tcely

## sc-backup.sh
#!/bin/bash
## SecurityCenter Backup Script
#
# This script is intended to create backups of all of the SecurityCenter data
# on a daily/weekly/monthly/etc. basis.  This is intended to be run as a cronjob
# and expect the SysAdmin to have configured the root@localhost mail alias to
# route through their email system in-case of errors.  An example of how to run
# this as a cronjob is below:
#
# 1 45 * * * root /opt/scripts/backups/sc-backup.sh

## colorMsg.func.sh
#!/bin/bash
#
# Requires:
#     awk
#     fmt
#     tput
#
colorMsg() {
    [ $# -gt 1 ] || return 0
    tput -S <<< "$(printf '%s\n' 'sgr 0' ${1##*[0-7]} "setaf ${1%%[^0-7]*}")"

## snippet.spec
# Determine the OS version across the various forks using %{dist} detail from the building machine's kernel release.
# Versions 6 & 7 started including including the architecture in the kernel **release** field. We have to deal with that stupidity too.
%define osVersion %(uname -r | awk -F '.' '{for (i=NF; i > 0; i--) if ($i !~ /^(x86_64|i[36]86)$/) { print gensub(/^[^0-9]+/, "", "", $i); exit; }}')

# I wish redhat-release provided the major number, but that only started with 7 from what I've found. Even after adding a number to the redhat-release provide, they started using 7.0, just to make things difficult.

# Add conflicts as appropriate for the various RedHat major versions.
%if 0%{?osVersion} == 5
Conflicts: upstart, systemd
%endif

## str_hex_conversion.func.sh
#!/bin/bash
#
hextostr() {
	local i _hs="$*"
	local _hsl="${#_hs}"
	printf '%s\n' "$(for ((i=0; i < _hsl; i+=2)); do echo -ne "\x${_hs:i:2}"; done)"
	unset -v _hsl _hs i
}

#hextostr '48656C6C6F20776F726C6421'

## list_ciphers.sh
#!/bin/bash
host="${1:-127.0.0.1}"
port="${2:-443}"

ciphers='ALL:!eNULL'
printf 'Using openssl at: '
command -v openssl
openssl version -a
printf '\nCiphers selected by server at %s using TCP port %s:\n' "$host" "$port"
while : ; do

## sha256sumc.sh
#!/bin/bash
sha256sumc ()
{
    local err file hash out rc=0;
    while IFS=' ' read -r hash file; do
        file="${file#[*]}";
        out="$(openssl dgst -sha256 -r "$file" 2>/dev/null)" && cmp -s <(echo "$out") <(printf -- '%s *%s\n' "$hash" "$file") && printf -- '%s: OK\n' "$file" || {
            printf -- '%s: FAILED' "$file";
            err="$(openssl dgst -sha256 -r "$file" 2>&1 >/dev/null)";
            if [[ "$err" =~ ': No such file or directory'$'\n' ]]; then

## clear-gnome-altfn-shortcuts.sh
#!/bin/bash
# Inspiration from: http://askubuntu.com/questions/126817/how-to-disable-alt-f1-alt-f2-shortcuts

unset -v _key _value _schema
_schema='org.gnome.desktop.wm.keybindings'

while IFS= read -r _key; do
    _value="$(gsettings get "$_schema" "$_key")"
    while [[ "$_value" =~ \''<Alt>F'[1-9]\' ]] || [[ "$_value" =~ \''<Alt>F1'[0-2]\' ]]; do
        #_value="$(sed -e "s/\(, \)\?${BASH_REMATCH[0]}\(, \)\?//;s/''/', '/;" <<<"$_value")"

## .bash_profile
if [ -s ~/.bashrc ]; then
    . ~/.bashrc
fi

# Additions to fix the lack of confirmation when keys are added from the Keychain
if [ -s ~/.ssh/ssh-agent.pid ]; then
    . ~/.ssh/ssh-agent.pid
    if [ -n "$SSH_AGENT_PID" ] && ! kill -0 "$SSH_AGENT_PID" &>/dev/null; then
        rm -f ~/.ssh/ssh-agent.pid
        unset -v SSH_AGENT_PID

## touch.py
#!/usr/bin/env python

import io, os, sys

from argparse import ArgumentParser
from calendar import timegm
from time import gmtime, localtime, mktime, strftime, strptime

def touchUTCString(t):
    return timegm(strptime(t, '%a, %d %b %Y %H:%M:%S %Z'))

## ssh-limit.sh
#!/bin/sh

iptables -F SSH_PORT_LIMIT || iptables -N SSH_PORT_LIMIT

iptables -A SSH_PORT_LIMIT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A SSH_PORT_LIMIT -p tcp -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-upto 10/hour --hashlimit-burst 15 --hashlimit-name ssh -j ACCEPT
iptables -A SSH_PORT_LIMIT -j LOG --log-level info --log-prefix 'ssh-port-limit: '
iptables -A SSH_PORT_LIMIT -p tcp -j REJECT --reject-with tcp-reset
iptables -A SSH_PORT_LIMIT -j DROP
	#!/bin/bash
	## SecurityCenter Backup Script
	#
	# This script is intended to create backups of all of the SecurityCenter data
	# on a daily/weekly/monthly/etc. basis. This is intended to be run as a cronjob
	# and expect the SysAdmin to have configured the root@localhost mail alias to
	# route through their email system in-case of errors. An example of how to run
	# this as a cronjob is below:
	#
	# 1 45 * * * root /opt/scripts/backups/sc-backup.sh
	#!/bin/bash
	#
	# Requires:
	# awk
	# fmt
	# tput
	#
	colorMsg() {
	[ $# -gt 1 ] \|\| return 0
	tput -S <<< "$(printf '%s\n' 'sgr 0' ${1##[0-7]} "setaf ${1%%[^0-7]}")"
	# Determine the OS version across the various forks using %{dist} detail from the building machine's kernel release.
	# Versions 6 & 7 started including including the architecture in the kernel release field. We have to deal with that stupidity too.
	%define osVersion %(uname -r \| awk -F '.' '{for (i=NF; i > 0; i--) if ($i !~ /^(x86_64\|i[36]86)$/) { print gensub(/^[^0-9]+/, "", "", $i); exit; }}')

	# I wish redhat-release provided the major number, but that only started with 7 from what I've found. Even after adding a number to the redhat-release provide, they started using 7.0, just to make things difficult.

	# Add conflicts as appropriate for the various RedHat major versions.
	%if 0%{?osVersion} == 5
	Conflicts: upstart, systemd
	%endif
	#!/bin/bash
	#
	hextostr() {
	local i _hs="$*"
	local _hsl="${#_hs}"
	printf '%s\n' "$(for ((i=0; i < _hsl; i+=2)); do echo -ne "\x${_hs:i:2}"; done)"
	unset -v _hsl _hs i
	}

	#hextostr '48656C6C6F20776F726C6421'
	#!/bin/bash
	host="${1:-127.0.0.1}"
	port="${2:-443}"

	ciphers='ALL:!eNULL'
	printf 'Using openssl at: '
	command -v openssl
	openssl version -a
	printf '\nCiphers selected by server at %s using TCP port %s:\n' "$host" "$port"
	while : ; do
	#!/bin/bash
	sha256sumc ()
	{
	local err file hash out rc=0;
	while IFS=' ' read -r hash file; do
	file="${file#[*]}";
	out="$(openssl dgst -sha256 -r "$file" 2>/dev/null)" && cmp -s <(echo "$out") <(printf -- '%s *%s\n' "$hash" "$file") && printf -- '%s: OK\n' "$file" \|\| {
	printf -- '%s: FAILED' "$file";
	err="$(openssl dgst -sha256 -r "$file" 2>&1 >/dev/null)";
	if [[ "$err" =~ ': No such file or directory'$'\n' ]]; then
	#!/bin/bash
	# Inspiration from: http://askubuntu.com/questions/126817/how-to-disable-alt-f1-alt-f2-shortcuts

	unset -v _key _value _schema
	_schema='org.gnome.desktop.wm.keybindings'

	while IFS= read -r _key; do
	_value="$(gsettings get "$_schema" "$_key")"
	while [[ "$_value" =~ \''<Alt>F'[1-9]\' ]] \|\| [[ "$_value" =~ \''<Alt>F1'[0-2]\' ]]; do
	#_value="$(sed -e "s/\(, \)\?${BASH_REMATCH[0]}\(, \)\?//;s/''/', '/;" <<<"$_value")"
	if [ -s ~/.bashrc ]; then
	. ~/.bashrc
	fi

	# Additions to fix the lack of confirmation when keys are added from the Keychain
	if [ -s ~/.ssh/ssh-agent.pid ]; then
	. ~/.ssh/ssh-agent.pid
	if [ -n "$SSH_AGENT_PID" ] && ! kill -0 "$SSH_AGENT_PID" &>/dev/null; then
	rm -f ~/.ssh/ssh-agent.pid
	unset -v SSH_AGENT_PID
	#!/usr/bin/env python

	import io, os, sys

	from argparse import ArgumentParser
	from calendar import timegm
	from time import gmtime, localtime, mktime, strftime, strptime

	def touchUTCString(t):
	return timegm(strptime(t, '%a, %d %b %Y %H:%M:%S %Z'))
	#!/bin/sh

	iptables -F SSH_PORT_LIMIT \|\| iptables -N SSH_PORT_LIMIT

	iptables -A SSH_PORT_LIMIT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A SSH_PORT_LIMIT -p tcp -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-upto 10/hour --hashlimit-burst 15 --hashlimit-name ssh -j ACCEPT
	iptables -A SSH_PORT_LIMIT -j LOG --log-level info --log-prefix 'ssh-port-limit: '
	iptables -A SSH_PORT_LIMIT -p tcp -j REJECT --reject-with tcp-reset
	iptables -A SSH_PORT_LIMIT -j DROP