From b1d287ae15111e6f87b96b394139b493c8d98c45 Mon Sep 17 00:00:00 2001 From: Harshad Yeola Date: Mon, 11 Aug 2014 13:38:56 +0530 Subject: [PATCH 01/19] Update mail.sh --- mail.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mail.sh b/mail.sh index adf20f1..a809a47 100755 --- a/mail.sh +++ b/mail.sh @@ -5,8 +5,8 @@ from_unm="" to_unm="" from_passwd="" to_passwd="" -from_imap="194.126.200.40" -to_imap="85.159.212.242" +from_imap=$2 +to_imap=$3 fail_log="fail.log" @@ -30,4 +30,4 @@ larch --from imap://$from_imap --from-user $from_unm \ --to-user $to_unm \ --all >> larch.log || echo "failed to migrate mail from user $from_unm to $to_unm" >> $fail_log -done < $mail_file \ No newline at end of file +done < $mail_file From b1644e6dafba72d47b3d059906b9de3c7bb2e43b Mon Sep 17 00:00:00 2001 From: Harshad Yeola Date: Mon, 11 Aug 2014 13:56:34 +0530 Subject: [PATCH 02/19] update awk --- search | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/search b/search index 6f96da9..86f7d22 100755 --- a/search +++ b/search @@ -11,4 +11,4 @@ done < $key_file exit 0; ##OR## -awk "`cat key.txt | awk '{ printf "\/" $0 "\/\\n" }'`" test.xml +awk "`cat $1 | awk '{ printf "\/" $0 "\/\\n" }'`" $2 From 7ce5149ebf2f4e8d1a117e91c6b51a75712a1ce8 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Mon, 23 Feb 2015 15:54:58 +0530 Subject: [PATCH 03/19] added new script for cache generation --- cache-generator.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 cache-generator.sh diff --git a/cache-generator.sh b/cache-generator.sh new file mode 100755 index 0000000..2a23a5a --- /dev/null +++ b/cache-generator.sh @@ -0,0 +1,15 @@ +#!/bin/bash + + +ERROR_LOG=/var/log/cache-generator.log + +URI=$1 + +function log() +{ +echo -e "[ `date` ] $(tput setaf 4)$@$(tput sgr0)" &>> $ERROR_LOG +exit $2 +} + + +curl -I ${URI} &>> $ERROR_LOG & log "Caching ${URI}" $! From dc9ed0235ed9c6a940f51e33dce864581983b1d6 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 21 May 2015 05:15:15 -0500 Subject: [PATCH 04/19] added python2deb script in record --- python2deb.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 python2deb.sh diff --git a/python2deb.sh b/python2deb.sh new file mode 100644 index 0000000..7d3d1cf --- /dev/null +++ b/python2deb.sh @@ -0,0 +1,60 @@ +#!/bin/bash + + +# This file is copied from +# https://github.com/jordansissel/python-packaging/blob/master/python2deb.sh + + +if [ "$1" = "-h" ] ; then + echo "Usage: $0 [package]" + echo "If no package is given, 'setup.py' is searched for in $PWD." + echo "If package given, we download with easy_install then build a package." + exit 0 +fi + +# debuild requires package names be lowercase. +if [ "0$#" -ne 0 ] ; then + easy_install --editable --build-directory . "$@" + cd $(ls -td */ | sed -ne '1p') +fi + +if [ ! -r "setup.py" ] ; then + echo "No setup.py found in current directory ($PWD)" + exit 1 +fi + +if [ ! -z "$PATCHES" ] ; then + sh $PATCHES +fi + +# I know, this is pretty crappy, but it's quicker than monkeypatching or +# extending distutils. +ed setup.py << ED_IS_AWESOME +/^ *setup *(/i +import pipes + +def setup(**kwds): + for k in kwds: + print "%s=%s" % (k, pipes.quote(str(kwds[k]))) + if "requires" in kwds: + print "requires=%s" % pipes.quote((", ".join(["python-%s" % x for x in kwds["requires"]]))) + +. +w hacked_setup.py +q +ED_IS_AWESOME + +eval "$(python hacked_setup.py)" + +if [ -z "$name" -o -z "$version" ] ; then + echo "Unable to find name, version, etc..." + exit 1 +fi + +set -e +set -x +name=$(echo "$name" | tr A-Z a-z) +release="$(date +%Y%m%d.%H%M%S)" +dh_make -s -n -c blank -e $USER -p "python-${name}_${version}-${release}" < /dev/null +sed -i -e "/Depends:.*$requires/! { s/^Depends: .*/&, $requires/ }" debian/control +debuild -us -uc From eacf7c7b8a9ad18dd0a320e3d57abce1b6090c32 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 21 May 2015 06:00:12 -0500 Subject: [PATCH 05/19] added reset wordpress script --- resetcron.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 resetcron.sh diff --git a/resetcron.sh b/resetcron.sh new file mode 100644 index 0000000..bfda92e --- /dev/null +++ b/resetcron.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Author : Harshad Yeola +# This script freezes the environment for current wordpress setup +# and reset the environment on next run. + + + +SITE_WEBROOT='/var/www/test.com' +SITE_DB_NAME=$(grep DB_NAME ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) +SITE_DB_USER=$(grep DB_USER ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) +SITE_DB_PASS=$(grep DB_PASS ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) +SITE_DB_BACKUP_PATH="${SITE_WEBROOT}/reset-backup/test_com.sql" +GIT_DIR="${SITE_WEBROOT}/htdocs/wp-content/" +LOG_PATH='/var/log/resetcron.log' + + + +throw_error() { + echo $1 | tee -ai $LOG_PATH + exit $2; +} + + +# Initialize +if [ ! -d ${GIT_DIR}.git ]; then + cd ${GIT_DIR}; + git init && git add . && git commit -m "freeze commit" || throw_error "failed to initialize reset env" $? +fi + +# take database backup +if [ ! -f ${SITE_DB_BACKUP_PATH} ]; then + mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? +fi + + +# START RESETING + +## restore database +if [ -f ${SITE_DB_BACKUP_PATH} ]; then + cat ${SITE_DB_BACKUP_PATH} | mysql -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} 2>>$LOG_PATH || throw_error "restore database failed" $? +else + throw_error "$SITE_DB_BACKUP_PATH not found" 1; +fi + +## reset filesystem +if [ -d ${GIT_DIR} ]; then + cd ${GIT_DIR}; + git reset HEAD --hard && git clean -fd 2>&1>>$LOG_PATH || throw_error "git reset failed" $?; +else + throw_error "${GIT_DIR} not found" 2; +fi From ad74caf2fdf266290630449684c6dc8947e7edd8 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 21 May 2015 07:10:31 -0500 Subject: [PATCH 06/19] added comment --- resetcron.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resetcron.sh b/resetcron.sh index bfda92e..ab80cc9 100644 --- a/resetcron.sh +++ b/resetcron.sh @@ -5,7 +5,7 @@ # and reset the environment on next run. - +# Initialize variables SITE_WEBROOT='/var/www/test.com' SITE_DB_NAME=$(grep DB_NAME ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) SITE_DB_USER=$(grep DB_USER ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) From 4d717db5b0160273b66c6b4254999de1229322a2 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 21 May 2015 07:36:24 -0500 Subject: [PATCH 07/19] major fix --- resetcron.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resetcron.sh b/resetcron.sh index ab80cc9..7158843 100644 --- a/resetcron.sh +++ b/resetcron.sh @@ -28,8 +28,12 @@ if [ ! -d ${GIT_DIR}.git ]; then git init && git add . && git commit -m "freeze commit" || throw_error "failed to initialize reset env" $? fi + # take database backup if [ ! -f ${SITE_DB_BACKUP_PATH} ]; then + if [ ! -d "${SITE_WEBROOT}/reset-backup/" ]; then + mkdir -p "${SITE_WEBROOT}/reset-backup/" + fi mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? fi From 5c781ebc8243f16fe536212f8dabc92794f8d493 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Fri, 22 May 2015 03:41:48 -0500 Subject: [PATCH 08/19] added iptable rules --- iptables/block-domain.sh | 17 +++++++++++++++++ iptables/block-facebook.sh | 7 +++++++ iptables/flush-iptables.sh | 13 +++++++++++++ iptables/port-forward.sh | 11 +++++++++++ iptables/torrent-log.sh | 20 ++++++++++++++++++++ 5 files changed, 68 insertions(+) create mode 100644 iptables/block-domain.sh create mode 100644 iptables/block-facebook.sh create mode 100644 iptables/flush-iptables.sh create mode 100644 iptables/port-forward.sh create mode 100644 iptables/torrent-log.sh diff --git a/iptables/block-domain.sh b/iptables/block-domain.sh new file mode 100644 index 0000000..6953b69 --- /dev/null +++ b/iptables/block-domain.sh @@ -0,0 +1,17 @@ +#!/bin/bash +iptables -A FORWARD -p all -d vimeo.com -j REJECT +iptables -A FORWARD -p all -d adobe.com -j REJECT +iptables -A FORWARD -p all -d www.adobe.com -j REJECT +iptables -A FORWARD -p all -d microsoft.com -j REJECT +iptables -A FORWARD -p all -d www.microsoft.com -j REJECT +iptables -A FORWARD -p all -d toggle.www.ms.akadns.net -j REJECT +iptables -A FORWARD -p all -d g.www.ms.akadns.net -j REJECT +iptables -A FORWARD -p all -d lb1.www.ms.akadns.net -j REJECT +iptables -A FORWARD -p all -d youtube.com -j REJECT +iptables -A FORWARD -p all -d www.youtube.com -j REJECT +iptables -A FORWARD -p all -d youtube-ui.l.google.com -j REJECT +iptables -A FORWARD -p all -d dropbox.com -j REJECT +iptables -A FORWARD -p all -d quora.com -j REJECT + +# Enable Google Drive which is blocked by youtube +#iptables -A FORWARD -p all -d docs.google.com -j ACCEPT \ No newline at end of file diff --git a/iptables/block-facebook.sh b/iptables/block-facebook.sh new file mode 100644 index 0000000..7988289 --- /dev/null +++ b/iptables/block-facebook.sh @@ -0,0 +1,7 @@ +#!.bin/bash +# Facebook Block------ +for ip in `whois -h whois.radb.net '!gAS32934' | grep /` +do +iptables -A FORWARD -p all -d $ip -j REJECT +done +#End Facebook Block----- \ No newline at end of file diff --git a/iptables/flush-iptables.sh b/iptables/flush-iptables.sh new file mode 100644 index 0000000..f38d0b8 --- /dev/null +++ b/iptables/flush-iptables.sh @@ -0,0 +1,13 @@ +#!/bin/sh +echo "Stopping firewall and allowing everyone..." +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT +echo "Enable squid rules" +iptables-restore < /etc/iptables.rules \ No newline at end of file diff --git a/iptables/port-forward.sh b/iptables/port-forward.sh new file mode 100644 index 0000000..afb2868 --- /dev/null +++ b/iptables/port-forward.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Forward port 2222 => 22 +iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2222 -j DNAT --to 192.168.0.243:22 +iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.0.243:22 +iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.243 --dport 22 -j MASQUERADE + +# Forward port 80 +iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.243:80 +iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.243:80 +iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.243 --dport 80 -j MASQUERADE diff --git a/iptables/torrent-log.sh b/iptables/torrent-log.sh new file mode 100644 index 0000000..7cd52cb --- /dev/null +++ b/iptables/torrent-log.sh @@ -0,0 +1,20 @@ +#Log Torrent +iptables -N LOGDROP &>> /var/log/squid3/torrent.log +iptables -F LOGDROP +iptables -A LOGDROP -j LOG --log-prefix "LOGDROP " +iptables -A LOGDROP -j DROP + +#Torrent +iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "torrent" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "announce" -j LOGDROP +iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOGDROP + +#DHT keyword +iptables -A FORWARD -m string --string "get_peers" --algo bm -j LOGDROP +iptables -A FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP +iptables -A FORWARD -m string --string "find_node" --algo bm -j LOGDROP \ No newline at end of file From e486dc15397c13c66ae7e9ad09dac047bd383fae Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 4 Jun 2015 00:29:29 +0530 Subject: [PATCH 09/19] added ssh-key fetcher script --- ssh-key/key-fetcher.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 ssh-key/key-fetcher.sh diff --git a/ssh-key/key-fetcher.sh b/ssh-key/key-fetcher.sh new file mode 100644 index 0000000..7b85d1d --- /dev/null +++ b/ssh-key/key-fetcher.sh @@ -0,0 +1,12 @@ +#!/bin/bash + + +# Author : Harshad Yeola +# This script fetches ssh key from github for username provided as argument +# also append that to ssh authorized keys + +function retrieve_key() { + NAME=$1 && KEY="$(curl -s https://github.com/$NAME.keys)" && echo "$KEY" $NAME >> ~/.ssh/authorized_keys +} + +retrieve_key $1 From 76b5f5074b7633d5d1d3962c19a6895a68d9f2e5 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 25 Jun 2015 12:25:21 +0530 Subject: [PATCH 10/19] hooks.sh added --- hooks.sh | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 hooks.sh diff --git a/hooks.sh b/hooks.sh new file mode 100644 index 0000000..ba8f656 --- /dev/null +++ b/hooks.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Author : Harshad Yeola +# This scripts is intended to be used as hook to sync repositories on server. + + +declare -A repos +declare -A branch + +LOG="/var/log/hooks.log" + +function error() +{ + echo -e "[ `date` ] failed ==> $(tput setaf 1)$@$(tput sgr0)" | tee -ai $LOG + exit $2 +} + +function echo_output() +{ + echo -e "[ `date` ] success ==> $(tput setaf 4)$@$(tput sgr0)" | tee -ai $LOG +} + + + +# define repo path and branch + +/etc-config repo +repos['etc-config']='/etc' +branch['etc-config']='master' + + +# repos['etc-config']="/home/harshad/Github/easyengine" +# branch['etc-config']='feature/plugin' + + +for repo in ${!repos[@]}; do + path=${repos[$repo]} + git_branch=${branch[$repo]} + + current_branch=$(cd $path && git rev-parse --abbrev-ref HEAD) + + if [ "$current_branch" == "$git_branch" ]; then + + echo_output "Fetching $repo commits at $path with branch $git_branch " + cd $path &>>$LOG || error "cd $path" $? + git reset --hard HEAD &>>$LOG || error "git reset --hard HEAD" $? + git pull origin ${git_branch} &>>$LOG || error "git pull origin ${git_branch}" $? + fi +done \ No newline at end of file From 4507ab81fc9751a023f4053310ec59554ff61a67 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 25 Jun 2015 12:27:03 +0530 Subject: [PATCH 11/19] comment added --- hooks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks.sh b/hooks.sh index ba8f656..ab79c02 100644 --- a/hooks.sh +++ b/hooks.sh @@ -24,7 +24,7 @@ function echo_output() # define repo path and branch -/etc-config repo +# /etc-config repo repos['etc-config']='/etc' branch['etc-config']='master' From 5684df9e98f13a86268935b90cee4453f74f25d5 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Mon, 29 Jun 2015 18:31:32 +0530 Subject: [PATCH 12/19] wordpress subdir setup --- subdir.conf | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 subdir.conf diff --git a/subdir.conf b/subdir.conf new file mode 100644 index 0000000..fa19a50 --- /dev/null +++ b/subdir.conf @@ -0,0 +1,12 @@ +# Author : Harshad Yeola +# + +# Nginx configuration to setup wordpress under subdirectory + +set $dir ""; +if ($request_uri ~ ^/([^/]*)/.*$ ) { + set $dir1 /$1; +} +location / { + try_files $uri $uri/ $dir1/index.php?$args; + } \ No newline at end of file From 1aa02fe414e191af8cfee5b7b715ea7e800b8f58 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Mon, 29 Jun 2015 20:04:05 +0530 Subject: [PATCH 13/19] added comment --- subdir.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/subdir.conf b/subdir.conf index fa19a50..d44f86a 100644 --- a/subdir.conf +++ b/subdir.conf @@ -1,5 +1,5 @@ # Author : Harshad Yeola -# +## # Nginx configuration to setup wordpress under subdirectory @@ -9,4 +9,4 @@ if ($request_uri ~ ^/([^/]*)/.*$ ) { } location / { try_files $uri $uri/ $dir1/index.php?$args; - } \ No newline at end of file + } From 581613a7aa9389ca93ac090f9041c7e178d62e58 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 30 Jul 2015 12:34:27 +0530 Subject: [PATCH 14/19] some new scripts --- cache_flush.lua | 33 +++++++++++++ hooks.sh | 12 ++++- iptables-rules | 120 ++++++++++++++++++++++++++++++++++++++++++++++++ myscripts | 17 +++++++ 4 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 cache_flush.lua create mode 100644 iptables-rules create mode 100644 myscripts diff --git a/cache_flush.lua b/cache_flush.lua new file mode 100644 index 0000000..37fb733 --- /dev/null +++ b/cache_flush.lua @@ -0,0 +1,33 @@ +local sock = ngx.socket.tcp() + +sock:settimeout(1000) -- one second + +local ok, err = sock:connect("127.0.0.1", 6379) +if not ok then + ngx.say("failed to connect: ", err) + return +end + + +local bytes, err = sock:send("flush_all\r\n") +if not bytes then + ngx.say("failed to send query: ", err) + return +end + +local line, err = sock:receive() +if not line then + ngx.say("failed to receive a line: ", err) + return +end + +ngx.say("result: ", line) + + +local ok, err = sock:setkeepalive(60000, 500) +if not ok then + ngx.say("failed to put the connection into pool " + .. "with pool capacity 500 " + .. "and maximal idle time 60 sec") + return +end \ No newline at end of file diff --git a/hooks.sh b/hooks.sh index ab79c02..23a2e56 100644 --- a/hooks.sh +++ b/hooks.sh @@ -24,10 +24,14 @@ function echo_output() # define repo path and branch -# /etc-config repo +# etc-config repo repos['etc-config']='/etc' branch['etc-config']='master' +# nginx-com-wp-composer repo +repos['nginx-com-wp-composer']='/var/www/wp.nginx.com' +branch['nginx-com-wp-composer']='master' + # repos['etc-config']="/home/harshad/Github/easyengine" # branch['etc-config']='feature/plugin' @@ -45,5 +49,11 @@ for repo in ${!repos[@]}; do cd $path &>>$LOG || error "cd $path" $? git reset --hard HEAD &>>$LOG || error "git reset --hard HEAD" $? git pull origin ${git_branch} &>>$LOG || error "git pull origin ${git_branch}" $? + + if [ "$path" == "/etc" ]; then + service nginx reload &>>$LOG || error "service nginx reload" $? + service php5-fpm reload &&>>$LOG || error "service php5-fpm reload" $? + service mysql reload &&>>$LOG || error "service mysql reload" $? + fi fi done \ No newline at end of file diff --git a/iptables-rules b/iptables-rules new file mode 100644 index 0000000..ad533bb --- /dev/null +++ b/iptables-rules @@ -0,0 +1,120 @@ +# Modify this file accordingly for your specific requirement. +# http://www.thegeekstuff.com +# 1. Delete all existing rules +iptables -F + +# 2. Set default chain policies +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT DROP + +# 3. Block a specific ip-address +#BLOCK_THIS_IP="x.x.x.x" +#iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP + +# 4. Allow ALL incoming SSH +#iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +# 5. Allow incoming SSH only from a sepcific network +#iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +# 6. Allow incoming HTTP +#iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT +#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT + +# Allow incoming HTTPS +#iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +#iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT + +# 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS) +iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT + +# 8. Allow outgoing SSH +iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +# 9. Allow outgoing SSH only to a specific network +#iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +#iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +# 10. Allow outgoing HTTPS +iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT + +# 11. Load balance incoming HTTPS traffic +#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443 +#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443 +#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443 + +# 12. Ping from inside to outside +iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT + +# 13. Ping from outside to inside +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + +# 14. Allow loopback access +iptables -A INPUT -i lo -j ACCEPT +iptables -A OUTPUT -o lo -j ACCEPT + +# 15. Allow packets from internal network to reach external network. +# if eth1 is connected to external network (internet) +# if eth0 is connected to internal network (192.168.1.x) +iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT + +# 16. Allow outbound DNS +#iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT +#iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT + +# 17. Allow NIS Connections +# rpcinfo -p | grep ypbind ; This port is 853 and 850 +#iptables -A INPUT -p tcp --dport 111 -j ACCEPT +#iptables -A INPUT -p udp --dport 111 -j ACCEPT +#iptables -A INPUT -p tcp --dport 853 -j ACCEPT +#iptables -A INPUT -p udp --dport 853 -j ACCEPT +#iptables -A INPUT -p tcp --dport 850 -j ACCEPT +#iptables -A INPUT -p udp --dport 850 -j ACCEPT + +# 18. Allow rsync from a specific network +iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT + +# 19. Allow MySQL connection only from a specific network +iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT + +# 20. Allow Sendmail or Postfix +iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT + +# 21. Allow IMAP and IMAPS +iptables -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT + +iptables -A INPUT -i eth0 -p tcp --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 993 -m state --state ESTABLISHED -j ACCEPT + +# 22. Allow POP3 and POP3S +iptables -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT + +iptables -A INPUT -i eth0 -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT + +# 23. Prevent DoS attack +iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT + +# 24. Port forwarding 422 to 22 +iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22 +iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT + +# 25. Log dropped packets +iptables -N LOGGING +iptables -A INPUT -j LOGGING +iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7 +iptables -A LOGGING -j DROP diff --git a/myscripts b/myscripts new file mode 100644 index 0000000..3e5cce3 --- /dev/null +++ b/myscripts @@ -0,0 +1,17 @@ +mkfs -t ext4 /dev/xvdb + +mount /dev/xvdb /mnt/xvdb + +mkdir /mnt/xvdb/tmp +mkdir /mnt/xvdb/swap + +dd if=/dev/zero of=/mnt/xvdb/swap/swapfile bs=1024 count=2048k + +mkswap /mnt/xvdb/swap/swapfile + +^_^[root@ip-172-31-53-216:~]# mkswap /mnt/xvdb/swap/swapfile +Setting up swapspace version 1, size = 2097148 KiB +no label, UUID=ceb137d1-e144-41ac-abfa-fa7ed6f1a5da + + +swapon /mnt/xvdb/swap/swapfile \ No newline at end of file From 790a9197c49b46521910b70e32ae8a4fc2660439 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Thu, 30 Jul 2015 15:30:19 +0530 Subject: [PATCH 15/19] added commands --- resetcron.sh | 110 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 74 insertions(+), 36 deletions(-) diff --git a/resetcron.sh b/resetcron.sh index 7158843..f3dc83d 100644 --- a/resetcron.sh +++ b/resetcron.sh @@ -3,17 +3,8 @@ # Author : Harshad Yeola # This script freezes the environment for current wordpress setup # and reset the environment on next run. - - -# Initialize variables -SITE_WEBROOT='/var/www/test.com' -SITE_DB_NAME=$(grep DB_NAME ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) -SITE_DB_USER=$(grep DB_USER ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) -SITE_DB_PASS=$(grep DB_PASS ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) -SITE_DB_BACKUP_PATH="${SITE_WEBROOT}/reset-backup/test_com.sql" -GIT_DIR="${SITE_WEBROOT}/htdocs/wp-content/" -LOG_PATH='/var/log/resetcron.log' - +# Usage : +# bash resetcron.sh [ init | reset | backup ] throw_error() { @@ -21,36 +12,83 @@ throw_error() { exit $2; } +main(){ -# Initialize -if [ ! -d ${GIT_DIR}.git ]; then - cd ${GIT_DIR}; - git init && git add . && git commit -m "freeze commit" || throw_error "failed to initialize reset env" $? -fi + # Initialize variables + SITE_WEBROOT='/var/www/example.com' + SITE_DB_NAME=$(grep DB_NAME ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) + SITE_DB_USER=$(grep DB_USER ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) + SITE_DB_PASS=$(grep DB_PASS ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) + SITE_DB_BACKUP_PATH="${SITE_WEBROOT}/reset-backup/example_com.sql" + GIT_DIR="${SITE_WEBROOT}" + LOG_PATH='/var/log/resetcron.log' -# take database backup -if [ ! -f ${SITE_DB_BACKUP_PATH} ]; then - if [ ! -d "${SITE_WEBROOT}/reset-backup/" ]; then - mkdir -p "${SITE_WEBROOT}/reset-backup/" - fi - mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? -fi + init(){ + # Add .gitignore + printf "*\n!htdocs/\n!htdocs/**\n!reset-backup/\n!reset-backup/example_com.sql" > ${SITE_WEBROOT}/.gitignore -# START RESETING + # Initialize git repo + if [ ! -d ${GIT_DIR}/.git ]; then + cd ${GIT_DIR}; + git init -## restore database -if [ -f ${SITE_DB_BACKUP_PATH} ]; then - cat ${SITE_DB_BACKUP_PATH} | mysql -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} 2>>$LOG_PATH || throw_error "restore database failed" $? -else - throw_error "$SITE_DB_BACKUP_PATH not found" 1; -fi + # take database backup + if [ ! -f ${SITE_DB_BACKUP_PATH} ]; then + if [ ! -d "${SITE_WEBROOT}/reset-backup/" ]; then + mkdir -p "${SITE_WEBROOT}/reset-backup/" + fi + mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? + fi + git add . + git commit -am "[$(date)] : Initialized resetcron" + else + throw_error "already a git repo" $? + fi + } + + + reset(){ + + # START RESETING + + ## restore database + if [ -f ${SITE_DB_BACKUP_PATH} ]; then + cat ${SITE_DB_BACKUP_PATH} | mysql -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} 2>>$LOG_PATH || throw_error "restore database failed" $? + else + throw_error "$SITE_DB_BACKUP_PATH not found" 1; + fi -## reset filesystem -if [ -d ${GIT_DIR} ]; then - cd ${GIT_DIR}; - git reset HEAD --hard && git clean -fd 2>&1>>$LOG_PATH || throw_error "git reset failed" $?; -else - throw_error "${GIT_DIR} not found" 2; + ## reset filesystem + if [ -d ${GIT_DIR} ]; then + cd ${GIT_DIR}; + git reset HEAD --hard && git clean -fd 2>&1>>$LOG_PATH || throw_error "git reset failed" $?; + else + throw_error "${GIT_DIR} not found" 2; + fi + + } + + backup(){ + + # take latest database backup + mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? + + # commit database changes + git commit -m "[$date] : database renewed" + + # commit other changes in webroot + git commit -am "[$date] : webroot renewed" + } + + $1 +} + +if [[ "$#" -gt 3 ]]; then + exit 1 fi +if [[ "$1" == "init" || "$1" == "reset" || "$1" == "backup" ]]; then + + main $1 +fi From 81fca7881a7d3705f548bcebe8e660ce76e2d260 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Wed, 5 Aug 2015 17:16:19 +0530 Subject: [PATCH 16/19] updated error handling --- resetcron.sh | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/resetcron.sh b/resetcron.sh index f3dc83d..1e84dc6 100644 --- a/resetcron.sh +++ b/resetcron.sh @@ -8,7 +8,7 @@ throw_error() { - echo $1 | tee -ai $LOG_PATH + echo "[$(date)] : $1" | tee -ai $LOG_PATH exit $2; } @@ -19,7 +19,7 @@ main(){ SITE_DB_NAME=$(grep DB_NAME ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) SITE_DB_USER=$(grep DB_USER ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) SITE_DB_PASS=$(grep DB_PASS ${SITE_WEBROOT}/wp-config.php | cut -d "'" -f 4) - SITE_DB_BACKUP_PATH="${SITE_WEBROOT}/reset-backup/example_com.sql" + SITE_DB_BACKUP_PATH="resetcron/example_com.sql" GIT_DIR="${SITE_WEBROOT}" LOG_PATH='/var/log/resetcron.log' @@ -27,7 +27,7 @@ main(){ init(){ # Add .gitignore - printf "*\n!htdocs/\n!htdocs/**\n!reset-backup/\n!reset-backup/example_com.sql" > ${SITE_WEBROOT}/.gitignore + printf "*\n!htdocs/\n!htdocs/**\n!resetcron/\n!resetcron/example_com.sql" > ${SITE_WEBROOT}/.gitignore # Initialize git repo if [ ! -d ${GIT_DIR}/.git ]; then @@ -35,13 +35,13 @@ main(){ git init # take database backup - if [ ! -f ${SITE_DB_BACKUP_PATH} ]; then - if [ ! -d "${SITE_WEBROOT}/reset-backup/" ]; then - mkdir -p "${SITE_WEBROOT}/reset-backup/" + if [ ! -f ${SITE_WEBROOT}/${SITE_DB_BACKUP_PATH} ]; then + if [ ! -d "${SITE_WEBROOT}/resetcron/" ]; then + mkdir -p "${SITE_WEBROOT}/resetcron/" fi - mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? + su -c "mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_WEBROOT}/${SITE_DB_BACKUP_PATH}" - www-data || throw_error "failed to take database backup" $? fi - git add . + su -c "git add ." - www-data git commit -am "[$(date)] : Initialized resetcron" else throw_error "already a git repo" $? @@ -52,6 +52,7 @@ main(){ reset(){ # START RESETING + cd ${GIT_DIR} ## restore database if [ -f ${SITE_DB_BACKUP_PATH} ]; then @@ -61,28 +62,30 @@ main(){ fi ## reset filesystem - if [ -d ${GIT_DIR} ]; then + if [ -d ${GIT_DIR}/.git ]; then cd ${GIT_DIR}; - git reset HEAD --hard && git clean -fd 2>&1>>$LOG_PATH || throw_error "git reset failed" $?; + git reset HEAD --hard && git clean -fd &>>$LOG_PATH || throw_error "git reset failed" $?; else - throw_error "${GIT_DIR} not found" 2; + throw_error "${GIT_DIR}/.git not found" 2; fi } backup(){ + cd ${GIT_DIR} + # take latest database backup mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? # commit database changes - git commit -m "[$date] : database renewed" + git commit -m "[$(date)] : database renewed" ${SITE_DB_BACKUP_PATH} || "Unable to commit database changes" $? # commit other changes in webroot - git commit -am "[$date] : webroot renewed" + git add -A && git commit -am "[$(date)] : webroot renewed" || throw_error "Unable to commit webroot changes" $? } - $1 + $1 } if [[ "$#" -gt 3 ]]; then From f39feccf414b6f4339a75fbea52c7e8653c26446 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Wed, 5 Aug 2015 18:06:39 +0530 Subject: [PATCH 17/19] log redirection --- resetcron.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resetcron.sh b/resetcron.sh index 1e84dc6..236305c 100644 --- a/resetcron.sh +++ b/resetcron.sh @@ -79,10 +79,10 @@ main(){ mysqldump -u ${SITE_DB_USER} -p${SITE_DB_PASS} ${SITE_DB_NAME} > ${SITE_DB_BACKUP_PATH} || throw_error "failed to take database backup" $? # commit database changes - git commit -m "[$(date)] : database renewed" ${SITE_DB_BACKUP_PATH} || "Unable to commit database changes" $? + git commit -m "[$(date)] : database renewed" ${SITE_DB_BACKUP_PATH} &>>$LOG_PATH || "Unable to commit database changes" $? # commit other changes in webroot - git add -A && git commit -am "[$(date)] : webroot renewed" || throw_error "Unable to commit webroot changes" $? + git add -A && git commit -am "[$(date)] : webroot renewed" &>>$LOG_PATH || throw_error "Unable to commit webroot changes" $? } $1 From 8f1afb1dcdc652665f895ac0680772e3ba9aa2f8 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Fri, 29 Jul 2016 22:13:00 +0530 Subject: [PATCH 18/19] unnecessary commits --- hooks.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hooks.sh b/hooks.sh index 23a2e56..7d25646 100644 --- a/hooks.sh +++ b/hooks.sh @@ -28,9 +28,9 @@ function echo_output() repos['etc-config']='/etc' branch['etc-config']='master' -# nginx-com-wp-composer repo -repos['nginx-com-wp-composer']='/var/www/wp.nginx.com' -branch['nginx-com-wp-composer']='master' +# example-com-wp-composer repo +repos['example-com-wp-composer']='/var/www/wp.example.com' +branch['example-com-wp-composer']='master' # repos['etc-config']="/home/harshad/Github/easyengine" @@ -56,4 +56,4 @@ for repo in ${!repos[@]}; do service mysql reload &&>>$LOG || error "service mysql reload" $? fi fi -done \ No newline at end of file +done From da68d92b7ddead43d2cc6a47853609637fb718bb Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Tue, 5 Jun 2018 16:32:11 +0530 Subject: [PATCH 19/19] add script to minitor node status in swarm cluster --- monitor-swarm-cluster.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 monitor-swarm-cluster.sh diff --git a/monitor-swarm-cluster.sh b/monitor-swarm-cluster.sh new file mode 100644 index 0000000..cf3ba8b --- /dev/null +++ b/monitor-swarm-cluster.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# In Crontab add following entry +# @reboot /bin/bash /root/bin/monitor-swarm.sh & +# Monitor Docker Swarm node Status +while true +do + docker node ls | grep Down + if [ $? == 0 ]; then + CLUSTERSTATUS="$(docker node ls)" + echo "$CLUSTERSTATUS" | mail -s "$(hostname -f) " e2l9n1e5j7y5b0e6@shoppinpal.slack.com + fi + # add sleep time so that it does not burden the docker engine + sleep 300 +done