PR test

cache-generator.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+
+ERROR_LOG=/var/log/cache-generator.log
+
+URI=$1
+
+function log()
+{
+echo -e "[ `date` ] $(tput setaf 4)$@$(tput sgr0)" &>> $ERROR_LOG
+exit $2
+}
+
+
+curl -I ${URI} &>> $ERROR_LOG & log "Caching ${URI}" $!

cache_flush.lua

@@ -0,0 +1,33 @@
+local sock = ngx.socket.tcp()
+
+sock:settimeout(1000)   -- one second
+
+local ok, err = sock:connect("127.0.0.1", 6379)
+if not ok then
+    ngx.say("failed to connect: ", err)
+    return
+end
+
+
+local bytes, err = sock:send("flush_all\r\n")
+if not bytes then
+    ngx.say("failed to send query: ", err)
+    return
+end
+
+local line, err = sock:receive()
+if not line then
+    ngx.say("failed to receive a line: ", err)
+    return
+end
+
+ngx.say("result: ", line)
+
+
+local ok, err = sock:setkeepalive(60000, 500)
+if not ok then
+    ngx.say("failed to put the connection into pool "
+        .. "with pool capacity 500 "
+        .. "and maximal idle time 60 sec")
+    return
+end

hooks.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Author : Harshad Yeola
+# This scripts is intended to be used as hook to sync repositories on server.
+
+
+declare -A repos
+declare -A branch
+
+LOG="/var/log/hooks.log"
+
+function error()
+{
+    echo -e "[ `date` ] failed ==> $(tput setaf 1)$@$(tput sgr0)" | tee -ai $LOG
+    exit $2
+}
+
+function echo_output()
+{
+    echo -e "[ `date` ] success ==> $(tput setaf 4)$@$(tput sgr0)" | tee -ai $LOG
+}
+
+
+
+# define repo path and branch
+
+# etc-config repo
+repos['etc-config']='/etc'
+branch['etc-config']='master'
+
+# example-com-wp-composer repo
+repos['example-com-wp-composer']='/var/www/wp.example.com'
+branch['example-com-wp-composer']='master'
+
+
+# repos['etc-config']="/home/harshad/Github/easyengine"
+# branch['etc-config']='feature/plugin'
+
+
+for repo in ${!repos[@]}; do
+    path=${repos[$repo]}
+    git_branch=${branch[$repo]}
+
+    current_branch=$(cd $path && git rev-parse --abbrev-ref HEAD)
+
+    if [ "$current_branch" == "$git_branch" ]; then
+
+        echo_output "Fetching $repo commits at $path with branch $git_branch "
+        cd $path &>>$LOG || error "cd $path" $?
+        git reset --hard HEAD  &>>$LOG || error "git reset --hard HEAD" $?
+        git pull origin ${git_branch} &>>$LOG || error "git pull origin ${git_branch}" $?
+
+        if [ "$path" == "/etc" ]; then
+            service nginx reload &>>$LOG || error "service nginx reload" $?
+            service php5-fpm reload &&>>$LOG || error "service php5-fpm reload" $?
+            service mysql reload &&>>$LOG || error "service mysql reload" $?
+        fi
+    fi
+done

iptables-rules

@@ -0,0 +1,120 @@
+# Modify this file accordingly for your specific requirement.
+# http://www.thegeekstuff.com
+# 1. Delete all existing rules
+iptables -F
+
+# 2. Set default chain policies
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT DROP
+
+# 3. Block a specific ip-address
+#BLOCK_THIS_IP="x.x.x.x"
+#iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
+
+# 4. Allow ALL incoming SSH
+#iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+# 5. Allow incoming SSH only from a sepcific network
+#iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+# 6. Allow incoming HTTP
+#iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow incoming HTTPS
+#iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+#iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
+
+# 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)
+iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT
+
+# 8. Allow outgoing SSH
+iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+# 9. Allow outgoing SSH only to a specific network
+#iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+#iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+# 10. Allow outgoing HTTPS
+iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
+
+# 11. Load balance incoming HTTPS traffic
+#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443
+#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443
+#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443
+
+# 12. Ping from inside to outside
+iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
+
+# 13. Ping from outside to inside
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+
+# 14. Allow loopback access
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# 15. Allow packets from internal network to reach external network.
+# if eth1 is connected to external network (internet)
+# if eth0 is connected to internal network (192.168.1.x)
+iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
+
+# 16. Allow outbound DNS
+#iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
+#iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
+
+# 17. Allow NIS Connections
+# rpcinfo -p | grep ypbind ; This port is 853 and 850
+#iptables -A INPUT -p tcp --dport 111 -j ACCEPT
+#iptables -A INPUT -p udp --dport 111 -j ACCEPT
+#iptables -A INPUT -p tcp --dport 853 -j ACCEPT
+#iptables -A INPUT -p udp --dport 853 -j ACCEPT
+#iptables -A INPUT -p tcp --dport 850 -j ACCEPT
+#iptables -A INPUT -p udp --dport 850 -j ACCEPT
+
+# 18. Allow rsync from a specific network
+iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT
+
+# 19. Allow MySQL connection only from a specific network
+iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
+
+# 20. Allow Sendmail or Postfix
+iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
+
+# 21. Allow IMAP and IMAPS
+iptables -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT
+
+iptables -A INPUT -i eth0 -p tcp --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 993 -m state --state ESTABLISHED -j ACCEPT
+
+# 22. Allow POP3 and POP3S
+iptables -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT
+
+iptables -A INPUT -i eth0 -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT
+
+# 23. Prevent DoS attack
+iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+
+# 24. Port forwarding 422 to 22
+iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22
+iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT
+
+# 25. Log dropped packets
+iptables -N LOGGING
+iptables -A INPUT -j LOGGING
+iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
+iptables -A LOGGING -j DROP

iptables/block-domain.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+iptables -A FORWARD -p all -d vimeo.com -j REJECT
+iptables -A FORWARD -p all -d adobe.com -j REJECT
+iptables -A FORWARD -p all -d www.adobe.com -j REJECT
+iptables -A FORWARD -p all -d microsoft.com -j REJECT
+iptables -A FORWARD -p all -d www.microsoft.com -j REJECT
+iptables -A FORWARD -p all -d toggle.www.ms.akadns.net -j REJECT
+iptables -A FORWARD -p all -d g.www.ms.akadns.net -j REJECT
+iptables -A FORWARD -p all -d lb1.www.ms.akadns.net -j REJECT
+iptables -A FORWARD -p all -d youtube.com -j REJECT
+iptables -A FORWARD -p all -d www.youtube.com -j REJECT
+iptables -A FORWARD -p all -d youtube-ui.l.google.com -j REJECT
+iptables -A FORWARD -p all -d dropbox.com -j REJECT
+iptables -A FORWARD -p all -d quora.com -j REJECT
+
+# Enable Google Drive which is blocked by youtube
+#iptables -A FORWARD -p all -d docs.google.com -j ACCEPT

iptables/block-facebook.sh

@@ -0,0 +1,7 @@
+#!.bin/bash
+# Facebook Block------ 
+for ip in `whois -h whois.radb.net '!gAS32934' | grep /`
+do
+iptables -A FORWARD -p all -d $ip -j REJECT
+done
+#End Facebook Block-----

iptables/flush-iptables.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+echo "Stopping firewall and allowing everyone..."
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+echo "Enable squid rules"
+iptables-restore < /etc/iptables.rules

iptables/port-forward.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Forward port 2222 => 22
+iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2222 -j DNAT --to 192.168.0.243:22
+iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.0.243:22
+iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.243 --dport 22 -j MASQUERADE
+
+# Forward port 80
+iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.243:80
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.243:80
+iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.243 --dport 80 -j MASQUERADE

iptables/torrent-log.sh

@@ -0,0 +1,20 @@
+#Log Torrent
+iptables -N LOGDROP &>> /var/log/squid3/torrent.log
+iptables -F LOGDROP
+iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
+iptables -A LOGDROP -j DROP
+
+#Torrent
+iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "torrent" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "announce" -j LOGDROP
+iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOGDROP
+
+#DHT keyword
+iptables -A FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
+iptables -A FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
+iptables -A FORWARD -m string --string "find_node" --algo bm -j LOGDROP

mail.sh

@@ -5,8 +5,8 @@ from_unm=""
 to_unm=""
 from_passwd=""
 to_passwd=""
-from_imap="194.126.200.40"
-to_imap="85.159.212.242"
+from_imap=$2
+to_imap=$3
 
 fail_log="fail.log"
 
@@ -30,4 +30,4 @@ larch --from imap://$from_imap --from-user $from_unm \
  --to-user $to_unm \
  --all >> larch.log || echo "failed to migrate mail from user $from_unm to $to_unm" >> $fail_log
 
-done < $mail_file
+done < $mail_file

monitor-swarm-cluster.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# In Crontab add following entry
+# @reboot /bin/bash /root/bin/monitor-swarm.sh &
+# Monitor Docker Swarm node Status
+while true
+do
+  docker node ls | grep Down
+  if [ $? == 0 ]; then
+    CLUSTERSTATUS="$(docker node ls)"
+	  echo "$CLUSTERSTATUS" | mail -s "$(hostname -f) " [email protected]
+  fi
+  # add sleep time so that it does not burden the docker engine
+  sleep 300
+done

myscripts

@@ -0,0 +1,17 @@
+mkfs -t ext4 /dev/xvdb
+
+mount /dev/xvdb /mnt/xvdb
+
+mkdir /mnt/xvdb/tmp
+mkdir /mnt/xvdb/swap
+
+dd if=/dev/zero of=/mnt/xvdb/swap/swapfile bs=1024 count=2048k
+
+mkswap /mnt/xvdb/swap/swapfile
+
+^_^[root@ip-172-31-53-216:~]# mkswap /mnt/xvdb/swap/swapfile
+Setting up swapspace version 1, size = 2097148 KiB
+no label, UUID=ceb137d1-e144-41ac-abfa-fa7ed6f1a5da
+
+
+swapon /mnt/xvdb/swap/swapfile