### 1. Automated Log File Archiver & Rotator **Core Functionality:** - [x] Create a script file `log-archiver.sh`. - [x] Define variables for the target log file and the backup directory. - [x] Use the `date` command to create a timestamp for the backup file. - [x] Use `mkdir -p` to ensure the backup directory exists. - [x] Use `gzip -c` to compress the log file and redirect the output to the new backup file. - [x] Use `> $LOG_FILE` to safely clear the contents of the original log file. - [x] Add `echo` statements to report what the script is doing. **Enhancements & Features:** - [x] **Argument Parsing:** Modify the script to accept the log file path as a command-line argument instead of being hardcoded. - [x] **Root Check:** Add a check at the beginning to ensure the script is run with `sudo` or as the root user. - [x] **Error Handling:** Use `set -e` to make the script exit immediately if a command fails. Add a check to ensure the provided log file actually exists. - [ ] **Configuration File:** Move variables like `BACKUP_DIR` to an external `/etc/log-archiver.conf` file. - [ ] **Automated Cleanup:** Add a feature to automatically delete backups older than a specified number of days (e.g., 90 days). --- ### 2. Command-Line System Health Dashboard **Core Functionality:** - [ ] Create a script file `sys-health.sh`. - [ ] Use `echo` to create clear headers for each section (Memory, Disk, etc.). - [ ] Use the `free -h` command to display memory usage. - [ ] Use the `df -h /` command to display root disk usage. - [ ] Use the `uptime` command to show how long the system has been running. - [ ] Use the `who` or `users` command to list logged-in users. **Enhancements & Features:** - [ ] **Color Coding:** Use ANSI escape codes or `tput` to color-code output. For example, print disk usage in red if it's over 90%. - [ ] **More Metrics:** Add sections for CPU load (from `uptime`) and the number of running processes (`ps aux | wc -l`). - [ ] **Live Refresh:** Wrap the main logic in a `while true` loop with a `sleep` and `clear` command to create a live-updating dashboard. - [ ] **Command-Line Flags:** Add flags to show or hide specific sections (e.g., `./sys-health.sh --no-users`). --- ### 3. Failed Login Attempt Analyzer **Core Functionality:** - [ ] Create a script file `auth-analyzer.sh`. - [ ] Identify the correct authentication log file for the system (`/var/log/auth.log` or `/var/log/secure`). - [ ] Use `grep` to filter for lines containing "Failed password". - [ ] Use `awk` to extract the IP address from each matching line. - [ ] Use a `sort | uniq -c | sort -nr` pipeline to count and rank the IPs. - [ ] Use `head` to display the top 10 results. **Enhancements & Features:** - [ ] **Alerting:** If any single IP has more than a set number of failures (e.g., 20), send an email alert. - [ ] **Automatic Blocking:** Add a `--block` flag that uses `iptables` or `ufw` to automatically block the top offending IP. (Use with extreme caution!). - [ ] **IP Geolocation:** Use a command-line tool or a free API to look up the country of origin for the top IPs. - [ ] **Date Filtering:** Add an option to only analyze logs from the current day. --- ### 4. Simple Network Port Scanner **Core Functionality:** - [ ] Create a script file `port-scanner.sh`. - [ ] Accept a target IP address as the first command-line argument. - [ ] Create an array or a space-separated string of common ports to check (e.g., 21, 22, 80, 443). - [ ] Use a `for` loop to iterate through the list of ports. - [ ] Inside the loop, use the `bash` built-in `/dev/tcp/host/port` to attempt a connection. - [ ] Check the exit code (`$?`) of the connection attempt to determine if the port is open. **Enhancements & Features:** - [ ] **Port Ranges:** Allow the user to specify a port range (e.g., `1-1024`) instead of just the hardcoded list. - [ ] **Service Banners:** For open ports, print the common service name (e.g., "80/tcp - HTTP"). - [ ] **Timeout:** Wrap the connection attempt in the `timeout` command to prevent the script from hanging on filtered ports. - [ ] **Verbose Mode:** Add a `-v` flag to show closed/filtered ports as well as open ones. --- ### 5. Interactive User Management Utility **Core Functionality:** - [ ] Create a script file `user-manager.sh`. - [ ] Check for root privileges at the start. - [ ] Use `echo` to display a menu with options (1. Add User, 2. Delete User, 3. List Users, 4. Exit). - [ ] Use a `case` statement to handle the user's choice. - [ ] Use `read` to prompt for usernames. - [ ] Execute the appropriate commands (`useradd`, `userdel`, `cut -d: -f1 /etc/passwd`). **Enhancements & Features:** - [ ] **Looping Menu:** Wrap the menu in a `while` loop so it continues to display after an action is completed, until the user chooses to exit. - [ ] **More Options:** Add menu items for locking a user (`usermod -L`), unlocking a user (`usermod -U`), and forcing a password change. - **Input Validation:** Before deleting a user, check if the user actually exists. - **Password Generation:** When adding a user, automatically generate a random password and display it to the administrator. --- ### 6. File Integrity Monitor **Core Functionality:** - [ ] Create a script file `fim.sh`. - [ ] Implement an `--init` mode to create a baseline. - [ ] In init mode, use `find` and `sha256sum` to record the checksums of all files in a target directory (e.g., `/etc`) into a `baseline.txt` file. - [ ] Implement a `check` mode (the default behavior). - [ ] In check mode, generate a new list of checksums and compare it against `baseline.txt` using `diff`. - [ ] Report whether changes were detected or not. **Enhancements & Features:** - [ ] **Exclusion List:** Create a `.fimignore` file where you can list files or directories to be ignored during the scan. - [ ] **Better Reporting:** Parse the `diff` output to give clean reports like "MODIFIED: /etc/passwd" or "ADDED: /etc/newfile.conf". - [ ] **Email Alerts:** If a change is detected, send an email notification to the system administrator. - [ ] **Cron Automation:** Provide instructions in the README on how to set up a cron job to run the check automatically every hour or day. --- ### 7. Web Server Log Aggregator **Core Functionality:** - [ ] Create a script file `weblog-analyzer.sh`. - [ ] Accept the path to an access log as an argument. - [ ] Use `awk`, `sort`, `uniq`, and `head` to find and display the top 10 most frequent IP addresses. - [ ] Use `awk`, `sort`, `uniq`, and `head` to find and display the top 10 most requested URLs. **Enhancements & Features:** - [ ] **HTTP Status Codes:** Add a section to summarize HTTP response codes (e.g., 200s, 404s, 500s). - [ ] **User-Agent Analysis:** Add a feature to search for and flag requests from common security scanners (like `sqlmap`, `nmap`, `nikto`). - [ ] **Date Filtering:** Add flags to analyze entries only from a specific date or time range. - [ ] **HTML Reports:** Add an option to generate a simple HTML file with the report for easier viewing. --- ### 8. Automated SSH Configuration Hardening **Core Functionality:** - [ ] Create a script file `ssh-harden.sh`. - [ ] Check for root privileges. - [ ] **Crucially, create a timestamped backup of `/etc/ssh/sshd_config` before making any changes.** - [ ] Use `sed` to find and replace key parameters to enforce best practices (e.g., set `PermitRootLogin no`). - [ ] After making changes, restart the SSH service to apply them. **Enhancements & Features:** - [ ] **Audit Mode:** Add a `--check` flag that only reports on non-compliant settings without actually changing them. - [ ] **Idempotency:** Before changing a setting, check its current value. If it's already compliant, do nothing. This makes the script safe to run multiple times. - [ ] **More Rules:** Expand the script to check for other important settings like `PasswordAuthentication`, `X11Forwarding`, `AllowUsers`, etc. - [ ] **Interactive Mode:** Add an `--interactive` flag that prompts the admin for confirmation before applying each change. --- ### 9. Simple Network Honeypot Logger **Core Functionality:** - [ ] Create a script file `honeypot.sh`. - [ ] Define a port to listen on and a log file path. - [ ] Use a `while true` loop to ensure the listener restarts after a connection closes. - [ ] Use `netcat` (`nc -l -p `) to listen for incoming connections. - [ ] Pipe all output from the `nc` command to a log file, appending the data. - [ ] Log the date and time of each connection attempt. **Enhancements & Features:** - [ ] **Fake Banners:** Before the `nc` command, `echo` a convincing fake banner (e.g., "Cisco IOS Login:") to entice attackers and log their interactions. - [ ] **Run as a Service:** Provide instructions or a helper function to run the script as a detached background process. - [ ] **Source IP Logging:** Ensure the source IP of the connection is reliably logged for every attempt. - [ ] **Real-time Alerting:** When a connection is detected, trigger an immediate notification (e.g., via email or a local `wall` message). --- ### 10. SSL/TLS Certificate Expiry Checker **Core Functionality:** - [ ] Create a script file `cert-check.sh`. - [ ] Accept a domain name as a command-line argument. - [ ] Use `openssl s_client` piped to `openssl x509` to get the certificate's expiration date. - [ ] Parse the expiration date string. - [ ] Use the `date` command to calculate the number of days remaining until the certificate expires. - [ ] Print a human-readable summary of the result. **Enhancements & Features:** - [ ] **Batch Processing:** Allow the script to read a list of domains from a text file and check all of them. - [ ] **Warning Threshold:** Set a threshold (e.g., 30 days) and print a prominent warning if a certificate is expiring soon. The script should exit with a non-zero status code in this case for easier automation. - [ ] **CSV/JSON Output:** Add a flag to output the results in a machine-readable format like CSV or JSON. - [ ] **More Certificate Details:** Add options to also display the certificate issuer, subject, and signature algorithm.