-#!/bin/sh

-set -e

-

-

-SSHFS_DST="router"

-SSHFS_DIR="${HOME}/sshfs"

-SSHFS_TRG="${HOME}/git/freetz/images/backup.tar.gz"

-

-echo "$0: ${SSHFS_DST}:/var/media/ftp --> ${SSHFS_DIR} --> ${SSHFS_TRG}"

-mkdir -p ${SSHFS_DIR}

-sshfs "${SSHFS_DST}:/var/media/ftp" "${SSHFS_DIR}"

-tar -C ${SSHFS_DIR} -cvzf "${SSHFS_TRG}" .

-fusermount -u ${SSHFS_DIR}

-

-dst=$(dirname ${SSHFS_TRG})/config.txt

-echo "$0: /etc/.config --> ${dst}"

-scp "${SSHFS_DST}:/etc/.config" "${dst}"

-

-exit 0

-#!/bin/sh

-

-####################################################################

-# This is a simple Buildroot helper script. Place this script into #

-# your Buildroot directory. #

-# If you want any features to be added or found some bugs or #

-# feedback, feel free to mail me some words: #

-# matzeton@googlemail.com #

-# #

-# gl&hf #

-####################################################################

-

-NAME=`basename $0`

-DIRNAME=`dirname $0`

-OLDPWD=`pwd`

-BACKUP_DIR="$DIRNAME/bck"

-BACKUP_SRCS="fs/minlin_skel minlin_buildroot.config minlin_kernel_i386.config minlin_uclibc.config minlin_busybox.config package/sysvinit package/ncurses package/htop package/squid package/libpth package/pppd package/openssh package/iptables package/tor target"

-

-BR_KERNEL="$DIRNAME/output/images/bzImage"

-BR_ROOTFS="$DIRNAME/output/images/rootfs.ext2"

-BR_INITRD="$DIRNAME/output/images/rootfs.cpio"

-

-TARGET_DIR="$DIRNAME/output/target"

-STAGING_DIR="$DIRNAME/output/staging"

-STAMP_DIR="$DIRNAME/output/stamps"

-BUILD_DIR="$DIRNAME/output/build"

-

-

-

-

-print() {

- echo "> $NAME: $1."

-}

-

-usage() {

- cat << EOF

-

-

-$NAME [arg0]

-

- help - this

- make - make

- rebuild - rebuild target

- backup - create backup dir

- restore - restore files from backup dir

- br - Buildroot menuconfig

- bbox - make busybox-menuconfig

- uclibc - make uclibc-menuconfig

- linux - make linux-menuconfig

-

- qemu -[argN] - start qemu with buildroot kernel

- where [argN] can be:

- i - start qemu with kernel & initrd

- s - using stdio for input/output

- n - append init=/bin/sh

- r - using ext2 rootfs

- x - extra append parameter

-

-EOF

-}

-

-

-clean_conf() {

- [ -z "$BACKUP_DIR" ] && print '$BACKUP_DIR var missing' && return 1

- print 'cleaning up'

- rm -rf "$BACKUP_DIR" 2>/dev/null

-}

-

-backup_conf() {

- [ -z "$BACKUP_SRCS" ] && print 'missing $BACKUP_SRCS' && return 1

-

- clean_conf

- mkdir -p "$BACKUP_DIR"

- for bck_obj in $BACKUP_SRCS; do

- [ -e "$DIRNAME/$bck_obj" ] || {

- print "nonexisting object $DIRNAME/$bck_obj"

- continue

- }

-

- dir=`dirname "$BACKUP_DIR/$bck_obj"`

- mkdir -p "$dir"

- [ -f "$DIRNAME/$bck_obj" -a -r "$DIRNAME/$bck_obj" ] && {

- print "backup file $DIRNAME/$bck_obj"

- cp "$DIRNAME/$bck_obj" "$BACKUP_DIR/$bck_obj"

- } || {

- print "backup dir $DIRNAME/$bck_obj"

- cp -rf "$DIRNAME/$bck_obj" "$dir"

- }

- done

-}

-

-restore_conf() {

- [ -z "$BACKUP_DIR" ] && print '$BACKUP_DIR var missing' && return 1

- [ -z "$BACKUP_SRCS" ] && print 'missing $BACKUP_SRCS' && return 2

- for bck_obj in $BACKUP_SRCS; do

- print "restoring object $DIRNAME/$bck_obj"

- rm -rf "$DIRNAME/$bck_obj"

- cp -rf "$BACKUP_DIR/$bck_obj" "$DIRNAME/$bck_obj"

- done

-}

-

-

-start_qemu() {

-BIN=

-APPEND=

-

-[ -x /usr/bin/kvm ] && BIN=/usr/bin/kvm || BIN=/usr/bin/qemu

-

-while getopts isnrx: opt

-do

- case "$opt" in

- i) INITRD="-initrd $BR_INITRD" ;;

- s) SERIAL="-serial stdio" ;;

- n) APPEND="$APPEND init=/bin/sh" ;;

- r) ROOTFS="-hda $BR_ROOTFS -boot c" ;;

- x) [ -z $2 ] || APPEND="$APPEND $2" ;;

- esac

-done

-

-print "starting $BIN"

-print "kernel: $BR_KERNEL"

-print "parameter: $ROOTFS $INITRD $SERIAL -append \"$APPEND\""

-

-$BIN -kernel $BR_KERNEL -m 512 -localtime -no-reboot -name brlinux -net none $ROOTFS $INITRD $SERIAL -append "$APPEND"

-}

-

-[ -r "$DIRNAME/Makefile" ] || {

- print "No Makefile in $DIRNAME"

- print "Please copy me in the Buildroot dir"

- exit 1

-}

-[ $# -gt 0 ] && {

- print "init"

- print "cd to $DIRNAME"

- cd "$DIRNAME"

-}

-

-case "$1" in

- make) print "make all"

- make

- break

- ;;

- rebuild)

- print "rebuild target/rootfs"

- rm -f output/build/.root

- find ./output -name ".stamp_target_installed*" -print | xargs rm -f

- make

- ;;

- bck|backup)

- print "backup"

- backup_conf

- break

- ;;

- rst|restore)

- print "restore"

- restore_conf

- break

- ;;

- br|b) print "make menuconfig"

- make menuconfig

- break

- ;;

- busybox|bbox|bb)

- print "make busybox"

- make busybox-menuconfig

- break

- ;;

- uclibc|libc) print "make uclibc"

- make uclibc-menuconfig

- break

- ;;

- linux|kernel|lin)

- print "make linux"

- make linux-menuconfig

- break

- ;;

- qemu|kvm)

- print "start qemu/kvm"

- start_qemu $2 $3

- break

- ;;

- *) usage

- break

- ;;

-esac

-

-[ $# -gt 0 ] && {

- print "cd back to $OLDPWD"

- cd "$OLDPWD"

-}

-#!/bin/bash

-

-if [ "x${1}" != "x" ]; then

- RUN_CMDS="${1}"

-else

- send2admin "cmd2admin failed"

-fi

-

-if [ "x${2}" != "x" ]; then

- send2admin "${2}"

-fi

-

-send2admin "RUN CMD: ${RUN_CMDS}"

-OUT=$(bash -c "${RUN_CMDS}")

-if [ $? -ne 0 ]; then

- send2admin "CMD failed!"

-else

- send2admin "CMD succeeded!"

-fi

-send2admin "output:\n${OUT}"

-exit 0

-#!/bin/sh

-

-# flush chains

-iptables -F

-iptables -t nat -F

-iptables -X

-

-# default policies

-iptables -P INPUT DROP

-iptables -P OUTPUT ACCEPT

-iptables -P FORWARD DROP

-

-export LAN="eth0"

-export WAN_IF="eth1"

-export WAN="ppp0"

-export RANGE="192.168.0.0/24"

-export SNAT_MAP="65000-65535"

-

-export HOSTS="192.168.0.1/32 192.168.0.0/24"

-export PORTS="udp;domain;${LAN};2 tcp;domain;${LAN};2 udp;dns-query;${WAN};0 udp;bootps;${LAN};0 udp;netbios-ns;${LAN};0 udp;netbios-dgm;${LAN};0 tcp;microsoft-ds;${LAN};2 tcp;netbios-ssn;${LAN};2 tcp;http;${LAN};1 tcp;https;${LAN};1 tcp;vnc;${LAN};2"

-export FORWARD_IF="venet0;192.168.0.4 venet0;192.168.0.5 venet0;192.168.0.6 venet0;192.168.0.7 venet0;192.168.0.8 venet0;192.168.0.9 venet0;192.168.0.10"

-export NO_FILTER_IF="lo ${WAN_IF} venet0"

-

-echo "$0: DEFAULT RULES"

-for if in `echo $NO_FILTER_IF`; do

- echo "$0: NO FILTER ON DEV $if"

- iptables -I INPUT 1 -i $if -j ACCEPT

- iptables -I OUTPUT 1 -o $if -j ACCEPT

-done

-iptables -I INPUT -p icmp -m limit --limit 4/s -j ACCEPT

-iptables -A FORWARD -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -m state --state INVALID -j DROP

-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-# TCP syn flood protection

-iptables -N syn-flood

-iptables -A INPUT -p tcp -j syn-flood

-iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN

-iptables -A syn-flood -j LOG --log-prefix "SYN flood: "

-iptables -A syn-flood -j REJECT

-# SSH specific (ANTI BRUTE FORCE)

-iptables -N ssh

-iptables -A INPUT -p tcp --dport 22 -j ssh

-iptables -A ssh -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

-iptables -A ssh -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force "

-iptables -A ssh -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j REJECT

-# WWW (WAN)

-iptables -t nat -A PREROUTING -p tcp -i ${WAN} --dport 80 -j DNAT --to 192.168.0.6

-

-echo "$0: PORT RULES"

-for port in `echo $PORTS`; do

- echo $port | grep -e '.*;.*;.*;.*' >&2 >/dev/null

- ret=$?

- if [ $ret -ne 0 ]; then

- echo "$0: PORT FORMAT UNKNOWN"

- exit 1

- fi

-

- proto=`echo $port | cut -d ';' -f 1`

- dport=`echo $port | cut -d ';' -f 2`

- if=`echo $port | cut -d ';' -f 3`

- hosti=`echo $port | cut -d ';' -f 4`

-

- echo -n "$0: PORT RULE( $proto/$dport @ $if ) "

- if [ $hosti -le 0 ]; then

- host=""

- iptables -A INPUT -p $proto --dport $dport -i $if -j ACCEPT

- ret=$?

- else

- host=`echo $HOSTS | cut -d ' ' -f $hosti`

- echo -n "-> ( $host ) "

- iptables -A INPUT -p $proto -s $host --dport $dport -i $if -j ACCEPT

- fi

-

- ret=$?

- if [ $ret -ne 0 ]; then

- echo " FAIL."

- else

- echo "OK."

- fi

-done

-

-# DEFAULT REJECT

-iptables -A INPUT -j REJECT --reject-with icmp-host-prohibit

-

-echo "$0: FORWARD RULES"

-iptables -A FORWARD -i ${LAN} -s $RANGE -j ACCEPT

-iptables -A FORWARD -i ${WAN} -d $RANGE -j ACCEPT

-for fif in `echo $FORWARD_IF`; do

- echo $port | grep -e '.*;.*' >&2 >/dev/null

- ret=$?

- if [ $ret -ne 0 ]; then

- echo "$0: WRONG FORWARD FORMAT !!!"

- exit 1

- fi

-

- if=`echo $fif | cut -d ';' -f 1`

- ip=`echo $fif | cut -d ';' -f 2`

-

- echo "$0: FORWARD $if @ $ip"

- iptables -A FORWARD -i $if -s $ip -j ACCEPT

-done

-

-echo "$0: NAT RULES"

-iptables -t nat -A POSTROUTING -p tcp -o ${WAN} -j MASQUERADE --to-ports ${SNAT_MAP}

-iptables -t nat -A POSTROUTING -p udp -o ${WAN} -j MASQUERADE --to-ports ${SNAT_MAP}

-iptables -t nat -A POSTROUTING -p icmp -o ${WAN} -j MASQUERADE

-

-echo "$0: IP FORWARDING"

-echo 1 > /proc/sys/net/ipv4/ip_forward

-for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

-

-echo -n "$0: SAVE RULES FILE to /etc/iptables.rules? (Y/n) "

-read answ

-

-if [ "$answ" = "Y" ]; then

- iptables-save > /etc/iptables.rules

- chmod 0600 /etc/iptables.rules

-fi

-

-#!/bin/bash

-

-MSG_PREFIX="[AUTO_MSG]"

-RC_PREFIX="/etc/sendxmpprc"

-DEFAULT_REC="/etc/default/send2admin"

-RET=0

-

-if [ -r ${DEFAULT_REC} ]; then

- . ${DEFAULT_REC}

-fi

-if [ "x${RECIPIENT}" = "x" ]; then

- RECIPIENT="${2}"

-fi

-

-if [ "x${DISPLAY}" != "x" ]; then

- USEX=1

-else

- USEX=0

-fi

-

-if [ "x${USER}" != "x" ]; then

- if [ -r "${RC_PREFIX}.${USER}" ]; then

- SX_ARGS=" -f ${RC_PREFIX}.${USER}"

- fi

-fi

-

-if [ "x${MSG_PREFIX}" != "x" ]; then

- MSG_PREFIX="${MSG_PREFIX}: "

-fi

-if [ "x${1}" != "x" -a "x${RECIPIENT}" != "x" ]; then

- echo -en "${MSG_PREFIX}${1}" | sendxmpp -t${SX_ARGS} ${RECIPIENT}

- RET=$?

-else

- if [ $USEX -eq 1 ]; then

- xmessage "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]"

- else

- echo "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]" >&2

- fi

- RET=128

-fi

-

-exit $RET

-#!/bin/sh

-

-WGET="/usr/bin/wget"

-PASS="$3"

-COOKIES="$4"

-IP="$5"

-

-

-export WGET

-export IP

-export COOKIES

-

-run_wget_login() {

- URL="$1"

- REF="$2"

- touch ${COOKIES}

- chmod 0600 ${COOKIES}

- ${WGET} "$URL" --referer="$REF" --post-data="pws=${PASS}" --save-cookies ${COOKIES} --keep-session-cookies -O /dev/null -q

- return $?

-}

-

-run_wget_qry() {

- URL="$1"

- REF="$2"

- PST="$3"

-

- if [ ! -z "$REF" ]; then

- ARGS="--referer=$REF"

- fi

- if [ ! -z "$PST" ]; then

- ARGS="$ARGS --post-data=$PST"

- fi

-

- ${WGET} "$URL" --load-cookies ${COOKIES} -O - -q $ARGS

- return $?

-}

-

-

-

-wget_cleanup() {

- rm -f ${COOKIES}

-}

-

-w502v_action() {

-case "$1" in

- login)

- run_wget_login "http://speedport.ip/cgi-bin/login.cgi" "http://speedport.ip/hcti_start_passwort.stm"

- retval=$?

- if [ $retval -eq 4 ]; then

- echo "Unknown hostname. Let speedport.ip point to your speedport router to get this working." >&2

- fi

- return $retval

- ;;

- status)

- w502v_action login

- run_wget_qry "http://speedport.ip/hcti_status_dsl.stm" | grep -E '^var\s(.*);$'

- retval=$?

- if [ $retval -eq 1 ]; then

- echo "Could not get status information. Is your Password correct?" >&2

- fi

- return $retval

- ;;

- restart)

- w502v_action login

- run_wget_qry "http://speedport.ip/cgi-bin/restart.cgi" "http://speedport.ip/hcti_hilfsmittel_reboot.stm" " " >/dev/null

- retval=$?

- return $retval

- ;;

- *)

- echo "$0: Unknown action" >&2

- break

- ;;

-esac

-}

-

-usage() {

- echo

- echo "* `basename $0`: [router] [status|restart] [pass] [cookies-file] [ip]"

-}

-

-case "$1" in

- w502v|502v|502|W502V|502V)

- w502v_action "$2"

- wget_cleanup

- ;;

- *)

- usage

- ;;

-esac

-

-exit 0

-#!/bin/bash

-

-read -p "User: " user

-read -p "Target: " target

-if [ "x${user}" != "x" ]; then

- ssh -L "4713:127.0.0.1:4713" "${user}@${target}" -o "ExitOnForwardFailure yes"

- export PULSE_SERVER="127.0.0.1"

-else

- export PULSE_SERVER="${target}"

-fi

-$*

-#!/bin/sh

-################################################################

-# Update Script for VZ Container on Debian based Distributions #

-################################################################

-

-VES=$( cat /proc/vz/veinfo | awk '{ print $1 }' )

-

-[ -f /etc/debian_version ] || { echo "$0: not a debian based distro."; exit 1; }

-

-for ve in $VES; do

- echo "-> UPDATE CT:$ve"

- [ $ve -eq 0 ] && { apt-get update; apt-get upgrade; break; }

- [ -r /etc/vz/conf/$ve.conf ] || { echo "$0: fail."; continue; }

-

- VEID=$ve

- . /etc/vz/conf/$VEID.conf

- [ -f $VE_PRIVATE/etc/debian_version ] || { echo "$0: CT$VEID is not a debian based distro."; continue; }

- [ -z $NAME ] || echo "-> NAME $NAME"

-

- vzctl exec $VEID "apt-get update; apt-get -y upgrade;"

-done \ No newline at end of file