Category Archives: scripts

Install Logwatch in Linux CentOS

Logwatch is a Linux application that parses log files, analyses them and sends periodical reports, based on specific criteria, to one or more email addresses.
In order to install logwatch in linux CentOS you have to issues the following command:

yum install logwatch

Edit the configuration file:

nano /usr/share/logwatch/default.conf/logwatch.conf

Check and edit the following directives in order to suit your needs:

LogDir = /var/log
MailFrom = Logwatch@mydomain.com
Range = yesterday //(or today)
Detail=Medium // (other: Low, Medium, High)
Service=all //(other examples would be httpd, sshd2, ftp)

Run logwatch manually:

logwatch --detail High --mailto myemail@domain.com --service http --range today

The output should be like this:

 ################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Tue May 19 14:21:59 2015
        Date Range Processed: today
                              ( 2015-May-19 )
                              Period is day.
      Detail Level of Output: 5
              Type of Output: unformatted
           Logfiles for Host: nix
  ##################################################################

 --------------------- courier mail services Begin ------------------------

 **Unmatched Entries**
   courier-pop3d - 2 Times
      Connection, ip=[::ffff:182.118.53.150] - 1 Time
      Disconnected, ip=[::ffff:182.118.53.150] - 1 Time



 ---------------------- courier mail services End -------------------------


 --------------------- Cron Begin ------------------------

sshd:
    Authentication Failures:
       root (43.255.188.163): 4930 Time(s)
       root (43.255.188.155): 3524 Time(s)
       root (61-218-247-185.hinet-ip.hinet.net): 925 Time(s)
       unknown (61-218-247-185.hinet-ip.hinet.net): 391 Time(s)
       root (61.133.63.14): 137 Time(s)
       root (58.218.205.72): 114 Time(s)
       root (222.186.160.48): 98 Time(s)
       root (218.65.30.61): 90 Time(s)
       root (221.229.166.81): 80 Time(s)
       root (58.218.205.66): 69 Time(s)
       root (58.218.199.195): 68 Time(s)

Posted in BASH, scripts. Tagged with , , .

Block failure notice emails in qmail

I have Plesk on my Linux server and I receive lots of spam emails from the root account on my server.
Here’s what happened. My forum used to send emails to non-existent email accounts around the web and I used to receive the failure notices for them.
To block failure notice emails in qmail that were forwarded to my main email I had to modify the aliases from

/var/qmail/alias

Here’s a sample email I received:

MAILER-DAEMON@nixware.net
Mar 30 (7 days ago)

to postmaster 
Hi. This is the qmail-send program at nixware.net.
I tried to deliver a bounce message to this address, but the bounce bounced!

:
2a00:1450:4013:0c01:0000:0000:0000:001a does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 q5si14669450wjx.9 - gsmtp
Giving up on 2a00:1450:4013:0c01:0000:0000:0000:001a.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 8634 invoked for bounce); 29 Mar 2015 23:50:02 +0200
Date: 29 Mar 2015 23:50:02 +0200
From: MAILER-DAEMON@nixware.net
To: root@nixware.net
Subject: failure notice

As you can see, the postmaster account was receiving the spam from MAILER-DAEMON and MAILER-DAEMON was forwarding them to my gmail.com account. Pretty nasty…

The fix:
Go to

/var/qmail/alias

do a

ls -alh

and you will see a couple of hidden config files.

Inside each of those file I had my @gmail account. With the next script I overwrote the gmail account with a non-existent email:

 

 

for FILE in ./.qmail-*;do echo "nonexistent@nodomain.tld" > $FILE;done

Restart/reload qmail:

service qmail reload

That’s it! You should not receive any spam from any of the root, mailman or postmaster accounts.

Posted in BASH, Plesk, scripts. Tagged with , , , , , .

Batch download files from a website

I needed a quick bash script that will batch download files from a website and I came up with the following.

The files had the names like 1.gif, 2.gif, etc and were accessible via a CDN subdomain like http://images.mydomain.com.

So here it is:

for i in {1..18000}; do wget images.mydomain.com/$i.gif; sleep 5;done

Replace mydomain.com with your site and that’s it.
Alternatively you can get rid of “sleep 5” and put the whole script in a file and execute it with:

[root@nix]# nohup ./script.sh &

This will keep your script running even if you disconnect from the shell console.

Posted in BASH, scripts.

How to run linux scripts

Scripts can be defined as a sequence of commands that are stored inside a file and are usually executed in order to automate certain tasks. In the following minutes I’m gonna show you how to run linux scripts from the shell.

In the BASH environment you can find many types of scripts. Depending on the user needs you can find BASH, Python, Perl or other type of scripts.

In some cases they might have an extension like .sh, .bsh, or .py, however this is not a rule. In Linux, files don’t need to have an extension, but they are required to have an shebang.

The shebang is the first line in a script which tells the shell what program to interpret the script with, when executed.

Here’s an example:

~ # more /root/blockip.sh
#!/bin/bash

As you can see, the first line in the script tells us that this is a BASH script.

So, how can we run a script ?

First you need to check the permissions of the script:

~ # ls -l /root/blockip.sh
-r--r--r   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware#

In order to execute a script, the user under which the script needs to be executed has to have execution permissions, and the above one doesn’t have that permissions and this is how you can fix it:

chmod + x ./blockip.sh

No check the permissions again:

~ # ls -l /root/blockip.sh
-rwxrwxrwx   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware

The permissions are ok now.

Now you can run the script by typing:

root@nyxware
~ # ./blockip.sh
OK
root@nyxware

Alternatively, you can run the same script with it’s absolute path:

root@nyxware
~ # /root/blockip.sh
OK
root@nyxware

A python script can be run like this:

~ # python test.py
Usage: test.py server [options]

Test for SSL heartbeat vulnerability (CVE-2014-0160)

Options:
  -h, --help            show this help message and exit
  -p PORT, --port=PORT  TCP port to test (default: 443)
root@nyxware

~ #

run linux script

 

 

 

 

 

 

In Perl:

root@nyxware#hello-world.pl
Hello world!
Posted in BASH, scripts. Tagged with , , , .