blakeridgway/shell_ideas
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
3 commits 1 branch 0 tags 33 KiB
Find a file
Blake Ridgway 7656375feb docs: marked off two completed items
2025-06-15 13:05:33 -05:00
README.md docs: marked off two completed items 2025-06-15 13:05:33 -05:00

README.md

1. Automated Log File Archiver & Rotator

Core Functionality:

  • Create a script file log-archiver.sh.
  • Define variables for the target log file and the backup directory.
  • Use the date command to create a timestamp for the backup file.
  • Use mkdir -p to ensure the backup directory exists.
  • Use gzip -c to compress the log file and redirect the output to the new backup file.
  • Use > $LOG_FILE to safely clear the contents of the original log file.
  • Add echo statements to report what the script is doing.

Enhancements & Features:

  • Argument Parsing: Modify the script to accept the log file path as a command-line argument instead of being hardcoded.
  • Root Check: Add a check at the beginning to ensure the script is run with sudo or as the root user.
  • Error Handling: Use set -e to make the script exit immediately if a command fails. Add a check to ensure the provided log file actually exists.
  • Configuration File: Move variables like BACKUP_DIR to an external /etc/log-archiver.conf file.
  • Automated Cleanup: Add a feature to automatically delete backups older than a specified number of days (e.g., 90 days).

2. Command-Line System Health Dashboard

Core Functionality:

  • Create a script file sys-health.sh.
  • Use echo to create clear headers for each section (Memory, Disk, etc.).
  • Use the free -h command to display memory usage.
  • Use the df -h / command to display root disk usage.
  • Use the uptime command to show how long the system has been running.
  • Use the who or users command to list logged-in users.

Enhancements & Features:

  • Color Coding: Use ANSI escape codes or tput to color-code output. For example, print disk usage in red if it's over 90%.
  • More Metrics: Add sections for CPU load (from uptime) and the number of running processes (ps aux | wc -l).
  • Live Refresh: Wrap the main logic in a while true loop with a sleep and clear command to create a live-updating dashboard.
  • Command-Line Flags: Add flags to show or hide specific sections (e.g., ./sys-health.sh --no-users).

3. Failed Login Attempt Analyzer

Core Functionality:

  • Create a script file auth-analyzer.sh.
  • Identify the correct authentication log file for the system (/var/log/auth.log or /var/log/secure).
  • Use grep to filter for lines containing "Failed password".
  • Use awk to extract the IP address from each matching line.
  • Use a sort | uniq -c | sort -nr pipeline to count and rank the IPs.
  • Use head to display the top 10 results.

Enhancements & Features:

  • Alerting: If any single IP has more than a set number of failures (e.g., 20), send an email alert.
  • Automatic Blocking: Add a --block flag that uses iptables or ufw to automatically block the top offending IP. (Use with extreme caution!).
  • IP Geolocation: Use a command-line tool or a free API to look up the country of origin for the top IPs.
  • Date Filtering: Add an option to only analyze logs from the current day.

4. Simple Network Port Scanner

Core Functionality:

  • Create a script file port-scanner.sh.
  • Accept a target IP address as the first command-line argument.
  • Create an array or a space-separated string of common ports to check (e.g., 21, 22, 80, 443).
  • Use a for loop to iterate through the list of ports.
  • Inside the loop, use the bash built-in /dev/tcp/host/port to attempt a connection.
  • Check the exit code ($?) of the connection attempt to determine if the port is open.

Enhancements & Features:

  • Port Ranges: Allow the user to specify a port range (e.g., 1-1024) instead of just the hardcoded list.
  • Service Banners: For open ports, print the common service name (e.g., "80/tcp - HTTP").
  • Timeout: Wrap the connection attempt in the timeout command to prevent the script from hanging on filtered ports.
  • Verbose Mode: Add a -v flag to show closed/filtered ports as well as open ones.

5. Interactive User Management Utility

Core Functionality:

  • Create a script file user-manager.sh.
  • Check for root privileges at the start.
  • Use echo to display a menu with options (1. Add User, 2. Delete User, 3. List Users, 4. Exit).
  • Use a case statement to handle the user's choice.
  • Use read to prompt for usernames.
  • Execute the appropriate commands (useradd, userdel, cut -d: -f1 /etc/passwd).

Enhancements & Features:

  • Looping Menu: Wrap the menu in a while loop so it continues to display after an action is completed, until the user chooses to exit.
  • More Options: Add menu items for locking a user (usermod -L), unlocking a user (usermod -U), and forcing a password change.
  • Input Validation: Before deleting a user, check if the user actually exists.
  • Password Generation: When adding a user, automatically generate a random password and display it to the administrator.

6. File Integrity Monitor

Core Functionality:

  • Create a script file fim.sh.
  • Implement an --init mode to create a baseline.
  • In init mode, use find and sha256sum to record the checksums of all files in a target directory (e.g., /etc) into a baseline.txt file.
  • Implement a check mode (the default behavior).
  • In check mode, generate a new list of checksums and compare it against baseline.txt using diff.
  • Report whether changes were detected or not.

Enhancements & Features:

  • Exclusion List: Create a .fimignore file where you can list files or directories to be ignored during the scan.
  • Better Reporting: Parse the diff output to give clean reports like "MODIFIED: /etc/passwd" or "ADDED: /etc/newfile.conf".
  • Email Alerts: If a change is detected, send an email notification to the system administrator.
  • Cron Automation: Provide instructions in the README on how to set up a cron job to run the check automatically every hour or day.

7. Web Server Log Aggregator

Core Functionality:

  • Create a script file weblog-analyzer.sh.
  • Accept the path to an access log as an argument.
  • Use awk, sort, uniq, and head to find and display the top 10 most frequent IP addresses.
  • Use awk, sort, uniq, and head to find and display the top 10 most requested URLs.

Enhancements & Features:

  • HTTP Status Codes: Add a section to summarize HTTP response codes (e.g., 200s, 404s, 500s).
  • User-Agent Analysis: Add a feature to search for and flag requests from common security scanners (like sqlmap, nmap, nikto).
  • Date Filtering: Add flags to analyze entries only from a specific date or time range.
  • HTML Reports: Add an option to generate a simple HTML file with the report for easier viewing.

8. Automated SSH Configuration Hardening

Core Functionality:

  • Create a script file ssh-harden.sh.
  • Check for root privileges.
  • Crucially, create a timestamped backup of /etc/ssh/sshd_config before making any changes.
  • Use sed to find and replace key parameters to enforce best practices (e.g., set PermitRootLogin no).
  • After making changes, restart the SSH service to apply them.

Enhancements & Features:

  • Audit Mode: Add a --check flag that only reports on non-compliant settings without actually changing them.
  • Idempotency: Before changing a setting, check its current value. If it's already compliant, do nothing. This makes the script safe to run multiple times.
  • More Rules: Expand the script to check for other important settings like PasswordAuthentication, X11Forwarding, AllowUsers, etc.
  • Interactive Mode: Add an --interactive flag that prompts the admin for confirmation before applying each change.

9. Simple Network Honeypot Logger

Core Functionality:

  • Create a script file honeypot.sh.
  • Define a port to listen on and a log file path.
  • Use a while true loop to ensure the listener restarts after a connection closes.
  • Use netcat (nc -l -p <port>) to listen for incoming connections.
  • Pipe all output from the nc command to a log file, appending the data.
  • Log the date and time of each connection attempt.

Enhancements & Features:

  • Fake Banners: Before the nc command, echo a convincing fake banner (e.g., "Cisco IOS Login:") to entice attackers and log their interactions.
  • Run as a Service: Provide instructions or a helper function to run the script as a detached background process.
  • Source IP Logging: Ensure the source IP of the connection is reliably logged for every attempt.
  • Real-time Alerting: When a connection is detected, trigger an immediate notification (e.g., via email or a local wall message).

10. SSL/TLS Certificate Expiry Checker

Core Functionality:

  • Create a script file cert-check.sh.
  • Accept a domain name as a command-line argument.
  • Use openssl s_client piped to openssl x509 to get the certificate's expiration date.
  • Parse the expiration date string.
  • Use the date command to calculate the number of days remaining until the certificate expires.
  • Print a human-readable summary of the result.

Enhancements & Features:

  • Batch Processing: Allow the script to read a list of domains from a text file and check all of them.
  • Warning Threshold: Set a threshold (e.g., 30 days) and print a prominent warning if a certificate is expiring soon. The script should exit with a non-zero status code in this case for easier automation.
  • CSV/JSON Output: Add a flag to output the results in a machine-readable format like CSV or JSON.
  • More Certificate Details: Add options to also display the certificate issuer, subject, and signature algorithm.