MyCode/Website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit after prune move from main

Browse Source
This commit is contained in:
Phil Connor 2024-03-12 10:00:34 -05:00
commit bbf5757397
13 changed files with 8182 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

535
CodeServerInstall.sh Normal file
View File

@ -0,0 +1,535 @@
#!/bin/bash
####################################################################
#### Code-Server install Script for Oracle Linux, Centos/Redhat ####
#### and Ubuntu Servers. ####
#### Author: Phil Connor 02/10/2020 ####
#### Contact: contact@mylinux.work ####
#### Version 1.30 ####
#### ####
#### To use this script chmod it to 755 ####
#### or simply type bash <filename.sh> ####
####################################################################
#############################
#### User Configurations ####
#############################
CODEDIR=/code # Home directory for your Code
EMAIL=admin@mydomain.com # your domain email address
HTTPTYPE=APACHE # Choose Apache, Caddy or Nginx All UPPER Case
PASSWD=pAsSwOrD # Your Password for Code-server used for Apache, Nginx and Caddy
UNAME=MyUser # Username Used for Caddy
SERVDIR=/usr/local/code-server # where you want the code-server installed
SERVERNAME=code.mydomain.cloud # server fqdn name
USRDIR=/var/lib/code-server
########################
#### System Configs ####
########################
CADPASS="$(echo -e "${PASSWD}\n$PASSWD" | caddy hash-password 2>/dev/null | tail --lines=1)"
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
define() {
IFS=$'\n' read -r -d '' "$1"
}
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = alma || ${OS} = amazon || ${OS} = centos || ${OS} = red || ${OS} = rocky || ${OS} = oracle ]]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = ubuntu ]; then
PAKMGR="apt -y"
fi
################################
#### Check if OS is Updated ####
################################
if [ "${OS}" = ubuntu ]; then
${PAKMGR} update && ${PAKMGR} upgrade
${PAKMGR} install libc6 libstdc++6 snapd
else
${PAKMGR} update
${PAKMGR} install snapd
fi
###############################################
#### Get the latest version of Code Server ####
###############################################
get_latest_version() {
{
version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/coder/code-server/releases/latest)"
version="${version#https://github.com/coder/code-server/releases/tag/}"
version="${version#v}"
echo "$version"
}
}
#########################################
#### Download and Install Codeserver ####
#########################################
install_codeserver() {
{
# check if command wget exists
if ! command -v wget >/dev/null 2>&1; then
${PAKMGR} install wget
fi
cd ~/ || exit
wget "https://github.com/coder/code-server/releases/download/v$version/code-server-$version-linux-amd64.tar.gz"
tar xvf "code-server-$version-linux-amd64.tar.gz"
mkdir ${CODEDIR}
mkdir ${SERVDIR}
cp -r ~/code-server-"$version"-linux-amd64/* ${SERVDIR}
ln -s ${SERVDIR}/bin/code-server /usr/bin/code-server
# Code Directory
mkdir "${CODEDIR}"
# User Directory
mkdir "${USRDIR}"
csserv=/lib/systemd/system
touch $csserv/code-server.service
OUTFILE1="$csserv/code-server.service"
define SFILE << EOF
[Unit]
Description=code-server
After=nginx.service
[Service]
Type=simple
Environment=PASSWORD=$PASSWD
ExecStart=/usr/bin/code-server --bind-addr 127.0.0.1:8080 --user-data-dir ${USRDIR} --auth password
Restart=always
[Install]
WantedBy=multi-user.target
EOF
{
printf "%s\n" "$SFILE" | cut -c 2-
} > "$OUTFILE1"
if [ $HTTPTYPE = CADDY ]; then
sed -i 's/After=nginx.service/After=caddy.service/g' $csserv/code-server.service
sed -i 's/auth: password/auth: none' /root/.config/code-server/config.yaml
sed -i "ExecStart=/usr/bin/code-server --bind-addr 127.0.0.1:8080 --user-data-dir ${CODEDIR} --auth password/ExecStart=/usr/bin/code-server --bind-addr 127.0.0.1:8080 --user-data-dir ${CODEDIR}" $csserv/code-server.service
fi
systemctl daemon-reload
systemctl start code-server
systemctl enable code-server
}
}
########################################
#### Install Apache, Nginx or Caddy ####
########################################
install_http() {
{
if [ $HTTPTYPE = APACHE ]; then
csserv=/lib/systemd/system
sed -i 's/After=nginx.service/After=apache.service/g' $csserv/code-server.service
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if ! command -v httpd &> /dev/null; then
${PAKMGR} install httpd
systemctl enable --now httpd
fi
AOUTFILE="/etc/httpd/conf.d/code-server.conf"
elif [ "${OS}" = ubuntu ]; then
if ! command -v apache2 &> /dev/null; then
${PAKMGR} install apache2
systemctl enable --now apache2
fi
AOUTFILE="/etc/apache2/sites-available/code-server.conf"
fi
define ACONF << 'EOF'
<VirtualHost *:80>
ServerName $SERVERNAME
#ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:8080/$1 [P,L]
#RewriteCond %{HTTP:Upgrade} =websocket [NC]
#RewriteRule /(.*) ws://127.0.0.1:8080/$1 [P,L]
#RewriteCond %{HTTP:Upgrade} !=websocket [NC]
#RewriteRule /(.*) http://127.0.0.1:8080/$1 [P,L]
ProxyRequests off
#RequestHeader set X-Forwarded-Proto https
#RequestHeader set X-Forwarded-Port 443
ProxyPass / http://127.0.0.1:8080/ nocanon
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
EOF
{
printf "%s\n" "$ACONF" | cut -c 4-
} > "$AOUTFILE"
systemctl daemon-reload
systemctl restart code-server
if [ "${OS}" = ubuntu ]; then
a2enmod proxy
a2enmod proxy_http
a2ensite code-server.conf
systemctl restart apache2
else
systemctl restart httpd
fi
fi
if [ $HTTPTYPE = NGINX ]; then
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
OUTFILE="/etc/yum.repos.d/nginx.repo"
define NYUM << 'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
{
printf "%s\n" "$NYUM" | cut -c 4-
} > "$OUTFILE"
if [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
# shellcheck disable=2016
sed -i 's/baseurl=http:\/\/nginx.org\/packages\/centos\/7\/$basearch\//baseurl=http:\/\/nginx.org\/packages\/centos\/8\/$basearch\//g' $OUTFILE
fi
fi
if [ "${OS}" = ubuntu ]; then
${PAKMGR} install curl gnupg2 ca-certificates lsb-release
echo "deb http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
if [ "$OSVER" = 16 ]; then
gpg --with-fingerprint /tmp/nginx_signing.key
else
gpg --dry-run --quiet --import --import-options show-only /tmp/nginx_signing.key
fi
sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
sudo apt update
fi
${PAKMGR} install nginx
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
nxdir=/etc/nginx/conf.d
elif [ "${OS}" = ubuntu ]; then
if [ "$OSVER" = 16 ]; then
nxdir=/etc/nginx/sites-available
else
nxdir=/etc/nginx/conf.d
fi
fi
OUTFILE2="$nxdir/code-server.conf"
define NFIG << EOF
server {
listen 80;
listen [::]:80;
server_name $SERVERNAME;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host \$host;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
}
}
EOF
{
printf "%s\n" "$NFIG" | cut -c 2-
} > "$OUTFILE2"
if [ "${OS}" = ubuntu ]; then
mv $nxdir/default $nxdir/default.orig
ln -s $nxdir/code-server.conf $nxdir/code-server.conf
else
mv $nxdir/default.conf $nxdir/default.conf.orig
fi
systemctl start nginx
systemctl enable nginx
fi
if [ "$HTTPTYPE" = CADDY ]; then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/gpg/gpg.155B6D79CA56EA34.key' | apt-key add -
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/setup/config.deb.txt?distro=debian&version=any-version' | tee -a /etc/apt/sources.list.d/caddy-stable.list
${PAKMGR} update
${PAKMGR} install caddy
elif [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if [ "${OSVER}" = 7 ]; then
${PAKMGR} install yum-plugin-copr
elif [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
${PAKMGR} install 'dnf-command(copr)'
fi
${PAKMGR} copr enable @caddy/caddy
${PAKMGR} install caddy
fi
caddir=/etc/caddy
mv $caddir/Caddyfile $caddir/Caddyfile.orig
touch $caddir/Caddyfile
OUTFILE3="$caddir/Caddyfile"
define CFILE << EOF
{ #### Remove these 3 lines
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory #### to make server live
} #### and grab cert from letsencrypt
$SERVERNAME {
basicauth /* {
$UNAME $CADPASS
}
reverse_proxy 127.0.0.1:8080
}
EOF
{
printf "%s\n" "$CFILE" | cut -c 2-
} > "$OUTFILE3"
systemctl enable caddy
systemctl start caddy
fi
}
}
##########################################
#### Install Certbot and request Cert ####
##########################################
install_certbot() {
{
if [ $HTTPTYPE = NGINX ];then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} remove letsencrypt
${PAKMGR} remove certbot
snap install core; snap refresh core
snap install --classic certbot
${PAKMGR} install python3-certbot-nginx
elif [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
${PAKMGR} remove certbot
${PAKMGR} install epel-release
${PAKMGR} install snapd
if [ "$OSVER" = 7 ]; then
${PAKMGR} install python2-certbot-nginx
elif [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
${PAKMGR} install python3-certbot-nginx
fi
fi
fi
if [ $HTTPTYPE = APACHE ];then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} remove letsencrypt
${PAKMGR} remove certbot
snap install core; snap refresh core
snap install --classic certbot
${PAKMGR} install python3-certbot-apache
elif [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
${PAKMGR} remove certbot
${PAKMGR} install epel-release
${PAKMGR} install snapd
if [ "$OSVER" = 7 ]; then
${PAKMGR} install python2-certbot-apache
elif [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
${PAKMGR} install python3-certbot-apache
fi
snap install core; snap refresh core
snap install --classic certbot
fi
fi
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
ln -s /snap/bin/certbot /usr/bin/certbot
if [ $HTTPTYPE = NGINX ]; then
certbot --non-interactive --redirect --agree-tos --nginx -d $SERVERNAME -m "$EMAIL" #--dry-run
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if ! grep "certbot" /var/spool/cron/root; then
echo "0 */12 * * * root certbot -q renew --nginx" >> /var/spool/cron/root
fi
elif [ "${OS}" = ubuntu ]; then
if ! grep "certbot" /var/spool/cron/crontabs/root; then
echo "0 */12 * * * root certbot -q renew --nginx" >> /var/spool/cron/crontabs/root
fi
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
fi
elif [ $HTTPTYPE = APACHE ]; then
certbot --non-interactive --redirect --agree-tos --apache -d $SERVERNAME -m "$EMAIL" # --dry-run
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if ! grep "certbot" /var/spool/cron/root; then
echo "0 */12 * * * root certbot -q renew --apache" >> /var/spool/cron/root
fi
elif [ "${OS}" = ubuntu ]; then
if ! grep "certbot" /var/spool/cron/crontabs/root; then
echo "0 */12 * * * root certbot -q renew --apache" >> /var/spool/cron/crontabs/root
fi
fi
fi
}
}
function install_firewall() {
{
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
${PAKMGR} install ipset perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph perl-Sys-Syslog perl-Math-BigInt
elif [ "${OS}" = ubuntu ]; then
${PAKMGR} install ipset libwww-perl liblwp-protocol-https-perl libgd-graph-perl
fi
cd /usr/src || exit
# rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf || exit
./install.sh
echo ''
echo '###########################################'
echo '#### Testing if CSF firewall will work ####'
echo '###########################################'
echo ''
perl /usr/local/csf/bin/csftest.pl
##### Initial Settings #####
sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/g' /etc/csf/csf.conf
sed -i '/^RESTRICT_UI/c\RESTRICT_UI = "1"' /etc/csf/csf.conf
sed -i '/^AUTO_UPDATES/c\AUTO_UPDATES = "1"' /etc/csf/csf.conf
##### IPv4 Port Settings #####
sed -i 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"/TCP_IN = "22,80,443,5666,10000"/g' /etc/csf/csf.conf
sed -i 's/TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"/TCP_OUT = "22,25,53,80,443,5666,10000"/g' /etc/csf/csf.conf
sed -i 's/UDP_IN = "20,21,53,80,443"/UDP_IN = "80,443"/g' /etc/csf/csf.conf
sed -i 's/UDP_OUT = "20,21,53,113,123"/UDP_OUT = "53,113,123"/g' /etc/csf/csf.conf
sed -i '/^ICMP_IN_RATE/c\ICMP_IN_RATE = "1/s"' /etc/csf/csf.conf
##### IPv6 Port Settings #####
sed -i 's/IPV6 = "0"/IPV6 = "1"/g' /etc/csf/csf.conf
sed -i 's/TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"/TCP6_IN = "22,80,443,5666"/g' /etc/csf/csf.conf
sed -i 's/TCP6_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"/TCP6_OUT = "22,80,443,5666"/g' /etc/csf/csf.conf
sed -i 's/UDP6_IN = "20,21,53,80,443"/UDP6_IN = "80,443"/g' /etc/csf/csf.conf
sed -i 's/UDP6_OUT = "20,21,53,113,123"/UDP6_OUT = "53,113,123"/g' /etc/csf/csf.conf
##### General Settings #####
sed -i 's/SYSLOG_CHECK = "0"/SYSLOG_CHECK = "300"/g' /etc/csf/csf.conf
sed -i '/^IGNORE_ALLOW/c\IGNORE_ALLOW = "0"' /etc/csf/csf.conf
sed -i '/^LF_CSF/c\LF_CSF = "1"' /etc/csf/csf.conf
sed -i 's/LF_IPSET = "0"/LF_IPSET = "1"/g' /etc/csf/csf.conf
sed -i '/^PACKET_FILTER/c\PACKET_FILTER = "1"' /etc/csf/csf.conf
##### SMTP Settings #####
sed -i 's/SMTP_BLOCK = "0"/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
##### Port Flood Settings #####
sed -i 's/SYNFLOOD = "0"/SYNFLOOD = "1"/g' /etc/csf/csf.conf
sed -i 's/CONNLIMIT = ""/CONNLIMIT= "22;5,25;3,80;10"/g' /etc/csf/csf.conf
sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,25;tcp;5;300,80;tcp;20;5"/g' /etc/csf/csf.conf
sed -i 's/UDPFLOOD = "0"/UDPFLOOD = "1"/g' /etc/csf/csf.conf
##### Logging Settings #####
sed -i 's/SYSLOG = "0"/SYSLOG = "1"/g' /etc/csf/csf.conf
sed -i '/^DROP_LOGGING/c\DROP_LOGGING = "1"' /etc/csf/csf.conf
sed -i '/^DROP_ONLYRES/c\DROP_ONLYRES = "0"' /etc/csf/csf.conf
sed -i '/^UDPFLOOD_LOGGING/c\UDPFLOOD_LOGGING = "1"' /etc/csf/csf.conf
##### Temp to Perm/Netblock Settings #####
sed -i '/^LF_PERMBLOCK^/c\LF_PERMBLOCK = "1"' /etc/csf/csf.conf
sed -i 's/LF_NETBLOCK = "0"/LF_NETBLOCK = "1"/g' /etc/csf/csf.conf
##### Login Failure Blocking and Alerts #####
sed -i 's/LF_SSHD = "5"/LF_SSHD = "3"/g' /etc/csf/csf.conf
sed -i 's/LF_FTPD = "10"/LF_FTPD = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_SMTPAUTH = "0"/LF_SMTPAUTH = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_EXIMSYNTAX = "0"/LF_EXIMSYNTAX = "10"/g' /etc/csf/csf.conf
sed -i 's/LF_POP3D = "0"/LF_POP3D = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_IMAPD = "0"/LF_IMAPD = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_HTACCESS = "0"/LF_HTACCESS = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_MODSEC = "5"/LF_MODSEC = "3"/g' /etc/csf/csf.conf
sed -i 's/LF_CXS = "0"/LF_CXS = "1"/g' /etc/csf/csf.conf
sed -i 's/LF_SYMLINK = "0"/LF_SYMLINK = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_WEBMIN = "0"/LF_WEBMIN = "3"/g' /etc/csf/csf.conf
sed -i '/^LF_SSH_EMAIL_ALERT/c\LF_SSH_EMAIL_ALERT = "1"' /etc/csf/csf.conf
sed -i '/^LF_SU_EMAIL_ALERT/c\LF_SU_EMAIL_ALERT = "1"' /etc/csf/csf.conf
sed -i '/^LF_SUDO_EMAIL_ALERT/c\LF_SUDO_EMAIL_ALERT = "1"' /etc/csf/csf.conf
sed -i '/^LF_WEBMIN_EMAIL_ALERT/c\LF_WEBMIN_EMAIL_ALERT = "1"' /etc/csf/csf.conf
sed -i '/^LF_CONSOLE_EMAIL_ALERT/c\LF_CONSOLE_EMAIL_ALERT = "1"' /etc/csf/csf.conf
sed -i '/^LF_BLOCKINONLY/c\LF_BLOCKINONLY = "0"' /etc/csf/csf.conf
##### Directory Watching & Integrity #####
sed -i '/^LF_DIRWATCH^/c\LF_DIRWATCH = "300"' /etc/csf/csf.conf
sed -i '/^LF_INTEGRITY/c\LF_INTEGRITY = "3600"' /etc/csf/csf.conf
##### Distributed Attacks #####
sed -i 's/LF_DISTATTACK = "0"/LF_DISTATTACK = "1"/g' /etc/csf/csf.conf
sed -i 's/LF_DISTFTP = "0"/LF_DISTFTP = "5"/g' /etc/csf/csf.conf
sed -i 's/LF_DISTSMTP = "0"/LF_DISTSMTP = "5"/g' /etc/csf/csf.conf
##### Connection Tracking #####
sed -i 's/CT_LIMIT = "0"/CT_LIMIT = "300"/g' /etc/csf/csf.conf
##### Process Tracking #####
sed -i '/^PT_LIMIT/c\PT_LIMIT = "60"' /etc/csf/csf.conf
sed -i '/^PT_SKIP_HTTP/c\PT_SKIP_HTTP = "0"' /etc/csf/csf.conf
sed -i 's/PT_DELETED = "0"/PT_DELETED = "1"/g' /etc/csf/csf.conf
sed -i 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/g' /etc/csf/csf.conf
sed -i 's/PT_FORKBOMB = "0"/PT_FORKBOMB = "250"/g' /etc/csf/csf.conf
##### Port Scan Tracking #####
sed -i 's/PS_INTERVAL = "0"/PS_INTERVAL = "300"/g' /etc/csf/csf.conf
sed -i '/^PS_EMAIL_ALERT/c\PS_EMAIL_ALERT = "1"' /etc/csf/csf.conf
##### User ID Tracking #####
sed -i 's/UID_INTERVAL = "0"/UID_INTERVAL = "600"/g' /etc/csf/csf.conf
##### Account Tracking #####
sed -i 's/AT_ALERT = "2"/AT_ALERT = "1"/g' /etc/csf/csf.conf
systemctl enable --now csf
systemctl enable --now lfd
}
}
function install_webmin() {
{
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
OUTFILE="/etc/yum.repos.d/webmin.repo"
define WYUM << 'EOF'
[Webmin]
name=Webmin Distribution Neutral
#baseurl=https://download.webmin.com/download/yum
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1
EOF
{
printf "%s\n" "$WYUM" | cut -c 3-
} > "$OUTFILE"
wget https://download.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
if [ "${OSVER}" = 7 ]; then
${PAKMGR} install perl-Encode-Detect perl-Net-SSLeay perl-Data-Dumper tcp_wrappers-devel perl-IO-Tty webmin unzip
elif [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then
${PAKMGR} install perl-Encode-Detect perl-Net-SSLeay perl-Data-Dumper tcp_wrappers tcp_wrappers-libs unzip
dnf config-manager --set-enabled powertools
${PAKMGR} install perl-IO-Tty webmin
fi
elif [ "${OS}" = ubuntu ]; then
{
echo ''
echo '############################'
echo '#### Adding Webmin Repo ####'
echo '############################'
echo ''
echo 'deb https://download.webmin.com/download/repository sarge contrib'
} >> /etc/apt/sources.list
wget https://download.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
${PAKMGR} install apt-transport-https
${PAKMGR} update
${PAKMGR} install webmin
fi
}
}
get_latest_version
install_codeserver
install_http
install_certbot
install_firewall
install_webmin

432
NagiosInstall.sh Normal file
View File

@ -0,0 +1,432 @@
#!/bin/bash
######################################################################################
#### Version 2.2 ####
#### For questions or comments contact@mylinux.work ####
#### Author : Phil Connor ####
#### ####
#### Notes : ####
#### This script is a simple "helper" to install and configure Maria, ####
#### PowerDNS and PowerAdmin on RedHat Based servers. ####
#### There is no silver bullet. Don't expect the perfect setup, ####
#### review comments and adapt the parameters to your application usage. ####
#### ####
#### Use this script at your OWN risk. There is no guarantee whatsoever. ####
#### ####
#### Usage chmod 755 then ./PdnsInstall.sh or bash PdnsInstall.sh ####
######################################################################################
############################
#### User Configurables ####
############################
# HTTP=apache
NAGAD=nagiosadmin
NAGADPASS=MyPaSsWoRd
# SAEMAIL=
##########################
#### System Variables ####
##########################
# IPADD=$(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1')
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = alma || ${OS} = amazon || ${OS} = centos || ${OS} = red || ${OS} = rocky || ${OS} = oracle ]]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = ubuntu ]; then
PAKMGR="apt -y"
fi
###########################
#### Install Net-Utils ####
###########################
if [ ! "$(command -v ifconfig)" ]; then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} update
${PAKMGR} install net-utils
else
${PAKMGR} install net-tools
fi
fi
########################
#### Nagios Install ####
########################
function nagios_install() {
{
if [ "${OS}" = ubuntu ]; then
htpath=/etc/apache2/conf-enabled/nagios4-cgi.conf
else
htpath=/etc/apache2/conf.d/nagios.conf
fi
#if [ "${OS}" = ubuntu ]; then
${PAKMGR} update
DEBIAN_FRONTEND=noninteractive ${PAKMGR} install nagios4 nagios-nrpe-server nagios-plugins nagios-plugins-contrib expect libcgi-pm-perl librrds-perl libgd-gd2-perl
a2enmod authz_groupfile auth_digest
# ${PAKMGR} install autoconf gcc libc6 make wget unzip apache2 php libapache2-mod-php libgd-dev libssl-dev expect
sed -i 's/Require ip ::1\/128 fc00::\/7 fe80::\/10 10\.0\.0\.0\/8 127\.0\.0\.0\/8 169\.254\.0\.0\/16 172\.16\.0\.0\/12 192\.168\.0\.0\/16/# Require ip ::1\/128 fc00::\/7 fe80::\/10 10\.0\.0\.0\/8 127\.0\.0\.0\/8 169\.254\.0\.0\/16 172\.16\.0\.0\/12 192\.168\.0\.0\/16/g' $htpath
#sed -i 's/<Files "cmd.cgi">/#<Files "cmd.cgi">/g' $htpath
sed -i 's/Require all/#Require all/g' $htpath
#sed -i 's/<//Files>/#<//Files>/g' $htpath
sed -i 's/#Require /Require /g' $htpath
expect -f - <<-EOF
set timeout 5
spawn htdigest -c /etc/nagios4/htdigest.users Nagios4 $NAGAD
expect "New password:"
send -- "$NAGADPASS\r"
expect "Re-type new password:"
send -- "$NAGADPASS\r"
expect eof
EOF
systemctl enable --now nagios
systemctl status nagios
if [ "${OS}" = ubuntu ]; then
systemctl enable apache2
systemctl restart apache2
else
systemctl enable httpd
systemctl restart httpd
fi
}
}
nagios_install
# else
# install perl-rrdtool perl-GD
# fi
function nagiosgraph install() {
{
cd /tmp | exit 1
tar xzvf nagiosgraph-x.y.z.tgz
mkdir /etc/nagiosgraph
cp etc/* /etc/nagiosgraph
# - Edit the perl scripts in the cgi and lib directories, modifying the
# "use lib" line to point to the directory from the previous step.
# vi cgi/*.cgi lib/insert.pl
# - Copy insert.pl to a location from which it can be executed:
# cp lib/insert.pl /usr/local/nagios/libexec
# or for Homebrew:
# cp lib/insert.pl /usr/local/opt/nagios/bin
# - Copy CGI scripts to a script directory served by the web server:
# cp cgi/*.cgi /usr/local/nagios/sbin
# or for Homebrew:
# cp cgi/*.cgi /usr/local/opt/nagios/cgi-bin
# - Copy CSS and JavaScript files to a directory served by the web server:
# cp share/nagiosgraph.css /usr/local/nagios/share
# cp share/nagiosgraph.js /usr/local/nagios/share
# or for Homebrew:
# cp share/nagiosgraph.css /usr/local/opt/nagios/share/nagios/htdocs
# cp share/nagiosgraph.js /usr/local/opt/nagios/share/nagios/htdocs
# - Edit /etc/nagiosgraph/nagiosgraph.conf. Set at least the following:
# logfile = /var/log/nagiosgraph.log
# cgilogfile = /var/log/nagiosgraph-cgi.log
# perflog = /var/nagios/perfdata.log
# rrddir = /var/nagios/rrd
# mapfile = /etc/nagiosgraph/map
# nagiosgraphcgiurl = /nagios/cgi-bin
# javascript = /nagios/nagiosgraph.js
# stylesheet = /nagios/nagiosgraph.css
# - Set permissions of "rrddir" (as defined in nagiosgraph.conf) so that
# the *nagios* user can write to it and the *www* user can read it:
# mkdir /var/nagios/rrd
# chown nagios /var/nagios/rrd
# chmod 755 /var/nagios/rrd
# - Set permissions of "logfile" so that the *nagios* user can write to it:
# touch /var/log/nagiosgraph.log
# chown nagios /var/log/nagiosgraph.log
# chmod 644 /var/log/nagiosgraph.log
# - Set permissions of "cgilogfile" so that the *www* user can write to it:
# touch /var/log/nagiosgraph-cgi.log
# chown www /var/log/nagiosgraph-cgi.log
# chmod 644 /var/log/nagiosgraph-cgi.log
# - Ensure that the *nagios* user can create and delete perfdata files:
# chown nagios /var/nagios
# chmod 755 /var/nagios
# - In the Nagios configuration file (nagios.cfg) add this:
# process_performance_data=1
# service_perfdata_file=/var/nagios/perfdata.log
# service_perfdata_file_template=$LASTSERVICECHECK$||$HOSTNAME$||$SERVICEDESC$||$SERVICEOUTPUT$||$SERVICEPERFDATA$
# service_perfdata_file_mode=a
# service_perfdata_file_processing_interval=30
# service_perfdata_file_processing_command=process-service-perfdata
# - In the Nagios commands file (commands.cfg) add this:
# define command {
# command_name process-service-perfdata
# command_line /usr/local/nagios/libexec/insert.pl
# }
# - Check the nagios configuration
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
# - Restart nagios
# /etc/init.d/nagios restart
# - Verify that nagiosgraph is working by running showconfig.cgi
# http://server/nagios/cgi-bin/showconfig.cgi
# - Try graphing some data by running show.cgi
# http://server/nagios/cgi-bin/show.cgi
# - In the Nagios configuration, add a template for graphed services:
# define service {
# name graphed-service
# action_url /nagiosgraph/cgi-bin/show.cgi?host=$HOSTNAME$&service=$SERVICEDESC$' onMouseOver='showGraphPopup(this)' onMouseOut='hideGraphPopup()' rel='/nagiosgraph/cgi-bin/showgraph.cgi?host=$HOSTNAME$&service=$SERVICEDESC$&period=week&rrdopts=-w+450+-j
# register 0
# }
# - Enable graph links for services by appending the graphed-service to existing
# service definitions in the Nagios configuration:
# define service {
# use local-service,graphed-service
# ...
# }
# - Replace the Nagios action icon with the nagiosgraph graph icon:
# mv /usr/local/nagios/share/images/action.gif /usr/local/nagios/share/images/action.gif-orig
# cp share/graph.gif /usr/local/nagios/share/images/action.gif
# - In the nagiosgraph SSI file, set the URL for nagiosgraph.js:
# vi share/nagiosgraph.ssi
# src="/nagiosgraph/nagiosgraph.js" -> src="/nagios/nagiosgraph.js"
# - Install the nagiosgraph SSI file:
# cp share/nagiosgraph.ssi /usr/local/nagios/share/ssi/common-header.ssi
# - Add links to graphs in the Nagios sidebar (side.php or side.html):
# <ul>
# <li><a href="/nagios/cgi-bin/show.cgi" target="main">Graphs</a></li>
# <li><a href="/nagios/cgi-bin/showhost.cgi" target="main">Graphs by Host</a></li>
# <li><a href="/nagios/cgi-bin/showservice.cgi" target="main">Graphs by Service</a></li>
# <li><a href="/nagios/cgi-bin/showgroup.cgi" target="main">Graphs by Group</a></li>
# </ul>
# - Check the nagios configuration
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
systemctl restart nagios
}
}
#
# OUTFILE1="$nagdir/nrpe_rule.te"
# # TITLE="nrpe_rule"
# define NRPE_RULE << 'EOF'
# module nrpe_rule 1.0;
# require {
# type nrpe_t;
# type proc_net_t;
# class file { open read };
# class file { ioctl open read getattr };
# }
# #=================== nrpe_t =========================
# allow nrpe_t proc_net_t:file open;
# allow nrpe_t proc_net_t:file read;
# allow nrpe_t proc_net_t:file { getattr ioctl };
# EOF
# {
# printf "%s\n" "$NRPE_RULE" | cut -c 3-
# } > "$OUTFILE1"
# checkmodule -M -m -o $nagdir/nrpe_rule.mod $nagdir/nrpe_rule.te
# semodule_package -o $nagdir/nrpe_rule.pp -m $nagdir/nrpe_rule.mod
# semodule -i $nagdir/nrpe_rule.pp
# semanage permissive -a nrpe_t
# ${PAKMGR} install nrpe nrpe-selinux nagios-plugins nagios-plugins-all nagios-plugins-uptime nagios-plugins-oracle nagios-plugins-check-updates
# sed -i "/^allowed_hosts/c\allowed_hosts=127.0.0.1,::1,$IPADD" $nrpecfg
# sed -i "/^#command\[check_load\]/c\command[check_uptime]=$nagdir/check_uptime" $nrpecfg
# sed -i "/^command\[check_load\]/c\command\[check_load\]=$nagdir/check_load -r -w 6,4,2 -c 12,10,7" $nrpecfg
# sed -i "/^command\[check_hda1\]/c\command[check_hda1]=$nagdir/check_disk -w 15% -c 10% -p /dev/sda3" $nrpecfg
# sed -i "/^command\[check_zombie_procs\]/c\# command[check_zombie_procs]=$nagdir/check_procs -w 5 -c 10 -s Z" $nrpecfg
# sed -i "/^command\[check_total_procs\]/c\command[check_total_procs]=$nagdir/check_procs -w 250 -c 300 -s RSZDT" $nrpecfg
# sed -i "/^#command\[check_users\]/c\command[check_net]=$nagdir/check_net" $nrpecfg
# sed -i "/^#command\[check_swap\]/c\command[check_swap]=$nagdir/check_swap -w 20% -c 10%" $nrpecfg
# sed -i "/^#command\[check_mem\]/c\command[check_mem]=$nagdir/check_mem" $nrpecfg
# if [ "${OS}" = ubuntu ]; then
# sed -i "/^#command\[check_apt\]/c\command[check_apt]=$nagdir/check_apt/" $nrpecfg
# else
# sed -i "/^#command\[check_yum\]/c\command[check_yum]=$nagdir/check_updates" $nrpecfg
# fi
# sed -i "/^#command\[check_all_procs\]/c\command[check_logic]=$nagdir/check_http -p 7011" $nrpecfg
# sed -i "/^#command\[check_procs\]/c\command[check_oracle]=$nagdir/check_http -p 8010" $nrpecfg
# sed -i "/^#command\[check_disk\]/c\command[check_ping]=$nagdir/check_ping 127.0.0.1 -w 100.0,20% -c 500.0,60%" $nrpecfg
# sed -i "/^#command\[check_cpu_stats\]/c\command[check_ssh]=$nagdir/check_ssh" $nrpecfg
# }
# }
######################
#### HTTP Install ####
######################
# function install_http() {
# {
# if [ "${OS}" = ubuntu ]; then
# if [ $HTTP = apache ]; then
# echo "Apache"
# else
# echo "Nginx"
# fi
# echo "something"
# else
# if [ $HTTP = apache ]; then
# echo "Apache"
# else
# echo "Nginx"
# fi
# fi
# }
# }
nagios_install
# install_http
# # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# #
# # This file contains examples of entries that need
# # to be incorporated into your Apache web server
# # configuration file. Customize the paths, etc. as
# # needed to fit your system.
# ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
# <Directory "/usr/local/nagios/sbin">
# # SSLRequireSSL
# Options ExecCGI
# AllowOverride None
# <IfVersion >= 2.3>
# <RequireAll>
# Require all granted
# # Require host 127.0.0.1
# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /usr/local/nagios/etc/htpasswd.users
# Require valid-user
# </RequireAll>
# </IfVersion>
# <IfVersion < 2.3>
# Order allow,deny
# Allow from all
# # Order deny,allow
# # Deny from all
# # Allow from 127.0.0.1
# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /usr/local/nagios/etc/htpasswd.users
# Require valid-user
# </IfVersion>
# </Directory>
# Alias /nagios "/usr/local/nagios/share"
# <Directory "/usr/local/nagios/share">
# # SSLRequireSSL
# Options None
# AllowOverride None
# <IfVersion >= 2.3>
# <RequireAll>
# Require all granted
# # Require host 127.0.0.1
# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /usr/local/nagios/etc/htpasswd.users
# Require valid-user
# </RequireAll>
# </IfVersion>
# <IfVersion < 2.3>
# Order allow,deny
# Allow from all
# # Order deny,allow
# # Deny from all
# # Allow from 127.0.0.1
# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /usr/local/nagios/etc/htpasswd.users
# Require valid-user
# </IfVersion>
# </Directory>
# wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.7.tar.gz
# tar xzf nagios-4.4.7.tar.gz
# cd nagios-4.4.7 || exit
# if [ "${OS}" = ubuntu ]; then
# ./configure --with-httpd-conf=/etc/apache2/sites-enabled
# else
# ./configure --with-httpd-conf=/etc/httpd/conf.d
# fi
# make all
# make install-groups-users
# if [ "${OS}" = ubuntu ]; then
# usermod -aG nagios www-data
# else
# usermod -aG nagios apache
# fi
# make install
# make install-init
# make install-daemoninit
# make install-commandmode
# make install-config
# make install-webconf
# if [ "${OS}" = ubuntu ]; then
# a2enmod rewrite cgi
# fi
# fi
# if [ ! "$(command -v wget)" ]; then
# ${PAKMGR} install wget
# fi
# ndir1=/usr/lib/nagios/plugins
# ndir2=/usr/lib64/nagios/plugins
# #nrpecfg=/etc/nagios/nrpe.cfg
# if [ -d $ndir1 ]; then
# nagdir=$ndir1
# elif [ -d $ndir2 ]; then
# nagdir=$ndir2
# fi
# define () {
# IFS=$'\n' read -r -d '' "$1"
# }

1302
PdnsInstall.sh Normal file
View File

File diff suppressed because it is too large Load Diff

3984
SecureIt.sh Normal file
View File

File diff suppressed because it is too large Load Diff

98
Update_CodeSVR.sh Normal file
View File

@ -0,0 +1,98 @@
#!/bin/bash
####################################################################
#### Code-Server update script for Oracle Linux, Centos/Redhat ####
#### and Ubuntu Servers. ####
#### Author: Phil Connor 02/10/2020 ####
#### Contact: contact@mylinux.work ####
#### Version 1.23 ####
#### ####
#### To use this script chmod it to 755 ./UpDateCodeSVR.sh ####
#### or simply type bash UpDateCodeSVR.sh ####
####################################################################
#############################
#### User Configurations ####
#############################
SERVDIR=/usr/local/code-server # where you want the code-server installed
########################
#### System Configs ####
########################
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
CSVER=$(code-server --version | awk '{print $1}')
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = alma || ${OS} = amazon || ${OS} = centos || ${OS} = red || ${OS} = rocky || ${OS} = oracle ]]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = ubuntu ]; then
PAKMGR="apt -y"
fi
###################
#### Update OS ####
###################
function update_os() {
{
if [ "${OS}" = ubuntu ]; then
${PAKMGR} update
${PAKMGR} upgrade
else
${PAKMGR} update
fi
}
}
###############################################
#### Get the latest version of Code Server ####
###############################################
get_latest_version() {
{
version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/coder/code-server/releases/latest)"
version="${version#https://github.com/coder/code-server/releases/tag/}"
version="${version#v}"
echo "$version"
#### Compare Code-Server versions ####
if [ "$version" \> "$CSVER" ]; then
compare=1
else
compare=0
fi
}
}
#########################################
#### Download and Update Codeserver ####
#########################################
install_codeserver() {
{
if [ $compare = 1 ]; then
systemctl stop code-server
# check if command wget exists
if ! command -v wget >/dev/null 2>&1; then
${PAKMGR} install wget
fi
cd ~/ || exit
wget "https://github.com/coder/code-server/releases/download/v$version/code-server-$version-linux-amd64.tar.gz"
tar xvf "code-server-$version-linux-amd64.tar.gz"
cp -r ~/code-server-"$version"-linux-amd64/* ${SERVDIR}
systemctl start code-server
fi
}
}
update_os
get_latest_version
install_codeserver

74
auto_pkg_update.sh Normal file
View File

@ -0,0 +1,74 @@
#!/bin/bash
######################################################################################
#### ####
#### Version 2.21.020524 ####
#### For questions or comments pconnor@ara.com ####
#### Author : Phil Connor ####
#### ####
#### Notes : ####
#### This script is a simple "helper" to configure Auto Updates on linux ####
#### servers. ####
#### ####
######################################################################################
###########################
#### System Variables ####
###########################
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
aptcnf="/etc/apt/apt.conf.d"
dnfcnf="/etc/dnf/automatic.conf"
yumcnf="/etc/yum/yum-cron.conf"
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = amazon || ${OS} = red ]]; then
if [[ ${OSVER} = 2 || ${OSVER} = 7 ]]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = ubuntu ]; then
PAKMGR="apt -y"
fi
#####################################
#### Install Auto Update Service ####
#####################################
if [[ ${OS} = amazon || ${OS} = red ]]; then
if [[ ${OSVER} = 2 || ${OSVER} = 7 ]]; then
${PAKMGR} update
${PAKMGR} install yum-cron
#sed -i 's/update_cmd = default/update_cmd = security/g' $yum7cnf #<-- comment this out for ALL available upgrades
sed -i 's/apply_updates = no/apply_updates = yes/g' $yumcnf
sed -i 's/download_updates = no/download_updates = yes/g' $yumcnf
systemctl enable --now yum-cron
fi
if [[ ${OSVER} = 8 || ${OSVER} = 9 ]]; then
${PAKMGR} update
${PAKMGR} install dnf-automatic
sed -i 's/upgrade_type = default/upgrade_type = security/g' $dnfcnf #<-- comment this out for ALL available upgrades
sed -i 's/apply_updates = no/apply_updates = yes/g' $dnfcnf
systemctl enable --now dnf-automatic.timer
fi
elif [ "${OS}" = ubuntu ]; then
${PAKMGR} upgrade
${PAKMGR} install unattended-upgrades
dpkg-reconfigure --priority=medium unattended-upgrades
touch $aptcnf/20auto-upgrades
{
echo 'APT::Periodic::Update-Package-Lists "1";'
echo 'APT::Periodic::Download-Upgradeable-Packages "1";'
echo 'APT::Periodic::AutocleanInterval "7";'
echo 'APT::Periodic::Unattended-Upgrade "1";'
} > $aptcnf/20auto-upgrades
fi

231
create_swap.sh Normal file
View File

@ -0,0 +1,231 @@
#! /bin/bash
#check permissions
if [[ $EUID -ne 0 ]]; then
echo ""
echo "This script must be run as root! Login as root, sudo or su."
echo ""
exit 1;
fi
# #load code functions
# source create_swap_salt.sh
# #setup permissions for functions
# chmod 500 create_swap_salt.sh
# echo ""
# echo "--------------------------------------------------------------------------"
# echo "setupSwap - creates swap space on your server based on AWS guidelines"
# echo "--------------------------------------------------------------------------"
# echo ""
# echo "This will remove an existing swap file and then create a new one. "
# echo "Please read the disclaimer and review the code before proceeding."
# echo ""
# echo -n " Do you want to proceed? (y/n): "; read proceed
# if [ "$proceed" == "y" ]; then
# echo ""
# swapSetup
# else
# echo "You chose to exit. Bye!"
# fi
# echo ""
# echo "--------------------------------------------------------------------------"
# echo ""
# exit 0
removeSwap() {
echo "Will remove swap and backup fstab."
echo ""
#get the date time to help the scripts
backupTime=$(date +%y-%m-%d--%H-%M-%S)
#get the swapfile name
swapSpace=$(swapon -s | tail -1 | awk '{print $1}' | cut -d '/' -f 2)
#debug: echo $swapSpace
#turn off swapping
swapoff /"$swapSpace"
#make backup of fstab
cp /etc/fstab /etc/fstab."$backupTime"
#remove swap space entry from fstab
sed -i "/swap/d" /etc/fstab
#remove swapfile
rm -f "/$swapSpace"
echo ""
echo "--> Done"
echo ""
}
###############
### Spinner ###
###############
function spinner() {
{
spinner="/|\\-/|\\-"
while :
do
for i in $(seq 0 7)
do
echo -n "${spinner:$i:1}"
echo -en "\010"
sleep 1
done
done
}
}
########################################
### Add Swappiness setting to sysctl ###
########################################
if ! grep swappiness /etc/sysctl.conf; then
echo 80 > /proc/sys/vm/swappiness
echo 'vm.swappiness = 80' >> /etc/sysctl.conf
fi
################################################################################################
### This function identifies available ram, calculates the swap file size and configures it ####
################################################################################################
function createSwap() {
{
echo "Will create a swap and setup fstab."
echo ""
### Get available physical ram
availMemMb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
### Debug: echo $availMemMb
### Convert from kb to mb to gb
gb=$(awk "BEGIN {print $availMemMb/1024/1024}")
### to debug: echo $gb
### Round the number to nearest gb
gb=$(echo "$gb" | awk '{print ($0-int($0)<0.499)?int($0):int($0)+1}')
### to debug: echo $gb
echo "-> Available Physical RAM: $gb Gb"
echo ""
if [ "$gb" -eq 0 ]; then
echo "Something went wrong! Memory cannot be 0!"
exit 1;
fi
if [ "$gb" -le 2 ]; then
echo " Memory is less than or equal to 2 Gb"
swapSizeGb=$(( gb * 2 ))
echo " -> Set swap size to $swapSizeGb Gb"
fi
if [ "$gb" -gt 2 ] && [ "$gb" -lt 32 ]; then
echo " Memory is more than 2 Gb and less than to 32 Gb."
swapSizeGb=$(( gb + 4 - 2 ))
echo " -> Set swap size to $swapSizeGb Gb."
fi
if [ "$gb" -gt 32 ]; then
echo " Memory is more than or equal to 32 Gb."
swapSizeGb=$gb
echo " -> Set swap size to $swapSizeGb Gb."
fi
echo ""
echo "Creating the swap file! This may take a few minutes."
echo ""
############################
### Create the swap file ###
############################
### start the spinner:
spinner &
### Note its PID:
SPIN_PID=$!
### Kill the spinner on any signal, including our own exit.
trap "kill -9 $SPIN_PID" $(seq 0 15)
### Convert gb to mb to avoid error:
mb=$(( gb * 1024 ))
### Create a swap file on root system and set file size to mb variable
echo "-> Create swap file."
echo ""
dd if=/dev/zero of=/swapfile bs=1M count=$mb
### Set the rw permissions
echo "-> Set swap file permissions."
echo ""
chmod 600 /swapfile
### Mkswap file
echo "-> Creating swap."
echo ""
mkswap /swapfile
### Enable the swap file for use
echo "-> Turn on swap."
echo ""
swapon /swapfile
echo ""
### Check and update (if needed) the fstab
if grep -q "swap" /etc/fstab; then
echo "-> The fstab contains a swap entry."
#do nothing
else
echo "-> The fstab does not contain a swap entry. Adding an entry."
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
fi
echo ""
echo "--> Done"
echo ""
exit 1
}
}
function swapSetup() {
{
#check if swap is on
isSwapOn=$(swapon -s | tail -1)
if [[ "$isSwapOn" == "" ]]; then
echo "No swap has been configured! Will create."
echo ""
createSwap
else
echo "Swap has been configured. Will remove and then re-create the swap."
echo ""
removeSwap
createSwap
fi
echo 'Setup swap complete! Check output to confirm everything is good.'
}
}
swapSetup
##### Notes #####
#Root
# lvresize /swap -L +2G (to increase swap by 2G)
# lvreduce /swap -L -1G (to reduce the swap by 1Gb)
#Drive
# lvresize /dev/swap -L +2G (to increase swap by 2G)
# lvreduce /dev/swap -L -1G (to reduce the swap by 1Gb)

116
docker_cleanup.sh Normal file
View File

@ -0,0 +1,116 @@
#!/bin/bash
############################################################################
#### docker_cleanup.sh ####
#### Version 2.09.27.22 ####
#### ####
#### This Script is for Cleaning Docker on GitLab Runner ####
#### ####
#### This script just views and prunes unused and dangling docker ####
#### images, networks and unlinks pulls to clear disk space ####
#### ####
#### This script can be manually ran if needed, but is configured in ####
#### in cron to run once a week ####
#### ####
#### 0 4 * * 0 /usr/local/bin/docker_cleanup.sh ####
#### ####
#### Questions or Comments Contact: <Phil Connor> contact@mylinux.work ####
############################################################################
########################
### System Variables ###
########################
max_weeks=4
tstamp=$(date +%Y%m%d_%H%M%S)
log_path=/var/log
filename=gitlab-runner-clean_$tstamp.log
log=$log_path/$filename
############################
### Check Space PreClean ###
############################
docker_space_pre() {
cspace=$(docker system df)
{
echo "PrePruned Docker Space:"
echo ''
echo "$cspace"
} >>"$log"
docker_find
}
##########################################
### Find and List Docker Images in Log ###
##########################################
docker_find() {
{
echo '#####################################################################'
echo ' Finding Images'
echo '#####################################################################'
} >> "$log"
lsimages=$(docker image ls)
{
echo ''
echo 'listing all Docker Images:'
echo ''
echo "$lsimages"
} >> "$log"
docker_cleanup
}
######################################
### Check, Clean and Remove Images ###
######################################
docker_cleanup() {
{
echo '#####################################################################'
echo ' Cleaning Images'
echo '#####################################################################'
echo ''
}
docker image ls | awk 'NR>1 {print $0}' | while read -r list
do
id_img=$(echo "$list" | awk '{print $3}')
is_month=$(echo "$list" | grep 'month')
if [ -n "$is_month" ]; then
echo "$id_img"
docker rmi -f "$id_img"
continue
fi
num_week=$(echo "$list" | grep "week" | awk '{print $4}')
if [ -n "$num_week" ] && [ "$num_week" -ge $max_weeks ]; then
echo "$id_img"
docker rmi -f "$id_img"
fi
done
docker_space_post
} >> "$log"
##############################
### Check Space Post Clean ###
##############################
docker_space_post() {
cspace=$(docker system df)
{
echo "Current Docker Space, after Pruning:"
echo ''
echo "$cspace"
} >>"$log"
}
#####################
### Function Call ###
#####################
docker_space_pre

516
gitlab_update.sh Normal file
View File

@ -0,0 +1,516 @@
#!/bin/bash
#############################################################################
#### gitlab_update.sh ####
#### Version 2.7.7-71123 ####
#### ####
#### This Script is for updating GitLab and GitLab Runner ####
#### ####
#### Before running this script you must ensure that you have plenty of ####
#### disk space for all migrations to run, also due to amount of time ####
#### required for this script to run I recommend using screen so that ####
#### you are not timed out when some of the migrations are running ####
#### ####
#### Questions or Comments Contact: <Phil Connor> contact@mylinux.work ####
#############################################################################
########################
### System Variables ###
########################
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
#########################################
### Simple GitLab CE/EE Versions Array ###
##########################################
a1=(12.0.0 12.0.0-ee 12.0.1 12.0.1-ee 12.0.2 12.0.2-ee 12.0.3 12.0.3-ee 12.0.4 12.0.4-ee 12.0.6 12.0.6-ee 12.0.8 12.0.8-ee)
a2=(12.0.12 12.0.12-ee 12.1.0 12.1.0-ee 12.1.1 12.1.1-ee 12.1.2 12.1.2-ee 12.1.3 12.1.3-ee 12.1.4 12.1.4-ee 12.1.6 12.1.6-ee 12.1.8 12.1.8-ee 12.1.9 12.1.9-ee 12.1.11 12.1.11-ee 12.1.12 12.1.12-ee 12.1.13 12.1.13-ee 12.1.14 12.1.14-ee)
a3=(12.1.17 12.1.17-ee 12.2.0 12.2.0-ee 12.2.1 12.2.1-ee 12.2.3 12.2.3-ee 12.2.4 12.2.4-ee 12.2.5 12.2.5-ee 12.2.6 12.2.6-ee 12.2.7 12.2.7-ee 12.2.8 12.2.8-ee 12.2.9 12.2.9-ee 12.2.12 12.2.12-ee 12.3.0 12.3.0-ee 12.3.1 12.3.1-ee 12.3.2 12.3.2-ee 12.3.3 12.3.3-ee 12.3.4 12.3.4-ee 12.3.5 12.3.5-ee 12.3.6 12.3.6-ee 12.3.7 12.3.7-ee 12.3.8 12.3.8-ee 12.3.9 12.3.9-ee 12.4.0 12.4.0-ee 12.4.1 12.4.1-ee 12.4.2 12.4.2-ee 12.4.3 12.4.3-ee 12.4.4 12.4.4-ee 12.4.5 12.4.5-ee 12.4.6 12.4.6-ee 12.4.7 12.4.7-ee 12.4.8 12.4.8-ee 12.5.0 12.5.0-ee 12.5.1 12.5.1-ee 12.5.2 12.5.2-ee 12.5.3 12.5.3-ee 12.5.4 12.5.4-ee 12.5.5 12.5.5-ee 12.5.6 12.5.6-ee 12.5.7 12.5.7-ee 12.5.9 12.5.9-ee 12.5.10 12.5.10-ee 12.6.0 12.6.0-ee 12.6.1 12.6.1-ee 12.6.2 12.6.2-ee 12.6.3 12.6.3-ee 12.6.4 12.6.4-ee 12.6.6 12.6.6-ee 12.6.7 12.6.7-ee 12.6.8 12.6.8-ee 12.7.0 12.7.0-ee 12.7.2 12.7.2-ee 12.7.4 12.7.4-ee 12.7.5 12.7.5-ee 12.7.6 12.7.6-ee 12.7.7 12.7.7-ee 12.7.8 12.7.8-ee 12.7.9 12.7.9-ee 12.8.0 12.8.0-ee 12.8.1 12.8.1-ee 12.8.2 12.8.2-ee 12.8.5 12.8.5-ee 12.8.6 12.8.6-ee 12.8.7 12.8.7-ee 12.8.8 12.8.8-ee 12.8.9 12.8.9-ee 12.8.10 12.8.10-ee 12.9.0 12.9.0-ee 12.9.1 12.9.1-ee 12.9.2 12.9.2-ee 12.9.3 12.9.3-ee 12.9.4 12.9.4-ee 12.9.5 12.9.5-ee 12.9.7 12.9.7-ee 12.9.8 12.9.8-ee 12.9.9 12.9.9-ee 12.9.10 12.9.10-ee 12.10.0 12.10.0-ee 12.10.1 12.10.1-ee 12.10.2 12.10.2-ee 12.10.3 12.10.3-ee 12.10.5 12.10.5-ee 12.10.6 12.10.6-ee 12.10.7 12.10.7-ee 12.10.8 12.10.8-ee 12.10.9 12.10.9-ee 12.10.10 12.10.10-ee 12.10.11 12.10.11-ee 12.10.12 12.10.12-ee 12.10.13 12.10.13-ee)
a4=(12.10.14 12.10.14-ee 13.0.0 13.0.0-ee 13.0.1 13.0.1-ee 13.0.3 13.0.3-ee 13.0.4 13.0.4-ee 13.0.5 13.0.5-ee 13.0.6 13.0.6-ee 13.0.7 13.0.7-ee 13.0.8 13.0.8-ee 13.0.9 13.0.9-ee 13.0.10 13.0.10-ee 13.0.12 13.0.12-ee 13.0.13 13.0.13-ee)
a5=(13.0.14 13.0.14-ee 13.1.0 13.1.0-ee 13.1.1 13.1.1-ee 13.1.2 13.1.2-ee 13.1.3 13.1.3-ee 13.1.4 13.1.4-ee 13.1.5 13.1.5-ee 13.1.6 13.1.6-ee 13.1.7 13.1.7-ee 13.1.8 13.1.8-ee 13.1.9 13.1.9-ee 13.1.10 13.1.10-ee)
a6=(13.1.11 13.1.11-ee 13.2.0 13.2.0-ee 13.2.1 13.2.1-ee 13.2.2 13.2.2-ee 13.2.3 13.2.3-ee 13.2.4 13.2.4-ee 13.2.5 13.2.5-ee 13.2.6 13.2.6-ee 13.2.7 13.2.7-ee 13.2.8 13.2.8-ee 13.2.9 13.2.9-ee 13.2.10 13.2.10-ee 13.3.0 13.3.0-ee 13.3.1 13.3.1-ee 13.3.2 13.3.2-ee 13.3.3 13.3.3-ee 13.3.4 13.3.4-ee 13.3.5 13.3.5-ee 13.3.6 13.3.6-ee 13.3.7 13.3.7-ee 13.3.8 13.3.8-ee 13.3.9 13.3.9-ee 13.4.0 13.4.0-ee 13.4.1 13.4.1-ee 13.4.2 13.4.2-ee 13.4.3 13.4.3-ee 13.4.4 13.4.4-ee 13.4.5 13.4.5-ee 13.4.6 13.4.6-ee 13.4.7 13.4.7-ee 13.5.0 13.5.0-ee 13.5.1 13.5.1-ee 13.5.2 13.5.2-ee 13.5.3 13.5.3-ee 13.5.4 13.5.4-ee 13.5.5 13.5.5-ee 13.5.6 13.5.6-ee 13.5.7 13.5.7-ee 13.6.0 13.6.0-ee 13.6.1 13.6.1-ee 13.6.2 13.6.2-ee 13.6.3 13.6.3-ee 13.6.4 13.6.4-ee 13.6.5 13.6.5-ee 13.6.6 13.6.6-ee 13.6.7 13.6.7-ee 13.7.0 13.7.0-ee 13.7.1 13.7.1-ee 13.7.2 13.7.2-ee 13.7.3 13.7.3-ee 13.7.4 13.7.4-ee 13.7.5 13.7.5-ee 13.7.6 13.7.6-ee 13.7.7 13.7.7-ee 13.7.8 13.7.8-ee 13.7.9 13.7.9-ee 13.8.0 13.8.0-ee 13.8.1 13.8.1-ee 13.8.2 13.8.2-ee 13.8.4 13.8.4-ee 13.8.5 13.8.5-ee 13.8.6 13.8.6-ee 13.8.7 13.8.7-ee)
a7=(13.8.8 13.8.8-ee 13.9.0 13.9.0-ee 13.9.1 13.9.1-ee 13.9.2 13.9.2-ee 13.9.3 13.9.3-ee 13.9.4 13.9.4-ee 13.9.5 13.9.5-ee 13.9.6 13.9.6-ee 13.9.7 13.9.7-ee 13.10.0 13.10.0-ee 13.10.1 13.10.1-ee 13.10.2 13.10.2-ee 13.10.3 13.10.3-ee 13.10.4 13.10.4-ee 13.10.5 13.10.5-ee 13.11.0 13.11.0-ee 13.11.1 13.11.1-ee 13.11.2 13.11.2-ee 13.11.3 13.11.3-ee 13.11.4 13.11.4-ee 13.11.5 13.11.5-ee 13.11.6 13.11.6-ee 13.11.7 13.11.7-ee 13.12.0 13.12.0-ee 13.12.1 13.12.1-ee 13.12.2 13.12.2-ee 13.12.3 13.12.3-ee 13.12.4 13.12.4-ee 13.12.5 13.12.5-ee 13.12.6 13.12.6-ee 13.12.7 13.12.7-ee 13.12.8 13.12.8-ee 13.12.9 13.12.9-ee 13.12.10 13.12.10-ee 13.12.11 13.12.11-ee 13.12.12 13.12.12-ee)
a8=(13.12.15 13.12.15-ee 14.0.0 14.0.0-ee 14.0.1 14.0.1-ee 14.0.2 14.0.2-ee 14.0.3 14.0.3-ee 14.0.4 14.0.4-ee 14.0.5 14.0.5-ee 14.0.6 14.0.6-ee 14.0.7 14.0.7-ee 14.0.8 14.0.8-ee 14.0.9 14.0.9-ee 14.0.10 14.0.10-ee 14.10.11 14.10.11-ee)
a9=(14.0.12 14.0.12-ee 14.1.0 14.1.0-ee 14.1.1 14.1.1-ee 14.1.2 14.1.2-ee 14.1.3 14.1.3-ee 14.1.4 14.1.4-ee 14.1.5 14.1.5-ee 14.1.6 14.1.6-ee 14.1.7 14.1.7-ee 14.1.8 14.1.8-ee 14.2.0 14.2.0-ee 14.2.1 14.2.1-ee 14.2.2 14.2.2-ee 14.2.3 14.2.3-ee 14.2.4 14.2.4-ee 14.2.5 14.2.5-ee 14.2.6 14-2.6-ee 14.2.7 14.2.7-ee 14.3.0 14.3.0-ee 14.3.1 14.3.1-ee 14.3.2 14.3.2-ee 14.3.3 14.3.3-ee 14.3.4 14.3.4-ee 14.3.5 14.3.5-ee)
a10=(14.3.6 14.3.6-ee 14.4.0 14.4.0-ee 14.4.1 14.4.1-ee 14.4.2 14.4.2-ee 14.4.3 14.4.3-ee 14.4.4 14.4.4-ee 14.4.5 14.4.5-ee 14.5.0 14.5.0-ee 14.5.1 14.5.1-ee 14.5.2 14.5.2-ee 14.5.3 14.5.3-ee 14.5.4 14.5.4-ee 14.6.0 14.6.0-ee 14.6.1 14.6.1-ee 14.6.2 14.6.2-ee 14.6.3 14.6.3-ee 14.6.4 14.6.4-ee 14.6.5 14.6.5-ee 14.6.6 14.6.6-ee 14.6.7 14.6.7-ee 14.7.0 14.7.0-ee 14.7.1 14.7.1-ee 14.7.2 14.7.2-ee 14.7.3 14.7.3-ee 14.7.4 14.7.4-ee 14.7.5 14.7.5-ee 14.7.6 14.7.6-ee 14.7.7 14.7.7-ee 14.8.0 14.8.0-ee 14.8.1 14.8.1-ee 14.8.2 14.8.2-ee 14.8.3 14.8.3-ee 14.8.4 14.8.4-ee 14.8.5 14.8.5-ee 14.9.0 14.9.0-ee 14.9.1 14.9.1-ee 14.9.2 14.9.2-ee 14.9.3 14.9.3-ee 14.9.4 14.9.4-ee)
a11=(14.9.5 14.9.5-ee 14.10.0 14.10.0-ee 14.10.1 14.10.1-ee 14.10.2 14.10.2-ee 14.10.3 14.10.3-ee 14.10.4 14.10.4-ee)
a12=(14.10.5 14.10.5-ee 15.0.0 15.0.0-ee 15.0.1 15.0.1-ee 15.0.2 15.0.2-ee 15.0.3 15.0.3-ee 15.0.4 15.0.4-ee)
a13=(15.0.5 15.0.5-ee 15.1.0 15.1.0-ee 15.1.1 15.1.1-ee 15.1.2 15.1.2-ee 15.1.3 15.1.3-ee 15.1.4 15.1.4-ee 15.1.5 15.1.5-ee)
a14=(15.1.6 15.1.6-ee 15.2.0 15.2.0-ee 15.2.1 15.2.1-ee 15.2.2 15.2.2-ee 15.2.3 15.2.3-ee 15.2.4 15.2.4-ee 15.3.0 15.3.0-ee 15.3.1 15.3.1-ee 15.3.2 15.3.2-ee 15.3.3 15.3.3-ee 15.3.4 15.3.4-ee 15.3.5 15.3.5-ee 15.4.0 15.4.0-ee 15.4.2 15.4.2-ee 15.4.3 15.4.3-ee 15.4.4 15.4.4-ee 15.4.5 15.4.5-ee)
a15=(15.4.6 15.4.6-ee 15.5.0 15.5.0-ee 15.5.1 15.5.1-ee 15.5.2 15.5.2-ee 15.5.3 15.5.3-ee 15.5.4 15.5.4-ee 15.5.5 15.5.5-ee 15.5.6 15.5.6-ee 15.5.7 15.5.7-ee 15.5.8 15.5.8-ee 15.5.9 15.5.9-ee 15.6.0 15.6.0-ee 15.6.1 15.6.1-ee 15.6.2 15.6.2-ee 15.6.3 15.6.3-ee 15.6.4 15.6.4-ee 15.6.5 15.6.5-ee 15.6.6 15.6.6-ee 15.6.7 15.6.7-ee 15.6.8 15.6.8-ee 15.7.0 15.7.0-ee 15.7.1 15.7.1-ee 15.7.2 15.7.2-ee 15.7.3 15.7.3-ee 15.7.4 15.7.4-ee 15.7.5 15.7.5-ee 15.7.6 15.7.6-ee 15.7.7 15.7.7-ee 15.7.8 15.7.8-ee 15.7.9 15.7.9-ee 15.8.0 15.8.0-ee 15.8.1 15.8.1-ee 15.8.2 15.8.2-ee 15.8.3 15.8.3-ee 15.8.4 15.8.4-ee 15.8.5 15.8.5-ee 15.8.6 15.8.6-ee 15.9.0 15.9.0-ee 15.9.1 15.9.1-ee 15.9.2 15.9.2-ee 15.9.3 15.9.3-ee 15.9.4 15.9.4-ee 15.9.5 15.9.5-ee 15.9.6 15.9.6-ee 15.9.7 15.9.7-ee 15.9.8 15.9.8-ee 15.10.0 15.10.0-ee 15.10.1 15.10.1-ee 15.10.2 15.10.2-ee 15.10.3 15.10.3-ee 15.10.4 15.10.4-ee 15.10.5 15.10.5-ee 15.10.6 15.10.6-ee 15.10.7 15.10.7-ee 15.11.0 15.11.1-ee 15.11.1-ee 15.11.2-ee 15.11.2-ee 15.11.3 15.11.3-ee 15.11.4 15.11.4-ee 15.11.5 15.11.5-ee 15.11.6 15.11.6-ee 15.11.7 15.11.7-ee 15.11.8 15.11.8-ee 15.11.9 15.11.9-ee 15.11.9 15.11.9-ee 15.11.10 15.11.10-ee 15.11.11 15.11.11-ee 16.0.0 16.0.0-ee 16.0.1 16.0.1-ee 16.0.2 16.0.2-ee 16.0.3 16.0.3-ee 16.0.4 16.0.4-ee 16.0.5 16.0.5-ee 16.0.6 16.0.6-ee 16.0.7 16.0.7-ee 16.1.0 16.1.0-ee 16.1.1 16.1.1-ee)
a16=(16.1.2 16.1.2-ee)
####################################################
### Simple Color/Message Functions and Variables ###
####################################################
ESC=$(printf '\033')
RST="${ESC}[0m"
RED="${ESC}[1;31m"
RFL="${ESC}[1;31;5;31m"
GRN="${ESC}[1;32m"
WHT="${ESC}[1;37m"
ERR='ERROR!'
GME1='There are still'
GME2='Queued'
GME3='Background'
GME4='Migration tasks running'
GME5='This script will wait 5 mins before re-checking and continuing with the upgrade'
GERR='- GitLab or GitLab Runner does not appear to be installed on this server'
MQMS='Checking for Scheduled, Queued and Currently Running Background Migrations'
GRM='This script has completed -'
GRMS='The Server is running the latest version of'
GRMS1='GitLab'
GRMS2='GitLab-Runner'
RERR='- Please run this script as root'
fn_grn() {
printf "${GRN}%s${RST}\n" "$1";
}
fn_red() {
printf "${RED}%s${RST}\n" "$1";
}
fn_rfl() {
printf "${RFL}%s${RST}\n" "$1";
}
fn_wht() {
printf "${WHT}%s${RST}\n" "$1";
}
fn_runerr() {
echo -ne "
$(fn_rfl "$ERR") $(fn_red "$RERR")
"
exit 2
}
fn_glgrerr() {
echo -ne "
$(fn_rfl "$ERR") $(fn_red "$GERR")
"
}
fn_glm() {
echo -ne "
$(fn_grn "$GRM") $(fn_grn "$GRMS") $(fn_wht "$GRMS1" )
"
}
fn_grm() {
echo -ne "
$(fn_grn "$GRM") $(fn_grn "$GRMS") $(fn_wht "$GRMS2" )
"
}
fn_mrun() {
echo -ne "
$(fn_red "$GME1") $(fn_wht "$glrun") $(fn_red "$GME3") $(fn_red "$GME4")
$(fn_wht "$GME5")
"
}
fn_mqms() {
echo -ne "
$(fn_wht "$MQMS")
"
}
fn_mque() {
echo -ne "
$(fn_red "$GME1") $(fn_wht "$glque") $(fn_red "$GME2") $(fn_red "$GME4")
$(fn_wht "$GME5")
"
}
fn_snooze() {
sleep 5m &
pid=$!
frames="┤ ┘ ┴ └ ├ ┌ ┬ ┐"
while kill -0 $pid > /dev/null 2>&1
do
for frame in $frames
do
time=$(date +%r)
printf "%s\r ... $frame Waiting 5 Mins ... " "Current Server Time: $time"
sleep 0.1
done
done
gitlab_check
}
##############################################
### Checking if GitLab-Runner is Installed ###
##############################################
# shellcheck disable=SC2317 # Don't warn about unreachable commands in this function
runner_installed() {
{
if ! [ -x "$(command -v gitlab-runner)" ]; then
gitlab_installed
else
$pkgmgr install gitlab-runner
fn_grm
exit 0
fi
}
}
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [ "${OS}" = ubuntu ]; then
pkgmgr="apt -y --allow-change-held-packages"
$pkgmgr update
elif [ "${OS}" = amazon ]; then
if [ "${OSVER}" = 2 ]; then
pkgmgr="yum -y"
fi
elif [ "${OS}" = red ]; then
if [ "${OSVER}" = 7 ]; then
pkgmgr="yum -y"
else
pkgmgr="dnf -y"
fi
fi
##############################################
### Checking if GitLab-Runner is Installed ###
##############################################
runner_installed() {
{
if ! [ -x "$(command -v gitlab-runner)" ]; then
gitlab_installed
else
$pkgmgr install gitlab-runner
fn_grm
exit 0
fi
}
}
#######################################
### Checking if GitLab is installed ###
#######################################
gitlab_installed() {
{
if ! [ -x "$(command -v gitlab-ctl)" ]; then
fn_glgrerr
exit 1
else
### Detect if GitLab is CE or EE ###
if ! grep -ow "gitlab-ce" /opt/gitlab/version-manifest.txt; then
glt=ee
else
glt=ce
fi
export glt
gitlab_check
fi
}
}
######################################
### Migration Backgound Check Loop ###
######################################
function gitlab_check() {
{
fn_mqms
glver=$(cat /var/opt/gitlab/gitlab-rails/VERSION)
if [[ "$glver" > 14.0.0 ]];then
for glque in $(gitlab-rails runner -e production 'puts Gitlab::Database::BackgroundMigration::BatchedMigration.queued.count')
do
if [[ $glque != 0 ]]; then
fn_mque
fn_snooze
fi
done
fi
for glrun in $(gitlab-rails runner -e production 'puts Gitlab::BackgroundMigration.remaining')
do
if [[ $glrun != 0 ]]; then
fn_mrun
fn_snooze
fi
done
gitlab_update
}
}
################################
### Simple Update for GitLab ###
################################
function gitlab_update() {
{
glver=$(cat /var/opt/gitlab/gitlab-rails/VERSION)
if [ ! -d /root/gitlab_backups ]; then
mkdir /root/gitlab_backups
cp -ar /etc/gitlab/* /root/gitlab_backups
fi
for a in "${a1[@]}"
do
if [[ $glver = "$a" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=12.0.12-$glt.0
else
$pkgmgr install gitlab-$glt-12.0.12
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for b in "${a2[@]}"
do
if [[ $glver = "$b" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=12.1.17-$glt.0
else
$pkgmgr install gitlab-$glt-12.1.17
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for c in "${a3[@]}"
do
if [[ $glver = "$c" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=12.10.14-$glt.0
else
$pkgmgr install gitlab-$glt-12.10.14
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for d in "${a4[@]}"
do
if [[ $glver = "$d" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=13.0.14-$glt.0
else
$pkgmgr install gitlab-$glt-13.0.14
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for e in "${a5[@]}"
do
if [[ $glver = "$e" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=13.1.11-$glt.0
else
$pkgmgr install gitlab-$glt-13.1.11
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for f in "${a6[@]}"
do
if [[ $glver = "$f" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=13.8.8-$glt.0
else
$pkgmgr install gitlab-$glt-13.8.8
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for g in "${a7[@]}"
do
if [[ $glver = "$g" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=13.12.15-$glt.0
else
$pkgmgr install gitlab-$glt-13.12.15
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for h in "${a8[@]}"
do
if [[ $glver = "$h" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=14.0.12-$glt.0
else
$pkgmgr install gitlab-$glt-14.0.12
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
# gitlab-ctl restart postgresql # <-- Use only for standalone, not needed for rds
gitlab_check
fi
done
for i in "${a9[@]}"
do
if [[ $glver = "$i" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=14.3.6-$glt.0
else
$pkgmgr install gitlab-$glt-14.3.6
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
# gitlab-ctl restart redis # <-- Use only for standalone, not needed for rds
gitlab_check
fi
done
for j in "${a10[@]}"
do
if [[ $glver = "$j" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=14.9.5-$glt.0
else
$pkgmgr install gitlab-$glt-14.9.5
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for k in "${a11[@]}"
do
if [[ $glver = "$k" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=14.10.5-$glt.0
else
$pkgmgr install gitlab-$glt-14.10.5
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for l in "${a12[@]}"
do
if [[ $glver = "$l" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=15.0.5-$glt.0
else
$pkgmgr install gitlab-$glt-15.0.5
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
# gitlab-ctl restart postgesql # <-- Use only for standalone, not needed for rds
gitlab_check
fi
done
for m in "${a13[@]}"
do
if [[ $glver = "$m" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=15.1.6-$glt.0
else
$pkgmgr install gitlab-$glt-15.1.6
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for n in "${a14[@]}"
do
if [[ $glver = "$n" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=15.4.6-$glt.0
else
$pkgmgr install gitlab-$glt-15.4.6
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
# gitlab-ctl restart redis # <-- Use only for standalone, not needed for rds
gitlab_check
fi
done
for o in "${a15[@]}"
do
if [[ $glver = "$o" ]]; then
if [ "${OS}" = ubuntu ]; then
$pkgmgr install gitlab-$glt=16.1.2-$glt.0
else
$pkgmgr install gitlab-$glt-16.1.2
if [ "${OS}" = red ]; then
gitlab-ctl reconfigure
fi
fi
gitlab_check
fi
done
for p in "${a16[@]}"
do
if [[ $glver = "$p" ]]; then
fn_glm
exit 0
fi
done
}
}
#######################################
### Check for Root / Function Calls ###
#######################################
if [ "$(whoami)" != root ]; then
fn_runerr
else
runner_installed
fi

102
mk_swap.sh Normal file
View File

@ -0,0 +1,102 @@
#!/bin/bash
####################################################################
#### Make a Swap script - Just set the size and the script ####
#### does the rest. ####
#### ####
#### Author: Phil Connor ####
#### Contact: contact@mylinux.work ####
#### Version 2.25 ####
#### ####
#### To use this script chmod it to 755 ####
#### or simply type bash mk_swap.sh ####
####################################################################
########################
#### User Variables ####
########################
swpsize=4 # set the size of swapfile needed in gigabytes
##########################
#### System Variables ####
##########################
swpneed=$((swpsize * 1024)) # total the swap needs to be in mb's
dir=$(ls -la --block-size=M /) # / part dir file list
swpexist=$(echo "$dir" | grep -i swap | awk '{ print $5 }' | tr -d 'M"') # does the swap file already exist?
swpname=$(echo "$dir" | grep -i swap | awk '{ print $9 }') # If it already exists what is the name of the swap file
swppres=$(free -m | sed -n '3 p' | awk '{ print $2 }') # If it exists and is present what size is it
########################################################################
#### Check If the swap file already exist and if it's large enough? ####
########################################################################
if (( swpneed < swpexist )) || (( swpneed < swppres )); then
echo -e '\e[01;37m ======================================================================='
echo -e '\e[01;32m ====================================================================='
echo -e '\e[01;32m ==== \e[01;37m A Large Enough Swapfile was Found! No Changes Needed... \e[01;32m ===='
echo -e '\e[01;32m ====================================================================='
echo -e '\e[01;37m ======================================================================='
elif (( swpneed > swpexist )) || (( swpneed > swppres )); then
echo -e '\e[01;37m =================================================================================='
echo -e '\e[01;31m ================================================================================'
echo -e '\e[01;31m ==== \e[01;37m A Large Enough Swapfile was not found! Creating Larger SwapFile... \e[01;31m ===='
echo -e '\e[01;31m ================================================================================'
echo -e '\e[01;37m =================================================================================='
#######################################################
#### Turn off existing swap if needing replacement ####
#######################################################
if echo "$dir" | grep -i swap; then
swapoff /"${swpname}"
rm -f /"$swpname"
fi
############################################
#### Create the requested size swapfile ####
############################################
fallocate -l ${swpsize}g /.SwapFile
#################################################
#### Fallocate does not work on some systems ####
#################################################
# dd if=/dev/zero of=/.SwapFile count=${swpsize} bs=1MiB
################################################
#### Configure and enable the new swap file ####
################################################
chmod 600 /.SwapFile
mkswap /.SwapFile
swapon /.SwapFile
###########################################
#### Check to make sure swap is active ####
###########################################
echo -e '\e[01;37m ================================================================================='
echo -e '\e[01;32m ==============================================================================='
echo -e '\e[01;32m ==== \e[01;37m Checking whether the swap space was mounted and is active or not! \e[01;32m ===='
echo -e '\e[01;32m ==============================================================================='
echo -e '\e[01;37m ================================================================================='
R=$(swapon -s)
if [ -n "$R" ]; then
echo -e '\e[01;32m ============'
echo -e '\e[01;32m ============'
echo -e '\e[01;32m =============================================================================='
echo -e "\e[01;37m$R"
echo -e '\e[01;32m =============================================================================='
echo -e '\e[01;37m ================================================================================'
else
echo -e '\e[01;31m ============'
echo -e '\e[01;31m ============'
echo -e '\e[01;31m ============================================================================'
echo -e "\e[01;37m ==== Something Went Wrong no Swap was Loaded ===="
echo -e '\e[01;31m ============================================================================'
echo -e '\e[01;37m =============================================================================='
fi
######################################################################
#### Check to see if the created swap is listed in the fstab file ####
######################################################################
if ! grep -q "SwapFile" /etc/fstab; then
echo "/.SwapFile swap swap defaults 0 0" >> /etc/fstab
fi
fi

416
motd.sh Normal file
View File

@ -0,0 +1,416 @@
#! /bin/bash
##########################################################################
## My spin on the MOTD ##
## version 4.2.3-71423 ##
## ##
## Copy this script to the /usr/local/bin directory and name it motd ##
## ##
## chmod 755 /usr/local/bin/motd and run it "motd" and it will make ##
## the the changes automatically and install the pkgs required ##
## to run at each login ##
## ##
## Questions or Comments: pconnor@ara.com ##
## ##
## TODO: add config file for some settings ##
##########################################################################
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}')
OSVER=$(lsb_release -r | awk '{print $2}')
CODENAME=$(lsb_release -c | awk '{print $2}' | tr '[:upper:]' '[:lower:]')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="')
if ! grep CODENAME /etc/os-release; then
CODENAME=$(cat < /etc/system-release | awk '{print $5}' | tr -d '("' | tr -d ')"')
else
CODENAME=$(grep VERSION_CODENAME /etc/os-release | sed 's/VERSION_CODENAME=//g' | tr -d '="' | awk -F. '{print $1}')
fi
fi
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [ "${OS}" = Amazon ]; then
PAKMGR="yum -y"
elif [ "${OS}" = Red ] || [ "${OS}" = Rocky ]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = Debian ] || [ "${OS}" = Ubuntu ]; then
PAKMGR="apt -y"
fi
##############################
#### Terminal Setup Start ####
##############################
export TERM=xterm-256color
tput rmam
######################
#### Script Setup ####
######################
if ! grep -q motd /etc/profile; then
echo '/usr/local/bin/motd' >> /etc/profile
fi
if [ ! -f "/etc/profile.d/colorprompt.sh" ]; then
# shellcheck disable=SC2016,SC2028
{
echo '#########################################################################'
echo '#### This script is to setup and color the system prompt and can ####'
echo '#### be removed by a chmod 000 or deleting the file. Questions or ####'
echo '#### changes please contact Phil Connor pconnor@ara.com ####'
echo '#########################################################################'
echo '# UID 0 is the root user'
echo 'if [[ $UID == 0 ]];then'
echo ' # prompt for root user'
echo " PS1='\t [\[\033[01;31m\]\u\[\033[0m\]@\h: \[\033[01;34m\]\W\[\033[0m\]]# '"
echo 'else'
echo ' # prompt for all logged in users'
echo " PS1='[\[\033[38;5;221m\]\u\[\033[0m\]@\h: \[\033[01;34m\]\W\[\033[0m\]]% '"
echo 'fi'
} > /etc/profile.d/colorprompt.sh
fi
if [[ "${OS}" = Debian || "${OS}" = Ubuntu ]]; then
if ! grep -q colorprompt.sh ~/.bashrc; then
echo 'source /etc/profile.d/colorprompt.sh' >> ~/.bashrc
fi
fi
if [ ! -f "/etc/banner" ]; then
echo "
------------------------------------------------------------------------------
(########################## **** WARNING! **** ############################)
#) (#
(# This system is the property of Linda's.Work Servers, and is to be #)
#) used in accordance with applicable LWS Policies. Unauthorized access or (#
(# activity is a violation of LWS Policies and may be a violation of law. #)
#) Use of this system constitutes consent to monitoring for unauthorized (#
(# use, in accordance with LWS Policies, local laws, and regulations. #)
#) Unauthorized use may result in penalties including, but not limited to, (#
(# reprimand, dismissal, financial penalties, and legal action. #)
#) (#
(##############################################################################)
------------------------------------------------------------------------------
" > /etc/banner
fi
if [ ! "$(command -v figlet)" ]; then
if [ "${OS}" = Debian ] || [ "${OS}" = Ubuntu ]; then
$PAKMGR update
$PAKMGR install figlet
elif [ "${OS}" = Red ] || [ "${OS}" = Rocky ]; then
$PAKMGR install epel-release
$PAKMGR install figlet
else
$PAKMGR install figlet
fi
fi
if [ ! "$(command -v gem)" ]; then
$PAKMGR install gem
fi
if [ ! "$(command -v lolcat)" ]; then
if [ "${OS}" = Debian ]; then
gem install lolcat
$PAKMGR update
$PAKMGR install lolcat
elif [ "${OS}" = Ubuntu ]; then
$PAKMGR update
$PAKMGR install lolcat
else
gem install lolcat
chmod 755 /usr/local/bin/lolcat
fi
fi
# ------- TODO START -------- #
###############################
#### Script directory path ####
###############################
if [ -n "${BASH_SOURCE[0]}" ]; then
DIR=$(dirname "${BASH_SOURCE[0]}")
elif [ -n "${0}" ]; then
DIR=$(dirname "$(readlink -f "$0")")
fi
##########################################
#### Configuration file and fallbacks ####
##########################################
CONFIG_FILE="${DIR}/motd.conf"
# shellcheck source=/dev/null
if test -f "${CONFIG_FILE}"; then
. "${DIR}/motd.conf"
fi
if [ -z ${DATE_FORMAT+x} ]; then
DATE_FORMAT="%x %X"
fi
# ------- TODO END ------- #
########################
### Banner Functions ###
########################
function banner() {
lolcat -f '/etc/banner'
}
function hostn() {
hname=$(hostname -s)
figlet -f slant -c "$hname" | lolcat -f
}
function logo() {
figlet -cf mini A Linda\'s Work Server | lolcat -f
}
################
#### Colors ####
################
BW="\033[38;5;15m" # Bold White
CD="\033[0m" # Default
CRB="\033[1;31m" # Red bold
CG="\033[0;32m" # Green
CYB="\033[1;33m" # Yellow bold
# CYL="\033[3;33m" # Yellow light
CBB="\033[1;34m" # Blue bold
# CML="\033[3;35m" # Magenta light
# CCL="\033[3;36m" # Cyan light
NC="\033[00m"
###############################
#### OS - (System Section) ####
###############################
DATE=$(date +"${DATE_FORMAT}")
DISTRIBUTION_NAME=$OS
DISTRIBUTION_VERSION=$OSVER
DISTRIBUTION_CODENAME=$CODENAME
UPTIME=$(uptime | awk '{print $3 " " $4}' | sed s'/.$//')
USER_COUNT=$(users | wc -w)
PROCESSES_RUNNING=$(ps aux | wc -l)
if [ -z ${SYSTEM_NAME+x} ]; then
SYSTEM_NAME=$(hostname)
else
SYSTEM_NAME+=" ($(hostname))"
fi
if [ "$(command -v timedatectl)" ]; then
TIMEZONE=$(timedatectl | grep "Time" | awk '{print $3" "$4" UTC"$5}')
else
TIMEZONE=$(date +"%Z %z")
fi
#####################
#### Time of Day ####
#####################
HOUR=$(date +"%H")
if [ "$HOUR" -lt 12 ] && [ "$HOUR" -ge 0 ]; then
TIME="Morning User"
elif [ "$HOUR" -lt 17 ] && [ "$HOUR" -ge 12 ]; then
TIME="Afternoon User"
else
TIME="Evening User"
fi
###############################
#### CPU - (Usage Section) ####
###############################
CPU_MODEL=$(grep -m 1 "model name" < /proc/cpuinfo | awk '{a="";for (i=4;i<=NF;i++){a=a$i" "}print a}')
CPU_LOAD=$(awk '{print $1*100}'< /proc/loadavg)
CPU_LOAD_AVG=$(awk '{print $1" "$2" "$3}'< /proc/loadavg)
CPU_CORES=$(nproc)
CPU_USAGE=$((CPU_LOAD / CPU_CORES))
CPU_SPEED=$(lscpu | grep -m 1 "MHz" | awk '{for(i=NF;i>=1;i--) printf "%s ", $i;print ""}' | awk '{print $1}' | cut -f1 -d".")
##################################
#### Memory - (Usage Section) ####
##################################
MEMORY_TOTAL=$(free -m | grep "Mem" | awk '{print $2}')
MEMORY_USAGE=$(free -m | grep "Mem" | awk '{print $3}')
MEMORY_USAGE_PERCENT=$(( MEMORY_USAGE * 100 / MEMORY_TOTAL ))
################################
#### Swap - (Usage Section) ####
################################
SWAP_TOTAL=$(free -m | grep "Swap" | awk '{print $2}')
SWAP_USAGE=$(free -m | grep "Swap" | awk '{print $3}')
# SWAP space is optional, so it needs to be checked if it exist.
# shellcheck disable=2140
if [[ "${SWAP_TOTAL}" -gt 0 ]]; then
SWAP_USAGE_PERCENT=$(( SWAP_USAGE * 100 / SWAP_TOTAL ))
else
SWAP_USAGE_PERCENT='-'
fi
################################
#### Disk - (Space Section) ####
################################
function drive_space_used() {
{
W="\e[0;39m"
G="\e[1;32m"
R="\e[1;31m"
Y="\e[1;33m"
dim="\e[2m"
undim="\e[0m"
max_usage=90
bar_width=26
medium_usage=70
mapfile -t dfs < <(df -H -x zfs -x squashfs -x tmpfs -x devtmpfs -x overlay --output=target,pcent,size | tail -n+2)
for line in "${dfs[@]}"
do
usage=$(echo "$line" | awk '{print $2}' | sed 's/%//')
used_width=$((( usage * bar_width) / 100 ))
if [ "${usage}" -ge "${max_usage}" ]; then
color=$R
elif [ "${usage}" -ge "${medium_usage}" ]; then
color=$Y
else
color=$G
fi
bar="[${color}"
for (( i = 0; i < used_width; i++ ))
do
bar+="="
done
bar+="${W}${dim}"
for (( i = used_width; i < bar_width; i++))
do
bar+="·"
done
bar+="${undim}]"
echo "${line}" | awk '{ printf("%-16s%+3s used out of %+4s", $1, $2, $3); }' | sed -e 's/^/ /' | lolcat -f
echo -e "${bar}" | sed -e 's/^/ /'
done
}
}
#######################
#### Network Block ####
#######################
if [ "$(command -v ip)" ]; then
mapfile -t INTERFACES < <(ip -o link show | awk -F': ' '{print $2}' | grep -v -E "lo|veth")
# IP V4
for INTERFACE in "${INTERFACES[@]}"
do
if [[ "${INTERFACE}" != "${INTERFACES[0]}" ]] ; then
IP_V4="${IP_V4}\n ${CG}"
fi
mapfile -t IPS < <(ip addr show "${INTERFACE}" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
INTERFACE_IPS=""
for IP in "${IPS[@]}"
do
INTERFACE_IPS="${INTERFACE_IPS} ${IP}"
done
IP_V4="${IP_V4}${INTERFACE}${INTERFACE_IPS}"
done
# IP V6
for INTERFACE in "${INTERFACES[@]}"
do
if [[ "${INTERFACE}" != "${INTERFACES[0]}" ]] ; then
IP_V6="${IP_V6}\n ${CG}"
fi
mapfile -t IPS < <(ip addr show "${INTERFACE}" | grep -oP '(?<=inet6\s)\w+(:?:\w+){4}')
INTERFACE_IPS=""
for IP in "${IPS[@]}"
do
INTERFACE_IPS="${INTERFACE_IPS} ${IP}"
done
IP_V6="${IP_V6}${INTERFACE}${INTERFACE_IPS}"
done
else
IP1=$(hostname -I | awk '{print $1}')
IP2=$(hostname -I | awk '{print $2}')
IP3=$(hostname -I | awk '{print $3}')
if [[ $IP1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
IP1R="0"
else
IP1R="1"
fi
if [[ $IP2 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
IP2R="1"
IP2PIP="1"
else
IP2R="0"
fi
if [[ $IP3 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
IP3R="1"
else
IP3R="0"
fi
fi
##########################
### Host Display Block ###
##########################
banner
hostn
printf "\n"
printf " %b%b\n\n" "${CYB}" "${SYSTEM_NAME}${NC}"
printf " %bSYSTEM %b\n" "${CRB}" "${CD}"
echo ''
echo -e "${CD}${CBB}Distribution ${CG} ${DISTRIBUTION_NAME} ${DISTRIBUTION_VERSION} (${DISTRIBUTION_CODENAME})" | lolcat -f
echo -e "${CD}${CBB}CPU ${CG} ${CPU_MODEL}x ${CPU_CORES} cores" | lolcat -f
echo -e "${CD}${CBB}Timezone ${CG} ${TIMEZONE}" | lolcat -f
echo -e "${CD}${CBB}Date ${CG} ${DATE}" | lolcat -f
echo -e "${CD}${CBB}Uptime ${CG} ${UPTIME}" | lolcat -f
echo -e "${CD}${CBB}Users ${CG} ${USER_COUNT} Currently Logged in" | lolcat -f
echo ''
printf " %bUSAGE %b\n" "${CRB}" "${CD}"
echo ''
echo -e "${CD}${CBB}CPU ${BW} ${CPU_USAGE}% ${CG}(${CPU_LOAD_AVG}) @ ${CPU_SPEED} MHz" | lolcat -f
echo -e "${CD}${CBB}Memory ${CG} ${MEMORY_USAGE_PERCENT}% (${MEMORY_USAGE} MB of ${MEMORY_TOTAL} MB)" | lolcat -f
echo -e "${CD}${CBB}Swap ${CG} ${SWAP_USAGE_PERCENT}% (${SWAP_USAGE} MB of ${SWAP_TOTAL} MB)" | lolcat -f
echo -e "${CD}${CBB}Processes ${CG} ${PROCESSES_RUNNING} (running)" | lolcat -f
echo ''
printf " %bSPACE %b\n" "${CRB}" "${CD}"
echo ''
printf "${CD}${CBB}Drive Usage ${CG}%b\n"
drive_space_used
echo ''
printf " %bNETWORK %b\n" "${CRB}" "${CD}"
echo ''
if [ "$IP1R" != 1 ]; then
printf "${CD}${CBB}IPv4 ${CG}%b\n" "${IP_V4}""${IP1}" | lolcat -f
fi
if [ "$IP2R" != 1 ]; then
printf "${CD}${CBB}IPv6 ${CG}%b\n" "${IP_V6}""${IP2}" | lolcat -f
fi
if [ "$IP2PIP" == 1 ]; then
printf "${CD}${CBB}Private IP ${CG}%b\n" "${IP2}" | lolcat -f
elif [ "$IP3R" == 1 ]; then
printf "${CD}${CBB}Private IP ${CG}%b\n" "${IP3}" | lolcat -f
fi
printf " %b" "${CD}"
printf "\n"
logo
echo -e "${BW}Good $TIME ${CYB}$USER${NC}"
######################
### Terminal Reset ###
######################
tput smam

270
networktuning.sh Normal file
View File

@ -0,0 +1,270 @@
#!/bin/bash
######################################################################################
#### Version 1.02 ####
#### For questions or comments contact@mylinux.work ####
#### Author : Phil Connor ####
#### ####
#### Notes : ####
#### This script is a simple "helper" to configure your sysctl.conf on linux ####
#### servers. There is no silver bullet. Don't expect the perfect setup, ####
#### review comments and adapt the parameters to your application usage. ####
#### ####
#### Use this script at your OWN risk. There is no guarantee whatsoever. ####
#### ####
#### Usage "tuning.sh" or "tuning.sh ssd" if you are running on ssd'd ####
######################################################################################
##########################
#### System Variables ####
##########################
host=$(hostname)
if [ "$(command -v lsb_release)" ]; then
os=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
osv=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
os=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
osv=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
sfile=/etc/sysctl.conf
##################################
#### Detect OS and OS Version ####
##################################
if [[ ${os} = alma || ${os} = amazon || ${os} = centos || ${os} = red || ${os} = rocky || ${os} = oracle ]]; then
if [ "${osv}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${os}" = ubuntu ]; then
PAKMGR="apt -y"
fi
##########################################
#### Check to see if bc is Instaslled ####
##########################################
if ! command -v bc &> /dev/null; then
${PAKMGR} install bc
fi
##########################
#### Sysctl Variables ####
##########################
mem_bytes=$(awk '/MemTotal:/ { printf "%0.f",$2 * 1024}' /proc/meminfo)
shmmax=$(echo "$mem_bytes * 0.90" | bc | cut -f 1 -d '.')
shmall=$(("$mem_bytes" / $(getconf PAGE_SIZE)))
max_orphan=$(echo "$mem_bytes * 0.10 / 65536" | bc | cut -f 1 -d '.')
file_max=$(echo "$mem_bytes / 4194304 * 256" | bc | cut -f 1 -d '.')
max_tw=$((file_max * 2))
min_free=$(echo "($mem_bytes / 1024) * 0.01" | bc | cut -f 1 -d '.')
############################
#### Update Sysctl.conf ####
############################
echo "#######################################"
echo "#### Updating sysctl for $host"
echo "#######################################"
cp -a -- "$sfile" "$sfile-$(date +"%m-%d-%y-%r")"
######################################
#### Check for ssd on commandline ####
######################################
if [ "$1" != "ssd" ]; then
vm_dirty_bg_ratio=5
vm_dirty_ratio=15
else
# This setup is generally ok for ssd and highmem servers
vm_dirty_bg_ratio=3
vm_dirty_ratio=5
fi
>>$sfile cat << EOF
############################
#### Performance Tuning ####
############################
# Disable syncookies
# (syncookies are not RFC compliant and can use too many resources)
net.ipv4.tcp_syncookies = 0
# Basic TCP tuning
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
# RFC1337
net.ipv4.tcp_rfc1337 = 1
# Defines the local port range that is used by TCP and UDP
# to choose the local port
net.ipv4.ip_local_port_range = 1024 65535
# Log Martian Packets with impossible addresses
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
EOF
if [ -f /proc/sys/net/ipv4/inet_peer_gc_mintime ]; then
{
echo '# Minimum interval between garbage collection passes This interval is'
echo '# in effect under high memory pressure on the pool'
echo 'net.ipv4.inet_peer_gc_mintime = 5'
echo ''
} >> $sfile
fi
>> $sfile cat << EOF
# Disable Explicit Congestion Notification in TCP
net.ipv4.tcp_ecn = 0
# Enable window scaling as defined in RFC1323
net.ipv4.tcp_window_scaling = 1
# Enable timestamps (RFC1323)
net.ipv4.tcp_timestamps = 1
# Enable select acknowledgments
net.ipv4.tcp_sack = 1
# Enable FACK congestion avoidance and fast restransmission
net.ipv4.tcp_fack = 1
# Allows TCP to send "duplicate" SACKs
net.ipv4.tcp_dsack = 1
# Controls IP packet forwarding for router advertisements
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding=1
# Strict reverse path filtering
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter=1
EOF
if [ -f /proc/sys/net/ipv4/tcp_tw_recycle ]; then
{
echo '# Enable fast recycling TIME-WAIT sockets'
echo 'net.ipv4.tcp_tw_recycle = 1'
echo ''
} >> $sfile
fi
>>$sfile cat << EOF
# Max number of remembered connection requests
# TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog
# NOTE: Setting this too low may impact IP6 Sessions
net.ipv4.tcp_max_syn_backlog = 20000
# tells the kernel how many TCP sockets that are
# not attached to any user file handle to maintain
net.ipv4.tcp_max_orphans = $max_orphan
# How may times to retry before killing TCP connection,
# closed by the side
net.ipv4.tcp_orphan_retries = 1
# how long to keep sockets in the state FIN-WAIT-2
# if we were the one closing the socket
net.ipv4.tcp_fin_timeout = 20
# maximum number of sockets in TIME-WAIT to be held simultaneously
net.ipv4.tcp_max_tw_buckets = $max_tw
# don't cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
# increase Linux autotuning TCP buffer limits
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# increase TCP max buffer size
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 2500
net.core.somaxconn = 65000
vm.swappiness = 0
# You can monitor the kernel behavior with regard to the dirty
# pages by using grep -A 1 dirty /proc/vmstat
vm.dirty_background_ratio = $vm_dirty_bg_ratio
vm.dirty_ratio = $vm_dirty_ratio
# required free memory (set to 1% of physical ram)
vm.min_free_kbytes = $min_free
# system open file limit
fs.file-max = $file_max
# Core dump suidsafe
fs.suid_dumpable = 2
#( 3 4 1 3 for most webbased applications )
kernel.printk = 4 4 1 7
kernel.core_uses_pid = 1
kernel.sysrq = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
# Maximum shared segment size in bytes
kernel.shmmax = $shmmax
# Maximum number of shared memory segments in pages
kernel.shmall = $shmall
###########################
#### Security Settings ####
###########################
# Protect against worms and other automated attacks
EOF
if [ -f /proc/sys/kernel/exec-shield ]; then
echo 'kernel.exec-shield = 1' >> $sfile
fi
>>$sfile cat << EOF
kernel.randomize_va_space = 1
# Don't accept ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Don't send ICMP redirects (I'm not a router!)
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Don't accept IP source route packets (I'm not a router)
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
# Ignoring ICMP broadcasts and ignore bogus responses
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Dont accept routing preferences
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 0
# Dont try to learn prefix information
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.all.accept_ra_pinfo = 0
# Dont accept hop limits
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.all.accept_ra_defrtr = 0
EOF
sysctl -p
exit $?

106
postfix_sendonly.sh Normal file
View File

@ -0,0 +1,106 @@
#! /bin/bash
#############################################################
#### PostFix (Sendonly) install Script for Oracle Linux, ####
#### Centos/Redhat and Ubuntu Servers. ####
#### ####
#### Author: Phil Connor 02/10/2021 ####
#### Contact: contact@mylinux.work ####
#### Version 1.20-12.13.22 ####
#### ####
#### To use this script chmod it to 755 ####
#### or simply type bash <filename.sh> ####
#############################################################
#############################
#### User Configurations ####
#############################
DomainName=myserver.mydomain.com # <-- Name of the server you are configuring this on
EnableForw=yes # <-- Do you want the server to forward the mail (yes/no)
ForwardMail=my_email@mydomain.com # <-- What is the email you want to forward to?
##########################
#### System Variables ####
##########################
macnf=/etc/postfix/main.cf
sslcerts=/etc/letsencrypt/live/$DomainName
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = alma || ${OS} = amazon || ${OS} = centos || ${OS} = red || ${OS} = rocky || ${OS} = oracle ]]; then
if [[ "${OSVER}" = 7 || "${OSVER}" = 7 ]]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [[ "${OS}" = ubuntu || "${OS}" = debian ]]; then
PAKMGR="apt -y"
fi
########################################################
#### Install PostFix, Configure and Start/Enable it ####
########################################################
if [[ "${OS}" = ubuntu || "${OS}" = debian ]]; then
echo "postfix postfix/mailname string $DomainName" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive $PAKMGR install postfix bsd-mailx
else
$PAKMGR install postfix mailx
fi
sed -i "s/inet_interfaces = all/inet_interfaces = loopback-only/g" $macnf
postconf -e "myhostname = $DomainName"
sed -i "s/#myorigin = \$myhostname/myorigin = \$myhostname/g" $macnf
sed -i "s/mydestination = \$myhostname, domain-name.com, localhost.\$mydomain, localhost/mydestination = \$myhostname, $DomainName, localhost.\$mydomain, localhost/g" $macnf
systemctl enable --now postfix
hostnamectl set-hostname $DomainName
echo "Mail delivery test" | mail -s "[Server] New e-mail" $ForwardMail
if [ $EnableForw = yes ]; then
sed -i "s/root: /root: $ForwardMail/g"
newaliases
systemctl restart postfix
fi
########################
#### Add Encryption ####
########################
function encrypt() {
{
$PAKMGR install certbot
if [ "$(command -v ufw)" ]; then
ufw allow http
elif [ "$(command -v firewall-cmd)" ]; then
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=80/tcp
elif [ "$(command -v iptables)" ]; then
iptables -I INPUT -p tcp -m tcp dport 80 -j ACCEPT
service iptables save
ip6tables -I INPUT -p tcp -m tcp dport 80 -j ACCEPT
service ip6tables save
systemctl restart iptables ip6tables
fi
certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d $DomainName
#### TLS parameters ####
sed -i "s/smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=$sslcerts/fullchain.pem/g" $macnf
sed -1 "s/smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key/smtpd_tls_key_file=$sslcerts/privkey.pem/g" $macnf
systemctl restart postfix
echo "This is a test of an encrypted email" | mail -s "This is Just a Test" $ForwardMail
}
}