This document outlines the necessary changes to upgrade a Dovecot installation from version 2.3 to 2.4.
| #!/bin/bash | |
| # Analyze Nginx logs for IPs with multiple User-Agent strings | |
| LOG_FILE="/var/log/nginx/access.log" | |
| TMP_FILE="/tmp/nginx-bot-detect.tmp" | |
| # Extract IPs with multiple User-Agent strings | |
| awk '{ a=$1; $1=""; print "\"" a "\" " $0 }' "$LOG_FILE" | awk -F'"' '{ gsub(/ /, "_", $(NF-1)); print $2, $(NF-1)}' | sort | uniq | awk '{ print $1 }' | sort | uniq -c | awk '{if ($1 > 5) print $2}' | sort | uniq > "$TMP_FILE" | |
| # Ban IPs using Fail2Ban |
| From https://github.com/mitchellkrogza/Fail2Ban.WebExploits (filters) | |
| * still being tested | |
| From https://www.abemposta.com/posts/fail2ban-nginx/ (actions) | |
| ** testing cloudflare.conf (in fail2ban) - to ban IP's there. | |
| Needed as we proxy cloudflare <-> nginx <-> apache | |
| Get quite a few scans.. |
| #!/bin/sh | |
| ######################################################## | |
| # # | |
| # www.361way.com # | |
| # Useage: check_traffic -i Interface -w warn -c cirt # | |
| # it's for pnp4nagios check the traffic # | |
| # based on https://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/check_traffic_pnp4naios/details | |
| ######################################################## | |
| #!/usr/bin/php | |
| <?php | |
| ################################### | |
| # | |
| # WordPress Updates Monitoring | |
| # written by Martin Scharm | |
| # see http://binfalse.de | |
| # | |
| # Modified to all skip-plugin (and hide erorrs on include) | |
| # |
| #try and get those sneaky slow brute force ssh attackers to slow down | |
| [sshd] | |
| enabled = true | |
| port = 8022 | |
| maxretry=3 | |
| bantime = 24h | |
| findtime = 1d |
| #this fixes booting with new kernels - breaking cgroups on lxc and /dev/net/tun not being available in containers | |
| GRUB_CMDLINE_LINUX="console=ttyS0,19200n8 net.ifnames=0 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false cgroup_enable=memo | |
| ry swapaccount=1" |
| #!/bin/sh | |
| ## you might want to add some user authentication here | |
| # from - https://tech.labelleassiette.com/how-to-reduce-the-memory-usage-of-mysql-61ea7d1a9bd | |
| # (credits to Eduardo Franceschi) | |
| mysql -e "show variables; show status" | awk ' | |
| { | |
| VAR[$1]=$2 | |
| } | |
| END { |
| #tends to bork containers getty + just a mess | |
| apt install -y sysvinit-core systemd-sysv- | |
| #reboot | |
| apt remove -y systemd | |
| apt-mark hold systemd systemd-sysv | |
| #nice cleanup | |
| apt autoremove --purge |
| #!/bin/bash | |
| # find the last error - so it might change if we fix it... | |
| # core:error - not php code related | |
| # not found or unable to stat - are just hackers trying to break in.. can ignore | |
| RES=$(/bin/grep PHP /var/log/apache2/error.log | /usr/bin/egrep -v 'PHP\s+[0-9]+' | /bin/grep -v 'PHP Stack' | grep -v 'Deadlock found when trying to get lock' | grep -v max_input_vars | /usr/bin/tail -1) | |
| if [[ ( $RES == "" ) ]]; then | |
| echo "OK" | |
| else |