-
-
Save sebbo2002/2f9ee5476e16409d6aae to your computer and use it in GitHub Desktop.
Julian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get update && \ | |
aptitude purge -y rmail fetchmail procmail bsd-mailx sendmail sendmail-cf sendmail-doc sendmail-base sendmail-bin sensible-mda && \ | |
aptitude purge -y sendmail-base bind9 samba samba-common cifs-utils ldap-utils && \ | |
aptitude -y full-upgrade && \ | |
apt-get autoremove && \ | |
aptitude install -y bash-completion unzip nano htop git mosh curl ufw ntp mailutils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nano /etc/sysctl.d/10-network-security.conf && sysctl -p && echo "OK." | |
# Ignore ICMP broadcast requests | |
net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
# Disable source packet routing | |
net.ipv4.conf.all.accept_source_route = 0 | |
net.ipv6.conf.all.accept_source_route = 0 | |
net.ipv4.conf.default.accept_source_route = 0 | |
net.ipv6.conf.default.accept_source_route = 0 | |
# Ignore send redirects | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.conf.default.send_redirects = 0 | |
# Block SYN attacks | |
net.ipv4.tcp_max_syn_backlog = 2048 | |
net.ipv4.tcp_synack_retries = 2 | |
net.ipv4.tcp_syn_retries = 5 | |
# Log Martians | |
net.ipv4.conf.all.log_martians = 1 | |
net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
# Ignore ICMP redirects | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv6.conf.all.accept_redirects = 0 | |
net.ipv4.conf.default.accept_redirects = 0 | |
net.ipv6.conf.default.accept_redirects = 0 | |
# Ignore Directed pings | |
# net.ipv4.icmp_echo_ignore_all = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Smarhost Settings | |
smtp_tls_security_level = may | |
smtp_sasl_auth_enable = yes | |
smtp_sasl_security_options = noplaintext noanonymous | |
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nano /etc/rkhunter.conf.local | |
nano /etc/default/rkhunter | |
# DISABLED TESTS (KVM) | |
# DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific" | |
# IGNORE SCRIPTS | |
# SCRIPTWHITELIST=/usr/bin/unhide.rb | |
# IGNORE /dev | |
# ALLOWDEVFILE=/dev/.udev/rules.d/root.rules | |
# ALLOWDEVFILE="/dev/tty10" | |
# IGNORE HIDDEN | |
# ALLOWHIDDENDIR=/dev/.udev | |
# ALLOWHIDDENFILE="/dev/.initramfs" | |
# IGNORE DELETED FILES | |
# ALLOWPROCDELFILE=/usr/sbin/mysqld: | |
# Set this to yes to enable automatic database updates | |
# (default: false) | |
APT_AUTOGEN="true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir -p ~/.ssh && chmod 700 ~/.ssh && nano ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && echo "OK." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -w | |
# check_zfs Nagios plugin for monitoring Sun ZFS zpools | |
# Copyright (c) 2007 | |
# Written by Nathan Butcher | |
# Released under the GNU Public License | |
# | |
# This program is free software; you can redistribute it and/or modify | |
# it under the terms of the GNU General Public License as published by | |
# the Free Software Foundation; either version 2 of the License, or | |
# (at your option) any later version. | |
# | |
# This program is distributed in the hope that it will be useful, | |
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
# GNU General Public License for more details. | |
# | |
# You should have received a copy of the GNU General Public License | |
# along with this program; if not, write to the Free Software | |
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
# Version: 0.9.2 | |
# Date : 24th July 2007 | |
# This plugin has tested on FreeBSD 7.0-CURRENT and Solaris 10 | |
# With a bit of fondling, it could be expanded to recognize other OSes in | |
# future (e.g. if FUSE Linux gets off the ground) | |
# Verbose levels:- | |
# 1 - Only alert us of zpool health and size stats | |
# 2 - ...also alert us of failed devices when things go bad | |
# 3 - ...alert us of the status of all devices regardless of health | |
# | |
# Usage: check_zfs <zpool> <verbose level 1-3> | |
# Example: check_zfs zeepool 1 | |
# ZPOOL zeedata : ONLINE {Size:3.97G Used:183K Avail:3.97G Cap:0%} | |
use strict; | |
my %ERRORS=('DEPENDENT'=>4,'UNKNOWN'=>3,'OK'=>0,'WARNING'=>1,'CRITICAL'=>2); | |
my $state="UNKNOWN"; | |
my $msg="FAILURE"; | |
if ($#ARGV+1 != 2) { | |
print "Usage: $0 <zpool name> <verbose level 1-3>\n"; | |
exit $ERRORS{$state}; | |
} | |
# Tony disabled this, ZFS pools are in Linux | |
#if ($^O ne 'solaris' && $^O ne 'freebsd') { | |
# print "This plugin currently only works on Solaris 10, OpenSolaris distributions, and FreeBSD 7 and later.\n"; | |
# exit $ERRORS{$state}; | |
#} | |
my $pool=$ARGV[0]; | |
my $verbose=$ARGV[1]; | |
my $size=""; | |
my $used=""; | |
my $avail=""; | |
my $cap=""; | |
my $expandsz=""; | |
my $frag=""; | |
my $health=""; | |
my $dmge=""; | |
my $dedup=""; | |
if ($verbose < 1 || $verbose > 3) { | |
print "Verbose levels range from 1-3\n"; | |
exit $ERRORS{$state}; | |
} | |
my $statcommand="sudo zpool list $pool"; | |
if (! open STAT, "$statcommand|") { | |
print ("$state '$statcommand' command returns no result! NOTE: This plugin needs OS support for ZFS, and execution with root privileges.\n"); | |
exit $ERRORS{$state}; | |
} | |
while(<STAT>) { | |
chomp; | |
next if (/^NAME\s+SIZE\s+USED\s+AVAIL\s+CAP\s+HEALTH\s+ALTROOT/); | |
if (/^${pool}\s+/) { | |
($size, $used, $avail, $expandsz, $frag, $cap, $dedup, $health) = /^${pool}\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/; | |
} | |
} | |
# Tony: Debuging | |
# print "Size: $size \t Used: $used \t Avai: $avail \t Cap: $cap \t Health: $health\n"; | |
close(STAT); | |
## check for valid zpool list response from zpool | |
if (! $health ) { | |
$state = "CRITICAL"; | |
$msg = sprintf "ZPOOL {%s} does not exist and/or is not responding!\n", $pool; | |
print $state, " ", $msg; | |
exit ($ERRORS{$state}); | |
} | |
## determine health of zpool and subsequent error status | |
if ($health eq "ONLINE" ) { | |
$state = "OK"; | |
} else { | |
if ($health eq "DEGRADED") { | |
$state = "WARNING"; | |
} else { | |
$state = "CRITICAL"; | |
} | |
} | |
## get more detail on possible device failure | |
## flag to detect section of zpool status involving our zpool | |
my $poolfind=0; | |
$statcommand="sudo zpool status $pool"; | |
if (! open STAT, "$statcommand|") { | |
$state = 'CRITICAL'; | |
print ("$state '$statcommand' command returns no result! NOTE: This plugin needs OS support for ZFS, and execution with root privileges.\n"); | |
exit $ERRORS{$state}; | |
} | |
## go through zfs status output to find zpool fses and devices | |
while(<STAT>) { | |
chomp; | |
if (/^\s${pool}/ && $poolfind==1) { | |
$poolfind=2; | |
next; | |
} elsif ( $poolfind==1 ) { | |
$poolfind=0; | |
} | |
if (/NAME\s+STATE\s+READ\s+WRITE\s+CKSUM/) { | |
$poolfind=1; | |
} | |
if ( /^$/ ) { | |
$poolfind=0; | |
} | |
if ($poolfind == 2) { | |
## special cases pertaining to full verbose | |
if (/^\sspares/) { | |
next unless $verbose == 3; | |
$dmge=$dmge . "[SPARES]:- "; | |
next; | |
} | |
if (/^\s{5}spare\s/) { | |
next unless $verbose == 3; | |
my ($sta) = /spare\s+(\S+)/; | |
$dmge=$dmge . "[SPARE:${sta}]:- "; | |
next; | |
} | |
if (/^\s{5}replacing\s/) { | |
next unless $verbose == 3; | |
my $perc; | |
my ($sta) = /^\s+\S+\s+(\S+)/; | |
if (/%/) { | |
($perc) = /([0-9]+%)/; | |
} else { | |
$perc = "working"; | |
} | |
$dmge=$dmge . "[REPLACING:${sta} (${perc})]:- "; | |
next; | |
} | |
## other cases | |
my ($dev, $sta) = /^\s+(\S+)\s+(\S+)/; | |
## pool online, not degraded thanks to dead/corrupted disk | |
if ($sta && $state eq "OK" && $sta eq "UNAVAIL") { | |
$state="WARNING"; | |
## switching to verbose level 2 to explain weirdness | |
if ($verbose == 1) { | |
$verbose =2; | |
} | |
} | |
## no display for verbose level 1 | |
next if ($verbose==1); | |
## don't display working devices for verbose level 2 | |
next if ($verbose==2 && $state eq "OK"); | |
next if ($verbose==2 && ($sta eq "ONLINE" || $sta eq "AVAIL" || $sta eq "INUSE")); | |
## show everything else | |
if (/^\s{3}(\S+)/) { | |
$dmge=$dmge . "<" . $dev . ":" . $sta . "> "; | |
} elsif (/^\s{7}(\S+)/) { | |
$dmge=$dmge . "(" . $dev . ":" . $sta . ") "; | |
} else { | |
$dmge=$dmge . $dev . ":" . $sta . " "; | |
} | |
} | |
} | |
## calling all goats! | |
$msg = sprintf "ZPOOL %s : %s {Size:%s Used:%s Avail:%s Cap:%s} %s\n", $pool, $health, $size, $used, $avail, $cap, $dmge; | |
print $state, " ", $msg; | |
exit ($ERRORS{$state}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI07/r/Kexf65zELkJVsVX5u7FSZGIYzIKxZP9Pf9pabapK7raRqL5Pb5emG2o8PwAzqBXepIIU0x8m7G8fitRKzrt+KusdieHB96p26K47+p6crLbXt1YdLoabkO3Y3ufBhG4u8z5+P2nO4Dcfbb4TqUe02Ai3rHIzk3qqlO9Nk3JN7jF/qRuTXBqWnGUn/V2qywYWXtiB7thlTxeB/sV8uq2p8ts6j9/sXoJE9AS3G5Wgso9kQ4PM0+xDhnk+pnpOnI82Fhf/SnD0ML3hkymmbxKaUsGH2DG1+fLnQtfo1VuCTYmoGZUHaLxxEGELg0CHo6LTl3E+Z3Kig2bMDo9 mail@sebbo.net |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment