.com/josh/raw/master/dss/determined-server-setup.sh
|
||||||
|
|
||||||
|
sudo mv determined-server-setup.sh /usr/local/bin/dss
|
||||||
|
|
||||||
|
sudo chmod +x /usr/local/bin/dss
|
||||||
|
|
||||||
|
curl -sO https://git.coolaj86.com/josh/raw/master/dss/harden-server.sh
|
||||||
|
|
||||||
|
sudo mv harden-server.sh /usr/local/bin/determined-harden-ssh
|
||||||
|
|
||||||
|
sudo chmod +x /usr/local/bin/determined-harden-ssh
|
||||||
|
|
||||||
|
echo "Done. Run 'dss' to use."
|
|
@ -0,0 +1,136 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Josh's Automatic System Monitor
|
||||||
|
# Written by Josh Mudge
|
||||||
|
# Ad Mejorem Dei Glorium
|
||||||
|
|
||||||
|
update=1
|
||||||
|
version=v1.5.1a
|
||||||
|
alpha=0
|
||||||
|
dfh=$(df -h | grep '8[0-9]%')
|
||||||
|
dfh2=$(df -h | grep '9[0-9]%')
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]
|
||||||
|
do
|
||||||
|
key="$1"
|
||||||
|
|
||||||
|
case $key in
|
||||||
|
--setup)
|
||||||
|
shift # past argument
|
||||||
|
setup=1
|
||||||
|
;;
|
||||||
|
--no-update)
|
||||||
|
update=0
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--audit)
|
||||||
|
audit=1
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
--email)
|
||||||
|
email="$2"
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
-h|help)
|
||||||
|
echo "dss-mon $version"
|
||||||
|
echo "Usage: dss --monitor --email user@mailprovider.com"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
-v|version)
|
||||||
|
echo "dss $version"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# unknown option
|
||||||
|
if test -z "${unknown}"
|
||||||
|
then
|
||||||
|
unknown=$1
|
||||||
|
else
|
||||||
|
echo "dss-mon $version"
|
||||||
|
echo "Usage: dss --monitor --email user@mailprovider.com"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift # past argument or value
|
||||||
|
done
|
||||||
|
|
||||||
|
if test $update = 1
|
||||||
|
then
|
||||||
|
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get upgrade
|
||||||
|
sudo apt-get install sysstat # Check if installed, then do this
|
||||||
|
curl -s "https://git.coolaj86.com/josh/raw/master/dss/setup.sh" | bash
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
|
||||||
|
sudo apt-get clean
|
||||||
|
|
||||||
|
# Security Audit (Tackled by dss init before setting this up.)
|
||||||
|
|
||||||
|
# if test ! -f /home/.dssv1.7
|
||||||
|
# then
|
||||||
|
#
|
||||||
|
# dss init
|
||||||
|
#
|
||||||
|
# fi
|
||||||
|
|
||||||
|
auth=$(sudo cat /var/log/auth.log | grep "Invalid user")
|
||||||
|
#auth2=$(sudo cat /var/log/auth.log | grep "Connection closed")
|
||||||
|
|
||||||
|
if test $alpha = 1;
|
||||||
|
then
|
||||||
|
|
||||||
|
sudo apt-get autoremove
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# To setup email, point a domain name to your server using DNS.
|
||||||
|
# Disable any firewall rules that block port 25 (You may have to go to a server admin panel or contact your system administrator)
|
||||||
|
# Then run: sudo apt-get install mailutils
|
||||||
|
# Open up /etc/hosts and make sure it has:
|
||||||
|
# 127.0.1.1 mydomain.com myserverHOSTNAME
|
||||||
|
# Select "Internet Site" and enter the domain you want it to send email from.
|
||||||
|
# Then you can send email like this: echo "Body of email" | mail -s "subject" EMAILADDRESS
|
||||||
|
|
||||||
|
if test ! -z "$auth" # If set to run automatically, don't run this check every time.
|
||||||
|
then
|
||||||
|
echo "Attacks found. Sending authentication log to $email"
|
||||||
|
sudo cat /var/log/auth.log | grep "Invalid user" | mail -s "Invalid User Login" $email
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z "$dfh"
|
||||||
|
then
|
||||||
|
echo "Disk usage is high, sending disk usage to $email"
|
||||||
|
echo "$dfh" | mail -s "High Disk Usage" $email
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test ! -z "$dfh2"
|
||||||
|
then
|
||||||
|
echo "Disk usage is critical, sending disk usage to $email"
|
||||||
|
echo "$dfh2" | mail -s "Critical Disk Usage" $email
|
||||||
|
fi
|
||||||
|
|
||||||
|
for i in {1..300} # Do this 300 times.
|
||||||
|
do
|
||||||
|
CPU=$(mpstat 1 1 | awk '$3 ~ /CPU/ { for(i=1;i<=NF;i++) { if ($i ~ /%idle/) field=i } } $3 ~ /all/ { printf("%d",100 - $field) }') # Find CPU usage for the last 10 seconds. Code credit: Stackoverflow
|
||||||
|
CPUT=$(($CPUT + $CPU)) # Add each 1 second record to the total.
|
||||||
|
done
|
||||||
|
CPURESULT=$(($CPUT / 300)) # Divide the total by 300 seconds to find average CPU usage over the last 5 minutes.
|
||||||
|
|
||||||
|
|
||||||
|
if test $CPURESULT > 90
|
||||||
|
then
|
||||||
|
echo "CPU usage is quite high, sending report to $email"
|
||||||
|
echo "$CPURESULT %" | mail -s "High CPU Usage" $email
|
||||||
|
fi
|
||||||
|
|
||||||
|
USEDRAM=$(free | grep Mem | awk '{print ($2 -$7) / $2 * 100.0}')
|
||||||
|
|
||||||
|
if test $USEDRAM > 80
|
||||||
|
then
|
||||||
|
echo "RAM usage is quite high, sending report to $email"
|
||||||
|
echo "$USEDRAM %" | mail -s "High RAM Usage" $email
|
||||||
|
fi
|
Loading…
Reference in New Issue