add new scripts

b4ac5cb2 · Vitaly Lipatov · 36d2f367 · b4ac5cb2 · b4ac5cb2 · b4ac5cb2
Commit b4ac5cb2 authored Oct 08, 2013 by Vitaly Lipatov
9 changed files
--- a/auth/check_passwords/check_pass.sh
+++ b/auth/check_passwords/check_pass.sh
+#!/bin/bash
+
+JOHN="/usr/bin/john"
+ROOT="/root/etersoft_pass"
+SQLDB="$ROOT/database"
+PIDFILE="$ROOT/pid"
+LOCK="/root/.john/john.rec"
+
+checktcb() {
+for f in `find /etc/tcb -name shadow | sort` ; do
+    check "$f"
+done
+}
+
+checksql() {
+for f in `find $SQLDB -type f | sort` ; do
+    check "$f"
+done
+}
+
+
+check() {
+    echo $f
+    rm -f $LOCK
+    start-stop-daemon --start -b -m -p $PIDFILE --exec "$JOHN" -- "$1"
+	STARTTIME=`date +%s`
+	CRITTIME=`expr $STARTTIME + 3600`
+	while true ; do
+	    if [ `pidof $JOHN` ] ; then
+		TIME=`date +%s`
+		if [ $TIME -gt $CRITTIME ] ; then
+		    start-stop-daemon --stop -p $PIDFILE
+		    break
+		else
+		    sleep 15s
+		fi
+	    else
+		break
+	    fi
+	done
+    sleep 1s
+}
+
+if [ `pidof $JOHN` ] ; then 
+    kill `pidof $JOHN`
+fi
+
+#checktcb
+#checksql
--- a/auth/check_passwords/get-pass.pl
+++ b/auth/check_passwords/get-pass.pl
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use DBI;
+
+my $dsn = 'DBI:mysql:mail:server';
+my $user='nss-root';
+my $db_pass='r00tp@ss123';
+my $path = "./database/";
+my $dbh = DBI->connect($dsn, $user, $db_pass,
+            { RaiseError => 1 }
+           );
+my $query="select username,password from accountuser where username like '%office.etersoft.ru' AND enable=1";
+my $sth = $dbh->prepare($query);
+$sth->execute();
+while (my ($email, $password) = 
+    $sth->fetchrow_array())
+    {
+	my $res=qr/$email/is;
+#	s#$res##;
+	open (FILE, ">$path$email");
+	print FILE "$email:$password:\n";
+	close (FILE);
+    }
+$sth->finish();
+$dbh->disconnect();
\ No newline at end of file
--- a/auth/check_passwords/get-users.pl
+++ b/auth/check_passwords/get-users.pl
+#!/usr/bin/perl -w
+
+use strict;
+use warnings;
+use DBI;
+
+my $dsn = 'DBI:mysql:mail:server';
+my $user='nss-root';
+my $db_pass='r00tp@ss123';
+my $dbh = DBI->connect($dsn, $user, $db_pass,
+            { RaiseError => 1 }
+           );
+my $file="/root/etersoft_pass/users";
+my $query="select username from accountuser where username like '%office.etersoft.ru' AND enable=1";
+my $sth = $dbh->prepare($query);
+$sth->execute();
+open (FILE, ">$file");
+while (my ($email, $password) = 
+    $sth->fetchrow_array())
+    {
+	my $res=qr/$email/is;
+	$email =~ m/(.+)@(.+)/i;
+	my $name=$1;
+	print FILE "$name\n";
+	print "$name\n";
+    }
+close (FILE);
+$sth->finish();
+$dbh->disconnect();
--- a/auth/mysql_repl_restore.sh
+++ b/auth/mysql_repl_restore.sh
+#!/bin/sh
+
+# http://dba.stackexchange.com/questions/22623/mysql-exec-master-log-pos-value-greater-than-read-master-log-pos
+
+#. ./mysql_repl_restore.conf
+
+if [ -z "$PASSWD" ] ; then
+	# root mysql password
+	echo -n "Enter root password:"
+	read PASSWD
+	[ -n "$PASSWD" ] || exit
+fi
+
+mycommand()
+{
+	echo "mysql slave> $@;"
+	echo "$@;" | mysql mail -p$PASSWD || exit
+}
+
+myrcommand()
+{
+	echo "mysql master> $@;"
+	echo "$@;" | mysql -h mysql.auth mail -p$PASSWD || exit
+}
+
+if [ "$1" = "--status" ] ; then
+	myrcommand "show master status\G"
+	mycommand "show slave status\G"
+	exit
+fi
+
+mysqldump --routines -h mysql.auth -p$PASSWD mail >mail-dump.sql
+mycommand "stop slave"
+myrcommand "show master status\G"
+#mycommand "show slave status\G"
+POSITION=$(myrcommand "show master status\G" | grep "Position:" | sed -e "s|.*Position: ||g")
+MASTERFILE=$(myrcommand "show master status\G" | grep "File:" | sed -e "s|.*File: ||g")
+mysql mail -p$PASSWD <mail-dump.sql
+mycommand "CHANGE MASTER TO MASTER_LOG_FILE='$MASTERFILE', MASTER_LOG_POS=$POSITION"
+#mycommand "CHANGE MASTER TO MASTER_LOG_POS=$POSITION"
+mycommand "start slave"
+mycommand "show slave status\G"
--- a/auth/nx/get-list.pl
+++ b/auth/nx/get-list.pl
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use DBI;
+
+my $dsn = 'DBI:mysql:mail:server';
+my $user='nss-root';
+my $db_pass='r00tp@ss123';
+my $file='list';
+my $dbh = DBI->connect($dsn, $user, $db_pass,
+            { RaiseError => 1 }
+           );
+my $query="select username from grouplist where gid='800' order by username asc";
+my $sth = $dbh->prepare($query);
+$sth->execute();
+
+open (FILE, ">$file");
+while (my ($user) = 
+    $sth->fetchrow_array())
+    {
+	open (FILE, ">>$file");
+	print FILE "$user\n";
+	close (FILE);
+    }
+$sth->finish();
+$dbh->disconnect();
--- a/auth/nx/parse.sh
+++ b/auth/nx/parse.sh
+#!/bin/sh
+
+get_list() {
+perl get-list.pl
+}
+
+get_localuser_key(){
+
+LIST=list
+
+for f in `cat "$LIST"` ; do
+    KEY=$append
+    [ -e /home/$f/.ssh/id_dsa.pub ] && KEY+=`cat /home/$f/.ssh/id_dsa.pub` && echo $KEY >> $tmp_keys
+    KEY=$append
+    [ -e /home/$f/.ssh/id_rsa.pub ] && KEY+=`cat /home/$f/.ssh/id_rsa.pub` && echo $KEY >> $tmp_keys
+done
+}
+
+insert_nx_key(){
+cat /usr/bin/nxsetup | grep "no-port-forwarding,no-agent-forwarding,command" | head -n1 | sed -e 's|\$PATH_BIN|/usr/bin|g' >> $tmp_keys
+
+}
+
+copy(){
+KEYPATH="/var/lib/nxserver/home/.ssh"
+NAME="authorized_keys2"
+mv $KEYPATH/$NAME $KEYPATH/$NAME.nx
+cp $tmp_keys $KEYPATH/$NAME
+}
+
+tmp_keys="authorized_keys2_parse"
+> $tmp_keys
+
+append="no-port-forwarding,no-agent-forwarding,command=\"/usr/bin/nxserver\" "
+insert_nx_key
+get_localuser_key
+copy
\ No newline at end of file
--- a/certs/copy_certs_to_hosts.sh
+++ b/certs/copy_certs_to_hosts.sh
@@ -34,14 +34,16 @@ cat "$1" "$PRIVATEPEM" \
 	> "$2"
 }

-# im.etersoft.ru
+echo
+echo "im.etersoft.ru"
 do_pem im.etersoft.ru.crt im.etersoft.ru.tmp || fatal
 scp im.etersoft.ru.tmp \
 	im.etersoft.ru:/etc/jabberd2/ssl/im.etersoft.ru.pem || fatal
 rm -f im.etersoft.ru.tmp
 ssh im.etersoft.ru service jabberd2 restart

-# mail.etersoft.ru
+echo
+echo "mail.etersoft.ru"
 do_pem mail.etersoft.ru.crt mail.etersoft.ru.tmp || fatal
 scp mail.etersoft.ru.tmp \
 	mail:/etc/postfix/tls/mail.etersoft.ru_full.pem || fatal

--- a/etersoft/set_quota.sh
+++ b/etersoft/set_quota.sh
+#!/bin/bash
+
+#/root/etersoft_pass/get_users.pl
+
+#list=imelnikov
+list=`/root/etersoft_pass/get-users.pl`
+dev=/dev/mapper/lvm0-home
+
+for u in $list; do
+    isQuota=`quota $u 2>/dev/null | grep home`
+    CurSize=`repquota -u $dev | grep $u | awk '{print $3}'`
+    if [ -z "$isQuota" ]; then
+	min=2500000
+	if [ -n "$CurSize" ]; then
+	    if [ $CurSize -ge $min ]; then
+		min=`expr $CurSize + 500000`
+	    fi
+	fi
+	max=`expr $min + 500000`
+	setquota -u $u $min $max 0 0 $dev
+    fi
+done
\ No newline at end of file
--- a/mail/parse_mail_log.py
+++ b/mail/parse_mail_log.py
@@ -6,6 +6,8 @@ from operator import truth
 import datetime
 import httplib2

+# TODO: переделать, чтобы можно было подключить в fail2ban: тогда будет оперативно действовать.
+
 def check_http(url):
 	h = httplib2.Http()
 	try: