diff options
| author | toni <toni@devlap.local> | 2014-11-25 14:23:20 +0100 |
|---|---|---|
| committer | toni <toni@devlap.local> | 2014-11-25 14:23:20 +0100 |
| commit | b54c3dcb4da34cdb2e9d92516ed965e3a1a157aa (patch) | |
| tree | fdd51a17dbd3a86b402343dcbfb402ee37c6d676 | |
| parent | 6d5e06e725bf85fd5039619b342bc7491d563c70 (diff) | |
| parent | 99fd112d43bc37104a45df62e37ee33590f701ec (diff) | |
Merge branch 'master' of github.com:freecoding/foo-scripts
| -rwxr-xr-x | cmd2admin.sh | 21 | ||||
| -rwxr-xr-x | configs/xmobar_hddusage.sh | 4 | ||||
| -rw-r--r-- | configs/xmobarrc | 4 | ||||
| -rw-r--r-- | configs/xmonad.hs | 27 | ||||
| -rwxr-xr-x | iceweasel-sandbox.sh | 29 | ||||
| -rwxr-xr-x | selinux_pols/build_all.sh | 31 | ||||
| -rw-r--r-- | selinux_pols/dmesg.te | 10 | ||||
| -rw-r--r-- | selinux_pols/exim.te | 12 | ||||
| -rw-r--r-- | selinux_pols/fuse.te | 10 | ||||
| -rw-r--r-- | selinux_pols/hald.te | 39 | ||||
| -rw-r--r-- | selinux_pols/pulse.te | 39 | ||||
| -rw-r--r-- | selinux_pols/samba.te | 12 | ||||
| -rwxr-xr-x | send2admin.sh | 42 |
13 files changed, 263 insertions, 17 deletions
diff --git a/cmd2admin.sh b/cmd2admin.sh new file mode 100755 index 0000000..2d213db --- /dev/null +++ b/cmd2admin.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ "x${1}" != "x" ]; then + RUN_CMDS="${1}" +else + send2admin "cmd2admin failed" +fi + +if [ "x${2}" != "x" ]; then + send2admin "${2}" +fi + +send2admin "RUN CMD: ${RUN_CMDS}" +OUT=$(bash -c "${RUN_CMDS}") +if [ $? -ne 0 ]; then + send2admin "CMD failed!" +else + send2admin "CMD succeeded!" +fi +send2admin "output:\n${OUT}" +exit 0 diff --git a/configs/xmobar_hddusage.sh b/configs/xmobar_hddusage.sh index e8285e4..bea8391 100755 --- a/configs/xmobar_hddusage.sh +++ b/configs/xmobar_hddusage.sh @@ -1,9 +1,9 @@ #!/bin/bash if [ "x$1" = "xread" ]; then - OUT=$(iostat | sed -n 's/sda\s*[0-9,]*\s*\([0-9]*\).*$/\1/p') + OUT=$(sudo iotop -b -n 1 -P -k -qq | sed -n 's/^Total DISK READ:\s*\([0-9]*\)\..*$/\1/p') elif [ "x$1" = "xwrite" ]; then - OUT=$(iostat | sed -n 's/sda\s*[0-9,]*\s*[0-9,]*\s*\([0-9]*\).*$/\1/p') + OUT=$(sudo iotop -b -n 1 -P -k -qq | sed -n 's/^.*Total DISK WRITE:\s*\([0-9]*\)\..*$/\1/p') else exit 1 fi diff --git a/configs/xmobarrc b/configs/xmobarrc index 78d4a42..59759db 100644 --- a/configs/xmobarrc +++ b/configs/xmobarrc @@ -12,10 +12,10 @@ Config { font = "-misc-fixed-*-*-*-*-18-*-*-*-*-*-*-*" , Run Com "~/.xmobar_cputemp.sh" ["MB"] "mtmp" 100 , Run Network "eth0" ["-L","0","-H","32","--normal","green","--high","red"] 10 , Run Network "eth1" ["-L","0","-H","32","--normal","green","--high","red"] 10 - , Run Cpu ["-L","15","-H","50","--normal","green","--high","red"] 10 + , Run Cpu ["-L","15","-H","50","--normal","green","--high","red"] 20 , Run Memory ["Mem: %"] 200 , Run Swap [] 200 - , Run Date "%a %b (%V) %_d %Y %H:%M:%S" "date" 10 + , Run Date "%a %b %_d %Y %H:%M (KW%V)" "date" 600 , Run StdinReader ] , sepChar = "%" diff --git a/configs/xmonad.hs b/configs/xmonad.hs index e698351..acec436 100644 --- a/configs/xmonad.hs +++ b/configs/xmonad.hs @@ -25,7 +25,7 @@ import qualified Data.Map as M -- The preferred terminal program, which is used in a binding below and by -- certain contrib modules. -- -myTerminal = "/usr/bin/konsole" +myTerminal = "x-terminal-emulator" ------------------------------------------------------------------------ @@ -33,7 +33,7 @@ myTerminal = "/usr/bin/konsole" -- The default number of workspaces (virtual screens) and their names. -- myWorkspaces :: [WorkspaceId] -myWorkspaces = ["1:term","2:code","3:web","4:vm","5:media"] ++ map show [6..9] +myWorkspaces = ["1:pidg","2:file","3:web","4:work1","5:work2"] ++ map show [6..9] ------------------------------------------------------------------------ -- Window rules @@ -52,15 +52,17 @@ myWorkspaces = ["1:term","2:code","3:web","4:vm","5:media"] ++ map show [6..9] myManageHook = composeAll [ className =? "Iceweasel" --> doShift "3:web" , className =? "Icedove" --> doShift "3:web" - , className =? "Pidgin" --> doShift "1:term" - , className =? "Eclipse" --> doShift "2:code" + , className =? "Pidgin" --> doShift "1:pidg" + , className =? "Eclipse" --> doShift "2:file" , className =? "Kmail" --> doShift "3:web" - , className =? "Konqueror" --> doShift "2:code" + , className =? "Konqueror" --> doShift "2:file" + , className =? "Nautilus" --> doShift "2:file" , resource =? "desktop_window" --> doIgnore , className =? "Galculator" --> doFloat + , className =? "Gource" --> doFloat , className =? "MPlayer" --> doFloat - , className =? "VirtualBox" --> doShift "4:vm" - , className =? "Xchat" --> doShift "5:media" + , className =? "VirtualBox" --> doShift "4:work1" + , className =? "Xchat" --> doShift "5:work2" , isFullscreen --> (doF W.focusDown <+> doFullFloat)] @@ -131,6 +133,14 @@ myKeys conf@(XConfig {XMonad.modMask = modMask}) = M.fromList $ , ((modMask .|. shiftMask, xK_l), spawn "xscreensaver-command -lock") + -- Start Firefox + , ((modMask .|. shiftMask, xK_i), + spawn "iceweasel") + + -- run demnu + , ((modMask .|. shiftMask, xK_d), + spawn "dmenu_run -b") + -- Take full screenshot in multi-head mode. -- That is, take a screenshot of everything you see. , ((modMask .|. shiftMask, xK_p), @@ -296,8 +306,7 @@ myMouseBindings (XConfig {XMonad.modMask = modMask}) = M.fromList $ --myStartupHook = return () myStartupHook :: X () myStartupHook = do --- safeSpawnProg "iceweasel" - safeSpawnProg "konqueror" + safeSpawnProg "iceweasel" safeSpawnProg "pidgin" setWMName "LG3D" diff --git a/iceweasel-sandbox.sh b/iceweasel-sandbox.sh index 37cad6c..aab60a6 100755 --- a/iceweasel-sandbox.sh +++ b/iceweasel-sandbox.sh @@ -14,6 +14,8 @@ else CHROOTDIR="$HOME/iceweasel.sandbox" fi +export CHROOTKILL="for pid in $(lsof -t ${CHROOTDIR} 2>/dev/null | tr '\n' ' '); do echo -n "."; kill -SIGTERM "\$pid"; done; echo" + if [ ! -z "$2" ]; then DBS_OPTS="--arch ${DEF_ARCH} ${2} ${DEF_SUITE}" else @@ -36,7 +38,22 @@ fi echo "* CHROOT: $CHROOTDIR" xhost + if [ ! -f ${CHROOTDIR}/.stamp_installed ]; then - su -- -c "/usr/sbin/debootstrap --unpack-tarball ${HOME}/iceweasel.sandbox.tar ${DBS_OPTS} ${CHROOTDIR} && touch ${CHROOTDIR}/.stamp_installed" + echo "* DEBOOTSTRAP" + su -- -c "/usr/sbin/debootstrap --unpack-tarball ${HOME}/iceweasel.sandbox.tar ${DBS_OPTS} ${CHROOTDIR}; touch ${CHROOTDIR}/.stamp_installed" +else + echo "* INSTALLED" +fi + +if [ $(lsof -t ${CHROOTDIR} 2>/dev/null | wc -l) -ne 0 ]; then + echo "* Running instance found" + read -p "kill instance? (Y/n) " -t 3 answ + if [ "x$answ" = "xY" ]; then + echo -n "* SIGTERM all processes" + su -- -c "$CHROOTKILL" + else + echo "* abort" + exit 1 + fi fi read -p "mount proc? (Y/n) " -t 3 answ @@ -44,7 +61,8 @@ if [ "x$answ" = "xY" ]; then add_precmd "mount -t proc proc ${CHROOTDIR}/proc" add_postcmd "umount ${CHROOTDIR}/proc" fi -su -- -c "${PRECMD}; chroot ${CHROOTDIR} /bin/bash -c 'apt-get update; apt-get upgrade; apt-get install -y iceweasel; useradd -m firefox; su -l firefox -c iceweasel'; ${POSTCMD}" +echo "* CHROOT" +su -- -c "${PRECMD}; chroot ${CHROOTDIR} /bin/bash -c 'apt-get update; apt-get upgrade; apt-get install -y iceweasel; useradd -m firefox; su -l firefox -c iceweasel'; ${CHROOTKILL}; ${POSTCMD}" read -p "delete ${CHROOTDIR} ? (Y/n) " -t 5 answ if [ "x$answ" = "xY" ]; then @@ -54,10 +72,13 @@ if [ "x$answ" = "xY" ]; then DOWIPE=y fi fi + add_postcmd "umount ${CHROOTDIR}/proc" if [ "x$DOWIPE" = "xy" ]; then - su -- -c "wipe -qrcf ${CHROOTDIR}/{home,tmp} && rm -rf ${CHROOTDIR}" + echo "* WIPE" + su -- -c "${CHROOTKILL}; ${POSTCMD}; wipe -qrcf ${CHROOTDIR}/{home,tmp}; rm -rf ${CHROOTDIR}" else - su -- -c "rm -rf ${CHROOTDIR}" + echo "* RM" + su -- -c "${CHROOTKILL}; ${POSTCMD}; rm -rf ${CHROOTDIR}" fi fi diff --git a/selinux_pols/build_all.sh b/selinux_pols/build_all.sh new file mode 100755 index 0000000..286cdc8 --- /dev/null +++ b/selinux_pols/build_all.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +BDIR=$(dirname ${0}) + +function run_cmd { + cmd="${1}" + echo "${cmd}" + $cmd + return $? +} + +echo "$0: building all in $BDIR" >&2 +for file in ${BDIR}/*.te; do + echo "* building: $file" + fname=$(basename ${file} | sed -e 's/^\(.*\)\.\(.*\)$/\1/g') + run_cmd "checkmodule -m -M -o ${BDIR}/${fname}.mod ${BDIR}/${fname}.te" + if [ $? -ne 0 ]; then + echo "checkmodule: ERROR, next .." >&2 + continue + fi + run_cmd "semodule_package -m ${BDIR}/${fname}.mod -o ${BDIR}/${fname}.pp" + if [ $? -ne 0 ]; then + echo "semodule_package: ERROR, next .." >&2 + continue + fi + run_cmd "semodule -i ${BDIR}/${fname}.pp" + run_cmd "semodule -e ${fname}" +done + +echo "done." +exit 0 diff --git a/selinux_pols/dmesg.te b/selinux_pols/dmesg.te new file mode 100644 index 0000000..dd85723 --- /dev/null +++ b/selinux_pols/dmesg.te @@ -0,0 +1,10 @@ +module dmesg 1.0; + +require { + type dmesg_t; + type tty_device_t; + class chr_file { read write }; +} + +#============= dmesg_t ============== +allow dmesg_t tty_device_t:chr_file { read write }; diff --git a/selinux_pols/exim.te b/selinux_pols/exim.te new file mode 100644 index 0000000..9b0cb01 --- /dev/null +++ b/selinux_pols/exim.te @@ -0,0 +1,12 @@ +module exim-custom 1.0; + +require { + type sysctl_crypto_t; + type exim_t; + class dir search; + class file { read getattr open }; +} + +#============= exim_t ============== +allow exim_t sysctl_crypto_t:dir search; +allow exim_t sysctl_crypto_t:file { read getattr open }; diff --git a/selinux_pols/fuse.te b/selinux_pols/fuse.te new file mode 100644 index 0000000..510cbe3 --- /dev/null +++ b/selinux_pols/fuse.te @@ -0,0 +1,10 @@ +module fuse-custom 1.0; + +require { + type fuse_device_t; + type mount_t; + class chr_file { write read }; +} + +#============= mount_t ============== +allow mount_t fuse_device_t:chr_file { write read }; diff --git a/selinux_pols/hald.te b/selinux_pols/hald.te new file mode 100644 index 0000000..6f40fad --- /dev/null +++ b/selinux_pols/hald.te @@ -0,0 +1,39 @@ +module hald-custom 1.2; + +require { + type fixed_disk_device_t; + type mnt_t; + type system_dbusd_t; + class blk_file { read ioctl open }; + class dir { write remove_name add_name }; + class file { write rename create unlink }; +} + +#============= system_dbusd_t ============== +allow system_dbusd_t fixed_disk_device_t:blk_file { ioctl open }; +#!!!! The source type 'system_dbusd_t' can write to a 'dir' of the following types: +# system_dbusd_var_run_t, system_dbusd_tmp_t, user_home_t, tmp_t, var_run_t + +allow system_dbusd_t mnt_t:dir { write remove_name add_name }; +allow system_dbusd_t mnt_t:file { write rename create unlink }; + +require { + type removable_device_t; + type event_device_t; + type system_dbusd_t; + class blk_file { read ioctl open }; + class chr_file read; +} + +#============= system_dbusd_t ============== +allow system_dbusd_t event_device_t:chr_file read; +allow system_dbusd_t removable_device_t:blk_file { read ioctl open }; + +require { + type removable_device_t; + type system_dbusd_t; + class blk_file { read ioctl open }; +} + +#============= system_dbusd_t ============== +allow system_dbusd_t removable_device_t:blk_file { read ioctl open }; diff --git a/selinux_pols/pulse.te b/selinux_pols/pulse.te new file mode 100644 index 0000000..6e7672d --- /dev/null +++ b/selinux_pols/pulse.te @@ -0,0 +1,39 @@ +module pulse-custom 1.2; + +require { + type pulseaudio_t; + class sem { read write unix_write }; +} + +#============= pulseaudio_t ============== +allow pulseaudio_t self:sem { read write unix_write }; + +require { + type udev_tbl_t; + type pulseaudio_t; + class file { read getattr open }; +} + +#============= pulseaudio_t ============== +allow pulseaudio_t udev_tbl_t:file { read getattr open }; + +require { + type pulseaudio_t; + class sem destroy; +} + +#============= pulseaudio_t ============== +allow pulseaudio_t self:sem destroy; + +require { + type initrc_state_t; + type tmpfs_t; + type pulseaudio_t; + class sem { unix_read create getattr setattr associate }; + class file { read write getattr open }; +} + +#============= pulseaudio_t ============== +allow pulseaudio_t initrc_state_t:file { read getattr open }; +allow pulseaudio_t self:sem { unix_read create getattr setattr associate }; +allow pulseaudio_t tmpfs_t:file { read write }; diff --git a/selinux_pols/samba.te b/selinux_pols/samba.te new file mode 100644 index 0000000..b153f83 --- /dev/null +++ b/selinux_pols/samba.te @@ -0,0 +1,12 @@ +module samba-custom 1.0; + +require { + type sysctl_crypto_t; + type smbd_t; + class dir search; + class file { read getattr open }; +} + +#============= smbd_t ============== +allow smbd_t sysctl_crypto_t:dir search; +allow smbd_t sysctl_crypto_t:file { read getattr open }; diff --git a/send2admin.sh b/send2admin.sh new file mode 100755 index 0000000..cad0ef5 --- /dev/null +++ b/send2admin.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +MSG_PREFIX="[AUTO_MSG]" +RC_PREFIX="/etc/sendxmpprc" +DEFAULT_REC="/etc/default/send2admin" +RET=0 + +if [ -r ${DEFAULT_REC} ]; then + . ${DEFAULT_REC} +fi +if [ "x${RECIPIENT}" = "x" ]; then + RECIPIENT="${2}" +fi + +if [ "x${DISPLAY}" != "x" ]; then + USEX=1 +else + USEX=0 +fi + +if [ "x${USER}" != "x" ]; then + if [ -r "${RC_PREFIX}.${USER}" ]; then + SX_ARGS=" -f ${RC_PREFIX}.${USER}" + fi +fi + +if [ "x${MSG_PREFIX}" != "x" ]; then + MSG_PREFIX="${MSG_PREFIX}: " +fi +if [ "x${1}" != "x" -a "x${RECIPIENT}" != "x" ]; then + echo -en "${MSG_PREFIX}${1}" | sendxmpp -t${SX_ARGS} ${RECIPIENT} + RET=$? +else + if [ $USEX -eq 1 ]; then + xmessage "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]" + else + echo "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]" >&2 + fi + RET=128 +fi + +exit $RET |