Add scripts from aech
This commit is contained in:
parent
4bbff4ba6f
commit
f0e8c19397
5 changed files with 367 additions and 0 deletions
279
aech/dnssec-keys.sh
Normal file
279
aech/dnssec-keys.sh
Normal file
|
@ -0,0 +1,279 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# dnssec-keys: DNSSEC key management tool
|
||||||
|
#
|
||||||
|
# @home: https://github.com/northox/dnssec-reverb
|
||||||
|
# @license: Simplified BSD
|
||||||
|
# Copyright (c) 2019 Tobias Strobel <git@strobeltobias.de>.
|
||||||
|
# Based on work by:
|
||||||
|
# Copyright (c) 2017 Danny Fullerton <danny@mantor.org>.
|
||||||
|
# Copyright (c) 2009-2013 Kazunori Fujiwara <fujiwara@wide.ad.jp>.
|
||||||
|
|
||||||
|
PROG=`basename $0`
|
||||||
|
DIR=`dirname $0`
|
||||||
|
|
||||||
|
KEYDIR="/var/cache/bind/keys"
|
||||||
|
|
||||||
|
keygen="/usr/sbin/dnssec-keygen"
|
||||||
|
settime="/usr/sbin/dnssec-settime"
|
||||||
|
key2ds="/usr/sbin/dnssec-dsfromkey"
|
||||||
|
control="/usr/sbin/rndc"
|
||||||
|
RELOAD_COMMAND="$control loadkeys \$ZONE"
|
||||||
|
KSK_PARAM="-n zone -a ECDSAP384SHA384 -f ksk"
|
||||||
|
ZSK_PARAM="-n zone -a ECDSAP384SHA384"
|
||||||
|
DNSRECORD_PARAM="-2"
|
||||||
|
NOW=`date +%Y%m%d%H%M%S`
|
||||||
|
DEFAULT_EXPIRE=33
|
||||||
|
LOCKF=""
|
||||||
|
|
||||||
|
Fatal()
|
||||||
|
{
|
||||||
|
[ "$LOCKF" != "" ] && rm $LOCKF
|
||||||
|
echo $PROG: $1 >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# defaults
|
||||||
|
[ "$KEYDIR" = "" ] && Fatal "\$KEYDIR not set"
|
||||||
|
[ -d "$KEYDIR" ] || Fatal "\$KEYDIR not a directory ($KEYDIR)"
|
||||||
|
[ "$KEYBACKUPDIR" = "" ] && KEYBACKUPDIR="$KEYDIR/backup"
|
||||||
|
[ "$DNSRECORDDIR" = "" ] && DNSRECORDDIR="$KEYDIR/dnsrecord"
|
||||||
|
HEAD_ZSKNAME="zsk-"
|
||||||
|
HEAD_KSKNAME="ksk-"
|
||||||
|
HEAD_ZSSNAME="zss-"
|
||||||
|
HEAD_ZSRNAME="zsr-" # Removed ZSK
|
||||||
|
HEAD_KSSNAME="kss-"
|
||||||
|
|
||||||
|
# setup
|
||||||
|
[ ! -d $KEYBACKUPDIR ] && mkdir -p $KEYBACKUPDIR
|
||||||
|
[ ! -d $DNSRECORDDIR ] && mkdir -p $DNSRECORDDIR
|
||||||
|
|
||||||
|
cd $KEYDIR
|
||||||
|
|
||||||
|
_check_file()
|
||||||
|
{
|
||||||
|
while [ "$1" != "" ]; do
|
||||||
|
[ ! -s "$1" ] && Fatal "$1 does not exist."
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
_check_nofile()
|
||||||
|
{
|
||||||
|
while [ "$1" != "" ]; do
|
||||||
|
[ -f "$1" ] && Fatal "$1 exist."
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
_usage()
|
||||||
|
{
|
||||||
|
[ "$LOCKF" != "" ] && rm $LOCKF
|
||||||
|
cat <<EOF
|
||||||
|
usage: $PROG keygen <zone>
|
||||||
|
$PROG rmkeys <zone>
|
||||||
|
$PROG [-s] ksk-add <zone>
|
||||||
|
$PROG [-s] ksk-roll <zone>
|
||||||
|
$PROG [-s] zsk-add <zone>
|
||||||
|
$PROG [-s] zsk-roll <zone>
|
||||||
|
$PROG [-s] zsk-rmold <zone>
|
||||||
|
$PROG sign <zone>
|
||||||
|
$PROG status <zone>
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
sign()
|
||||||
|
{
|
||||||
|
chmod g+r *.*
|
||||||
|
eval $RELOAD_COMMAND
|
||||||
|
}
|
||||||
|
|
||||||
|
status()
|
||||||
|
{
|
||||||
|
DNSRECORD_FILE_TMP="$DNSRECORD_FILE.tmp"
|
||||||
|
if [ -f $KSK_FILE ]; then
|
||||||
|
echo -n "$ZONE's KSK = "
|
||||||
|
cat $KSK_FILE;
|
||||||
|
tail -n1 `cat $KSK_FILE`.key | tee $DNSRECORD_FILE_TMP
|
||||||
|
$key2ds $_DNSRECORD_PARAM `cat $KSK_FILE`.key | tee -a $DNSRECORD_FILE_TMP
|
||||||
|
fi
|
||||||
|
if [ -f $KSK_S_FILE ]; then
|
||||||
|
echo -n "$ZONE's next KSK = "
|
||||||
|
cat $KSK_S_FILE;
|
||||||
|
tail -n1 `cat $KSK_S_FILE`.key | tee $DNSRECORD_FILE_TMP
|
||||||
|
$key2ds $_DNSRECORD_PARAM `cat $KSK_S_FILE`.key | tee -a $DNSRECORD_FILE_TMP
|
||||||
|
fi
|
||||||
|
if [ -f $ZSK_FILE ]; then
|
||||||
|
echo -n "$ZONE's ZSK = "
|
||||||
|
cat $ZSK_FILE;
|
||||||
|
fi
|
||||||
|
if [ -f $ZSK_S_FILE ]; then
|
||||||
|
echo -n "$ZONE's next ZSK = "
|
||||||
|
cat $ZSK_S_FILE;
|
||||||
|
fi
|
||||||
|
if [ -f $ZSK_R_FILE ]; then
|
||||||
|
echo -n "$ZONE's previous ZSK = "
|
||||||
|
cat $ZSK_R_FILE;
|
||||||
|
fi
|
||||||
|
mv -f $DNSRECORD_FILE_TMP $DNSRECORD_FILE
|
||||||
|
}
|
||||||
|
|
||||||
|
keygensub()
|
||||||
|
{
|
||||||
|
echo "$keygen $1 $2"
|
||||||
|
newfile="$3"
|
||||||
|
tmpfile="$3.tmp"
|
||||||
|
_KEY=`$keygen $1 $2`
|
||||||
|
[ -f $_KEY.ds ] && rm $_KEY.ds
|
||||||
|
if [ ! -s $_KEY.key ]; then
|
||||||
|
rm $_KEY.key
|
||||||
|
Fatal "cannot write new key: $1 $2 $3"
|
||||||
|
fi
|
||||||
|
echo $_KEY > $tmpfile
|
||||||
|
read _KEY2 < $tmpfile
|
||||||
|
if [ "$_KEY" != "$_KEY2" ]; then
|
||||||
|
rm $tmpfile
|
||||||
|
rm $_KEY.key
|
||||||
|
Fatal "cannot write $tmpfile"
|
||||||
|
fi
|
||||||
|
mv $tmpfile $newfile
|
||||||
|
}
|
||||||
|
|
||||||
|
removekeys_sub()
|
||||||
|
{
|
||||||
|
if [ -f $1 ]; then
|
||||||
|
KEY=`head -1 $1`
|
||||||
|
if [ -f $KEY.key ]; then
|
||||||
|
mv $KEY.key $KEY.private $KEYBACKUPDIR/
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
remove_previouskey()
|
||||||
|
{
|
||||||
|
if [ -f $ZSK_R_FILE ]; then
|
||||||
|
removekeys_sub $ZSK_R_FILE
|
||||||
|
mv $ZSK_R_FILE "$KEYBACKUPDIR/removed-ZSK-$NOW-$ZONE"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$1" = "" -o "$1" = "-h" -o "$1" = "-?" -o "$1" = "--help" ]; then
|
||||||
|
_usage
|
||||||
|
exit 0
|
||||||
|
elif [ "$1" = "-s" -o "$1" = "--sign" ];then
|
||||||
|
SIGN_OPT=1
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
CMD="$1"
|
||||||
|
shift
|
||||||
|
|
||||||
|
if [ "$1" = "" ]; then
|
||||||
|
Fatal "A zone must be provided."
|
||||||
|
else
|
||||||
|
ZONELIST="$*"
|
||||||
|
fi
|
||||||
|
|
||||||
|
for ZONE in $ZONELIST
|
||||||
|
do
|
||||||
|
LOCKF="$ZONE.lock"
|
||||||
|
TMPF="$ZONE.$$"
|
||||||
|
KSK_FILE="$HEAD_KSKNAME$ZONE"
|
||||||
|
ZSK_FILE="$HEAD_ZSKNAME$ZONE"
|
||||||
|
KSK_S_FILE="$HEAD_KSSNAME$ZONE"
|
||||||
|
ZSK_S_FILE="$HEAD_ZSSNAME$ZONE"
|
||||||
|
ZSK_R_FILE="$HEAD_ZSRNAME$ZONE"
|
||||||
|
DNSRECORD_FILE="$DNSRECORDDIR/$ZONE"
|
||||||
|
ZONE_=`echo $ZONE | tr .- __`
|
||||||
|
eval _KSK_PARAM=\${KSK_PARAM_$ZONE_:-$KSK_PARAM}
|
||||||
|
eval _ZSK_PARAM=\${ZSK_PARAM_$ZONE_:-$ZSK_PARAM}
|
||||||
|
eval _DNSRECORD_PARAM=\${DNSRECORD_PARAM_$ZONE_:-$DNSRECORD_PARAM}
|
||||||
|
|
||||||
|
echo "LOCK$$" > $TMPF
|
||||||
|
LOCKSTR=`cat $TMPF`
|
||||||
|
if [ ! -f $TMPF -o "LOCK$$" != "$LOCKSTR" ]; then
|
||||||
|
Fatal "cannot write lock file $TMPF"
|
||||||
|
fi
|
||||||
|
if ln $TMPF $LOCKF; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
rm $TMPF
|
||||||
|
echo "zone $ZONE locked"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
rm $TMPF
|
||||||
|
case $CMD in
|
||||||
|
keygen)
|
||||||
|
_check_nofile $KSK_FILE $ZSK_FILE
|
||||||
|
keygensub "$_KSK_PARAM" $ZONE $KSK_FILE
|
||||||
|
keygensub "$_ZSK_PARAM" $ZONE $ZSK_FILE
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
rmkeys)
|
||||||
|
removekeys_sub $KSK_FILE
|
||||||
|
removekeys_sub $ZSK_FILE
|
||||||
|
removekeys_sub $KSK_S_FILE
|
||||||
|
removekeys_sub $ZSK_S_FILE
|
||||||
|
rm $KSK_FILE $ZSK_FILE $KSK_S_FILE $ZSK_S_FILE
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
ksk-add)
|
||||||
|
_check_nofile $KSK_S_FILE
|
||||||
|
keygensub "$_KSK_PARAM" $ZONE $KSK_S_FILE
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
ksk-roll)
|
||||||
|
_check_file $KSK_FILE $KSK_S_FILE
|
||||||
|
KSK=`head -1 $KSK_FILE`
|
||||||
|
KSS=`head -1 $KSK_S_FILE`
|
||||||
|
_check_file $KSK.key $KSS.key $KSK.private $KSS.private
|
||||||
|
mv $KSK.key $KSK.private $KEYBACKUPDIR/
|
||||||
|
mv $KSK_S_FILE $KSK_FILE
|
||||||
|
OLDKSK="$KSK"
|
||||||
|
KSK="$KSS"
|
||||||
|
KSS=""
|
||||||
|
echo "$ZONE 's KSK: valid -> removed: $OLDKSK"
|
||||||
|
echo "$ZONE 's KSK: next -> current: $KSK"
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
zsk-add)
|
||||||
|
_check_nofile $ZSK_S_FILE
|
||||||
|
keygensub "$_ZSK_PARAM" $ZONE $ZSK_S_FILE
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
zsk-roll)
|
||||||
|
_check_file $ZSK_FILE $ZSK_S_FILE
|
||||||
|
ZSK=`head -1 $ZSK_FILE`
|
||||||
|
ZSS=`head -1 $ZSK_S_FILE`
|
||||||
|
_check_file $ZSK.key $ZSS.key $ZSK.private $ZSS.private
|
||||||
|
remove_previouskey
|
||||||
|
mv $ZSK_FILE $ZSK_R_FILE
|
||||||
|
mv $ZSK_S_FILE $ZSK_FILE
|
||||||
|
OLDZSK="$ZSK"
|
||||||
|
ZSK="$ZSS"
|
||||||
|
ZSS=""
|
||||||
|
echo "$ZONE 's ZSK: valid -> previous: $OLDZSK"
|
||||||
|
echo "$ZONE 's ZSK: next -> current: $ZSK"
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
zsk-rmold)
|
||||||
|
_check_file $ZSK_R_FILE
|
||||||
|
remove_previouskey
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
sign)
|
||||||
|
sign
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "unknown command: $CMD"
|
||||||
|
_usage
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
rm $LOCKF
|
||||||
|
done
|
||||||
|
|
||||||
|
[ "$SIGN_OPT" = 1 ] && sign
|
||||||
|
exit 0
|
71
aech/motd.sh
Normal file
71
aech/motd.sh
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
##!/bin/bash
|
||||||
|
# MOTD script
|
||||||
|
|
||||||
|
# Variables
|
||||||
|
user=$USER
|
||||||
|
path=$PWD
|
||||||
|
home=$HOME
|
||||||
|
|
||||||
|
# Calculate last login
|
||||||
|
lastlog=$(lastlog -u $user | tail -n 1)
|
||||||
|
ll[0]=$(echo $lastlog | awk '{print $4}')
|
||||||
|
ll[1]=$(echo $lastlog | awk '{print $5}')
|
||||||
|
ll[2]=$(echo $lastlog | awk '{print $6}')
|
||||||
|
ll[3]=$(echo $lastlog | awk '{print $7}')
|
||||||
|
ll[4]=$(echo $lastlog | awk '{print $3}')
|
||||||
|
|
||||||
|
# Calculate current system uptime
|
||||||
|
uptime=$(uptime -p|cut -c 4-)
|
||||||
|
upsince=$(uptime -s)
|
||||||
|
|
||||||
|
# Calculate usage of disk
|
||||||
|
usage=$(df -h / | head -n 2 | tail -n 1 | awk '{print $3}')
|
||||||
|
usageTotal=$(df -h / | head -n 2 | tail -n 1 | awk '{print $2}')
|
||||||
|
|
||||||
|
# Calculate SSH logins
|
||||||
|
logins=$(w -s|head -n1|awk '{print $6}')
|
||||||
|
|
||||||
|
# Calculate processes
|
||||||
|
psa=$(($(ps -A h | wc -l)-2))
|
||||||
|
|
||||||
|
# Calculate current system load
|
||||||
|
loadavg=$(cat /proc/loadavg)
|
||||||
|
sysload[1]=$(echo $loadavg|awk '{print $1}')
|
||||||
|
sysload[5]=$(echo $loadavg|awk '{print $2}')
|
||||||
|
sysload[15]=$(echo $loadavg|awk '{print $3}')
|
||||||
|
|
||||||
|
# Calculate Memory
|
||||||
|
memory=$(free -mh|head -n2|tail -n1)
|
||||||
|
memT=$(echo $memory|awk '{print $2}')
|
||||||
|
memU=$(echo $memory|awk '{print $3}')
|
||||||
|
memF=$(echo $memory|awk '{print $4}')
|
||||||
|
memC=$(echo $memory|awk '{print $6}')
|
||||||
|
memory=$(free -mh|tail -n1)
|
||||||
|
memS=$(echo $memory|awk '{print $3}')
|
||||||
|
|
||||||
|
# ASCII head
|
||||||
|
head=$(cat <<EOF
|
||||||
|
|
||||||
|
, ,
|
||||||
|
'"\_ ,/",
|
||||||
|
\.'\_ ,/ ,/ /) /) , /)
|
||||||
|
\.'\_ ,/ ,/ _ __ // // __ _(/ _____
|
||||||
|
\.'\__/ ,/ (_/_/ (_(_/_/(_/(__(_/ (_(_(_(_)/ (_
|
||||||
|
\{00}/ .-/ .-/ /) /)
|
||||||
|
\ / (_/ (_/ (/ (/
|
||||||
|
+==""==+
|
||||||
|
|
||||||
|
<<< ${user}@$(hostname) >>>
|
||||||
|
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
|
# Print Output
|
||||||
|
echo -e "\033[01;32m$head\033[0m"
|
||||||
|
echo -e " \033[35mLast Login....:\033[0m \033[36m${ll[1]} ${ll[2]} ${ll[3]} from ${ll[4]}\033[0m \033[33m${ll[5]}\033[0m"
|
||||||
|
echo -e " \033[35mUptime........:\033[0m \033[36m$uptime (since $upsince)\033[0m"
|
||||||
|
echo -e " \033[35mLoad..........:\033[0m \033[36m${sysload[1]} (1minute) ${sysload[5]} (5minutes) ${sysload[15]} (15minutes)\033[0m"
|
||||||
|
echo -e " \033[35mMemory MB.....:\033[0m \033[36m$memT Used: $memU Free: $memF Free Cached: $memC Swap Used: $memS\033[0m"
|
||||||
|
echo -e " \033[35mDisk Usage....:\033[0m \033[36m$usage out of $usageTotal\033[0m"
|
||||||
|
echo -e " \033[35mSSH Logins....:\033[0m \033[36mThere are currently $logins active sessions\033[0m"
|
||||||
|
echo -e " \033[35mProcesses.....:\033[0m \033[36m$psa total running\033[0m\n"
|
3
aech/nsec3signing.sh
Normal file
3
aech/nsec3signing.sh
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
rndc signing -nsec3param 1 0 10 auto strobeto.de
|
||||||
|
rndc signing -nsec3param 1 0 10 auto strobeltobias.de
|
4
aech/update-nc-apps.sh
Normal file
4
aech/update-nc-apps.sh
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Fix: The input device is not a tty
|
||||||
|
#export COMPOSE_INTERACTIVE_NO_CLI=1
|
||||||
|
/usr/bin/docker exec --user 33 nextcloud-space php occ app:update --all
|
10
aech/upgrade-docker-compose.sh
Normal file
10
aech/upgrade-docker-compose.sh
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
echo "Downloading latest version of docker-compose..."
|
||||||
|
curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
|
||||||
|
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
chmod +x /usr/local/bin/docker-compose
|
||||||
|
else
|
||||||
|
echo "Upgrade failed!"
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in a new issue