First, you need to install MaxMind C Api including geoipupdate utility.

Second, configure /usr/local/etc/GeoIP.conf file with your LicenseKey, UserId and ProductIds. A sample config file:

UserId 424242
LicenseKey zLzIYFYENTZOyAyNdSdWbEoR42
ProductIds 106

Put the following script at – /etc/cron.monthly/updategeoip.sh (cron job)

#!/bin/bash
# Shell Script to Update GeoIP Country database in each WebServer Jail defined by $TDIRS
# -------------------------------------------------------------------------
# Copyright (c) 2007 Vivek Gite <vivek@nixcraft.com>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
GEOUPDATE=/usr/local/bin/geoipupdate
GEODB=/usr/local/share/GeoIP/GeoIP.dat
# ------------------
# TRUE = Update in Jail
# FALSE = Update only at $GEODB
CHROOTED=FALSE  
# ------------------
# DIR:user:group format, only used if CHROOTED == TRUE
TDIRS="/webroot/apache/usr/local/geoip|www:www /webroot/nginx/usr/local/geoip|nginx:nginx"
CHOWN=/bin/chown
CP=/bin/cp
 
[ -f $GEOUPDATE ] && $GEOUPDATE
 
# Update if chrooted Apache jail...
if [ "$CHROOTED" == "TRUE" ]
then
 for i in $TDIRS
 do
	d=$(echo "$i" | cut -d'|' -f1)
	p=$(echo "$i" | cut -d'|' -f2)
	$CP -f $GEODB $d
	$CHOWN $p $d/$(basename $GEODB)	
 done
fi

First, you need to customize configuration file as follows.

Sample ns.profile.nixcraft.net configuration file

Define your default TTL, EMAIL ID and other stuff. Also, set your mail server and nameserver IPs using bash array. Save file as follows ns.profile.nixcraft.net:

# defaults profile for nameserver ns1.nixcraft.net
# 
TTL="3h"                      # Default TTL
ATTL="3600"		      # Default TTL for each DNS rec	
EMAILID="vivek.nixcraft.in." # hostmaster email
REFRESH="3h"                  # Refresh After 3 hours
RETRY="1h"                    # Retry Retry after 1 hour
EXPIER="1w"		      # Expire after 1 week
MAXNEGTIVE="1h"		      # Minimum negative caching of 1 hour	
 
# name server names FQDN 
NAMESERVERS=("ns1.nixcraft.net." "ns2.nixcraft.net." "ns3.nixcraft.net.")
 
# name server IPs, 
# leave it blank if you don't need them as follows
NAMESERVERSIP=()
#NAMESERVERSIP=("202.54.1.10" "203.54.1.10" "204.54.1.40")
 
# mail server names
# leave it blank if you don't need them
MAILSERVERS=("mail.nixcraft.net.")
#MAILSERVERS=("smtp1.nixcraft.net." "smtp2.nixcraft.net.")
 
################# add your own A recored here ##########################
# You can add additonal A recs using following function
function LoadCutomeARecords(){
echo >/dev/null # keep this line
# Uncomment or add A recoreds as per your requirments
# echo "ftp			$ATTL	IN	A	202.54.2.2"
# echo "webmail			$ATTL	IN	A	202.54.2.5"
# echo "ipv6host			$ATTL	IN	AAAA	2001:470:1f0e:c2::1"
}

Add additional records using LoadCutomeARecords(). You can create multiple nameserver configuration file and call it from mkzone.sh.

mkzone.sh: Shell script to create BIND zone file

#!/bin/bash
# A Bash shell script to create BIND ZONE FILE.
# Tested under BIND 8.x / 9.x, RHEL, DEBIAN, Fedora Linux.
# -------------------------------------------------------------------------
# Copyright (c) 2002,2009 Vivek Gite <vivek@nixcraft.com>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Examples:
# ./mkzone.sh example.com default-www-IP-address
# ./mkzone.sh cyberciti.biz 74.12.5.1
# -------------------------------------------------------------------------
# Last updated on: Mar/24/2007 - Fixed a few bugs.
# -------------------------------------------------------------------------
DOMAIN="$1"
WWWIP="$2"
 
if [ $# -le 1 ]
then
	echo "Syntax: $(basename $0) domainname www.domain.ip.address [profile]"
	echo "$(basename $0) example.com 1.2.3.4"
	exit 1
fi
 
# get profile
PROFILE="ns.profile.nixcraft.net"
[ "$3" != "" ] && PROFILE="$3"
 
SERIAL=$(date +"%Y%m%d")01                     # Serial yyyymmddnn
 
# load profile
source "$PROFILE"
 
# set default ns1
NS1=${NAMESERVERS[0]}
 
###### start SOA ######
echo "\$ORIGIN ${DOMAIN}."
echo "\$TTL ${TTL}"
echo "@	IN	SOA	${NS1}	${EMAILID}("
echo "			${SERIAL}	; Serial yyyymmddnn"
echo "			${REFRESH}		; Refresh After 3 hours"
echo "			${RETRY}		; Retry Retry after 1 hour"
echo "			${EXPIER}		; Expire after 1 week"
echo "			${MAXNEGTIVE})		; Minimum negative caching of 1 hour"
echo ""
 
###### start Name servers #######
# Get length of an array
tLen=${#NAMESERVERS[@]}
 
# use for loop read all nameservers
echo "; Name servers for $DOMAIN" 
for (( i=0; i<${tLen}; i++ ));
do
	echo "@			${ATTL}	IN	NS	${NAMESERVERS[$i]}"
done
 
###### start MX section #######
# get length of an array
tmLen=${#MAILSERVERS[@]}
 
# use for loop read all mailservers 
echo "; MX Records" 
for (( i=0; i<${tmLen}; i++ ));
do
	echo "@			${ATTL}	IN 	MX	$(( 10*${i} + 10 ))	${MAILSERVERS[$i]}"
done
 
 
###### start A pointers #######
# A Records - Default IP for domain 
echo '; A Records'
echo "@ 			${ATTL}	IN 	A	${WWWIP}"
 
# Default Nameserver IPs
# get length of an array
ttLen=${#NAMESERVERSIP[@]}
 
# make sure both nameserver and their IP match
if [ $tLen -eq $ttLen ]
then
# use for loop read all nameservers IPs
for (( i=0; i<${ttLen}; i++ ));
do
  	thisNs="$(echo ${NAMESERVERS[$i]} | cut -d'.' -f1)"
 
	echo "${thisNs} 			${ATTL}	IN	A	${NAMESERVERSIP[$i]}"
done
else
	# if we are here means, our nameserver IPs are defined else where else...  do nothing
	:
fi
 
echo "; CNAME Records"
echo "www			${ATTL}	IN	CNAME	@"
 
LoadCutomeARecords

How do I use this script?

Simply type the command as follows to create a zone file for cyberciti.com domain with 202.54.1.2 as default www IP:
# ./mkzone.sh cyberciti.com 202.54.1.2 ns.profile.nixcraft.net
Sample output:

$ORIGIN cyberciti.com.
$TTL 3h
@	IN	SOA	ns1.nixcraft.net.	vivek.nixcraft.in.(
			2009032401	; Serial yyyymmddnn
			3h		; Refresh After 3 hours
			1h		; Retry Retry after 1 hour
			1w		; Expire after 1 week
			1h)		; Minimum negative caching of 1 hour

; Name servers for cyberciti.com
@			3600	IN	NS	ns1.nixcraft.net.
@			3600	IN	NS	ns2.nixcraft.net.
@			3600	IN	NS	ns3.nixcraft.net.
; MX Records
@			3600	IN 	MX	10	mail.nixcraft.net.
; A Records
@ 			3600	IN 	A	202.54.1.2
; CNAME Records
www			3600	IN	CNAME	@

To save output to a zone file called /var/named/chroot/etc/bind/master/c/cyberciti.com, type:
# ./mkzone.sh cyberciti.com 202.54.1.2 ns.profile.nixcraft.net > /var/named/chroot/etc/bind/master/c/cyberciti.com

#!/bin/bash
# A UNIX / Linux shell script to backup dirs to tape device like /dev/st0 (linux)
# This script make both full and incremental backups.
# You need at two sets of five  tapes. Label each tape as Mon, Tue, Wed, Thu and Fri.
# You can run script at midnight or early morning each day using cronjons.
# The operator or sys admin can replace the tape every day after the script has done.
# Script must run as root or configure permission via sudo.
# -------------------------------------------------------------------------
# Copyright (c) 1999 Vivek Gite <vivek@nixcraft.com>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Last updated on : March-2003 - Added log file support.
# Last updated on : Feb-2007 - Added support for excluding files / dirs. 
# -------------------------------------------------------------------------
LOGBASE=/root/backup/log
 
# Backup dirs; do not prefix /
BACKUP_ROOT_DIR="home sales"
 
# Get todays day like Mon, Tue and so on
NOW=$(date +"%a")
 
# Tape devie name
TAPE="/dev/st0"
 
# Exclude file
TAR_ARGS=""
EXCLUDE_CONF=/root/.backup.exclude.conf
 
# Backup Log file
LOGFIILE=$LOGBASE/$NOW.backup.log
 
# Path to binaries
TAR=/bin/tar
MT=/bin/mt
MKDIR=/bin/mkdir
 
# ------------------------------------------------------------------------
# Excluding files when using tar
# Create a file called $EXCLUDE_CONF using a text editor
# Add files matching patterns such as follows (regex allowed):
# home/vivek/iso
# home/vivek/*.cpp~
# ------------------------------------------------------------------------
[ -f $EXCLUDE_CONF ] && TAR_ARGS="-X $EXCLUDE_CONF"
 
#### Custom functions #####
# Make a full backup
full_backup(){
	local old=$(pwd)
	cd /
	$TAR $TAR_ARGS -cvpf $TAPE $BACKUP_ROOT_DIR
	$MT -f $TAPE rewind
	$MT -f $TAPE offline
	cd $old
}
 
# Make a  partial backup
partial_backup(){
	local old=$(pwd)
	cd /
	$TAR $TAR_ARGS -cvpf $TAPE -N "$(date -d '1 day ago')" $BACKUP_ROOT_DIR
	$MT -f $TAPE rewind
	$MT -f $TAPE offline
	cd $old
}
 
# Make sure all dirs exits
verify_backup_dirs(){
	local s=0
	for d in $BACKUP_ROOT_DIR
	do
		if [ ! -d /$d ];
		then
			echo "Error : /$d directory does not exits!"
			s=1
		fi
	done
	# if not; just die
	[ $s -eq 1 ] && exit 1
}
 
#### Main logic ####
 
# Make sure log dir exits
[ ! -d $LOGBASE ] && $MKDIR -p $LOGBASE
 
# Verify dirs
verify_backup_dirs
 
 
# Okay let us start backup procedure
# If it is monday make a full backup;
# For Tue to Fri make a partial backup
# Weekend no backups
case $NOW in
	Mon)	full_backup;;
	Tue|Wed|Thu|Fri) 	partial_backup;;
	*) ;;
esac > $LOGFILE 2>&1

Install this script using cronjob.

See how to use tar and mt command.

To restore files / data from tar archives.

List the files:
# tar tvf /dev/st0
Extract the entire archive into current directory:
# tar xvpf /dev/st0
Extract only certain files or dirs into current directory. For example. Extract only home/vivek directory
# tar xvpf /dev/st0 home/vivek
You can also restore one file:
# tar xvpf /dev/st0 home/vivek/app/src/main.c

#!/bin/bash
# Linux shell script to check BIND named domain serial numbers across all name servers
# Tested on RHEL, Fedora, Centos and Debian Linux
# Requires named-checkzone, host utilities, and BIND server.
# -------------------------------------------------------------------------
# Copyright (c) 2003 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Last updated on : March-2009.
# -------------------------------------------------------------------------
### Set me ###
CZBASE=/etc/bind/zones
NAMED_CHKZON=/usr/sbin/named-checkzone
NS1=ns1.nixcraft.net
NS2=ns2.nixcraft.net
NS3=ns3.nixcraft.net
ZPREF=master
if [ $# -eq 0 ]
then
	echo "$0 domain-name"
	exit 1
fi
d=$1
ZONEFILE=${CZBASE}/${ZPREF}.${d}
if [  -f $ZONEFILE ] 
then
		S1=$(host -t soa $d $NS2 | grep "^$d" | awk '{ print $7 }')
		S2=$(host -t soa $d $NS3 | grep "^$d" | awk '{ print $7 }')
		M=$($NAMED_CHKZON -t $CZBASE $d ${ZPREF}.${d}| grep "$d" | awk '{ print $5 }')
		echo -e "$NS1 # $S1\n$NS2 # $S2\n$NS3 # $M"
		$NAMED_CHKZON -q -t $CZBASE $d ${ZPREF}.${d}
		[ $? -eq 0 ] && echo "$d : OK"
		[ $S1 -eq $S2 -a $S1 -eq $M -a $S2 -eq $S1 -a $S2 -eq $M -a $M -eq $S1 -a $M -eq $S2 ] \
			&& echo "$d : Serial numbers same!" || echo "$d : Serial number different, reload named!"
else
		echo "Error - $d domain or $ZONEFILE zone file does not exits!"
fi

Sample output

$ ./zonev cyberciti.biz
Output:

ns1.nixcraft.net # 2008072318
ns2.nixcraft.net # 2008072318
ns3.nixcraft.net # 2008072318
cyberciti.biz : OK
cyberciti.biz : Serial numbers same!

A shell script on iptables rules for a webserver (no need to use APF or CSF) just run this script from /etc/rc.local and you are done. Save following script as /root/scripts/fw.start:

#!/bin/bash
# A Linux Shell Script with common rules for IPTABLES Firewall.
# By default this script only open port 80, 22, 53 (input)
# All outgoing traffic is allowed (default - output)
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
 
IPT="/sbin/iptables"
SPAMLIST="blockedip"
SPAMDROPMSG="BLOCKED IP DROP"
 
echo "Starting IPv4 Wall..."
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
modprobe ip_conntrack
 
[ -f /root/scripts/blocked.ips.txt ] && BADIPS=$(egrep -v -E "^#|^$" /root/scripts/blocked.ips.txt)
 
PUB_IF="eth0"
 
#unlimited 
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
 
# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
 
if [ -f /root/scripts/blocked.ips.txt ];
then
# create a new iptables list
$IPT -N $SPAMLIST
 
for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done
 
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
fi
 
# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP
 
# Block Fragments
$IPT -A INPUT -i ${PUB_IF} -f  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP
 
# Block bad stuff
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 
# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# Allow ssh 
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
 
# allow incomming ICMP ping pong stuff
$IPT -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# Allow port 53 tcp/udp (DNS Server)
$IPT -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
$IPT -A INPUT -p tcp --destination-port 53 -m state --state NEW,ESTABLISHED,RELATED  -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# Open port 80
$IPT -A INPUT -p tcp --destination-port 80 -j ACCEPT
##### Add your rules below ######
 
##### END your rules ############
 
# Do not log smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i eth0 --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i eth0 --dport 137:139 -j REJECT
 
# log everything else and drop
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP
 
exit 0

How do I install and use this script?

Type the following command as root server:
# mkdir /root/scripts
# cd /root/scripts
# wget http://bash.cyberciti.biz/dl/381.sh.zip
# wget http://bash.cyberciti.biz/dl/151.sh.zip
# unzip 381.sh.zip
# unzip 151.sh.zip
# mv 381.sh start.fw
# mv 151.sh stop.fw
# chmod +x *.fw

Now edit firewall as per your requirements:
# vi /root/scripts/start.fw
Install firewall:
# echo '/root/scripts/start.fw' >> /etc/rc.local

How do I start firewall from a shell prompt?

# /root/scripts/start.fw

How do I stop firewall from a shell prompt?

# /root/scripts/stop.fw

#!/bin/bash
# Shell script to create files and directories that do not exist
# This script also demonstrate use of functions and command line arguments using getopts command
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
usage(){
	echo "Usage: $0 {-f filename} {-d dirname}"
	exit 1
}
 
createDir(){
	if [ ! -d $1 ]
	then
		/bin/mkdir -p $1 >/dev/null 2>&1 && echo "Directory $1 created." ||  echo "Error: Failed to create $1 directory."
	else
		echo "Error: $1 directory exits!"
	fi
}
 
createFile(){
	if [ ! -f $1 ] 
	then
		touch $1 > /dev/null 2>&1 && echo "File $1 created."  ||  echo "Error: Failed to create $1 files."
	else
		echo "Error: $1 file exists!"
	fi
}
 
while getopts f:d:v option
do
        case "${option}"
        in
                f) createFile ${OPTARG};;
                d) createDir ${OPTARG};;
                \?) usage
                    exit 1;;
        esac
done
#!/bin/sh -
#Primitive IP Camera Capture Script
#Axis 210a Camera
#Use a Cron Job To Control 
#Tested under FreeBSD
#Original author / source: http://forums.freebsd.org/showpost.php?p=12005&postcount=3
ROT=$(date "+%b%d%y%H%M")
CAPTOOL=/usr/local/bin/mencoder
CAP_OPT1="-prefer-ipv4 -fps 6 -demuxer lavf"
CAP_OPT2="-nosound -oac mp3lame -ovc xvid -xvidencopts pass=1 -o"
ADDIES="cam1 cam3 cam4 cam5" # IP must be in hosts
STORE=/camera
ISTORE=/str/backup
LOGS=/var/log
DSPACE=200000
USED=`df -hm $STORE | awk '{print $1}'`
CAM_USED=`du -ms $STORE | awk '{print $1}'`
CAM_MAX=200000
STR_USED=`du -ms $ISTORE | awk '{print $1}'`
STR_MAX=200000
unset SUDO_COMMAND
export MKISOFS=/usr/local/bin/mkisofs
BURNSIZE=4196
DEVICE=/dev/cd1
BURNLIST=$(ls $STORE/*.avi)
GROWISOFS=/usr/local/bin/growisofs
MKISOFS=/usr/local/bin/mkisofs
 
#send this in cron email
echo cam_used $CAM_USED
echo str_used $STR_USED
capcam ()
{
        rm ${LOGS}/cam*.log
        for X in ${ADDIES} ;do
        ${CAPTOOL} ${CAP_OPT1} http://${X}/mjpg/video.mjpg ${CAP_OPT2} ${STORE}/${X}.$ROT.avi > ${LOGS}/${X}.log &
done
}
 
cdir  ()
{
        for Y in ${BURNLIST} ;do
        rm $Y
done
}
 
killall -9 mencoder
sleep 3
if [ $STR_USED -lt $STR_MAX ]
          then
        if [ $CAM_USED -lt $BURNSIZE ]
          then
                capcam
          else
        if ${GROWISOFS} -dvd-compat -Z ${DEVICE} -J -R ${BURNLIST}
          then
                cdir
                capcam
          else
        if ${MKISOFS} -o $ISTORE/${ROT}.iso -R ${BURNLIST}
          then
                cdir
                capcam
          else
                echo System Full
        fi
     fi
   fi
fi
#!/bin/sh
# A Shell script to backup all MySQL databases to a NAS server mounted via mount_smbfs
# You need to setup username, password and other stuff
# Tested on FreeBSD 6.x and 7.x - 32 bit and 64 bit systems.
# May work on OpenBSD / NetBSD.
# -------------------------------------------------------------------------
# Copyright (c) 2007 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
### SETUP BIN PATHS ###
MYSQLADMIN=/usr/local/bin/mysqladmin
MYSQL=/usr/local/bin/mysql
LOGGER=/usr/bin/logger
MYSQLDUMP=/usr/local/bin/mysqldump
MKDIR=/bin/mkdir
CP=/bin/cp
GZIP=/usr/bin/gzip
CUT=/usr/bin/cut
AWK=/usr/bin/awk
MOUNT=/sbin/mount
GREP=/usr/bin/grep
UMOUNT=/sbin/umount
MSMBFS=/usr/sbin/mount_smbfs
HOST=/usr/bin/host
TAIL=/usr/bin/tail
SSH=/usr/bin/ssh
SCP=/usr/bin/scp
HOSTNAME=/bin/hostname
 
### SETUP MYSQL LOGIN ###
MUSER=root
MPASS='PASSWORD'
MHOST="127.0.0.1"
 
### SETUP NAS LOGIN ###
NASUSER=vivek
NASPASSWORD=myPassword
NASSERVER=nas05.vip.nixcraft.com
NASMNT=/nas05
NASSHARE=$NASUSER
NASPASSWDFILE=$HOME/.nsmbrc
#GET NAS IP
NASIP=$($HOST $NASSERVER  | $TAIL -1 | $AWK '{ print $4}')
# NAS BACKUP PATH
MBAKPATH=${NASMNT}/$(hostname -s)/mysql
NOW=$(date +"%d-%m-%Y")
TIME_FORMAT='%H_%M_%S%P'
 
mount_nas(){
	[ ! -d $NASMNT ] && $MKDIR -p $NASMNT
	$MOUNT | $GREP $NASMNT >/dev/null
	if [ $? -ne 0 ]
	then
		echo "[$NASIP:$NASUSER]"  >$NASPASSWDFILE
		echo "password=$NASPASSWORD" >>$NASPASSWDFILE
		$MSMBFS -N -I $NASSERVER //$NASUSER@$NASIP/$NASSHARE $NASMNT
	fi
}
 
umount_nas(){
	$MOUNT | $GREP $NASMNT >/dev/null
	[ $? -eq 0 ] && $UMOUNT $NASMNT 
}
 
backup_mysql(){
	$LOGGER "$(basename $0) mysql: Started at $(date)"
	local DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
	local db="";
	[ ! -d $MBAKPATH/$NOW ] && $MKDIR -p $MBAKPATH/$NOW
	for db in $DBS
	do
		local tTime=$(date +"${TIME_FORMAT}")
		local FILE="${MBAKPATH}/$NOW/${db}.${tTime}.gz"
		$MYSQLDUMP -u $MUSER -h $MHOST -p"$MPASS" $db | $GZIP -9 > $FILE
		#mysql_file_hook $FILE
	done
	$LOGGER "$(basename $0) mysql: Ended at $(date)"
}
 
# process each sql database file and backup to another server via ssh
# must have ssh keys
mysql_file_hook(){
	local f="$1"
	local d=/nas/mysqlbackup/$(hostname -s)/$NOW
	$SSH someuser@remote.nixcraft.com mkdir -p $d
	$SCP $f someuser@remote.nixcraft.com:$d
}
 
case "$1" in
        mysql)
		mount_nas
                backup_mysql
		umount_nas
                ;;
        mount)
		mount_nas;;
        umount)
		umount_nas;;
        *)
                echo "Usage: $0 {mysql|mount|umount}"
esac
#!/bin/bash
# A bash shell script for ip6tables to protect single hosting / dedicated / vps / colo server running CentOS / Debian / RHEL / or any other Linux distribution.
# -------------------------------------------------------------------------
# Copyright (c) 2007 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# Last updated on Jan-23, 2008 : Added support for tcp packets   
# ---------------------------------------------------------------------------
IPT6="/sbin/ip6tables"
 
# Interfaces 
PUB_IF="eth1"
PUB_LO="lo0"
PUB_VPN="eth0"
 
# Custom chain names
CHAINS="chk_tcp6_packets_chain chk_tcp_inbound chk_udp_inbound chk_icmp_packets"
HTTP_SERVER_6="2001:470:1f04:55a::2 2001:470:1f04:55a::3 2001:470:1f04:55a::4 2001:470:1f04:55a::5"
 
echo "Starting IPv6 firewall..."
# first clean old mess
$IPT6 -F
$IPT6 -X
$IPT6 -Z
for table in $(</proc/net/ip6_tables_names)
do
	$IPT6 -t $table -F
	$IPT6 -t $table -X
	$IPT6 -t $table -Z
done
$IPT6 -P INPUT ACCEPT
$IPT6 -P OUTPUT ACCEPT
$IPT6 -P FORWARD ACCEPT
 
# Set default DROP all
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP
 
# Create the chain 
for c in $CHAINS
  do $IPT6 --new-chain $c
done
 
# Input policy
$IPT6 -A INPUT -i $PUB_LO -j ACCEPT
$IPT6 -A INPUT -i $PUB_VPN -j ACCEPT
$IPT6 -A INPUT -i $PUB_IF -j  chk_tcp6_packets_chain
$IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT6 -A INPUT -i $PUB_IF -p tcp -j chk_tcp_inbound 
$IPT6 -A INPUT -i $PUB_IF -p udp -j chk_udp_inbound 
$IPT6 -A INPUT -i $PUB_IF -p icmp -j chk_icmp_packets 
$IPT6 -A INPUT -i $PUB_IF -p ipv6-icmp -j chk_icmp_packets   
$IPT6 -A INPUT -i $PUB_IF -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "INPUT OUTPUT "
$IPT6 -A INPUT -i $PUB_IF -j DROP
 
# Output policy
$IPT6 -A OUTPUT -o $PUB_LO -j ACCEPT
$IPT6 -A OUTPUT -o $PUB_VPN -j ACCEPT
$IPT6 -A OUTPUT -o $PUB_IF -j ACCEPT 
$IPT6 -A OUTPUT -o $PUB_IF -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "DROP OUTPUT "
 
### Custom chains ###
# Bad packets chk 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets" 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets" 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "BAD tcp" 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp" 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp " 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp " 
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP 
$IPT6 -A chk_tcp6_packets_chain -p tcp -j RETURN 
 
# Open TCP Ports 
# Open http port
for h in $HTTP_SERVER_6
do 
   $IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 80 -d $h -j ACCEPT
done
 
# Open 53 port
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 53 -j ACCEPT 
############################### 
# Add your rules below to open other TCP ports
# Open smtp 
# $IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 25 -j ACCEPT 
# Open pop3 
# $IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 113 -j ACCEPT 
# Open ssh 
# $IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT 
############################### 
# do not modify following rule
$IPT6 -A chk_tcp_inbound -p tcp -j RETURN 
 
# Open UDP Ports 
# Open dns 53 udp
$IPT6 -A chk_udp_inbound -p udp -m udp --dport 53 -j ACCEPT 
############################### 
# Add your rules below to open other UDP ports
# 
############################### 
# do not modify following rule
$IPT6 -A chk_udp_inbound -p udp -j RETURN 
 
# ICMP - allow ping pong
$IPT6 -A chk_icmp_packets -p ipv6-icmp -j ACCEPT 
$IPT6 -A chk_icmp_packets -p icmp -j RETURN