andre/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init III

Browse Source
This commit is contained in:
Andre Geißler
2024-10-14 00:08:40 +02:00
parent dbfba56f66
commit 1462d52e13
4572 changed files with 2658864 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
LinuxServerTools/heart_wrapper.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
ARG=$1
if [ "$ARG" == "" ]; then
echo "Server angeben!"
exit
fi
function check {
RET=$?;
#echo "? -$RET-"
case "$RET" in
0) echo " => OK";;
1) echo " => ALARM";;
*) echo " => keine Verbindung";;
esac
}
echo "# Prüfe Server $ARG"
echo "### http"
./heartbleed.pl -q $ARG >/dev/null 2>&1
check
echo "### imap"
./heartbleed.pl -q --starttls imap $ARG:143 >/dev/null 2>&1
check
./heartbleed.pl -q $ARG:993 >/dev/null 2>&1
check
echo "### smtp"
./heartbleed.pl -q --starttls smtp $ARG:587 >/dev/null 2>&1
check
./heartbleed.pl -q $ARG:465 >/dev/null 2>&1
check
echo "### pop3"
./heartbleed.pl -q --starttls pop $ARG:110 >/dev/null 2>&1
check
./heartbleed.pl -q $ARG:995 >/dev/null 2>&1
check

186
LinuxServerTools/iptables/dagobert_firewall.sh Normal file
View File

@@ -0,0 +1,186 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: firewall_rules
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: agadmin firewall rules
### END INIT INFO
ACTION=$1
TLD="cn iq ir kp ru tr tw"
URL="http://www.ipdeny.com/ipblocks/data/countries/"
INPUT="INPUT"
OUTPUT="OUTPUT"
PIDDIR="/var/run"
function block_country_chains {
if [ "$1" == "STOP" ]; then
for Z in `iptables -S | grep -E '^-N' | grep ".ct.chain" | awk '{print $2;}'`
do
iptables -D $INPUT -j $Z
iptables -F $Z
iptables -X $Z
done
return
fi
cd /tmp
# chains bilden und in INPUT chain einbinden
for C in $TLD
do
iptables -N $C.ct.chain
iptables -A $INPUT -j $C.ct.chain
done
sleep 10
for C in $TLD
do
wget $URL$C.zone > /dev/null 2>&1
done
for C in $TLD
do
for IP in `cat $C.zone`
do
iptables -A $C.ct.chain -s $IP -j DROP > /dev/null 2>&1
done
done
}
function services_chain {
if [ "$1" == "STOP" ]; then
iptables -D $INPUT -j SERVICES.chain
iptables -F SERVICES.chain
iptables -X SERVICES.chain
return
fi
SERVICES="993 995 587 465 25 143 110 443 80 53 389"
iptables -N SERVICES.chain
for PORT in $SERVICES; do
iptables -A SERVICES.chain -p tcp --dport "$PORT" -j ACCEPT
done
iptables -A SERVICES.chain -p udp --dport 53 -j ACCEPT
iptables -A $INPUT -j SERVICES.chain
}
function admin_chain {
if [ "$1" == "STOP" ]; then
iptables -D $INPUT -j ADMIN.chain
iptables -F ADMIN.chain
iptables -X ADMIN.chain
return
fi
iptables -N ADMIN.chain
iptables -A ADMIN.chain -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A ADMIN.chain -p tcp --dport 22 -j ACCEPT
iptables -A ADMIN.chain -p udp --dport 161 -j ACCEPT
iptables -A ADMIN.chain -p tcp --dport 953 -j ACCEPT
iptables -A ADMIN.chain -d 127.0.0.0/8 -j ACCEPT
iptables -A ADMIN.chain -s 5.1.84.159 -j ACCEPT
iptables -A ADMIN.chain -s 5.1.84.160 -j ACCEPT
iptables -A ADMIN.chain -s 62.113.250.204 -j ACCEPT
iptables -A ADMIN.chain -p icmp -j ACCEPT
iptables -A $INPUT -j ADMIN.chain
}
function imscp_logging_chains {
if [ "$1" == "STOP" ]; then
iptables -D $INPUT -j IMSCP_INPUT
iptables -D $OUTPUT -j IMSCP_OUTPUT
iptables -F IMSCP_INPUT
iptables -F IMSCP_OUTPUT
iptables -X IMSCP_INPUT
iptables -X IMSCP_OUTPUT
return
fi
SERVICES_IN="80 443 110 143 25 465 587 995 993"
SERVICES_OUT="25 465 587"
iptables -N IMSCP_INPUT
iptables -N IMSCP_OUTPUT
iptables -A $INPUT -j IMSCP_INPUT
iptables -A $OUTPUT -j IMSCP_OUTPUT
for PORT in $SERVICES_IN; do
iptables -A IMSCP_INPUT -p tcp --dport "$PORT"
iptables -A IMSCP_OUTPUT -p tcp --sport "$PORT"
done
for PORT in $SERVICES_OUT; do
iptables -A IMSCP_INPUT -p tcp --sport "$PORT"
iptables -A IMSCP_OUTPUT -p tcp --dport "$PORT"
done
iptables -A IMSCP_INPUT -j RETURN
iptables -A IMSCP_OUTPUT -j RETURN
}
#####################################################################################################
case $ACTION in
start)
if [ -f $PIDDIR/firewall.pid ]; then
echo "Firewall bereits aktiv"
exit
fi
echo "Firewall wird gestartet"
touch $PIDDIR/firewall.pid
iptables -P $INPUT DROP
#imscp_logging_chains START
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
block_country_chains START &
sleep 5
services_chain START
admin_chain START
;;
stop)
if [ ! -f $PIDDIR/firewall.pid ]; then
echo "Firewall bereits gestoppt"
exit
fi
echo "Firewall wird gestoppt"
rm $PIDDIR/firewall.pid
iptables -P $INPUT ACCEPT
#imscp_logging_chains STOP
iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
block_country_chains STOP
services_chain STOP
admin_chain STOP
;;
reload|restart)
if [ -f $PIDDIR/firewall.pid ]; then
echo "Firewall wird gestoppt"
rm $PIDDIR/firewall.pid
iptables -P $INPUT ACCEPT
#imscp_logging_chains STOP
iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
block_country_chains STOP
services_chain STOP
admin_chain STOP
else
echo "Firewall nicht gestartet"
fi
echo "Firewall wird gestartet"
touch $PIDDIR/firewall.pid
iptables -P $INPUT DROP
#imscp_logging_chains START
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
block_country_chains START &
sleep 5
services_chain START
admin_chain START
;;
status)
if [ -f $PIDDIR/firewall.pid ]; then
echo "Firewall aktiv"
exit
fi
echo "Firewall nicht aktiv"
;;
esac

36
LinuxServerTools/iptables/daisy_firewall.sh Normal file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
TLD="cn iq ir kp ru tr tw"
URL="http://www.ipdeny.com/ipblocks/data/countries/"
# chains komplett entfernen
for C in $TLD
do
iptables -D BLOCKCOUNTRY -j $C
iptables -F $C
iptables -X $C
done
# chains bauen
cd /tmp
for C in $TLD
do
iptables -N $C.ct.chain
iptables -A BLOCKCOUNTRY -j $C.ct.chain
done
# länderinfos herunterladen
for C in $TLD
do
wget $URL$C.zone > /dev/null 2>&1
done
#länderinfos in chains
for C in $TLD
do
for IP in `cat $C.zone`
do
iptables -A $C.ct.chain -s $IP -j DROP > /dev/null 2>&1
done
done

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/ICM-WSE-UAT-confg Normal file
View File

@@ -0,0 +1,4 @@
!
end

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/R6-confg Normal file
View File

@@ -0,0 +1,4 @@
!
end

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/cisconet.cfg Normal file
View File

@@ -0,0 +1,4 @@
!
end

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/ciscortr.cfg Normal file
View File

@@ -0,0 +1,4 @@
!
end

158
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/convert.txt Normal file
View File

@@ -0,0 +1,158 @@
Die Zeilen mit zwei Ausrufezeichen sind besondere Zeilen. Diese markieren neue Abschnitte in der Datei.
Diese Zeilen müssen am Anfang einer Zeile stehen und dürfen keine Leerzeichen beinhalten.
Darüberhinaus sind alle Zeichen groß zu schreiben.
Als erstes muss !!ROUTER kommen, diese Zeile markiert den eigentlichen Anfang. Es passiert nichts bis !!VARIABLEN erscheint.
Ab dort erfolgt die Definition der Variablen.
Ab !!CONFIG kommt die eigentliche Konfiguration. Alle im Abschnitt !!VARIABLEN definierten Werte werden im Abschnitt !!CONFIG eingesetzt.
Ansonsten sind Zeilen die mit einem ! beginnen Kommentare (Cisco Syntax).
!!ROUTER
!!VARIABLEN
<HOSTNAME> = ICM-WSE-UAT
<TFTP_HOST_STRING> = tftp://10.101.2.113/x-confg
<INT_NAME> = f0/0
<INT_IP_MASK> = 192.168.1.2 255.255.255.248
!<INT_IP_MASK> = DHCP
<DEF_GW> = 192.168.1.1
<SNMP_READ> = con
<SNMP_WRITE> = 5NMP-Wr1t3-(0mm
<SYSLOG_FACILITY> = local1
<SYSLOG_SRC_INT> =
<SYSLOG_SEVERITY> = errors
<SYSLOG_SRV> = 10.101.2.113
<LOG_SEVERITY> = informational
<SOMMERZEITVONBIS> = Mar 31 2013 2:00 Oct 27 2013 2:00
<NTP_SRV1> = 90.200.31.21
<NTP_SRV2> = 90.200.31.23
! PTB NTP Server
! ntp server 192.53.103.103
! ntp server 192.53.103.108
! ntp server 192.53.103.104
<DOMAIN> = corp.conet.local
<ADM_PW> = LicherExport
<ENABLE_SECRET> = ensinus
! Netze/IPs zur Administration, AdminText, AdminNetz
<AT1> = extern 1
<AN1> = 195.20.133.6
<AT2> = extern 2
<AN2> = 212.202.166.58
<AT3> = Eschborner Ldstr 1
<AN3> = 192.168.88.0 0.0.0.255
<AT4> = Eschborner Ldstr 2
<AN4> = 172.23.210.0 0.0.0.255
<AT5> = Interxion
<AN5> = 88.205.102.128 0.0.0.127
<ATI> = Initial Netz
<ANI> = 192.1.1.0 0.0.0.255
!!CONFIG
boot network <TFTP_HOST_STRING>
hostname <HOSTNAME>
int <INT_NAME>
ip address <INT_IP_MASK>
no shut
ip route 0.0.0.0 0.0.0.0 <DEF_GW>
! snmp
snmp-server community <SNMP_READ> RO ACL_telnet_ssh_snmp
snmp-server community <SNMP_WRITE> RW ACL_telnet_ssh_snmp
! enable
no enable password
enable secret <ENABLE_SECRET>
! syslog
logging facility <SYSLOG_FACILITY>
logging source-interface <SYSLOG_SRC_INT>
logging <SYSLOG_SRV>
logging trap <SYSLOG_SEVERITY>
! lokales log
logging buffered 4096 <LOG_SEVERITY>
logging history <LOG_SEVERITY>
logging console <LOG_SEVERITY>
logging monitor <LOG_SEVERITY>
! ntp
clock timezone MEZ 1
clock summer-time MESZ date <SOMMERZEITVONBIS>
ntp server <NTP_SRV1> prefer
ntp server <NTP_SRV2>
! ssh
ip domain name <DOMAIN>
!crypto key generate rsa
!1024
!ip ssh ver 2
! login
username admin priv 15 pass <ADM_PW>
ip access-list standard ACL_telnet_ssh_snmp
remark <AT1>
permit <AN1>
remark <AT2>
permit <AN2>
remark <AT3>
permit <AN3>
remark <AT4>
permit <AN4>
remark <AT5>
permit <AN5>
remark <ATI>
permit <ANI>
line vty 0 4
session-timeout 60
access-class ACL_telnet_ssh_snmp in
exec-timeout 60 0
login local
transport input all
line con 0
login local
line aux 0
login local
! services
service tcp-keepalives-in
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
! domain-lookup
no ip domain-lookup
! http
no ip http server
no ip http secure-server
end

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/getit.conf Normal file
View File

@@ -0,0 +1,4 @@
!
end

94
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/network-confg Normal file
View File

@@ -0,0 +1,94 @@
!!CONFIG
boot network tftp://10.101.2.113/x-confg
hostname ICM-WSE-UAT
int f0/0
ip address 192.168.1.2 255.255.255.248
no shut
ip route 0.0.0.0 0.0.0.0 192.168.1.1
! snmp
snmp-server community con RO ACL_telnet_ssh_snmp
snmp-server community 5NMP-Wr1t3-(0mm RW ACL_telnet_ssh_snmp
! enable
no enable password
enable secret ensinus
! syslog
logging facility local1
logging 10.101.2.113
logging trap errors
! lokales log
logging buffered 4096 informational
logging history informational
logging console informational
logging monitor informational
! ntp
clock timezone MEZ 1
clock summer-time MESZ date Mar 31 2013 2:00 Oct 27 2013 2:00
ntp server 90.200.31.21 prefer
ntp server 90.200.31.23
! ssh
ip domain name corp.conet.local
!crypto key generate rsa
!1024
!ip ssh ver 2
! login
username admin priv 15 pass LicherExport
ip access-list standard ACL_telnet_ssh_snmp
remark extern 1
permit 195.20.133.6
remark extern 2
permit 212.202.166.58
remark Eschborner Ldstr 1
permit 192.168.88.0 0.0.0.255
remark Eschborner Ldstr 2
permit 172.23.210.0 0.0.0.255
remark Interxion
permit 88.205.102.128 0.0.0.127
remark Initial Netz
permit 192.1.1.0 0.0.0.255
line vty 0 4
session-timeout 60
access-class ACL_telnet_ssh_snmp in
exec-timeout 60 0
login local
transport input all
line con 0
login local
line aux 0
login local
! services
service tcp-keepalives-in
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
! domain-lookup
no ip domain-lookup
! http
no ip http server
no ip http secure-server
end

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/router-confg Normal file
View File

@@ -0,0 +1,4 @@
!
end

214
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/testconf Normal file
View File

@@ -0,0 +1,214 @@
!
! Last configuration change at 16:06:02 MEZ Fri Jan 18 2013 by admin
! NVRAM config last updated at 13:04:03 MEZ Mon Jan 14 2013 by admin
!
version 15.1
service tcp-keepalives-in
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
!
hostname ConC2921XTR2
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
logging console informational
logging monitor informational
enable secret 5 $1$klF6$XTb6PpNdazSglZHOZyU6h0
!
no aaa new-model
clock timezone MEZ 1
clock summer-time MESZ date Mar 31 2013 2:00 Oct 27 2013 2:00
!
no ipv6 cef
ip source-route
ip cef
!
!
ip multicast-routing
!
!
no ip domain lookup
ip domain name corp.conet.local
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn FHK1436F351
!
!
username admin privilege 15 password 7 1062001A0D12002E1414253930
!
!
ip ssh version 2
!
track 2 interface GigabitEthernet0/2 line-protocol
!
!
!
!
interface GigabitEthernet0/0
description Eurex01 CCP01 Xetra01 EurexMIC ZOS Member Lan
ip address 90.206.113.22 255.255.255.0 secondary
ip address 92.254.234.21 255.255.255.0 secondary
ip address 90.200.31.21 255.255.255.0
ip accounting output-packets
ip pim neighbor-filter DenyRtrB
ip pim sparse-mode
ip igmp access-group IGMP_ACC
duplex full
speed 1000
standby 25 ip 92.254.234.25
standby 25 priority 110
standby 25 preempt
standby 25 track 2 decrement 10
!
interface GigabitEthernet0/1
ip address 90.208.181.21 255.255.255.0
ip accounting output-packets
ip pim neighbor-filter DenyRtrB
ip pim sparse-mode
ip igmp join-group 224.0.50.224
ip igmp join-group 224.0.50.96
ip igmp access-group IGMP_ACC
duplex full
speed 1000
standby 181 ip 90.208.181.31
standby 181 priority 110
standby 181 preempt
standby 181 track 2 decrement 10
!
interface GigabitEthernet0/2
no ip address
duplex full
speed 100
!
interface GigabitEthernet0/2.90
description To Deutsche Boerse
encapsulation dot1Q 90
ip address 90.7.5.2 255.255.255.0
ip pim sparse-mode
!
interface GigabitEthernet0/2.92
encapsulation dot1Q 92
ip address 92.7.250.2 255.255.255.252
!
interface GigabitEthernet0/2.98
description For EMDI
encapsulation dot1Q 98
ip address 10.20.0.22 255.255.255.252
ip pim sparse-mode
!
interface GigabitEthernet0/2.99
description For DB Trading
encapsulation dot1Q 99
ip address 10.20.0.18 255.255.255.252
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface FastEthernet0/1/4
!
interface FastEthernet0/1/5
!
interface FastEthernet0/1/6
!
interface FastEthernet0/1/7
!
interface FastEthernet0/1/8
!
interface Vlan1
no ip address
!
!
router eigrp 56
network 90.0.0.0
network 92.0.0.0
auto-summary
!
router bgp 65222
no synchronization
bgp log-neighbor-changes
network 90.208.181.0 mask 255.255.255.0
neighbor 10.20.0.17 remote-as 12625
neighbor 10.20.0.17 description DB
neighbor 10.20.0.21 remote-as 12625
neighbor 10.20.0.21 description DB_EEMDI
neighbor 90.208.181.23 remote-as 65222
neighbor 90.208.181.23 next-hop-self
no auto-summary
!
ip forward-protocol nd
!
ip pim rp-address 193.29.89.252 emdi_simu_A
ip pim rp-address 193.29.95.252 EbsA
ip pim rp-address 193.29.93.252 XEbsA
ip pim rp-address 193.29.91.252 emdi_prod_A
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 90.200.31.230
!
ip access-list standard ACL_telnet_ssh_snmp
remark alle
permit any log
ip access-list standard DenyRtrB
deny any
ip access-list standard EbsA
permit 224.0.29.0 0.0.0.255
permit 233.49.81.0 0.0.0.127
ip access-list standard IGMP_ACC
permit 224.0.46.0 0.0.0.255
permit 224.0.48.0 0.0.0.255
permit 224.0.50.0 0.0.0.127
permit 224.0.29.0 0.0.0.255
permit 233.49.81.0 0.0.0.127
ip access-list standard XEbsA
permit 224.0.46.0 0.0.0.255
permit 224.0.48.0 0.0.0.255
ip access-list standard emdi_prod_A
permit 224.0.50.0 0.0.0.63
permit 224.0.50.64 0.0.0.15
ip access-list standard emdi_simu_A
permit 224.0.50.80 0.0.0.15
permit 224.0.50.96 0.0.0.31
!
logging history informational
logging trap errors
logging facility local1
logging 10.101.2.113
!
!
snmp-server community con RO ACL_telnet_ssh_snmp
snmp-server community 5NMP-Wr1t3-(0mm RW ACL_telnet_ssh_snmp
!
control-plane
!
!
line con 0
login local
line aux 0
login local
line vty 0 4
session-timeout 60
access-class ACL_telnet_ssh_snmp in
exec-timeout 60 0
login local
transport input all
!
scheduler allocate 20000 1000
ntp server 212.82.32.15
ntp peer 90.200.31.23
ntp server 192.53.103.104 prefer
ntp server 192.53.103.108
end

9
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/update.txt Normal file
View File

@@ -0,0 +1,9 @@
conf t
int d18
disable
speed-duplex 100-full
int d19
disable
speed-duplex 100-full

4
LinuxServerTools/konfiguration_per_tftp/-srv-tftp/x-confg Normal file
View File

@@ -0,0 +1,4 @@
!
end

2
LinuxServerTools/konfiguration_per_tftp/RouterConfig/CreateNetworkTemplateForTFTP.sh Normal file
View File

@@ -0,0 +1,2 @@
perl convert.pl /srv/tftp/convert.txt /srv/tftp/network-confg

3
LinuxServerTools/konfiguration_per_tftp/RouterConfig/EditNetworkTemplateForTFTP.sh Normal file
View File

@@ -0,0 +1,3 @@
vi /srv/tftp/convert.txt
./CreateNetworkTemplateForTFTP.sh

185
LinuxServerTools/konfiguration_per_tftp/RouterConfig/StartTftpDownload.pl Normal file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/perl
use strict;
use warnings;
use Net::SNMP;
my $i=@ARGV;
die "\nZu wenige Parameter!\n\nStartTftpDownload.pl <Router-IP> <TFTP-IP> <community> <Source> <Destination> <File>\n
Source
1: networkFile
3: startupConfig
4: runningConfig
Destination
1: networkFile
3: startupConfig
4: runningConfig
Example
C:\\>StartTftpDownload.pl 172.23.210.151 172.23.210.222 5NMP-Wr1t3-(0mm 1 4 getit.conf
" if $i<6;
print "\n";
my $ROUT = $ARGV[0];
my $TFTP = $ARGV[1];
my $COMM = $ARGV[2];
my $SOUR = $ARGV[3];
my $DEST = $ARGV[4];
my $FILE = $ARGV[5];
print "\nOpen SNMP session\n";
my ($session, $error) = Net::SNMP->session(
-hostname => $ROUT,
-version => 'snmpv2',
-community => $COMM,
);
if (!defined $session) {
printf "ERROR: %s.\n", $error;
exit 1;
}
print "Send SNMP set requests\n";
my $SES=".111";
my $OID="1.3.6.1.4.1.9.9.96.1.1.1.1.2" . $SES;
$session->set_request(-varbindlist => [ $OID, INTEGER, '1' ], ); #The ConfigCopyProtocol is set to TFTP
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.3" . $SES;
$session->set_request(-varbindlist => [ $OID, INTEGER, $SOUR ], ); #Set the SourceFileType to networkfile #running-config
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.4" . $SES;
$session->set_request(-varbindlist => [ $OID, INTEGER, $DEST ], ); #Set the DestinationFileType to running-config #networkfile
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.5" . $SES;
$session->set_request(-varbindlist => [ $OID, IPADDRESS, $TFTP ], ); #Sets the ServerAddress to the IP address of the TFTP server
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.6" . $SES;
$session->set_request(-varbindlist => [ $OID, OCTET_STRING, $FILE ], ); #Sets the CopyFilename to your desired file name.
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.14" . $SES;
$session->set_request(-varbindlist => [ $OID, INTEGER, '1' ], ); #Sets the CopyStatus to active which starts the copy process.
$OID="1.3.6.1.4.1.9.9.96.1.1.1.1.14" . $SES;
$session->set_request(-varbindlist => [ $OID, INTEGER, '6' ], ); #Sets the CopyStatus to delete which cleans all saved informations out of the MIB
exit;
print "Finished\n";
#
#ccConfigCopyProtocol
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.2
#Type: INTEGER
#Options:tftp(1)
#ftp(2)
#rcp(3)
#scp(4)
#sftp(5)
#Description: Defines whicn protocol is used for the copy process. TFTP is default
#ccCopySourceFileType
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.3
#Type: INTEGER
#Options: networkFile(1)
#iosFile(2)
#startupConfig(3)
#runningConfig(4)
#terminal(5)
#Descripton: Defines the source. Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType.
#ccCopyDestFileType
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.4
#Type: INTEGER
#Options: networkFile(1)
#iosFile(2)
#startupConfig(3)
#runningConfig(4)
#terminal(5)
#Description: Defines the destination.Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType.
#ccCopyServerAddress
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.5
#Type: IP Address
#Description: Sets the address of the server to which the file will be copied to. Values like 0.0.0.0 or FF.FF.FF.FF are not allowed for this OID.
#ccCopyFileName
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.6
#Type: STRING
#Description: Sets the name of the destination or source file. This OID has to be set as far as the destination or sourceFileType are set to networkFile or iosFile.
#ccCopyUserName
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.7
#Type: STRING
#Description: Sets a username for FTP, RCP, SFTP or SCP. This will overwrite the user name which might have been set over the rcmd remote-username <username> command if RCP is used as protocol.
#ccCopyUserPassword
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.8
#Type: STRING
#Description: Sets the password for FTP, RCP, SFTP or SCP
#ccCopyNotificationOnCompletion
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.9
#Type: INTEGER
#Description: Defines if a notification has to be sent after the process has ended.
#ccCopyState
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.10
#Type: INTEGER
#Options: waiting(1)
#running(2)
#successful(3)
#failed(4)
#Description: Shows the copy process status. This value will be set after the COPYEntryRowStatus has been set to active.
#ccCopyTimeStarted
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.11
#Type: TimeStamp
#Description: Shows the last start time of the process or zero if the process never changed the status to running.
#ccCopyTimeCompleted
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.12
#Type: TimeStamp
#Description: Shows the last time after the process changed from running to successful or failed.
#ccCopyFailCause
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.13
#Type: INTEGER
#Options: unknown(1)
#badFileName(2)
#timeout(3)
#noMem(4)
#noConfig(5)
#unsupportedProtocol(6)
#someConfigApplyFailed(7)
#Description: Shows why the process failed
#ccCopyEntryRowStatus
#OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.14
#Type: INTEGER
#Options: active(1)
#notInService(2)
#createAndGo(4)
#createAndWait(5)
#destroy(6)
#Description: Shows the process status
#

73
LinuxServerTools/konfiguration_per_tftp/RouterConfig/convert.pl Normal file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/perl
$i=@ARGV;
die "Zu wenige Parameter!\nconvert.pl <Eingabedatei> <Ausgabedatei>" if $i<2;
print "\n";
print "Eingabedatei $ARGV[0]\n";
print "Ausgabedatei $ARGV[1]\n";
open IN, "<$ARGV[0]";
open OUT, ">$ARGV[1]";
@INF=<IN>;
foreach (@INF) {
chomp;
router() if ($_ =~ /^!!ROUTER/);
router() if ($_ =~ /^!!SWITCH/);
router() if ($_ =~ /^!!FIREWALL/);
}
close IN;
close OUT;
sub router {
$read_v=0;
# Variablen lesen
foreach (@INF) {
$read_v=1 if ($_ =~ /^!!VARIABLEN/);
last if ($_ =~ /^!!CONFIG/);
next if ($_ =~ /^!/);
read_var($_) if ($read_v);
}
# Konfig lesen
$read_c=0;
foreach (@INF) {
chomp;
$read_c=1 if ($_ =~ /^!!CONFIG/);
if ($read_c) {
if($_ =~ /<.*>/) {
($vn)=$_=~/(<.*>)/;
$_ =~ s/$vn/$VARS{$vn}/;
next if ($VARS{$vn} eq "");
}
# und schreiben
printf OUT "$_\n";
}
}
# hostname-confg erstellen
($pfad,$file)=$ARGV[1]=~/(.*)\/([^\/]*)$/;
$hostname=$pfad.'/'.$VARS{'<HOSTNAME>'}.'-confg';
print "Ausgabedatei 2 $hostname\n";
open HN, ">$hostname";
printf HN "\n!\nend\n\n";
close HN;
}
sub switch {
}
sub firewall {
}
sub read_var {
$l=$_[0];
if ($l=~ /<.*>.*=.*/) {
($vn, $vv) = $l =~/(<.*>).*=[\s]*(.*)/;
$VARS{$vn}=$vv;
}
}

8
LinuxServerTools/rancid/Patches/coredumpinfo ausblenden.txt Normal file
View File

@@ -0,0 +1,8 @@
In /home/rancid/lib/rancid/ios.pm
Zeile mit regex anpassen (coredumpinfo hinzufügen)
# Drop these files entirely.
/\s+(private-multiple-fs|multiple-fs|LISP-MapCache-IPv\S+|nv_hdri|coredumpinfo.*)$/ &&
next;
ProcessHistory("FLASH","","","!Flash: $_");

38
LinuxServerTools/rancid/Patches/emails farbig.txt Normal file
View File

@@ -0,0 +1,38 @@
Um Änderungen in den versendeten Emails farblich zu Kennzeichen muss das Skript /home/rancid/bin/control-rancid angepasst werden
Hier nach suchen
# Mail out the diffs (if there are any).
So anpassen
# Mail out the diffs (if there are any).
if [ -s $TMP.diff ] ; then
sed -e 's!^\+\(.*\)$!<span style=color:GREEN>+\1</span>!' $TMP.diff > /tmp/diff1
sed -e 's!^\-\(.*\)$!<span style=color:RED>-\1</span>!' /tmp/diff1 > /tmp/diff2
sed -e 's!\(.*\)$!\1<br>!' /tmp/diff2 > /tmp/diff3
cat /tmp/diff3 > $TMP.diff
MAXSZ=${MAILSPLIT:=0}
if [ $MAXSZ -ne 0 ] ; then
BLOCKSIZE=1024; export BLOCKSIZE
tmpk=`perl -e "my(@S) = stat(\"$TMP.diff\"); print int(\\$S[7] / 1024);"`
unset BLOCKSIZE
if [ $tmpk -lt $MAXSZ ] ; then
MAXSZ=0
fi
fi
if [ $MAXSZ -eq 0 ] ; then
(
echo "To: $mailrcpt"
echo "Subject: $subject"
echo "Mime-Version: 1.0"
echo "Content-type: text/html"
echo "Content-transfer-encoding: 8bit"
echo "$MAILHEADERS" | awk '{L = "";LN = $0;while (LN ~ /\\n/) { I = index(LN,"\\n");L = L substr(LN,0,I-1) "\n";LN = substr(LN,I+2,length(LN)-I-1);}print L LN;}'
echo ""
echo "<html><body>"
cat $TMP.diff
echo "</body></html>"
) | /usr/sbin/sendmail -oi -t $MAILOPTS
else
Damit wird dafür gesorgt das Neue Zeilen grün und gelöschte Zeilen rot dargestellt werden. Das erhöht die Lesbarkeit enorm.

5
LinuxServerTools/rancid/Patches/shunning ausblenden.txt Normal file
View File

@@ -0,0 +1,5 @@
In /home/rancid/etc/rancid.types.base
Zeile anpassen
#cisco;command;ios::ShowShun;show shun;ASA/PIX

21
LinuxServerTools/ssh port forwarding Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
echo
echo
echo Verbindung zu 10.101.2.113:80 via localhost:80
echo Verbindung zu 10.101.2.113:88 via localhost:88
echo Verbindung zu 10.101.2.113:22 via localhost:222
echo
echo http://localhost/
echo
echo \$ssh -l root localhost -p 222
echo \$rancid
echo
echo
i=1
while [ $i=1 ]
do
sudo ssh -l root -L 80:10.101.2.113:80 -L 88:10.101.2.113:88 -L 222:10.101.2.113:22 -L 1000:10.101.2.113:10000 10.1.1.3
sleep 60
done