User Controls

Server maintenance and security scripts.

  1. #1
    Sophie Pedophile Tech Support
    These days my philosophy is, why use a scripting language to automate anything on Linux when i can just write a shell script which can be expanded with a little config script to run as a daemon or 'start-stop-daemon' or a cron job. In my opinion automating Linux is a job for Bash, even if you prefer not to have a lot of utilities on your machine, BusyBox generally has almost everything you need, including 'awk' and a built in Bourne shell. Even if you need something out of the ordinary to occur you can invoke any scripting language you have the interpreter installed for. Whenever this occurs i just plonk a one liner in there and boom extra functionality.

    Now this isn't a thread where i go deep on offensive security with regards to shell scripts, but i got two scripts for you today that are quite convenient.


    #!/bin/bash

    # Coloring scheme for notfications
    ESC="\x1b["
    RESET=$ESC"39;49;00m"
    RED=$ESC"31;01m"
    GREEN=$ESC"32;01m"

    # Warning
    function warning()
    { echo -e "\n$RED [!] $1 $RESET\n"
    }

    # Green notification
    function notification()
    { echo -e "\n$GREEN [+] $1 $RESET\n"
    }


    function file_ops()
    { printf "Please be patient while we collect relevant files..."

    cwd=$(pwd)
    cd $output
    mkdir Archive

    # Set up array to copy relevant files
    while IFS= read -d $'\0' -r file ; do
    file_list=("${file_list[@]}" "$file")

    # Uncomment line 43 and comment line 44 in order to force the script to look for log files instead
    # done < <( sudo find / -name "*.log" -print0)
    done < <( sudo find / -mmin -60 -print0)
    notification "All relevant data has been collected, processing..."

    # Copy files to the specified Dir + temporary Archive directory
    for file in "${file_list[@]}"
    do
    sudo cp -p -f $file -t Archive
    done

    notification "Archiving data with password..."

    cd Archive
    7z a results.7z * -p
    mv results.7z ..

    read -p "Secure delete 'Archive' files and dir? [Y/n]: " choice
    if [[ $choice == 'y' || $choice == 'Y' ]]; then
    # Shred files and delete Archive dir
    cd ..
    find Archive -depth -type f -exec shred -v -n 1 -z -u {} \; && rm -rf Archive
    sleep 1 && clear

    cd $cwd
    notification "All operations completed."
    exit 0

    else
    cd $cwd
    notification "All operations completed."
    exit 0
    fi
    }

    # Funtion to handle operations related to a provided directory that does not exist
    function dir_ops()
    { read -p 'Create directory? [Y/n]: ' choice
    if [[ $choice == 'y' || $choice == 'Y' ]]; then
    mkdir $output
    stat $output || warning "Could not create directory. Exiting" && exit 0

    file_ops
    else
    warning "Aborted..."
    exit 0
    fi

    }

    # Starting function
    function main()
    { printf "%b\nWelcome.

    This script will copy all files and dirs that were
    altered in the last hour to a directory of your
    choosing and store them in an encrypted archive.\n\n\n"


    read -p 'Enter full path to output location : ' output

    printf "%b\n\n"
    notification "Checking output location..."
    stat $output || dirstat=0

    if [[ $dirstat == 0 ]]; then
    dir_ops
    fi

    notification "Directory checked, proceeding with file operations..."
    sleep 2

    # Call file operations function
    file_ops

    }

    # Check for root
    if [[ "$EUID" -ne 0 ]]; then
    warning "It is recommeded the script is run as root"

    read -p 'Continue without root? [Y/n]: ' choice
    if [[ $choice == 'y' || $choice == 'Y' ]]; then
    main
    else
    exit 0
    fi

    else
    main
    fi



    This script looks for files that have been modified in the last hour, copies them, saves them in an archive and shreds the copies. This is so you can do some forensic work on them to see if any fuckery has occurred. That's the security part. A little bit in the vein of SOC stuff.

    This next one i wrote because on some distros when i did apt-get dist-upgrade it wouldn't get rid of any old kernel images, which is a waste of space. I open sourced it, which is why it has a name and a little ascii logo, i like doing that when i put things out as OSS on Github and such.


    #!/bin/bash

    if [[ "$EUID" -ne 0 ]]; then
    echo "This script must be run as root"
    exit 1
    fi

    function logo()
    { echo " _____ _____ "
    echo "| | |___ ___ ___| |___ ___ "
    echo "| -| -_| _| | | | | .'| |"
    echo "|__|__|___|_| |_|_|_|_|_|__,|_|_|"
    printf "\nKernMan - Kernel Management Assistant.\n"
    }

    logo

    function usage()
    { printf "\nKernMan is a script written for the purpose of simplifying Kernel Management.

    Select the option 'List' to display all installed kernels Select the option 'Purge' to display
    all kernels that can be removed and subsequently do so\n\n"
    }



    PS3='Please enter your choice: '
    options=("Usage" "List" "Purge" "Quit")
    select opt in "${options[@]}"
    do
    case $opt in
    "Usage")
    usage
    ;;
    "List")
    dpkg -l linux-image-\* | grep ^ii
    ;;
    "Purge")
    kernelver=$(uname -r | sed -r 's/-[a-z]+//')
    dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve $kernelver

    printf "\nThese items will be deleted.\n"
    read -p 'Continue? Y/n ' choice

    if [[ $choice == "y" ]]; then
    sudo apt-get purge $(dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve "$(uname -r | sed -r 's/-[a-z]+//')")
    else
    echo "Aborted"
    break

    fi
    ;;
    "Quit")
    break
    ;;
    *) echo invalid option;;
    esac
    done


    Figured i'd post these in case they're the sort of thing you find useful to have around.


    What i think would be useful if we all posted some of the scripts we wrote to automate security and maintenance tasks for *Nix, then we can have one thread as a sort of catalog for this type of automation. It doesn't have to be Bash, Perl, Lua, Python and Ruby are fine too. Hell even if you have something useful written in C, feel free to contribute. Thanks guys.
Jump to Top