Import dss scripts and update them.
Import scripts from https://git.coolaj86.com/josh/dss with new URL paths and with the intent of further proxmox-centric customization.
This commit is contained in:
		
							parent
							
								
									ec692f3f05
								
							
						
					
					
						commit
						cbce8081f5
					
				
							
								
								
									
										75
									
								
								create-user.bash
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										75
									
								
								create-user.bash
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,75 @@ | ||||
| #!/bin/bash | ||||
| # Determined Create User Script v2.0.3 | ||||
| # Written by AJ Oneal -- edited by Joshua Mudge | ||||
| 
 | ||||
| # Exit on any error | ||||
| set -e | ||||
| 
 | ||||
| if [ -z "$(which openssl)" ]; then | ||||
|   echo "ERROR: 'openssl' is not found."; | ||||
|   echo "Please install openssl. It is used to generate a random password." | ||||
|   exit 1 | ||||
| fi | ||||
| if [ -z "$(grep '^PermitRootLogin prohibit-password$' /etc/ssh/sshd_config)" ] && [ -z "$(grep '^PermitRootLogin no$' /etc/ssh/sshd_config)" ] && [ -z "$(grep '^PermitRootLogin without-password$' /etc/ssh/sshd_config)" ]; then | ||||
|   echo "SECURITY ERROR: 'PermitRootLogin prohibit-password' is not set in /etc/ssh/sshd_config"; | ||||
|   exit 1 | ||||
| fi | ||||
| if [ -z "$(grep '^PasswordAuthentication no$' /etc/ssh/sshd_config)" ]; then | ||||
|   echo "SECURITY ERROR: 'PasswordAuthentication no' is not set in /etc/ssh/sshd_config"; | ||||
|   exit 1 | ||||
| fi | ||||
| # http://stackoverflow.com/questions/43481923/security-audit-how-to-check-if-ssh-server-asks-for-a-password/43482975#43482975 | ||||
| if [ -n "$(ssh -v -o Batchmode=yes DOES_NOT_EXIST@localhost 2>/dev/null | grep password)" ]; then | ||||
|   echo "SECURITY ERROR: 'PasswordAuthentication no' has not taken affect. Try 'sudo service ssh restart'"; | ||||
|   exit 1 | ||||
| fi | ||||
| 
 | ||||
| 
 | ||||
| # exit if there are any unbound variables | ||||
| set -u | ||||
| 
 | ||||
| USER=$1 | ||||
| USER=$(basename $USER .pub) | ||||
| 
 | ||||
| # If they try to create root, exit. | ||||
| 
 | ||||
| if test $USER = "root" | ||||
|   then | ||||
|     echo "You cannot create the root user, it already exists." | ||||
|     exit | ||||
| fi | ||||
| 
 | ||||
| # TODO allow optional gecos i.e. create-user.bash bobs.pub 'Bob Smith' | ||||
| 
 | ||||
| # password will be set later in the script | ||||
| #adduser --disabled-password --gecos '' $USER | ||||
| sudo adduser --disabled-login --gecos '' $USER | ||||
| sudo adduser $USER sudo # if sudo is needed | ||||
| 
 | ||||
| # FAIL before getting here via set -e | ||||
| sudo mkdir -p /home/$USER/.ssh | ||||
| sudo chmod 700 /home/$USER/.ssh | ||||
| sudo touch /home/$USER/.ssh/authorized_keys | ||||
| sudo chmod 600 /home/$USER/.ssh/authorized_keys | ||||
| 
 | ||||
| # PRE-REQ: get the user's ssh public key and store it in whoever.pub | ||||
| sudo bash -c "cat $USER.pub >> /home/$USER/.ssh/authorized_keys" | ||||
| 
 | ||||
| sudo chown $USER:$USER /home/$USER | ||||
| sudo chown $USER:$USER -R /home/$USER/.ssh/ | ||||
| 
 | ||||
| PASSWD=$(openssl rand -hex 20) | ||||
| #echo "$PASSWD" | passwd "$USER" --stdin | ||||
| echo "$USER:$PASSWD" | sudo chpasswd | ||||
| #echo "The temporary password for '"$USER"' is '"$PASSWD"'" | ||||
| sudo passwd -d $USER | ||||
| echo "'$USER'" has been added with key-only authentication and a password must be set on first login | ||||
| sudo chage -d 0 $USER | ||||
| 
 | ||||
| # Other Methods as per https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/ | ||||
| # | ||||
| # Linux | ||||
| # date "+%s.%N" | md5sum | ||||
| # | ||||
| # macOS | ||||
| # date "+%s.%N" | md5 | ||||
							
								
								
									
										186
									
								
								determined-server-setup.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										186
									
								
								determined-server-setup.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,186 @@ | ||||
| #!/bin/bash | ||||
| # determined-server-setup (dss) | ||||
| # Written by Josh Mudge | ||||
| # Ad Mejorem Dei Glorium | ||||
| 
 | ||||
| version=$(curl -s https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/VERSION | cat) | ||||
| 
 | ||||
| # Get options from CLI arguments | ||||
| 
 | ||||
| usr=$USER | ||||
| init=0 | ||||
| clean=0 | ||||
| log=0 | ||||
| authlog=0 | ||||
| update=0 | ||||
| mon=0 | ||||
| 
 | ||||
| while [[ $# -gt 0 ]] | ||||
| do | ||||
|   key="$1" | ||||
| 
 | ||||
|   case $key in | ||||
|     --init) | ||||
|     init=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --clean) | ||||
|     clean=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --log) | ||||
|     log=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --authlog) | ||||
|     authlog="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user) | ||||
|     usr="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user2) | ||||
|     user2="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user3) | ||||
|     user3="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --update) | ||||
|     update=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --monitor) | ||||
|     mon=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --mon-setup) | ||||
|     mon=2 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --email) | ||||
|     email=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --logfile) | ||||
|     logfile=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     blacklist) | ||||
|     blacklist="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     -h|help) | ||||
|     echo "dss $version" | ||||
|     echo "Usage: dss [OPTION]" | ||||
|     echo "You can run the following commands:" | ||||
|     echo "dss --clean  # Update the server and cleanup uneeded files and programs. Use with caution." | ||||
|     echo "dss --log # Print the system log." | ||||
|     echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server." | ||||
|     echo "dss --user USERNAME --init   # Setup server with server utilities and enable automatic security updates." | ||||
|     exit 1 | ||||
|     ;; | ||||
|     -v|version) | ||||
|     echo "dss $version" | ||||
|     exit 1 | ||||
|     ;; | ||||
|     *) | ||||
|     # unknown option | ||||
|     if test -z "${unknown}" | ||||
|     then | ||||
|       unknown=$1 | ||||
|     else | ||||
|       echo "dss $version" | ||||
|       echo "dss --user USERNAME --init   # Setup server with server utilities and enable automatic security updates." | ||||
|       exit 1 | ||||
|     fi | ||||
|     ;; | ||||
|   esac | ||||
|   shift # past argument or value | ||||
| done | ||||
| 
 | ||||
| if test $init = 1 | ||||
| then | ||||
|   # Update server | ||||
|   sudo apt-get update | ||||
|   sudo apt-get upgrade -y | ||||
| 
 | ||||
|   # Install server utilities | ||||
|   sudo apt-get install -y screen curl nano htop fail2ban rsync man shellcheck git software-properties-common | ||||
| 
 | ||||
|   # Prompt user to set up automatic security updates. | ||||
|   sudo apt-get install -y unattended-upgrades | ||||
|   sudo dpkg-reconfigure -plow unattended-upgrades | ||||
| 
 | ||||
|   # Harden ssh | ||||
|   if determined-harden-ssh --user $usr | ||||
|   then | ||||
|     echo "dss" | sudo tee /home/.dssv1.7 | ||||
|   else | ||||
|     "You cannot create root user and disable root login, that won't work... See 'dss help'" | ||||
|     exit | ||||
|   fi | ||||
| 
 | ||||
| elif test $log = 1 | ||||
| then | ||||
| 
 | ||||
|   sudo cat /var/log/syslog | ||||
| 
 | ||||
| elif test $authlog = 1 | ||||
|   then | ||||
|     sudo cat /var/log/auth.log | ||||
| 
 | ||||
| elif test $authlog = attacks | ||||
|   then | ||||
|     sudo cat /var/log/auth.log | grep "Invalid user" | ||||
|     sudo cat /var/log/auth.log | grep "Connection closed" | ||||
|     exit | ||||
| 
 | ||||
| elif test ! -z $blacklist | ||||
| then | ||||
|   echo "Note to self: add blacklist function, empty elif is not allowed in BASH." | ||||
|   # Blacklist code | ||||
| 
 | ||||
| elif test $update = 1 | ||||
| then | ||||
|   # Update Linux and determined-setup | ||||
|   sudo apt-get update | ||||
|   sudo apt-get upgrade | ||||
|   curl -s "https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/setup.sh" | bash | ||||
| 
 | ||||
| elif test $clean = 1 | ||||
| then | ||||
|   # Update | ||||
|   sudo apt-get update | ||||
|   sudo apt-get upgrade | ||||
| 
 | ||||
|   # Cleanup | ||||
|   sudo apt-get clean | ||||
|   sudo apt-get autoremove | ||||
| 
 | ||||
| elif test $mon = 1 | ||||
| then | ||||
| 
 | ||||
|   cd /home | ||||
|   ./sysmon.sh -- email $email | ||||
| 
 | ||||
| elif test $mon = 2 | ||||
| then | ||||
| 
 | ||||
|   dss init | ||||
|   curl -sO "https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/sysmon.sh" | ||||
|   sudo mv sysmon.sh /home/.sysmon.sh | ||||
|  ( sudo crontab -l ; echo "14 1 * * * /bin/bash -c "/home/.sysmon.sh --email $email"" &> "$logfile" ) | sudo crontab - | ||||
| 
 | ||||
| else | ||||
|   echo "dss $version" | ||||
|   echo "Usage: dss [OPTION]" | ||||
|   echo "You can run the following commands:" | ||||
|   echo "dss --clean  # Update the server and cleanup uneeded files and programs. Use with caution." | ||||
|   echo "dss --log # Print the system log." | ||||
|   echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server." | ||||
|   echo "dss --user USERNAME init   # Setup server with server utilities and enable automatic security updates." | ||||
|   exit 1 | ||||
| fi | ||||
							
								
								
									
										152
									
								
								harden-server.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										152
									
								
								harden-server.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,152 @@ | ||||
| #!/bin/bash | ||||
| # Determined SSH Hardening | ||||
| # Written by Josh Mudge | ||||
| # Ad Mejorem Dei Glorium | ||||
| 
 | ||||
| # Only ban password login for root, not all login for root. | ||||
| 
 | ||||
| usr=$USER | ||||
| version="v1.4.4 Alpha" | ||||
| keyserver="https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/" | ||||
| 
 | ||||
| while [[ $# -gt 0 ]] | ||||
| do | ||||
| key="$1" | ||||
| 
 | ||||
| case $key in | ||||
|     setup) | ||||
|     setup=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user) | ||||
|     usr="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user2) | ||||
|     user2="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user3) | ||||
|     user3="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user4) | ||||
|     user4="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --user5) | ||||
|     user5="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     -h|--help) | ||||
|       echo determined-harden-ssh $version | ||||
|       echo "Usage: determined-harden-ssh --user USERNAME" | ||||
|       exit 1 | ||||
|     ;; | ||||
|     *) | ||||
|       # unknown option | ||||
|       if [ -z "${user}" ]; then | ||||
|         echo determined-harden-ssh $version | ||||
|         echo "No admin user specified." | ||||
|         echo "Usage: determined-harden-ssh --user USERNAME" | ||||
|       else | ||||
|         echo "unrecognized option '$1'" | ||||
|         exit 1 | ||||
|       fi | ||||
|     ;; | ||||
| esac | ||||
| shift # past argument or value | ||||
| done | ||||
| 
 | ||||
| if test ! -z $usr | ||||
| then | ||||
| 
 | ||||
|   echo "Installing fail2ban and hardening SSH configuration." | ||||
|   # Install fail2ban | ||||
|   sudo apt-get install -y fail2ban curl openssh-server > /dev/null | ||||
| 
 | ||||
|   echo "Creating new user by the username $usr" | ||||
| 
 | ||||
|   echo "Disabling password based logins in favor of SSH keys." | ||||
| 
 | ||||
|   # SSH keys only, no passwords. | ||||
| 
 | ||||
|   sudo sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config | ||||
|   sudo sed -i "s/#PasswordAuthentication no/PasswordAuthentication no/g" /etc/ssh/sshd_config | ||||
|   sudo sed -i "s/PermitRootLogin yes/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config | ||||
| 
 | ||||
|   mkdir .tssh | ||||
| 
 | ||||
|   cd .tssh | ||||
| 
 | ||||
|   curl -sLO https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/create-user.bash | ||||
| 
 | ||||
|   curl -sLO https://$keyserver/$usr.pub | ||||
| 
 | ||||
|   sudo mv create-user.bash /usr/local/bin/determined-create-user | ||||
| 
 | ||||
|   sudo chmod +x /usr/local/bin/determined-create-user | ||||
| 
 | ||||
|   if determined-create-user $usr; | ||||
|   then | ||||
|   echo "Setting up non-root admin user(s)" | ||||
|   else | ||||
|     echo "User creation failed. Please fix the above error and try again." | ||||
|     cd .. | ||||
|     rm -rf .tssh | ||||
|     exit | ||||
|   fi | ||||
| 
 | ||||
|   if test ! -z $user2 | ||||
|   then | ||||
| 
 | ||||
|     curl -sLO https://$keyserver/$user2.pub | ||||
| 
 | ||||
|     ./create-user.bash $user2 | ||||
| 
 | ||||
|   fi | ||||
| 
 | ||||
|   if test ! -z $user3 | ||||
|   then | ||||
| 
 | ||||
|     curl -sLO https://$keyserver/$user3.pub | ||||
| 
 | ||||
|     ./create-user.bash $user3 | ||||
| 
 | ||||
|   fi | ||||
| 
 | ||||
|   if test ! -z $user4 | ||||
|   then | ||||
| 
 | ||||
|     curl -sLO https://$keyserver/$user4.pub | ||||
| 
 | ||||
|     ./create-user.bash $user4 | ||||
| 
 | ||||
|   fi | ||||
| 
 | ||||
|   if test ! -z $user5 | ||||
|   then | ||||
| 
 | ||||
|     curl -sLO https://$keyserver/$user5.pub | ||||
| 
 | ||||
|     ./create-user.bash $user5 | ||||
| 
 | ||||
|   fi | ||||
| 
 | ||||
|   cd .. | ||||
|   rm -rf .tssh | ||||
| 
 | ||||
|   echo "Disabling root login." | ||||
| 
 | ||||
|   sudo sed -i "s/PermitRootLogin prohibit-password/PermitRootLogin no/g" /etc/ssh/sshd_config | ||||
|   sudo sed -i "s/PermitRootLogin without-password/PermitRootLogin no/g" /etc/ssh/sshd_config | ||||
| 
 | ||||
|   echo "That's it, we're done :)" | ||||
| 
 | ||||
| else | ||||
| 
 | ||||
|   echo determined-harden-ssh $version | ||||
|   echo "No admin user specified." | ||||
|   echo "Usage: ./harden-server.sh --user USERNAME" | ||||
| 
 | ||||
| fi | ||||
							
								
								
									
										7
									
								
								josh.pub
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										7
									
								
								josh.pub
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,7 @@ | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv0FjEGZWOYllCbQ1vKrWq6+jo0hkqOoj350/zitTce9QJZrD2JOC9FSRqTy8wlBwjapfTIgOLDfzv6iLA7i652HpoA5p8RUsRwOqBqj2ofhbhJyGg5lEhpWQDxLVIf8FrcN8BL07UzasS9NfrI6ElYeFnO5L6V9eDc49J5iRwYIuyIkSjuxbo+utwfZttYSHvVB9e5Y0HAYQFVH10hIvkROwoNO2KsBJ/kKM4PSuPRBsTxIObX7LRduzO54sk+NGgLXVbr9EdwcPzN7xUUNrlmwKAtgj9u0RmgzE5DQhGLumR87ntAOD6jRTqvO012T2rP5TZiO5WvgLZQ3B6OOkf josh@ltltod | ||||
| 
 | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdIqdxMncwBtfH2znhNM9EdBZDkcwew+zmV8Nw0msACfi0wUpwPcBtYerNi6gt9+bSkOHj4grRyEY/S79R7YApNcThelJhbCKFh1XBVKfNtAIvs0hsO8YxzwBZlcFID5rCRof5wdwKi9OtcnzzQV6qDCJnL3l+B7bWtQJoOwwo9SGaU3baLLSCC+06F3jUQofn5vOMVKGO7HcFKK/mVgPOX8WYO7XjegSu2AP01jDZxHLp1CWldxd2iv7NsMNcBvGvsS9cW0Fq3SdjWyuLzLs12X1O1pyTRw/9bHseFXa3xpOlO5oiHsAVdYivzWk8/IddTrfw9RGc9vtu3RuuJTer josh@Mac-mini.local | ||||
| 
 | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRu4QMnJbNbm2MdOPYJYQTKZQZQVsxOU5cYV63zVYKerFAGLZ+vwJeX8l5mdUcCBiVc1Px7Po+KZ7HJKygh859zz61E3a/eWTiikuvpd16XNJCDB9mKNAvkCl84m10YSfKcyn6u7jbqwAshHoQ2xCrG4f7mY6XD7EKavblYWBV4IEdeGZVdkMx5UOT2yQMOOdqldbwd56lJwa36NuBM69af0axU3VHEBQbzNeGFYuANh54HCOce++ilk733y5VM80Jq4owHZ6mdJ37Z6KB1dIVWgsWSKqJHqYEIHtdSjj4IvMGNnoPO4u9ts3/VQt66udO6dVztp1BfOKws16KYtFVMVDVRuifYBmYFXysod9cJ9/7Wr0H/PurLOy5T57sp044Nj+X7QHGjv1QYzbnr9en963nKXfX/NJI+deev71kYzBxVXsvl8ywNcAPZFhPdwMu44R69/zg+Zwfc2BSarbsGCOUAEfLy/wp8O0zcuOF+xBJcnPTmGYBEjtBtTmXHe7Eurldl5UnlRpaAMe8awdQOi/H7Y942FV2uLkJ6jIXeeojuZ4lZVOFcLfzSpor55bXcMvktHzxVvdWE/D+zTh3aakNcagB3YVin0sBrVdM1NLO9pBhlATJMWLurlplQPY+4NklsBJlSCNBWtD0H9RYbj/m8KNrH5jjPCs8/WRHVQ== root@pve1 | ||||
| 
 | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDI+OURko4u2OC5FjSAEte1ylPLzXu1Jmn2U7Y1zlp3BI5r0djyM7JfQm+2KDJZBd1qi6CuqueSr2wV1tnEtMXrMjnqLy3JHEQTzyeADoTws3/jAuDaez6ddhI7tMJsrR+lkkUa8akr5Q7Wht7BIUn16oX9dWR22eXoxN5ab/rzqnv9dADqKOa7FOHqxsWx31KykIKtdSVunmG5E+sovjc69GH6fFLaTMDuFqeNaScavIv90tUVwQR1P5fJj1Ajtnu9QLWvD364tfK6krPGaiMtjOEBftKIVeOHhTHKPwu2oAWK+67W9zzxmxkeR4vrSHH1cQbaXPpAqCSPIDCI5aAlzHfHPwoHWYglZJEpXwlmuSftVJ5bgCaU1kYGX4QIUhOACNv3XVFU8Uw6+douF2s4NeDPPfGN8CIRqdeQkD1JzhfL3bcRIu55QDFmvsd3C+S0NJrnNM4L/FlMiT/1w1geJHVZHstTf19eoJSuYS0wslqeJVxrkwf13WgC5/ZEGy0P6W2xAYJ3ESvswwotFqqoWQJhS7Hl7VZ9LtB60IAIPJIBD8zxUFuhlBClhOTYKr+MV7/v7Ejd2dbbJ2FSKAVQQ4fLGTgwHDJxKYj3JUm/tkjos5XeLCVJQmwWUtL3iVjPMKg4G+hbSJ3sSE/DYsZ8Y8XD4+j1TjVKMf5rRzRTMw== root@pve2 | ||||
							
								
								
									
										22
									
								
								setup.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								setup.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,22 @@ | ||||
| #!/bin/bash | ||||
| # Setup for determined-server-setup | ||||
| # Written by Josh Mudge | ||||
| # Ad Mejorem Dei Glorium | ||||
| 
 | ||||
| version=$(curl -s https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/VERSION | cat) | ||||
| 
 | ||||
| echo "Installing dss $version" | ||||
| 
 | ||||
| curl -sO https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/determined-server-setup.sh | ||||
| 
 | ||||
| sudo mv determined-server-setup.sh /usr/local/bin/dss | ||||
| 
 | ||||
| sudo chmod +x /usr/local/bin/dss | ||||
| 
 | ||||
| curl -sO https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/harden-server.sh | ||||
| 
 | ||||
| sudo mv harden-server.sh /usr/local/bin/determined-harden-ssh | ||||
| 
 | ||||
| sudo chmod +x /usr/local/bin/determined-harden-ssh | ||||
| 
 | ||||
| echo "Done. Run 'dss' to use." | ||||
							
								
								
									
										136
									
								
								sysmon.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										136
									
								
								sysmon.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,136 @@ | ||||
| #!/bin/bash | ||||
| # Josh's Automatic System Monitor | ||||
| # Written by Josh Mudge | ||||
| # Ad Mejorem Dei Glorium | ||||
| 
 | ||||
| update=1 | ||||
| version=v1.5.3a | ||||
| alpha=0 | ||||
| dfh=$(df -h | grep '8[0-9]%') | ||||
| dfh2=$(df -h | grep '9[0-9]%') | ||||
| 
 | ||||
| while [[ $# -gt 0 ]] | ||||
| do | ||||
|   key="$1" | ||||
| 
 | ||||
|   case $key in | ||||
|     --setup) | ||||
|     shift # past argument | ||||
|     setup=1 | ||||
|     ;; | ||||
|     --no-update) | ||||
|     update=0 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --audit) | ||||
|     audit=1 | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     --email) | ||||
|     email="$2" | ||||
|     shift # past argument | ||||
|     ;; | ||||
|     -h|help) | ||||
|     echo "dss-mon $version" | ||||
|     echo "Usage: dss --monitor --email user@mailprovider.com" | ||||
|     exit 1 | ||||
|     ;; | ||||
|     -v|version) | ||||
|     echo "dss $version" | ||||
|     exit 1 | ||||
|     ;; | ||||
|     *) | ||||
|     # unknown option | ||||
|     if test -z "${unknown}" | ||||
|     then | ||||
|       unknown=$1 | ||||
|     else | ||||
|       echo "dss-mon $version" | ||||
|       echo "Usage: dss --monitor --email user@mailprovider.com" | ||||
|       exit 1 | ||||
|     fi | ||||
|     ;; | ||||
|   esac | ||||
|   shift # past argument or value | ||||
| done | ||||
| 
 | ||||
| if test $update = 1 | ||||
| then | ||||
| 
 | ||||
|   sudo apt-get update | ||||
|   sudo apt-get upgrade | ||||
|   sudo apt-get install sysstat # Check if installed, then do this | ||||
|   curl -s "https://git.coolaj86.com/josh/proxmox-scripts/raw/branch/main/setup.sh" | bash | ||||
| 
 | ||||
| fi | ||||
| 
 | ||||
| # Cleanup | ||||
| 
 | ||||
| sudo apt-get clean | ||||
| 
 | ||||
| # Security Audit (Tackled by dss init before setting this up.) | ||||
| 
 | ||||
| # if test ! -f /home/.dssv1.7 | ||||
| # then | ||||
| # | ||||
| #   dss init | ||||
| # | ||||
| # fi | ||||
| 
 | ||||
| auth=$(sudo cat /var/log/auth.log | grep "Invalid user") | ||||
| #auth2=$(sudo cat /var/log/auth.log | grep "Connection closed") | ||||
| 
 | ||||
| if test $alpha = 1; | ||||
| then | ||||
| 
 | ||||
|   sudo apt-get autoremove | ||||
| 
 | ||||
| fi | ||||
| 
 | ||||
| # To setup email, point a domain name to your server using DNS. | ||||
| # Disable any firewall rules that block port 25 (You may have to go to a server admin panel or contact your system administrator) | ||||
| # Then run: sudo apt-get install mailutils | ||||
| # Open up /etc/hosts and make sure it has: | ||||
| # 127.0.1.1 mydomain.com myserverHOSTNAME | ||||
| # Select "Internet Site" and enter the domain you want it to send email from. | ||||
| # Then you can send email like this: echo "Body of email" | mail -s "subject" EMAILADDRESS | ||||
| 
 | ||||
| if test ! -z "$auth" # If set to run automatically, don't run this check every time. | ||||
| then | ||||
|   echo "Attacks found. Sending authentication log to $email" | ||||
|   sudo cat /var/log/auth.log | grep "Invalid user" | mail -s "Invalid User Login" $email | ||||
| fi | ||||
| 
 | ||||
| if test ! -z "$dfh" | ||||
| then | ||||
|   echo "Disk usage is high, sending disk usage to $email" | ||||
|   echo "$dfh" | mail -s "High Disk Usage" $email | ||||
| fi | ||||
| 
 | ||||
| if test ! -z "$dfh2" | ||||
| then | ||||
|   echo "Disk usage is critical, sending disk usage to $email" | ||||
|   echo "$dfh2" | mail -s "Critical Disk Usage" $email | ||||
| fi | ||||
| 
 | ||||
| for i in {1..300} # Do this 300 times. | ||||
| do | ||||
| CPU=$(mpstat 1 1 | awk '$3 ~ /CPU/ { for(i=1;i<=NF;i++) { if ($i ~ /%idle/) field=i } } $3 ~ /all/ { printf("%d",100 - $field) }') # Find CPU usage for the last 10 seconds. Code credit: Stackoverflow | ||||
| CPUT=$(($CPUT + $CPU)) # Add each 1 second record to the total. | ||||
| done | ||||
| CPURESULT=$(($CPUT / 300)) # Divide the total by 300 seconds to find average CPU usage over the last 5 minutes. | ||||
| 
 | ||||
| 
 | ||||
| if test $CPURESULT > 90 | ||||
| then | ||||
|   echo "CPU usage is quite high, sending report to $email" | ||||
|   echo "$CPURESULT %" | mail -s "High CPU Usage" $email | ||||
| fi | ||||
| 
 | ||||
| USEDRAM=$(free | grep Mem | awk '{print ($2 -$7) / $2 * 100.0}') | ||||
| 
 | ||||
| if test $USEDRAM > 80 | ||||
| then | ||||
|   echo "RAM usage is quite high, sending report to $email" | ||||
|   echo "$USEDRAM %" | mail -s "High RAM Usage" $email | ||||
| fi | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user