Linux Scripts, Aliases and Tools

$IPT -A INPUT -s 69.5.169.0/24 -j DROP #394 20260427
$IPT -A INPUT -s 85.217.149.0/24 -j DROP #273 20260427
$IPT -A INPUT -s 31.14.254.0/24 -j DROP #121 20260427
$IPT -A INPUT -s 36.255.97.0/24 -j DROP #120 20260427
$IPT -A INPUT -s 64.62.197.0/24 -j DROP #109 20260427
$IPT -A INPUT -s 5.226.140.0/24 -j DROP #104 20260427
$IPT -A INPUT -s 199.45.154.0/24 -j DROP #101 20260427
$IPT -A INPUT -s 185.242.226.0/24 -j DROP #94 20260427
$IPT -A INPUT -s 45.205.1.0/24 -j DROP #90 20260427
$IPT -A INPUT -s 43.228.157.0/24 -j DROP #86 20260427
$IPT -A INPUT -s 79.124.56.0/24 -j DROP #81 20260427
$IPT -A INPUT -s 81.19.216.0/24 -j DROP #80 20260427
$IPT -A INPUT -s 91.230.168.0/24 -j DROP #78 20260427
$IPT -A INPUT -s 45.87.249.0/24 -j DROP #77 20260427
$IPT -A INPUT -s 185.223.235.0/24 -j DROP #76 20260427
$IPT -A INPUT -s 87.121.84.0/24 -j DROP #72 20260427
$IPT -A INPUT -s 89.21.67.0/24 -j DROP #72 20260427
$IPT -A INPUT -s 195.184.76.0/24 -j DROP #71 20260427
$IPT -A INPUT -s 91.191.209.0/24 -j DROP #71 20260427
$IPT -A INPUT -s 91.231.89.0/24 -j DROP #69 20260427


/usr/bin/grep "Firewall:" /var/log/syslog  | awk '{for(i=1;i<=NF;i++) if($i ~ /^SRC=/){split($i,a,"="); split(a[2],ip,"."); print ip[1]"."ip[2]"."ip[3]".0/24"}}'  | sort  | uniq -c  | awk -v IPT="$IPT" -v DATE="$(date +%Y%m%d)"  '{print "$IPT -A INPUT -s " $2 " -j DROP #" $1 " " DATE}'  | sort -t'#' -k2,2nr  | head -20 2>/dev/null

# Variables - get the date
YEAR=$(date +%Y);
MONTH=$(date +%m);
DAY=$(date +%d);

# Create a salt to randomize the backup file name
SALT=$(cat /dev/urandom | tr -dc 'a-z0-9' | head -c 6);

# Use bold in bash
BOLD=$(tput bold)
NORMAL=$(tput sgr0)

# Initial instructions
echo "Today's date is ${BOLD}"$YEAR$MONTH$DAY, "${NORMAL}this script will ${BOLD}delete the following files${NORMAL} and create new ones:";
ls -la /var/backups/tmp/*$YEAR*
read -r -p "Press Y to contiunue? [y/N]" response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
then

# Cleanup of the old backups
rm -rf /var/backups/tmp/*$YEAR*

# Backup selected directories to /var/backups
echo "${BOLD}Backing up etc${NORMAL}";
tar -c --totals /etc | pv -s $(du -sb /etc | awk '{print $1}') | gzip -9 > /var/backups/tmp/etc.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up home${NORMAL}";
tar -c --totals /home | pv -s $(du -sb /home | awk '{print $1}') | gzip -9 > /var/backups/tmp/home.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up root${NORMAL}";
tar -c --totals /root | pv -s $(du -sb /root | awk '{print $1}')0 | gzip -9 > /var/backups/tmp/root.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up var-lib${NORMAL}";
tar -c --totals /var/lib | pv -s $(du -sb /var/lib | awk '{print $1}') | gzip -9 > /var/backups/tmp/var-lib.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up var-local${NORMAL}";
tar -c --totals /var/local | pv -s $(du -sb /var/local | awk '{print $1}') | gzip -9 > /var/backups/tmp/var-local.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up var-log${NORMAL}";
tar -c --totals /var/log | pv -s $(du -sb /var/log | awk '{print $1}') | gzip -9 > /var/backups/tmp/var-log.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up var-www${NORMAL}";
tar -c --totals /var/www | pv -s $(du -sb /var/www | awk '{print $1}') | gzip -9 > /var/backups/tmp/var-www.$YEAR$MONTH$DAY.tgz

echo "${BOLD}Backing up sql${NORMAL}";
mysqldump -u root --password='YOURPASSWORD' --all-databases > /var/backups/tmp/mysql.$YEAR$MONTH$DAY.sql
tar -c --totals /var/backups/tmp/mysql.$YEAR$MONTH$DAY.sql | gzip -1 > /var/backups/tmp/mysql.$YEAR$MONTH$DAY.tgz
rm /var/backups/tmp/mysql.$YEAR$MONTH$DAY.sql

#Create a downloadable backup file then delete it
echo "${BOLD}Packaging it all up:${NORMAL}";
tar -c --totals /var/backups/tmp/*$YEAR$MONTH$DAY* | pv -s $(du -sb /var/backups/tmp/ | awk '{print $1}') | gzip -9 > /var/www/html/tmp/backup.$YEAR$MONTH$DAY.$SALT.tgz
read -n 1 -s -r -p "Go get the backup file at [ ${BOLD}https://YOURWEBSITE/tmp/backup.$YEAR$MONTH$DAY.$SALT.tgz${NORMAL} ] then select any key to delete it from the server..."
rm /var/www/html/tmp/backup.$YEAR$MONTH$DAY.$SALT.tgz
echo "${BOLD}File removed!${NORMAL}";

echo "${BOLD}Contents of html/tmp:${NORMAL}";
ls -la /var/www/html/tmp/

echo "${BOLD}Contents of /var/backups/tmp:${NORMAL}";
ls -la /var/backups/tmp/

echo "${BOLD}Your monthly backup is now complete.${NORMAL}";

else
echo "Process cancelled!";

JAIL                     Curr Failed    Tot Failed   Curr Banned    Tot Banned
------------------------------------------------------------------------------
apache-auth                        0             0             0             0
apache-badbots                     0             0             0             0
apache-botsearch                   0             0             3             3
apache-fakegooglebot               0             0             0             0
apache-modsecurity                 0             0             0             0
apache-nohome                      0             0             0             0
apache-noscript                    0            96            30            34
apache-overflows                   0             0             0             0
apache-shellshock                  0             0             0             0
courier-auth                       0             0             0             0
cyrus-imap                         0             0             0             0
dovecot                           39           705            62            66
pam-generic                       39           703            43            45
php-url-fopen                      0             0             1             1
postfix                            6             7             3             3
postfix-rbl                        0             0             0             0
postfix-sasl                      39           693            17            17
sendmail-auth                      0             0             0             0
sendmail-reject                    0             0             0             0
sieve                              0             0             0             0
sshd                               6            21           151           161
xinetd-fail                        0             0             0             0



#!/bin/perl
# Prints a nice table of fail2ban jail stats

open(J, "fail2ban-client status |") || die;
while () {
  next unless /Jail list/;
  s/^[^:]+:[ \t]+//;
  s/,//g;
  push(@jailnames, split);
}
close(J);

foreach $j (@jailnames) {
  open(S, "fail2ban-client status $j |") || die;
  while (<S>) {
    if (/Currently failed:\s+(\d+)/) {
      $jails->{$j}->{cf} = $1;
    } elsif (/Total failed:\s+(\d+)/) {
      $jails->{$j}->{tf} = $1;
    } elsif (/Currently banned:\s+(\d+)/) {
      $jails->{$j}->{cb} = $1;
    } elsif (/Total banned:\s+(\d+)/) {
      $jails->{$j}->{tb} = $1;
    }
  }
  close(S);
}

printf("%-22s  %12.12s  %12.12s  %12.12s  %12.12s\n",
       "JAIL", "Curr Failed", "Tot Failed", "Curr Banned", "Tot Banned");
print "-" x 78, "\n";
foreach $j (@jailnames) {
  printf("%-22s  %12.12s  %12.12s  %12.12s  %12.12s\n", $j,
         $jails->{$j}->{cf}, $jails->{$j}->{tf},
         $jails->{$j}->{cb}, $jails->{$j}->{tb});
}

#!/bin/bash
# IPTABLES Firewall

# --------------------------------------------------
# Kernel hardening
# --------------------------------------------------
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# --------------------------------------------------
# Binary
# --------------------------------------------------
IPT="/usr/sbin/iptables"

# Trusted admin IPs
HOME="" #add your IP or rdns
WORK="" #add your IP or rdns

# --------------------------------------------------
# Flush old rules
# --------------------------------------------------
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t mangle -F

# --------------------------------------------------
# Default policies
# --------------------------------------------------
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

# --------------------------------------------------
# Custom chains
# --------------------------------------------------
$IPT -N LOGDROP

$IPT -A LOGDROP -m limit --limit 5/min --limit-burst 10 \
  -j LOG --log-prefix "Firewall: " --log-level 6
$IPT -A LOGDROP -j DROP

# --------------------------------------------------
# Base accepts / sanity
# --------------------------------------------------

# Allow loopback with only localhost source
$IPT -I INPUT 1 -i lo -s 127.0.0.1/8 -d 127.0.0.1/8 -j ACCEPT
$IPT -I OUTPUT 1 -o lo -s 127.0.0.1/8 -d 127.0.0.1/8 -j ACCEPT
#$IPT -A OUTPUT -o lo ! -s 127.0.0.1/32 -j DROP #This may be blocking mail outbound

# Allow venet0 traffic only from assigned public IP
#$IPT -A OUTPUT -o venet0 -m addrtype ! --src-type LOCAL -j DROP #This may be blocking mail outbound
$IPT -I OUTPUT 1 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -I OUTPUT 1 -o venet0 -s 107.161.30.34 -j ACCEPT #change to your host IP
$IPT -A OUTPUT -o venet0 -s 107.161.30.34/32 -j ACCEPT #change to your host IP
$IPT -A OUTPUT -o venet0 ! -s 107.161.30.34/32 -j LOG #change to your host IP

# Drop invalid
$IPT -A INPUT -m conntrack --ctstate INVALID -j DROP

# Allow established traffic
$IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Drop suspicious NEW tcp packets not SYN
$IPT -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

# Drop fragments
$IPT -A INPUT -f -j DROP


# --------------------------------------------------
# Persistent hostile networks (optional)
# --------------------------------------------------
$IPT -A INPUT -s 45.142.193.0/24 -j DROP  #2630 20260424
$IPT -A INPUT -s 79.124.62.0/24 -j DROP  #1430 20260424
$IPT -A INPUT -s 167.94.146.0/24 -j DROP  #822 20260424

# --------------------------------------------------
# Quiet garbage drops
# --------------------------------------------------

# DHCP
$IPT -A INPUT -p udp --dport 67:68 -j DROP

# RPC
$IPT -A INPUT -p tcp --dport 111 -j DROP

# NetBIOS / SMB
$IPT -A INPUT -p tcp --dport 445 -j DROP
$IPT -A INPUT -p tcp --dport 135:139 -j DROP
$IPT -A INPUT -p udp --dport 135:139 -j DROP

# --------------------------------------------------
# ICMP
# --------------------------------------------------
$IPT -A INPUT -p icmp -m limit --limit 5/sec -j ACCEPT

# --------------------------------------------------
# SSH protection
# --------------------------------------------------

# Drop brute force attempts
$IPT -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
  -m recent --update --seconds 60 --hitcount 6 --name SSH -j DROP

# Track new attempts
$IPT -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
  -m recent --set --name SSH

# Allow SSH
$IPT -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT

# --------------------------------------------------
# Public Web
# --------------------------------------------------
$IPT -A INPUT -p tcp --dport 80  -m conntrack --ctstate NEW -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT

# --------------------------------------------------
# Mail server
# --------------------------------------------------
$IPT -A INPUT -p tcp --dport 25  -m conntrack --ctstate NEW -j ACCEPT
$IPT -A INPUT -p tcp --dport 465 -m conntrack --ctstate NEW -j ACCEPT
$IPT -A INPUT -p tcp --dport 587 -m conntrack --ctstate NEW -j ACCEPT
$IPT -A INPUT -p tcp --dport 993 -m conntrack --ctstate NEW -j ACCEPT

# --------------------------------------------------
# Restricted admin services
# --------------------------------------------------

# sample
$IPT -A INPUT -p tcp -s $HOME --dport 1234 -m conntrack --ctstate NEW -j ACCEPT
$IPT -A INPUT -p tcp -s $WORK --dport 1234 -m conntrack --ctstate NEW -j ACCEPT

# --------------------------------------------------
# Final log/drop
# --------------------------------------------------
$IPT -A INPUT -j LOGDROP

# reload fail2ban iptables jails
/usr/bin/systemctl restart fail2ban