These days my philosophy is, why use a scripting language to automate anything on Linux when i can just write a shell script which can be expanded with a little config script to run as a daemon or 'start-stop-daemon' or a cron job. In my opinion automating Linux is a job for Bash, even if you prefer not to have a lot of utilities on your machine, BusyBox generally has almost everything you need, including 'awk' and a built in Bourne shell. Even if you need something out of the ordinary to occur you can invoke any scripting language you have the interpreter installed for. Whenever this occurs i just plonk a one liner in there and boom extra functionality.
Now this isn't a thread where i go deep on offensive security with regards to shell scripts, but i got two scripts for you today that are quite convenient.
#!/bin/bash
# Coloring scheme for notfications
ESC="\x1b["
RESET=$ESC"39;49;00m"
RED=$ESC"31;01m"
GREEN=$ESC"32;01m"
# Warning
function warning()
{ echo -e "\n$RED [!] $1 $RESET\n"
}
# Green notification
function notification()
{ echo -e "\n$GREEN [+] $1 $RESET\n"
}
function file_ops()
{ printf "Please be patient while we collect relevant files..."
cwd=$(pwd)
cd $output
mkdir Archive
# Set up array to copy relevant files
while IFS= read -d $'\0' -r file ; do
file_list=("${file_list[@]}" "$file")
# Uncomment line 43 and comment line 44 in order to force the script to look for log files instead
# done < <( sudo find / -name "*.log" -print0)
done < <( sudo find / -mmin -60 -print0)
notification "All relevant data has been collected, processing..."
# Copy files to the specified Dir + temporary Archive directory
for file in "${file_list[@]}"
do
sudo cp -p -f $file -t Archive
done
notification "Archiving data with password..."
cd Archive
7z a results.7z * -p
mv results.7z ..
read -p "Secure delete 'Archive' files and dir? [Y/n]: " choice
if [[ $choice == 'y' || $choice == 'Y' ]]; then
# Shred files and delete Archive dir
cd ..
find Archive -depth -type f -exec shred -v -n 1 -z -u {} \; && rm -rf Archive
sleep 1 && clear
cd $cwd
notification "All operations completed."
exit 0
else
cd $cwd
notification "All operations completed."
exit 0
fi
}
# Funtion to handle operations related to a provided directory that does not exist
function dir_ops()
{ read -p 'Create directory? [Y/n]: ' choice
if [[ $choice == 'y' || $choice == 'Y' ]]; then
mkdir $output
stat $output || warning "Could not create directory. Exiting" && exit 0
file_ops
else
warning "Aborted..."
exit 0
fi
}
# Starting function
function main()
{ printf "%b\nWelcome.
This script will copy all files and dirs that were
altered in the last hour to a directory of your
choosing and store them in an encrypted archive.\n\n\n"
read -p 'Enter full path to output location : ' output
printf "%b\n\n"
notification "Checking output location..."
stat $output || dirstat=0
if [[ $dirstat == 0 ]]; then
dir_ops
fi
notification "Directory checked, proceeding with file operations..."
sleep 2
# Call file operations function
file_ops
}
# Check for root
if [[ "$EUID" -ne 0 ]]; then
warning "It is recommeded the script is run as root"
read -p 'Continue without root? [Y/n]: ' choice
if [[ $choice == 'y' || $choice == 'Y' ]]; then
main
else
exit 0
fi
else
main
fi
This script looks for files that have been modified in the last hour, copies them, saves them in an archive and shreds the copies. This is so you can do some forensic work on them to see if any fuckery has occurred. That's the security part. A little bit in the vein of SOC stuff.
This next one i wrote because on some distros when i did apt-get dist-upgrade it wouldn't get rid of any old kernel images, which is a waste of space. I open sourced it, which is why it has a name and a little ascii logo, i like doing that when i put things out as OSS on Github and such.
#!/bin/bash
if [[ "$EUID" -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
function logo()
{ echo " _____ _____ "
echo "| | |___ ___ ___| |___ ___ "
echo "| -| -_| _| | | | | .'| |"
echo "|__|__|___|_| |_|_|_|_|_|__,|_|_|"
printf "\nKernMan - Kernel Management Assistant.\n"
}
logo
function usage()
{ printf "\nKernMan is a script written for the purpose of simplifying Kernel Management.
Select the option 'List' to display all installed kernels Select the option 'Purge' to display
all kernels that can be removed and subsequently do so\n\n"
}
PS3='Please enter your choice: '
options=("Usage" "List" "Purge" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Usage")
usage
;;
"List")
dpkg -l linux-image-\* | grep ^ii
;;
"Purge")
kernelver=$(uname -r | sed -r 's/-[a-z]+//')
dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve $kernelver
printf "\nThese items will be deleted.\n"
read -p 'Continue? Y/n ' choice
if [[ $choice == "y" ]]; then
sudo apt-get purge $(dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve "$(uname -r | sed -r 's/-[a-z]+//')")
else
echo "Aborted"
break
fi
;;
"Quit")
break
;;
*) echo invalid option;;
esac
done
Figured i'd post these in case they're the sort of thing you find useful to have around.
What i think would be useful if we all posted some of the scripts we wrote to automate security and maintenance tasks for *Nix, then we can have one thread as a sort of catalog for this type of automation. It doesn't have to be Bash, Perl, Lua, Python and Ruby are fine too. Hell even if you have something useful written in C, feel free to contribute. Thanks guys.
