V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 37s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 37s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -119,6 +119,7 @@ genpasswd() {
|
||||
done
|
||||
|
||||
declare passwd
|
||||
# shellcheck disable=SC2312
|
||||
passwd=$(tr -dc 'A-Za-z0-9_' < /dev/random | head -c "${length}")
|
||||
|
||||
if [[ ${usebase64} -eq 1 ]]; then
|
||||
@@ -136,6 +137,7 @@ genpasswd() {
|
||||
# shellcheck disable=SC2317
|
||||
genpasswdhash() {
|
||||
declare salt
|
||||
# shellcheck disable=SC2312
|
||||
salt=$(tr -dc 'A-Za-z0-9' < /dev/random | head -c 16)
|
||||
mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
|
||||
}
|
||||
@@ -146,11 +148,16 @@ genpasswdhash() {
|
||||
# None
|
||||
#######################################
|
||||
genstring() {
|
||||
# shellcheck disable=SC2312
|
||||
(haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
|
||||
}
|
||||
|
||||
#######################################
|
||||
# Wrapper for secure curl
|
||||
# Globals:
|
||||
# CRED
|
||||
# CRES
|
||||
# NL
|
||||
# Arguments:
|
||||
# 1: URL from which to download a specific file
|
||||
# 2: /path/to/file to be saved to
|
||||
@@ -161,7 +168,7 @@ genstring() {
|
||||
#######################################
|
||||
scurl() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
|
||||
printf "%s❌ Error: Usage: scurl <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
|
||||
return 1
|
||||
fi
|
||||
declare url="$1"
|
||||
@@ -173,7 +180,7 @@ scurl() {
|
||||
-o "${output_path}" \
|
||||
"${url}"
|
||||
then
|
||||
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "${url}" >&2
|
||||
printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
|
||||
return 2
|
||||
fi
|
||||
return 0
|
||||
@@ -181,6 +188,10 @@ scurl() {
|
||||
|
||||
#######################################
|
||||
# Wrapper for secure wget
|
||||
# Globals:
|
||||
# CRED
|
||||
# CRES
|
||||
# NL
|
||||
# Arguments:
|
||||
# 1: URL from which to download a specific file
|
||||
# 2: /path/to/file to be saved to
|
||||
@@ -191,7 +202,7 @@ scurl() {
|
||||
#######################################
|
||||
swget() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
|
||||
printf "%s❌ Error: Usage: swget <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
|
||||
return 1
|
||||
fi
|
||||
declare url="$1"
|
||||
@@ -204,21 +215,22 @@ swget() {
|
||||
-qO "${output_path}" \
|
||||
"${url}"
|
||||
then
|
||||
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "$url" >&2
|
||||
printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
|
||||
return 2
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
#######################################
|
||||
# Wrapper for loading CISS.2025 hardened Kernel Parameters
|
||||
# Wrapper for loading CISS.2025 hardened Kernel Parameters.
|
||||
# Arguments:
|
||||
# None
|
||||
#######################################
|
||||
sysp() {
|
||||
sysctl -p /etc/sysctl.d/99_local.hardened
|
||||
# sleep 1
|
||||
sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
|
||||
# shellcheck disable=SC2312
|
||||
sysctl -a | grep -E 'kernel|vm|net' >| /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
|
||||
}
|
||||
|
||||
#######################################
|
||||
@@ -238,9 +250,10 @@ trel() {
|
||||
#######################################
|
||||
whichpackage() {
|
||||
if ! command -v "$1" >/dev/null 2>&1; then
|
||||
printf 'Error: Program '%s' not found.\n' "$1" >&2
|
||||
printf '%s❌ Error: Program '%s' not found. %s%s' "${CRED}" "$1" "${CRES}" "${NL}" >&2
|
||||
exit 1
|
||||
fi
|
||||
# shellcheck disable=SC2230,SC2312
|
||||
dpkg -S "$(which "$1")"
|
||||
}
|
||||
|
||||
@@ -252,6 +265,7 @@ whichpackage() {
|
||||
# 3: Number of Entries (defaults 16)
|
||||
#######################################
|
||||
whichused() {
|
||||
# shellcheck disable=SC2312
|
||||
du -h --max-depth="${2:-1}" "${1:-/var}" | sort -hr | head -n "${3:-16}"
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -36,4 +36,6 @@ echo -e "\e[92m All done" "\e[95m'${USER}'" "\e[92m! \e[0m"
|
||||
echo -e "\e[92m Close shell with 'ENTER' to exit" "\e[95m'${HOSTNAME}'" "\e[92m! \e[0m"
|
||||
# shellcheck disable=SC2162
|
||||
read
|
||||
[[ -x /usr/bin/clear_console ]] && /usr/bin/clear_console -q
|
||||
exit 0
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -19,7 +19,10 @@ set -Ceuo pipefail
|
||||
# --log=/var/log/ufw.log \
|
||||
# --output=/tmp/f2bchk.log
|
||||
# Globals:
|
||||
# None
|
||||
# CGRE
|
||||
# CRED
|
||||
# CRES
|
||||
# NL
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
@@ -27,7 +30,7 @@ set -Ceuo pipefail
|
||||
# 1: In case of any errors
|
||||
#######################################
|
||||
f2bchk(){
|
||||
# Declare default values (readonly)
|
||||
### Declare default values (readonly)
|
||||
declare -r DEFAULT_MODE="matched"
|
||||
declare -r DEFAULT_FILTER="/etc/fail2ban/filter.d/ufw.aggressive.conf"
|
||||
declare -r DEFAULT_LOG="/var/log/ufw.log"
|
||||
@@ -45,7 +48,7 @@ f2bchk(){
|
||||
--log=*) log="${arg#--log=}";;
|
||||
--output=*) output="${arg#--output=}";;
|
||||
*)
|
||||
printf "\e[31m[ERROR]\e[0m Unknown argument: %s\n" "${arg}"
|
||||
printf "%s[ERROR]%s Unknown argument: '%s' %s" "${CRED}" "${CRES}" "${arg}" "${CRED}"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
@@ -57,7 +60,7 @@ f2bchk(){
|
||||
matched) flag="--print-all-matched"; suffix="all.matched";;
|
||||
missed) flag="--print-all-missed"; suffix="all.missed";;
|
||||
*)
|
||||
printf "\e[31m[ERROR]\e[0m Invalid mode: %s\n" "${mode}"
|
||||
printf "%s[ERROR]%s Invalid mode: '%s' %s" "${CRED}" "${CRES}" "${mode}" "${NL}"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
@@ -67,24 +70,30 @@ f2bchk(){
|
||||
filter_name="${filter_name%.conf}"
|
||||
output="/tmp/${filter_name}.${suffix}.log"
|
||||
fi
|
||||
|
||||
if [[ ! -r "${log}" ]]; then
|
||||
printf "\e[31m[ERROR]\e[0m Log file '%s' not found or not readable.\n" "${log}"
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -r "${filter}" ]]; then
|
||||
printf "\e[31m[ERROR]\e[0m Filter file '%s' not found or not readable.\n" "${filter}"
|
||||
printf "%s[ERROR]%s Log file '%s' not found or not readable. %s" "${CRED}" "${CRES}" "${log}" "${NL}"
|
||||
return 1
|
||||
fi
|
||||
|
||||
printf "\e[33m[INFO]\e[0m Running: fail2ban-regex %s %s %s\n" "${log}" "${filter}" "${flag}"
|
||||
if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
|
||||
printf "\e[32m[SUCCESS]\e[0m Saved log to %s\n" "$output"
|
||||
printf "You can view it with: cat %s\n" "$output"
|
||||
else
|
||||
printf "\e[31m[ERROR]\e[0m fail2ban-regex execution failed.\n"
|
||||
if [[ ! -r "${filter}" ]]; then
|
||||
printf "%s[ERROR]%s Filter file '%s' not found or not readable. %s" "${CRED}" "${CRES}" "${filter}" "${NL}"
|
||||
return 1
|
||||
fi
|
||||
|
||||
printf "%s[INFO]%s Running: fail2ban-regex '%s %s %s' %s" "${CGRE}" "${CRES}" "${log}" "${filter}" "${flag}" "${NL}"
|
||||
|
||||
if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
|
||||
|
||||
printf "%s[SUCCESS]%s Saved log to: '%s' %s" "${CGRE}" "${CRES}" "${output}" "${NL}"
|
||||
printf "You can view it with: cat %s%s" "${output}" "${NL}"
|
||||
else
|
||||
|
||||
printf "%s[ERROR]%s fail2ban-regex execution failed. %s" "${CRED}" "${CRES}" "${NL}"
|
||||
return 1
|
||||
|
||||
fi
|
||||
|
||||
exit 0
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -12,31 +12,38 @@
|
||||
|
||||
#######################################
|
||||
# Scanner for 'libwrap' usage.
|
||||
# Globals:
|
||||
# CGRE
|
||||
# CRES
|
||||
# NL
|
||||
# Arguments:
|
||||
# None
|
||||
#######################################
|
||||
scanlw() {
|
||||
printf "\e[92m🔍 Scanning all running processes for 'libwrap' usage ... \e[0m\n"
|
||||
printf "%s🔍 Scanning all running processes for 'libwrap' usage ... %s%s" "${CGRE}" "${CRES}" "${NL}"
|
||||
printf "\n"
|
||||
|
||||
# Collect binaries from all running PIDs
|
||||
### Collect binaries from all running PIDs.
|
||||
declare pid exe_path comm user
|
||||
|
||||
for pid in $(ps -e -o pid=); do
|
||||
exe_path=$(readlink -f "/proc/${pid}/exe" 2>/dev/null)
|
||||
|
||||
# Skip if not a regular executable
|
||||
### Skip if not a regular executable.
|
||||
[[ -x "${exe_path}" ]] || continue
|
||||
|
||||
# Check if the binary is linked with libwrap
|
||||
if ldd "$exe_path" 2>/dev/null | grep -q "libwrap"; then
|
||||
comm=$(ps -p "$pid" -o comm=)
|
||||
user=$(ps -p "$pid" -o user=)
|
||||
printf "\e[92m✅ PID: %s (%s) [User: %s] is linked with 'libwrap.so'. \e[0m\n" "${pid}" "${comm}" "${user}"
|
||||
### Check if the binary is linked with libwrap.
|
||||
# shellcheck disable=SC2312
|
||||
if ldd "${exe_path}" 2>/dev/null | grep -q "libwrap"; then
|
||||
comm=$(ps -p "${pid}" -o comm=)
|
||||
user=$(ps -p "${pid}" -o user=)
|
||||
printf "%s✅ PID: %s (%s) [User: %s] is linked with 'libwrap.so'. %s%s" "${CGRE}" "${pid}" "${comm}" "${user}" "${CRES}" "${NL}"
|
||||
fi
|
||||
done
|
||||
|
||||
printf "\n"
|
||||
printf "\e[92m✅ Scan complete. \e[0m\n"
|
||||
printf "%s✅ Scan complete. %s%s" "${CGRE}" "${CRES}" "${NL}"
|
||||
|
||||
exit 0
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -104,7 +104,7 @@ celp() {
|
||||
declare i=0
|
||||
declare entry
|
||||
for entry in "${arr[@]}"; do
|
||||
# Print entry left-aligned in fixed width, colored
|
||||
### Print entry left-aligned in fixed width, colored.
|
||||
printf "${CMAG}%-${col_width}s${CRES}" "${entry}"
|
||||
((i++))
|
||||
if ((i % cols == 0)); then
|
||||
|
||||
Reference in New Issue
Block a user