Scripts – Linux host

cg -g ip. IP from list in txt file:

for ip in $(cat ips.txt); do csf -g “$ip”; done
OR
while read ip; do csf -g “$ip”; done < ips.txt
=================================================
Whitelist IPs in server:

#!/bin/bash

# Define the list of IP addresses
ips=(
“89.187.188.227”
“89.187.188.228”
“109.61.89.58”

)

# Allow the specified IP addresses
for ip in “${ips[@]}”; do
ufw allow from $ip to any
done

# Reload UFW rules
ufw reload

# Display the UFW rules
ufw status

# Exit the script
exit 0

=================================================
Run a command “grep -oE “\b([0-9]{1,3}\.){3}[0-9]{1,3}\b” access.log | sort | uniq -c | sort -rn | head -10″ for all access log files under /sites/*/logs folder :

for log_file in /sites/*/logs/access.log; do echo “=== $log_file ===”; grep -oE “\b([0-9]{1,3}\.){3}[0-9]{1,3}\b” “$log_file” | sort | uniq -c | sort -rn | head -10; done

Find largest files under /sites folder:
find /sites -type f -exec du -Sh {} + | sort -rh | head -n 10
=================================================
#bash script to monitor and send email notification with logs if cron jobs fail in Linux server

#!/bin/bash
# Set the email address to receive notifications
email=your_email_address
# Loop through the cron jobs
for cronjob in $(ls /etc/cron.* | grep -v “deny”); do
# Check if the cron job has any errors
if [ -s “${cronjob}.error” ]; then
# Create a log of the error
error_log=$(cat “${cronjob}.error”)
# Send an email notification with the error log
echo -e “Subject: Cron job failure in Linux server\n\nCron job $cronjob failed with the following error:\n$error_log” | sendmail $email
fi
done
=================================================
Create backup of /sites/*/files folder:

#!/bin/bash

backup_dir=”/path/to/backup/directory” # Replace with the path where you want to store the backup files

# Ensure the backup directory exists
mkdir -p “$backup_dir”

# Loop through all /sites/*/files folders
for files_folder in /sites/*/files; do
if [ -d “$files_folder” ]; then
site_name=$(basename “$(dirname “$files_folder”)”)
backup_file=”${site_name}_$(date +’%b%d_%Y’).zip”
zip -r “$backup_dir/$backup_file” “$files_folder”
echo “Backup created for $site_name: $backup_file”
fi
done

echo “Backup process completed.”
=================================================

#bash script to monitor and send email notification if cron jobs fail in Linux server
#!/bin/bash

# Set up email parameters
to=”your_email@example.com”
subject=”Cron job failure on $(hostname)”

# Check the exit status of all cron jobs
for cron_job in $(ls /var/spool/cron/); do
status=$(grep -E ‘^([^ ]+ ){5}/usr/bin/run-parts –report /etc/cron.hourly’ /var/log/syslog | tail -1 | awk ‘{print $NF}’)
if [ $status != “0” ]; then
message=”Cron job $cron_job has failed with exit status $status.”
echo $message | mail -s “$subject” $to
fi
done
=================================================
#UIninstall Maldet manually:
#!/usr/bin/env bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
echo “This will completely remove Linux Malware Detect from your server including all quarantine data!”
echo -n “Would you like to proceed? “
read -p “[y/n] ” -n 1 Z
echo
if [ “$Z” == “y” ] || [ “$Z” == “Y” ]; then
if [ “$OSTYPE” != “FreeBSD” ]; then
if test `cat /proc/1/comm` = “systemd”
then
systemctl disable maldet.service
systemctl stop maldet.service
rm -f /usr/lib/systemd/system/maldet.service
systemctl daemon-reload
else
maldet -k
if [ -f /etc/redhat-release ]; then
/sbin/chkconfig maldet off
/sbin/chkconfig maldet –del
elif [ -f /etc/debian_version ] || [ -f /etc/lsb-release ]; then
update-rc.d -f maldet remove
elif [ -f /etc/gentoo-release ]; then
rc-update del maldet default
elif [ -f /etc/slackware-version ]; then
rm -f /etc/rc.d/rc3.d/S70maldet
rm -f /etc/rc.d/rc4.d/S70maldet
rm -f /etc/rc.d/rc5.d/S70maldet
else
/sbin/chkconfig maldet off
/sbin/chkconfig maldet –del
fi
rm -f /etc/init.d/maldet
fi
fi
rm -rf /usr/local/maldetect* /etc/cron.d/maldet_pub /etc/cron.daily/maldet /usr/local/sbin/maldet /usr/local/sbin/lmd
clamav_paths=”/usr/local/cpanel/3rdparty/share/clamav/ /var/lib/clamav/ /var/clamav/ /usr/share/clamav/ /usr/local/share/clamav”
for cpath in $clamav_paths; do
rm -f $cpath/rfxn.* $cpath/lmd.user.*
done
echo “Linux Malware Detect has been uninstalled.”
else
echo “You selected No or provided an invalid confirmation, nothing has been done!”
=================================================
#match mx record to an input value
#!/bin/bash

# File containing list of domains
domain_list=”domains.txt”

# Specified MX record
specified_mx_record=”mx1.spamfiltering.com”
specified_mx_record1=”mx1.spamfiltering.com”

# Loop through each domain in the list
while read domain; do
# Get MX record for domain
mx_record=$(dig MX $domain +short)

# Check if MX record matches specified MX record
if [ “$mx_record” == “$specified_mx_record” ]; then
echo “$domain: MX record matches”
else
echo “$domain: MX record does not match”
fi
done < $domain_list

# Compare the MX record to an input value
if [ “$mx_record” == “input_mx” ]; then
echo “MX record matches input value.”
# Get the IP address of the MX record
mx_ip=$(dig A $mx_record +short)
echo “MX IP: $mx_ip”
if [ “$mx_ip” == “input_ip” ]; then
echo “MX IP matches input value.”
exit 0
else
echo “MX IP does not match input value.”
exit 1
fi
else
echo “MX record does not match input value.”
exit 1
fi
=================================================
WordPress clear cache when page is saved using api (spinupwp):
This code adds an action hook to the save_post hook in WordPress. When the hook is triggered, the purge_page_cache_on_save_post function is executed.
The function checks if the post type is a page, makes a POST request to the API to purge the cache for the specific page, and logs the response.
function purge_page_cache_on_save_post($post_id) {
$post = get_post($post_id);
if ($post->post_type === ‘page’) {
# Set the API endpoint URL
$api_url = ‘https://api.spinupwp.app/v1/sites/{id}/page-cache/purge’;

# Replace {id} in the API endpoint URL with the site ID
$api_url = str_replace(‘{id}’, SITE_ID, $api_url);

# Set the API access token
$api_token = ‘ACCESS_TOKEN’;

# Make a POST request to the API endpoint
$response = wp_remote_post($api_url, array(
‘headers’ => array(
‘Accept’ => ‘application/json’,
‘Authorization’ => ‘Bearer ‘ . $api_token,
),
));

# Check if the response is not an error
if (!is_wp_error($response)) {
# Parse the event ID from the response
$event_id = json_decode($response[‘body’])->event_id;

# Check if the event ID is not empty
if (!empty($event_id)) {
error_log(“Cache purge event with ID $event_id was successfully triggered”);
} else {
error_log(“Failed to trigger cache purge event”);
}
}
}
}
add_action(‘save_post’, ‘purge_page_cache_on_save_post’);
==================================================================
bash script to run maldet scan on a linux server and send the scan result once completed to an email account

#!/bin/bash

# Define email settings
to_email=”youremail@example.com”
from_email=”server@example.com”
subject=”Maldet Scan Results”
body=”The maldet scan has completed. The results are attached.”

# Create a screen session to run the scan in the background
screen -dmS scan

# Run the maldet scan in the screen session
screen -S scan -X stuff “maldet -a /sites/\n”

# Wait for the scan to complete (adjust sleep time as needed)
sleep 600

# Send the scan results via email
scan_results=$(maldet –report list | tail -1)
if [ “$scan_results” != “no results” ]; then
attachment=$(maldet –report last | grep “report data:” | awk ‘{print $3}’)
echo “$body” | mailx -a “$attachment” -r “$from_email” -s “$subject” “$to_email”
fi
==================================================================
We can subscribe to Security Mailing Lists:
Many software vendors and security organizations have mailing lists that announce security updates and vulnerabilities.
For Linux distributions, we can subscribe to the mailing list:

sudo apt-get install ubuntu-security-notifications¬†For Nginx, we can monitor the Nginx mailing list: https://mailman.nginx.org/mailman/listinfo/nginxOr we can create a simple script that checks for the latest security updates for our OS and Nginx components and sends us notifications. Here’s an example using Ubuntu:

#!/bin/bash

# Update the package database
sudo apt update

# Check for available security updates
security_updates=$(sudo apt list –upgradable 2>/dev/null | grep -i security)

# Send email notification if there are security updates
if [ -n “$security_updates” ]; then
echo “Security updates available:” >> security_notification.txt
echo “$security_updates” >> security_notification.txt
mail -s “Security Updates Available” your@email.com < security_notification.txt
fi