Scripte

check_interfaces.sh

#!/bin/sh
 
# checkt ob alle Interface up sind und Link haben und liefert einen fuer Nagios gueltigen Return-Wert
 
CARDS="dev0 eth1 eth2 eth3"
 
DEBUG=0
MESG=""
INTOK="OK:"
 
for card in $CARDS
do
        if [ $DEBUG -gt 0 ]
        then
                echo -n "Testing $card "
        fi
        ret=$(ethtool -t $card online > /dev/null 2>&1 ; echo $?)
        if [ $ret -gt 0 ]
        then
                echo "CRITICAL: Interface $card failed!"
                exit 2
        else
                INTOK="$INTOK $card"
        fi
done
echo "$INTOK operating normally"
exit 0

check_ldap_response.sh

zuerst muss mit dem Parameter -g ein Diff-File erzeugt werden, dann können mit dem Parameter -f die Antworten der LDAP-Server mit dem File verglichen werden.

#!/bin/sh
 
# 2005 Oliver Voelker <code@magenbrot.net>
# checkt die LDAP-Server auf korrekte Antworten und Syncronisation
 
# usage:
# check_ldap_response.sh -H <host> [-p <port>] -b <base_dn> -D <binddn> -P <bindpassword> -f <checkfile> -v
#
# generate check-file:
# check_ldap_response.sh -H <host> [-p <port>] -b <base_dn> -D <binddn> -P <bindpassword> -g <checkfile> -v
 
LDAPSEARCH=`which ldapsearch`
 
PORT="389"
LDAPLOOKUP="uid=testuser"
TMP=/tmp/ldap.$$
DIFF=$(dirname $0)/ldap-checkfile
 
while getopts "H:p:b:D:P:g:f:v" flag
do
  #echo "$flag" $OPTIND $OPTARG
  case "$flag" in
    H) HOST=$OPTARG
       ;;
    p) PORT=$OPTARG
       ;;
    b) BASE=$OPTARG
       ;;
    D) BINDDN=$OPTARG
       ;;
    P) BINDPW=$OPTARG
       ;;
    g) DIFF=$(dirname $0)/ldap-$OPTARG
       echo "lege Vergleichsfile $DIFF an..."
       $LDAPSEARCH -h $HOST -p $PORT -b $BASE -D $BINDDN $LDAPLOOKUP -x -w $BINDPW > $DIFF
       exit 0
       ;;
    f) DIFF=$(dirname $0)/ldap-$OPTARG
       ;;
    v) $LDAPSEARCH -h $HOST -p $PORT -b $BASE -D $BINDDN $LDAPLOOKUP -x -w $BINDPW > $TMP
       diff -y $TMP $DIFF
       ;;
    *) echo "Ungueltiges Kommandozeilenargument"
       exit 1
       ;;
  esac
done
 
if [ -z $HOST ] || [ -z $BASE ] || [ -z $BINDDN ] || [ -z $BINDPW ]; then
  echo "Fehlendes Argument!"
  echo "usage:"
  echo "check_ldap_response.sh -H <host> [-p <port>] -b <base_dn> -D <binddn> -P <bindpassword> -f <checkfile>"
  echo "generate checkfile:"
  echo "check_ldap_response.sh -H <host> [-p <port>] -b <base_dn> -D <binddn> -P <bindpassword> -g <checkfile>"
  exit 2
fi
 
if [ -z $LDAPSEARCH ]; then
  echo "ldapsearch (openldap-clients) nicht gefunden, bitte installieren."
  exit 2
fi
 
if [ ! -r $DIFF ]; then
  echo "Vergleichsfile $DIFF existiert nicht oder kann nicht gelesen werden, bitte mit parameter -g aufrufen!"
  exit 2
fi
 
$LDAPSEARCH -h $HOST -p $PORT -b $BASE -D $BINDDN $LDAPLOOKUP -x -w $BINDPW > $TMP
 
diff $TMP $DIFF > /dev/null 2>&1
 
if [ $? != "0" ]; then
  echo "LDAP Server nicht synchron bzw. Antwort fehlerhaft"
  exit 2
fi
 
rm $TMP
echo "LDAP Server ist synchron"

pingall.sh

#!/bin/sh
 
SERVERLIST=serverlist.txt
 
if [ -e $SERVERLIST ]; then
  for SERVER in `cat $SERVERLIST`; do
    trap 'exit 0' 2
    ping -c2 $SERVER
    echo
  done
fi

check_vips.sh

#!/bin/sh
 
# quick n very dirty check
 
# wieviele IPs sollte ich haben?
SHOULD=10
 
VIPs=`/sbin/ip a | grep "inet " | wc -l | awk -F" " '{ print $1 }'`
 
if [ ! "$VIPs" -eq "$SHOULD" ]; then
  echo "CRITICAL: owned IPs: $VIPs - should be: $SHOULD"
  exit 2
else
  echo "OK: owned IPs: $VIPs"
  exit 0
fi

count-packets.sh

#!/bin/bash
#
# 2008 Oliver Voelker <info(at)ovtec.it>
#
# Pakete pro Sekunde fuer ein bestimmtes Interface ermitteln
#
 
if [ -z $1 ]; then
  echo "Usage: $0 <interface> [<time>]"
  echo "Default measure time is 10 seconds"
  exit 0
fi
 
if [ -z $2 ]; then
  TIME=10
else
  TIME=$2
fi
 
DEV=$1
 
RUN=`ifconfig $DEV | grep "X packets"`
if [ $? -ne 0 ]; then
  echo "Fehler!"
  exit 1
fi
 
RX1=`echo $RUN | cut -d" " -f2 | cut -d":" -f2`
TX1=`echo $RUN | cut -d" " -f8 | cut -d":" -f2`
 
#echo "RX-1: $RX1"
#echo "TX-1: $TX1"
 
sleep $TIME
 
RUN=`ifconfig $DEV | grep "X packets"`
if [ $? -ne 0 ]; then
  echo "Fehler!"
  exit 1
fi
 
RX2=`echo $RUN | cut -d" " -f2 | cut -d":" -f2`
TX2=`echo $RUN | cut -d" " -f8 | cut -d":" -f2`
 
#echo "RX-2: $RX2"
#echo "TX-2: $TX2"
 
RX=$(($RX2 - $RX1))
TX=$(($TX2 - $TX1))
RXps=$(($RX / $TIME))
TXps=$(($TX / $TIME))
 
echo "RX in $TIME seconds: $RX (RX per second: $RXps)"
echo "TX in $TIME seconds: $TX (TX per second: $TXps)"

cisco.sh

Dieses Script ermöglicht einen automatischen Login auf Cisco-Switche inkl. automatischem „enable“ (sofern die Kennwörter gleich sind):

#!/bin/sh
 
# Passwort
PASS="passwort"
PROGDIR=`dirname $0`
 
rm -f $PROGDIR/login.expect
touch $PROGDIR/login.expect
chmod u+x $PROGDIR/login.expect
 
cat << EOF > $PROGDIR/login.expect
#!/usr/bin/expect
spawn telnet $1
expect {
  "Password:" {
    send "$PASS\r"
    exp_continue
  }
  "Name:" {
    send "enable\r"
    exp_continue
  }
  "#" {
    interact
  }
  "% Bad passwords" {
    send_user "invalid password or account\n"
    exit
  }
  timeout {
    send_user "connection timed out\n"
    exit
  }
  eof {
    send_user "connection to $host failed: $expect_out(buffer)"
    exit
  }
}
EOF
 
$PROGDIR/login.expect
rm -f $PROGDIR/login.expect

Aufruf mit „cisco.sh cat1.mydomain.de“ oder via IP.

vpn-keepalive.sh

#!/bin/bash
# keepalive for ipsec
# 2007 Oliver Voelker <info(at)ovtec.it>
 
failmax=3 # beim dritten Fehler restarten
keepalive=30 # alle $keepalive Sekunden testen
maxage=120 # maximales Alter der Checkdatei in Sekunden
nextrestart=3600 # nach einem neustart erst wieder in X sekunden probieren
 
CHECKFILE="/tmp/keep-alive" # Dieses File muss minuetlich durch die VPN-Gegenseite erzeugt werden, z.B. durch einen Cronjob: "ssh user@bla.de -C touch /tmp/keep-alive"
TMPFILE="/tmp/vpntest-$$"
ADMIN="admin@bla.de" # wird bei Stoerungen informiert
TUNNEL="ipsec-tunnel" # Tunnelname aus ipsec.conf
 
# do not edit anything beyond this point!
 
fail=0
 
MESSAGE=""
 
function tunnelrestart () {
  MESSAGE="Maxfail ($failmax) reached: restarting tunnel $TUNNEL (age of checkfile $DIFF seconds)"
  logger -p local2.info -t TUNNEL "$MESSAGE"
  /usr/sbin/ipsec auto --down $TUNNEL
  sleep 5
  /usr/sbin/ipsec auto --up $TUNNEL
  echo "tunnel $TUNNEL on `hostname -f` was restarted, because checkfile $CHECKFILE was too old. Please check!" | mail -s "VPN-Problem on `hostname -f`!" $ADMIN
  touch $TMPFILE
  sleep 120
}
 
while (true); do
  CHECK=`stat -c"%Y" $CHECKFILE`
  NOW=`date +%s`
  DIFF=`echo $NOW - $CHECK | bc`
 
  if [ "$DIFF" -lt "$maxage" ]; then
    MESSAGE="Tunnel $TUNNEL OK (age of checkfile $DIFF seconds)"
    logger -p local2.info -t TUNNEL "$MESSAGE"
    fail=0
  else
    fail=`echo $fail+1|bc`
    MESSAGE="Tunnel $TUNNEL DOWN: $fail (age of checkfile $DIFF seconds with maxage of $maxage)"
    logger -p local2.info -t TUNNEL "$MESSAGE"
  fi
 
  if [ "$fail" -ge "$failmax" ] ; then
 
    if [ -f $TMPFILE ]; then
      ATMP=`stat -c"%Y" $TMPFILE`
      SSLR=`echo $NOW - $ATMP | bc` # seconds since last restart
      if [ "$SSLR" -ge "$nextrestart" ]; then
        rm -f $TMPFILE
        tunnelrestart
        fail=0
      else
        MESSAGE="Maxfail ($failmax) reached, but tunnel was already restarted $SSLR seconds ago. Only one restart per $nextrestart seconds."
        logger -p local2.info -t TUNNEL "$MESSAGE"
        echo "tunnel $TUNNEL should have been restarted, but this already happened $SSLR seconds ago. Please check!" | mail -s "BIG VPN-Problem on vpn.meinserver.de!" $ADMIN
      fi
    else
      tunnelrestart
    fi
  fi
  sleep $keepalive
done

ssh-break.sh

#!/bin/bash
 
# scannt in diesem Beispiel den Netzwerkbereich 192.168.10.1 bis 192.168.20.255 via SSH mit dem User root und dem Passwort <enter password to check for>
# (<enter password to check for> durch gewuenschtes Passwort ersetzen!)
 
# von
A1="192."
B1="168."
C1="10."
D1="1"
 
# bis
A2="192."
B2="168."
C2="20."
D2="255"
 
# Passwort
PASS="<enter password to check for>"
 
PROGDIR=`dirname $0`
 
rm -f $PROGDIR/login.expect
touch $PROGDIR/login.expect
chmod u+x $PROGDIR/login.expect
 
for a in `seq $A1 $A2`
do
  for b in `seq $B1 $B2`
  do
    for c in `seq $C1 $C2`
    do
      for d in `seq $D1 $D2`
      do
        trap 'exit 0' 2
        echo "Teste $a.$b.$c.$d:"
 
cat << EOF > $PROGDIR/login.expect
#!/usr/bin/expect
spawn ssh -o PubkeyAuthentication=no -o ConnectTimeout=1 -o NumberOfPasswordPrompts=1 root@$a.$b.$c.$d "uptime"
expect {
  password: {
    sleep 1
    send "$PASS\r"
    exp_continue
  } "connecting (yes/no)?" {
    send "yes\r"
    exp_continue
  } incorrect {
    send_user "invalid password or account\n"
    exit
  } timeout {
    send_user "connection timed out\n"
    exit
  } eof {
    exit
  }
}
EOF
 
        $PROGDIR/login.expect
        echo -e "#############################################################################"
      done
    done
  done
done
 
rm -f $PROGDIR/login.expect

signature.sh

#!/bin/sh
 
echo
cat ~/.signature
echo
echo "---------------------------------"
echo
/usr/bin/fortune

wake.sh

Dieses Script holt einen Rechner/Server/HTPC aus dem Schlaf (sofern Wake On LAN (WOL) im BIOS aktiviert ist) und teilt einem mit, wenn die Maschine eine Netzwerkverbindung hat. Im Beispiel müsst Ihr einfach die Hostnamen und MAC-Adressen durch Eure eigenen ersetzen.

#!/bin/sh
#
# Wake On LAN Script
# 2010 Oliver Voelker <info@ovtec.it>
#
 
case "$1" in
  brot)
    echo "waking up brot"
    wakeonlan 00:1f:c6:0b:9e:3e
    while ( ! ping -c 1 brot.magenbrot.net 2>&1 >/dev/null ); do
      echo -n .
      sleep 1
    done
    ;;
  htpc|*)
    # htpc und default
    echo "waking up htpc"
    wakeonlan 00:01:2e:2b:91:6e
    while ( ! ping -c 1 htpc.magenbrot.net 2>&1 >/dev/null ); do
      echo -n .
      sleep 1
    done
    ;;
esac
echo -e "\nbehold! $1 has awoken!"

do-cmd.sh

uralt... Heutzutage nimmt dafür lieber ansible oder ähnliches :)

#!/bin/bash
#
# 2006 Oliver Voelker <info(at)ovtec.it>
#
 
SERVERLIST=serverlist.txt
COMMAND=$*
REPORT=/tmp/report.$$
NOTIFY="scripts@magenbrot.net"
DATE=`date +%d.%m.%y-%H%M`
 
PROGDIR=`dirname $0`
cd $PROGDIR
 
if [ ! -f $SERVERLIST ]; then
  echo "$SERVERLIST nicht gefunden."
  exit 1
fi
 
if [ -z "$1" ]; then
  echo "Usage '$0 <remotecmd>'"
  echo "Executes <remotecmd> on all servers in $SERVERLIST"
  echo
  echo "-check-update           checks for updates on the servers"
  echo "-update                 installs available updates"
  echo
  echo "notifies are mailed to $NOTIFY"
  exit 0
fi
 
echo "Scriptlauf am `date +%c`" > $REPORT
echo "Scriptlauf am `date +%c` geloggt nach $REPORT"
echo "-------------------------------------------------------------------------------" >> $REPORT
 
if [ -e $SERVERLIST ]; then
  echo "-------------------------------------------------------------------------------"
  exec 5<&0
  cat $SERVERLIST | while read LINE; do
    trap 'exit 0' 2
    if [ "`echo $LINE | head -c1`" != "#" ] && [ "`echo $LINE | head -c1`" != "" ]; then
      #echo $LINE | awk -F" - " '{printf "Server: %s / Distri: %s / Updater: %s / Comment: %s\n", $1, $2, $3, $4}'
      SERVER=`echo $LINE | awk -F" - " '{print $1}'`
      DISTRI=`echo $LINE | awk -F" - " '{print $2}'`
      UPDATER=`echo $LINE | awk -F" - " '{print $3}'`
      COMMENT=`echo $LINE | awk -F" - " '{print $4}'`
      if [ -z "$SERVER" ] || [ -z "$DISTRI" ] || [ -z "$UPDATER" ] || [ -z "$COMMENT" ]; then
        echo "$SERVERLIST hat das falsche Format in Zeile $LINE"
        echo "$SERVERLIST hat das falsche Format in Zeile $LINE" >> $REPORT
        continue
      fi
      echo "Executing '$COMMAND' on $SERVER ($DISTRI / $COMMENT)..."
      echo "Executing '$COMMAND' on $SERVER ($DISTRI / $COMMENT)..." >> $REPORT
      case "$COMMAND" in
        "-check-update")
          case "$UPDATER" in
            "yum")
              ssh $SERVER "sudo su root -c 'yum check-update'" >> $REPORT 2>&1 <&5
              ;;
            "apt")
              ssh $SERVER "sudo su root -c 'apt-get -qq update'" >> $REPORT 2>&1 <&5
              ssh $SERVER "sudo su root -c 'apt-get -q -u -s upgrade'" >> $REPORT 2>&1 <&5
              ;;
            "up2date")
              ssh $SERVER "sudo su root -c 'up2date --dry-run'" >> $REPORT 2>&1 <&5
              ;;
            *)
              echo "kein gueltiger updater erkannt"
              ;;
          esac
          ;;
        "-update")
          case "$UPDATER" in
            "yum")
              ssh $SERVER "sudo su root -c 'yum -y update'" >> $REPORT 2>&1 <&5
              ;;
            "apt")
              ssh $SERVER "sudo su root -c 'apt-get -y upgrade'" >> $REPORT 2>&1 <&5
              ;;
            "up2date")
              # wenn auch Kernel-Updates mit installiert werden sollen, muss
              # up2date um den Parameter -f ergaenzt werden
              ssh $SERVER "sudo su root -c 'up2date -u'" >> $REPORT 2>&1 <&5
              ;;
            *)
              echo "kein gueltiger updater erkannt"
              ;;
          esac
          ;;
        *)
          ssh $SERVER "sudo su root -c '$COMMAND'" >> $REPORT 2>&1 <&5
          ;;
      esac
      echo "-------------------------------------------------------------------------------" >> $REPORT
    fi
  done
  exec 5<&-
fi
 
echo "-------------------------------------------------------------------------------"
echo "done... notifying $NOTIFY"
mail -s "updater-report" $NOTIFY < $REPORT
cp $REPORT `dirname $0`/report-$DATE.log
echo "Bericht gespeichert unter: `dirname $0`/report-$DATE.log"
echo "-------------------------------------------------------------------------------"
 
rm -f $REPORT