Security – nixCraft

Shell Script To Turn On or Off PHP Uploads For Php5-fpm/Apache/Nginx/Lighttpd Web Servers

in Security, Web Server last updated September 5, 2016

A simple shell script wrapper to disable or enable PHP 5 upload support in an Apache or Nginx or Lighttpd web server. The script look for file_uploads directive in php.ini file and change its state from ON to OFF or vice-versa.

RHEL / CentOS Linux: Nginx Chroot Jail Start / Stop / Restart Shell Script

in Security last updated September 5, 2016

A simple shell script to start / stop / restart chrooted nginx web server under CentOS / RHEL Linux. You must have Nginx web server setup in a chroot (jail) so that you can minimizes the damage done by a potential break-in by isolating the web server to a small section of the filesystem. You can also mount $jail/tmp as a separate filesystem (/images/tmpfile.bin) with the noexec,nosuid, nodev options under Linux like operating systems.

Shell script: Opens LUKS Partition and Sets Up a Mapping [ Mounting Encrypted Partition ]

in Security last updated December 4, 2011

A Linux shell script to mount dm-crypt (transparent disk encryption subsystem in Linux kernel) partitions with passphrase.

Shell Script To Encrypt Any Text File

in File-management, Security last updated September 14, 2008

A sample shell script wrapper to encrypt any text file using mcrypt / crypt UNIX / Linux.

Linux Firewall: Simple Shell Script To Stop and Flush All Iptables Rules

in Security last updated April 24, 2008

#!/bin/bash
# Linux Firewall: Simple Shell Script To Stop and Flush All Iptables Rules
# Some Linux distros like Debian do not have /etc/init.d/iptables stop script
# This can be also called from cron job if you are testing new firewall on
# remote box to avoid lock out
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#!/bin/bash

# Linux Firewall: Simple Shell Script To Stop and Flush All Iptables Rules

# Some Linux distros like Debian do not have /etc/init.d/iptables stop script

# This can be also called from cron job if you are testing new firewall on

# remote box to avoid lock out

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# -------------------------------------------------------------------------

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

Script to update user password in batch mode using pwgen and chpasswd

in Security last updated October 23, 2008

#!/bin/bash
# Script to update user password in batch mode
# You must be a root user to use this script
# -------------------------------------------------------------------------
# Copyright (c) 2005 nixCraft project 
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# /root is good place to store clear text password
FILE="/root/batch.passwd"

# get all non-root user account
# By default on most linux non-root uid starts
# from 1000
USERS=$(awk -F: '{ if ( $3 > 1000 ) print $1}' /etc/passwd)

# create file with random password
echo "Generating file, please wait..."

# overwrite file, this is bash specific a better solution is cat > $FILE
>$FILE

for u in $USERS
do
   p=$(pwgen -1 -n 8) # create random password
   echo "$u:$p" >> $FILE # save USERNAME:PASSWORD pair
done
echo ""
echo "Random password and username list stored in $FILE file"
echo "Review $FILE file, once satisfied execute command: "
echo "chpasswd &lt; $FILE"

# Uncomment following line if you want immediately update all users password,
# be careful with this option, it is recommended that you review $FILE first
# chpasswd < $FILE

#!/bin/bash

# Script to update user password in batch mode

# You must be a root user to use this script

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# ----------------------------------------------------------------------

# /root is good place to store clear text password

FILE="/root/batch.passwd"

# get all non-root user account

# By default on most linux non-root uid starts

# from 1000

USERS=$(awk -F: '{ if ( $3 > 1000 ) print $1}' /etc/passwd)

# create file with random password

echo "Generating file, please wait..."

# overwrite file, this is bash specific a better solution is cat > $FILE

>$FILE

for u in $USERS

p=$(pwgen -1 -n 8) # create random password

echo "$u:$p" >> $FILE # save USERNAME:PASSWORD pair

done

echo ""

echo "Random password and username list stored in $FILE file"

echo "Review $FILE file, once satisfied execute command: "

echo "chpasswd < $FILE"

# Uncomment following line if you want immediately update all users password,

# be careful with this option, it is recommended that you review $FILE first

# chpasswd < $FILE

Change password shell script

in Security last updated April 10, 2008

#!/usr/local/bin/expect -f
# Password change shell script, tested on Linux and FreeBSD
# ----------------------------------
# It need expect tool. If you are using Linux use following command
# to install expect
# apt-get install expect
# FreeBSD user can use ports or following command:
# pkg_add -r -v expect
# ----------------------------------
# If you are using linux change first line
# From:
#!/usr/local/bin/expect -f
# To:
#!/usr/bin/expect -f
# -----------------------------------------------
# Copyright (c) 2006 nixCraft project 
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# display usage
if {$argc!=2} {
   send_user "usage: $argv0 username password \n"
   exit
}
# script must be run by root user
set whoami [exec id -u]
if {$whoami!=0} {
   send_user "You must be a root user to run this script\n"
   exit
}
#
set timeout -1
match_max 100000
# stopre password
set password [lindex $argv 1]
# username
set user [lindex $argv 0]
# opem shell
spawn $env(SHELL)
# send passwd command
send -- "passwd $user\r"
expect "assword:"
send "$password\r"
expect  "assword:"
send "$password\r"
send "\r"
expect eof

#!/usr/local/bin/expect -f

# Password change shell script, tested on Linux and FreeBSD

# ----------------------------------

# It need expect tool. If you are using Linux use following command

# to install expect

# apt-get install expect

# FreeBSD user can use ports or following command:

# pkg_add -r -v expect

# ----------------------------------

# If you are using linux change first line

# From:

#!/usr/local/bin/expect -f

# To:

#!/usr/bin/expect -f

# -----------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# -------------------------------------------------------------------------

# display usage

if {$argc!=2} {

send_user "usage: $argv0 username password \n"

exit

}

# script must be run by root user

set whoami [exec id -u]

if {$whoami!=0} {

send_user "You must be a root user to run this script\n"

exit

}

set timeout -1

match_max 100000

# stopre password

set password [lindex $argv 1]

# username

set user [lindex $argv 0]

# opem shell

spawn $env(SHELL)

# send passwd command

send -- "passwd $user\r"

expect "assword:"

send "$password\r"

expect "assword:"

send "$password\r"

send "\r"

expect eof

SSH login expect shell script to supply username and password

in Security last updated May 21, 2012

A simple shell script (expect script) to supply OpenSSH root/admin password for remote ssh server and execute the Unix / Linux / BSD commands.

Shell script for search for no password entries and lock all accounts

in Security last updated April 10, 2008

#!/bin/bash
# Shell script for search for no password entries and lock all accounts
# -------------------------------------------------------------------------
# Copyright (c) 2005 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Set your email 
ADMINEMAIL="admin@somewhere.com"

### Do not change anything below ###
#LOG File
LOG="/root/nopassword.lock.log"
STATUS=0
TMPFILE="/tmp/null.mail.$$"

echo "-------------------------------------------------------" >>$LOG
echo "Host: $(hostname),  Run date: $(date)" >> $LOG
echo "-------------------------------------------------------" >>$LOG

# get all user names
USERS="$(cut -d: -f 1 /etc/passwd)"

# display message
echo "Searching for null password..."
for u in $USERS
do
  # find out if password is set or not (null password)
   passwd -S $u | grep -Ew "NP" >/dev/null
   if [ $? -eq 0 ]; then # if so 
     echo "$u" >> $LOG 
     passwd -l $u #lock account
     STATUS=1  #update status so that we can send an email
   fi  
done
echo "========================================================" >>$LOG 
if [ $STATUS -eq 1 ]; then
   echo "Please see $LOG file and all account with no password are locked!" >$TMPFILE
   echo "-- $(basename $0) script" >>$TMPFILE
   mail -s "Account with no password found and locked" "$ADMINEMAIL" < $TMPFILE
#   rm -f $TMPFILE
fi

#!/bin/bash

# Shell script for search for no password entries and lock all accounts

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# -------------------------------------------------------------------------

# Set your email

ADMINEMAIL="admin@somewhere.com"

### Do not change anything below ###

#LOG File

LOG="/root/nopassword.lock.log"

STATUS=0

TMPFILE="/tmp/null.mail.$$"

echo "-------------------------------------------------------" >>$LOG

echo "Host: $(hostname), Run date: $(date)" >> $LOG

echo "-------------------------------------------------------" >>$LOG

# get all user names

USERS="$(cut -d: -f 1 /etc/passwd)"

# display message

echo "Searching for null password..."

for u in $USERS

# find out if password is set or not (null password)

passwd -S $u | grep -Ew "NP" >/dev/null

if [ $? -eq 0 ]; then # if so

echo "$u" >> $LOG

passwd -l $u #lock account

STATUS=1 #update status so that we can send an email

done

echo "========================================================" >>$LOG

if [ $STATUS -eq 1 ]; then

echo "Please see $LOG file and all account with no password are locked!" >$TMPFILE

echo "-- $(basename $0) script" >>$TMPFILE

mail -s "Account with no password found and locked" "$ADMINEMAIL" < $TMPFILE

# rm -f $TMPFILE