Change sed -n to sed -ne, Clean up leanmail scripts

aelsharawi · Dec 31, 2015 · 6526d0b · 6526d0b
1 parent df08f51
commit 6526d0b
Show file tree

Hide file tree

Showing 22 changed files with 58 additions and 282 deletions.
diff --git a/debian-setup.sh b/debian-setup.sh
@@ -118,8 +118,8 @@ editor /root/.bashrc
 #export LANG=en_US.UTF-8
 #export LC_ALL=en_US.UTF-8
 
-#export IP="$(ip addr show dev xenbr0|sed -n 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
-export IP="$(ip addr show dev eth0|sed -n 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
+#export IP="$(ip addr show dev xenbr0|sed -ne 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
+export IP="$(ip addr show dev eth0|sed -ne 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
 
 PS1exitstatus() { local RET="$?";if [ "$RET" -ne 0 ];then echo -n "$(tput setaf 7;tput setab 1)"'!'"$RET";fi; }
 # Yellow + Cyan: $(tput setaf 3) \u $(tput bold;tput setaf 6)
@@ -903,7 +903,7 @@ Getpkg spamassassin
 
 # Simple syslog monitoring
 apt-get install -y libdate-manip-perl
-DGR="$(wget -qO- https://api.github.com/repos/mdom/dategrep/releases|sed -n '0,/^.*"tag_name": "\([0-9.]\+\)".*$/{s//\1/p}')" #'
+DGR="$(wget -qO- https://api.github.com/repos/mdom/dategrep/releases|sed -ne '0,/^.*"tag_name": "\([0-9.]\+\)".*$/{s//\1/p}')" #'
 wget -O /usr/local/bin/dategrep https://github.com/mdom/dategrep/releases/download/${DGR}/dategrep-standalone-small
 chmod -c +x /usr/local/bin/dategrep
 cd ${D}; ./install.sh monitoring/syslog-errors.sh

diff --git a/mail/README.md b/mail/README.md
@@ -305,7 +305,7 @@ cat anti-abuse.org.rbl | xargs -I %% host -t A "$(revip "$IP").%%" 2>&1 \
 
 ```bash
 wget -qO- --post-data="_method=POST&data[Reputation][ip]=${IP}" https://ers.trendmicro.com/reputations \
-    | sed -n 's;.*<dd>\(.\+\)</dd>.*;\1;p' | tr '\n' ' '
+    | sed -ne 's;.*<dd>\(.\+\)</dd>.*;\1;p' | tr '\n' ' '
 ```
 
 Response: "IP Unlisted in the spam sender list None"

diff --git a/mail/mailto.sh b/mail/mailto.sh
@@ -128,7 +128,7 @@ dnsquery() {
 RCPT="$1"
 [ "$RCPT" == "${RCPT%@*}" ] && exit 2
 
-MYIP="$(ip addr show dev eth0|sed -n '0,/^\s*inet \([0-9\.]\+\)\b.*$/{s//\1/p}')"
+MYIP="$(ip addr show dev eth0|sed -ne '0,/^\s*inet \([0-9\.]\+\)\b.*$/{s//\1/p}')"
 ME="$(dnsquery PTR "$MYIP")"
 ME="${ME%.}"
 [ -z "$ME" ] && exit 3

diff --git a/monitoring/cpu-speed/wp-benchmark.sh b/monitoring/cpu-speed/wp-benchmark.sh
@@ -1,32 +1,5 @@
 #!/bin/bash
 
-WP_URL="https://esküvői-videók.hu/"
-WP_IP="79.172.214.123"
-
-WP_URL="http://degeneralt.hu/"
-WP_IP="81.2.236.108"
-
-WP_URL="http://szepe.hol.es/1w/"
-WP_IP="31.220.16.217"
-
-WP_URL="http://www.lean-hr.hu/"
-WP_IP="95.140.33.67"
-
-WP_URL="https://maxer.hu/"
-WP_IP="178.238.210.115"
-
-WP_URL="http://ssdtarhely.eu/"
-WP_IP="80.249.160.195"
-
-WP_URL="http://http2.olm.hu/wp2/"
-WP_IP="108.61.176.53"
-
-WP_URL="http://szepe.byethost13.com/"
-WP_IP="185.27.134.200"
-
-WP_URL="http://bf.szepe.net/bf/"
-WP_IP="185.11.145.5"
-
 WP_URL="http://shifty.uk.plesk-server.com/wordpress/"
 WP_IP="109.109.132.250"
 
@@ -59,7 +32,7 @@ Ping() {
 
     # ms * 5 * 0.2
     for i in $(seq 1 5); do
-        ping -c 1 "$WP_IP" | sed -n 's/^.* time=\([[:digit:]]\+\).* ms$/\1/p' || exit 1
+        ping -c 1 "$WP_IP" | sed -ne 's/^.* time=\([[:digit:]]\+\).* ms$/\1/p' || exit 1
     done \
         | Avg 0.2
 }

diff --git a/monitoring/cse/cse-add-client.sh b/monitoring/cse/cse-add-client.sh
@@ -10,7 +10,7 @@
 # BASH-VERSION  :4.2+
 
 # Prepare .htaccess in place
-IP="$(ip addr show dev eth0|sed -n 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
+IP="$(ip addr show dev eth0|sed -ne 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
 read -e -p "Enter management server IP: " -i "$IP" MGMNT || exit 13
 sed -i "s/@@IP-REGEXP@@/${MGMNT//./\\\\.}/" .htaccess || exit 14
 sed -i "s/@@IP@@/${MGMNT}/" .htaccess || exit 15

diff --git a/monitoring/monit/monit-debian-setup.sh b/monitoring/monit/monit-debian-setup.sh
@@ -224,7 +224,7 @@ cat > /etc/cron.hourly/monit-wake <<EOF
 
 /usr/bin/monit summary | tail -n +3 \
     | grep -v "\sRunning$\|\sAccessible$" \
-    | sed -n "s;^.*'\(\S\+\)'.*$;\1;p" \
+    | sed -ne "s;^.*'\(\S\+\)'.*$;\1;p" \
     | xargs -L 1 -r /usr/bin/monit monitor # && /usr/local/sbin/swap-refresh.sh
 
 exit 0

diff --git a/monitoring/munin/munin-debian-setup.sh b/monitoring/munin/munin-debian-setup.sh
@@ -343,7 +343,7 @@ service munin-node restart
 # Add node to the **server**
 cat <<EOF
 [$(hostname -f)]
-    address $(ip addr show dev eth0|sed -n 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')
+    address $(ip addr show dev eth0|sed -ne 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')
     use_node_name yes
     contacts sms
     #contacts email

diff --git a/security/ca/README.md b/security/ca/README.md
@@ -11,7 +11,7 @@ C=$(dirname $(pwd))/$(date +%Y%m%d)-HOSTNAME
 mkdir -v ${C}
 openssl rsa -in ./newkey.pem -out ${C}/priv-key-$(date +%Y%m%d).key
 mv -v ./newkey.pem ${C}/priv-key-$(date +%Y%m%d)-encrypted.key
-sed -n '/-----BEGIN CERTIFICATE-----/,$p' ./newcert.pem > ${C}/pub-key-$(date +%Y%m%d).pem
+sed -ne '/-----BEGIN CERTIFICATE-----/,$p' ./newcert.pem > ${C}/pub-key-$(date +%Y%m%d).pem
 rm -v newcert.pem newreq.pem
 ```
 

diff --git a/security/fail2ban-leanmail/cleantalk-update.php b/security/fail2ban-leanmail/cleantalk-update.php
diff --git a/security/fail2ban-leanmail/dnsbl-generate.sh b/security/fail2ban-leanmail/dnsbl-generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Generate instant.dnsbl.zone file and purge old entries
+# Generate instant.dnsbl.zone file and purge old entries.
 #
 # CRON.D        :*/03 *	* * *	root	/usr/local/sbin/dnsbl-generate.sh
 
@@ -15,14 +15,14 @@ if ! [ -r "$SQLITE_DB" ] || ! [ -r "$ZONE_FILE" ]; then
 fi
 
 {
-echo '#### Automatically generated by dnsbl-generate.sh ####
+    echo '#### Automatically generated by dnsbl-generate.sh ####
 
 $NS 3600 worker.szepe.net
 $TTL 60
 :127.0.0.2:Instant blocked IP'
 
-echo 'SELECT ("ip" >> 24) || "." || (("ip" >> 16) & 255) || "." || (("ip" >> 8) & 255) || "." || ("ip" & 255)
-      || " " || "type" || " " || strftime("%Y-%m-%d %H:%M:%S", "date", "unixepoch") || " +0000 # @" || "date" FROM instant;' \
+    echo 'SELECT ("ip" >> 24) || "." || (("ip" >> 16) & 255) || "." || (("ip" >> 8) & 255) || "." || ("ip" & 255)
+    || " " || "type" || " " || strftime("%Y-%m-%d %H:%M:%S", "date", "unixepoch") || " +0000 # @" || "date" FROM instant;' \
     | sqlite3 -batch -init <(echo ".timeout 1000") "$SQLITE_DB"
 } > "$ZONE_FILE"
 
@@ -33,15 +33,15 @@ echo "DELETE FROM instant WHERE 'date' < $(date -d "1 month ago" "+%s");" \
 exit 0
 
 Write_lock_test() {
-echo "INSERT INTO instant VALUES
-    ( $(( (RANDOM % 256)*256*256*256 + (RANDOM % 256)*256*256 + (RANDOM % 256)*256 + (RANDOM % 256) )),
-    $$,
-    $(date "+%s") );" | sqlite3 -batch -init <(echo ".timeout 1000") dnsbl.sqlite
+    echo "INSERT INTO instant VALUES
+        ( $(( (RANDOM % 256)*256*256*256 + (RANDOM % 256)*256*256 + (RANDOM % 256)*256 + (RANDOM % 256) )),
+        $$,
+        $(date "+%s") );" | sqlite3 -batch -init <(echo ".timeout 1000") dnsbl.sqlite
 }
 
 Run_write_lock_test() {
-echo "DELETE FROM instant;" | sqlite3 dnsbl.sqlite
-echo "INSERT INTO instant VALUES ( $(php -r 'echo ip2long("1.2.3.4");'), 0, $(date "+%s") );" | sqlite3 dnsbl.sqlite
-seq 1 100 | parallel -j 100 ./write-lock.sh
-echo "SELECT * FROM instant;" | sqlite3 dnsbl.sqlite
+    echo "DELETE FROM instant;" | sqlite3 dnsbl.sqlite
+    echo "INSERT INTO instant VALUES ( $(php -r 'echo ip2long("1.2.3.4");'), 0, $(date "+%s") );" | sqlite3 dnsbl.sqlite
+    seq 1 100 | parallel -j 100 ./write-lock.sh
+    echo "SELECT * FROM instant;" | sqlite3 dnsbl.sqlite
 }
diff --git a/security/fail2ban-leanmail/dnsbl.php b/security/fail2ban-leanmail/dnsbl.php
@@ -2,7 +2,8 @@
 
 // wget --post-data="auth=$(echo -n "${IP}${SECRET}"|shasum -a 256|cut -d" " -f1)&ip=${IP}" https://site/dnsbl.php
 
-define( 'DNSBL_SECRET', 'U-pFmD00v81JTYiX_O6j' );
+define( 'DNSBL_SECRET', '' );
+
 // Above document root
 define( 'DNSBL_DB', dirname( __DIR__ ) . '/dnsbl.sqlite' );
 

diff --git a/security/fail2ban-leanmail/fail2ban-as-list.sh b/security/fail2ban-leanmail/fail2ban-as-list.sh
@@ -1,31 +1,24 @@
 #!/bin/bash
 #
-# Test banned IP addresses
+# Test banned IP addresses.
 #
 
 # TOP 10 AS-s
 Top_10_AS() {
-AS_GEOIP="/usr/share/GeoIP/GeoIPASNum.dat"
-zgrep -Fv "[recidive]" /var/log/fail2ban.log | sed -n 's/^.* Ban \([0-9.]\+\)$/\1/p' \
-    | sortip | uniq \
-    | xargs -r -L1 geoiplookup -f ${AS_GEOIP} | recode -f l2..utf8 | cut -d: -f2- \
-    | sort | uniq -c \
-    | sort -n -r | head
+    AS_GEOIP="/usr/share/GeoIP/GeoIPASNum.dat"
+    zgrep -Fv "[recidive]" /var/log/fail2ban.log | sed -ne 's/^.* Ban \([0-9.]\+\)$/\1/p' \
+        | sortip | uniq \
+        | xargs -r -L1 geoiplookup -f ${AS_GEOIP} | recode -f l2..utf8 | cut -d: -f2- \
+        | sort | uniq -c \
+        | sort -n -r | head
 }
 
 # List PTR-s of attackers from a specific AS
 Hostname_AS() {
-AS="$1"
-AS_GEOIP="/usr/share/GeoIP/GeoIPASNum.dat"
-zgrep -Fv "[recidive]" /var/log/fail2ban.log | sed -n 's/^.* Ban \([0-9.]\+\)$/\1/p' \
-    | sortip | uniq \
-    | xargs -I %% bash -c "echo -n %%;geoiplookup -f ${AS_GEOIP} %%|recode -f l2..utf8|cut -d: -f2-" \
-    | grep -w "$AS" | cut -d' ' -f1 | xargs -r -L1 host -tA
-}
-
-Attack_types() {
-logsearch.sh -e "Break-in attempt detected: " \
-    | sed -n 's;.*Break-in attempt detected: \(\S\+\).*;\1;p' \
-    | sort | uniq -c \
-    | sort -n
+    AS="$1"
+    AS_GEOIP="/usr/share/GeoIP/GeoIPASNum.dat"
+    zgrep -Fv "[recidive]" /var/log/fail2ban.log | sed -ne 's/^.* Ban \([0-9.]\+\)$/\1/p' \
+        | sortip | uniq \
+        | xargs -I %% bash -c "echo -n %%;geoiplookup -f ${AS_GEOIP} %%|recode -f l2..utf8|cut -d: -f2-" \
+        | grep -w "$AS" | cut -d' ' -f1 | xargs -r -L1 host -tA
 }
diff --git a/security/fail2ban-leanmail/fail2ban-top-attacks.sh b/security/fail2ban-leanmail/fail2ban-top-attacks.sh
@@ -1,5 +1,12 @@
 #!/bin/bash
+#
+# List attack types and counts.
+#
 
-logsearch.sh -e no_wp_here  |grep -o "no_wp_here\S\+"  |sort|uniq -c; \
-logsearch.sh -e bad_request |grep -o "bad_request\S\+" |sort|uniq -c; \
-logsearch.sh -e wpf2b       |grep -o "wpf2b\S\+"       |sort|uniq -c
+{
+    logsearch.sh -e 404_not_found | grep -o "404_not_found"
+    logsearch.sh -e 403_forbidden | grep -o "403_forbidden"
+    logsearch.sh -e bad_request | grep -o "bad_request\S\+"
+    logsearch.sh -e no_wp_here | grep -o "no_wp_here\S\+"
+    logsearch.sh -e wpf2b | grep -o "wpf2b\S\+"
+} | sort | uniq -c
diff --git a/security/fail2ban-leanmail/leanmail-hits.sh b/security/fail2ban-leanmail/leanmail-hits.sh
@@ -11,6 +11,6 @@
 # LOCATION      :/usr/local/sbin/leanmail-hits.sh
 # CRON.D        :29 6	* * *	root	/usr/local/sbin/leanmail-hits.sh
 
-sed -n 's/^.* fail2ban-leanmail: .* \(\S\+\)$/\1/p' /var/log/syslog \
+sed -ne 's/^.* fail2ban-leanmail: .* \(\S\+\)$/\1/p' /var/log/syslog \
     | sort | uniq -c \
     | sort -n
diff --git a/security/fail2ban-leanmail/leanmail.sh b/security/fail2ban-leanmail/leanmail.sh
@@ -305,7 +305,7 @@ Match_dnsbl4() {
     local OWN_IP
     local ANSWER
 
-    OWN_IP="$(ip addr show dev eth0|sed -n 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
+    OWN_IP="$(ip addr show dev eth0|sed -ne 's/^\s*inet \([0-9\.]\+\)\b.*$/\1/p')"
     printf -v HOSTNAME "$DNSBL" "$(Reverse_ip "$IP")" "$(Reverse_ip "$OWN_IP")"
 
     ANSWER="$(host -W "$TIMEOUT" -t A "$HOSTNAME" "$NS1" 2> /dev/null | tail -n 1)"

diff --git a/security/fail2ban-leanmail/test-blacklist.sh b/security/fail2ban-leanmail/test-blacklist.sh