Upload files to "/"

bldo

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+echo "DOMAIN TO BLOCK:"
+read d
+echo "address=/$d/0.0.0.0" | sudo tee -a /etc/dnsmasq.conf
+sudo systemctl restart dnsmasq

bsec

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+sudo clear
+sudo rm -rf cav.log
+echo 'Updating...'
+sudo apt install ufw gufw clamav clamtk bleachbit fail2ban
+echo 'Checking Firewall...'
+sudo ufw status
+sudo ufw allow ssh
+sudo ufw reload
+sudo ufw enable
+sudo ufw status
+sudo systemctl stop clamav-freshclam.service
+sudo freshclam
+sudo systemctl start clamav-freshclam.service
+echo 'Cleaning...'
+bleachbit --clean system.tmp system.cache system.trash deepscan.tmp deepscan.thumbs_db deepscan.ds_store
+echo 'Scanning...'
+clamscan --bell -raoiz --bytecode --scan-mail --phishing-sigs --cross-fs --log=cav.log --heuristic-alerts --phishing-scan-urls #--detect-pua #--detect-structured #-v
+echo 'Done.'
+read -n1

f2b

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+clear
+sudo tail -f /var/log/fail2ban.log

f2bb

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+clear
+sudo tail -f | sudo zgrep 'Ban' /var/log/fail2ban.log

lamp

@@ -0,0 +1,234 @@
+#!/bin/bash
+
+sudo clear
+echo "LAMP STACK SCRIPT"
+echo -n '
+ 1 - START
+ 2 - STOP
+ 3 - RESTART
+ 4 - STATUS
+ 5 - ENABLE ON BOOT (systemd)
+ 6 - DISABLE ON BOOT (systemd)
+ 7 - INSTALL LAMP
+ 8 - REMOVE LAMP
+ 9 - FIX PHPMYADMIN
+10 - DOWNLOAD TINY FILE MANAGER + ADMINER
+11 - INSTALL WORDPRESS
+12 - INSTALL DOLIBARR
+13 - RUN CERTBOT (SSL)
+14 - UPDATE LAMP
+ 0 - EXIT
+'
+read x
+case $x in
+
+1)
+clear
+echo "STARTING LAMP..."
+sudo service apache2 start
+sudo service mariadb start
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+2)
+clear
+echo "STOPPING LAMP..."
+sudo service apache2 stop
+sudo service mariadb stop
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+3)
+clear
+echo "RESTARTING LAMP..."
+sudo service apache2 reload
+sudo service apache2 restart
+sudo service mariadb restart
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+4)
+clear
+echo "LAMP STATUS..."
+echo "PRESS Q TO CONTINUE..."
+sudo service apache2 status
+sudo service mariadb status
+php -v
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+5)
+clear
+echo "ENABLEING LAMP ON BOOT..."
+sudo systemctl enable apache2 mariadb
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+6)
+clear
+echo "DISABLEING LAMP ON BOOT..."
+sudo systemctl disable apache2 mariadb
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+7)
+clear
+echo "INSTALLING LAMP..."
+sudo apt update
+sudo apt install -y apache2 mariadb-server php libapache2-mod-php php-mysql php-sqlite3 phpmyadmin snap snapd  #adminer
+#sudo apt install -y certbot python3-certbot-apache
+sudo snap install certbot --classic
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+sudo systemctl disable lighttpd
+sudo service apache2 start
+sudo service mariadb start
+sudo mysql_secure_installation
+#sudo echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
+sudo mysql -u root -p<< CMD
+CREATE USER 'webroot'@'localhost' IDENTIFIED BY 'w3bp4ssw0rd';
+GRANT ALL PRIVILEGES ON *.* TO 'webroot'@'localhost' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+CMD
+echo ''
+echo 'LOGIN PAGE:'
+echo 'http://127.0.0.1/phpmyadmin'
+echo 'http://localhost/phpmyadmin'
+echo 'USER: webroot'
+echo 'PASSWORD: w3bp4ssw0rd'
+echo ''
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+8)
+clear
+echo "REMOVING LAMP..."
+sudo apt update
+sudo apt remove --purge apache2 mariadb-server php libapache2-mod-php php-mysql phpmyadmin certbot mysql-server mysql-client mysql-common #adminer
+sudo apt purge apache2 mariadb-server php libapache2-mod-php php-mysql phpmyadmin certbot mysql-server mysql-client mysql-common #admine
+sudo apt autoremove; sudo apt autoclean
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+9)
+clear
+echo "FIXING PHPMYADMIN..."
+sudo echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
+#sudo echo 'Include /etc/adminer/apache.conf' >> /etc/apache2/apache2.conf
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+10)
+clear
+echo "DOWNLOADING TINY FILE MANAGER + ADMINER..."
+sudo mkdir /var/www/html/tfm
+sudo mkdir /var/www/html/adm
+sudo wget https://raw.githubusercontent.com/prasathmani/tinyfilemanager/master/tinyfilemanager.php -O /var/www/html/tfm/index.php
+sudo wget https://www.adminer.org/latest.php -O /var/www/html/adm/index.php
+sudo chown www-data:www-data /var/www/html/tfm
+sudo chown www-data:www-data /var/www/html/adm
+sudo chown www-data:www-data /var/www/html
+shopt -s dotglob
+sudo chown -R www-data:www-data /var/www/html/*
+echo 'DONE.'
+echo 'TINY FILEMANAGER = /TFM'
+echo 'ADMINER = /ADM'
+read -n1
+clear
+./lamp
+;;
+
+11)
+clear
+echo "INSTALLING WORDPRESS..."
+sudo wget https://wordpress.org/latest.zip -O /var/www/html/wordpress.zip
+sudo unzip /var/www/html/wordpress.zip -d /var/www/html/
+sudo chown www-data:www-data /var/www/html/wordpress.zip
+sudo chown www-data:www-data /var/www/html/wordpress
+shopt -s dotglob
+sudo chown -R www-data:www-data /var/www/html/wordpress/*
+echo 'http://localhost/wordpress'
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+12)
+clear
+echo "INSTALLING DOLIBARR..."
+sudo wget https://github.com/Dolibarr/dolibarr/archive/refs/tags/19.0.3.zip -O /var/www/html/dolibarr.zip
+sudo unzip /var/www/html/dolibarr.zip -d /var/www/html/
+sudo mv /var/www/html/dolibarr-19.0.3 /var/www/html/dolibarr
+sudo chown www-data:www-data /var/www/html/dolibarr.zip
+sudo chown www-data:www-data /var/www/html/dolibarr
+shopt -s dotglob
+sudo chown -R www-data:www-data /var/www/html/dolibarr/*
+sudo 'DOLIBARR 19.0.3'
+echo 'http://localhost/dolibarr'
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+13)
+clear
+echo "RUNNING CERTBOT + APACHE PLUGIN..."
+sudo certbot --apache
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+14)
+clear
+echo "UPDATING LAMP..."
+sudo apt update
+sudo apt install -y apache2 mariadb-server php libapache2-mod-php php-mysql php-sqlite3 phpmyadmin snap snapd #adminer
+#sudo apt install -y certbot python3-certbot-apache
+sudo snap refresh certbot --classic
+echo 'DONE.'
+read -n1
+clear
+./lamp
+;;
+
+0)
+clear
+exit
+;;
+
+*)
+clear
+echo "Invalid input" 
+./lamp
+;;
+esac

lamppctl

@@ -0,0 +1,61 @@
+#!/bin/bash
+sudo clear
+sudo /opt/lampp/ctlscript.sh status
+echo 'LAMPP:'
+echo -n '
+1 - Start
+2 - Stop
+3 - restart
+4 - Status
+0 - Exit
+'
+read scr
+case $scr in
+
+1)
+clear
+sudo /opt/lampp/ctlscript.sh start
+echo 'Done.'
+read -n1
+clear
+./lamppctl
+;;
+
+2)
+clear
+sudo /opt/lampp/ctlscript.sh stop
+echo 'Done.'
+read -n1
+clear
+./lamppctl
+;;
+
+3)
+clear
+sudo /opt/lampp/ctlscript.sh restart
+echo 'Done.'
+read -n1
+clear
+./lamppctl
+;;
+
+4)
+clear
+sudo /opt/lampp/ctlscript.sh status
+echo 'Done.'
+read -n1
+clear
+./lamppctl
+;;
+
+0)
+clear
+exit
+;;
+
+*)
+clear
+echo "Invalid input" 
+./lamppctl
+;;
+esac

psl

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+clear; sudo tail -f /var/lib/portsentry/portsentry.history

rac

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+echo "INSTALLING REMOTE ACCESS TOOLS..."
+sudo apt install -y --ignore-missing ssh openssh-server openssl xrdp cockpit cockpit-networkmanager cockpit-storaged cockpit-files cockpit-packagekit ufw fail2ban portsentry libapache2-mod-security2 remmina avahi-daemon #cockpit-pcp cockpit-sosreport cockpit-podman cockpit-machines #guacamole
+sudo apt install -y --ignore-missing snort
+sudo apt install -y --ignore-missing suricata suricata-update
+sudo suricata-update
+wget https://servzero.net/arc/tools/f2b/jail.local; sudo mv jail.local /etc/fail2ban/
+wget https://servzero.net/arc/tools/f2b/ufw.f2b; sudo mv ufw.f2b ufw.f2b.conf; sudo mv ufw.f2b.conf /etc/fail2ban/filter.d/
+sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf; sudo sh -c 'echo "SecRuleEngine DetectionOnly" >> /etc/modsecurity/modsecurity.conf'
+sudo ufw allow ssh
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw allow 9090
+sudo ufw enable
+echo "DONE."
+read -n1

rks

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+sudo clear
+echo 'Rootkit Scan'
+echo 'Installing/Updating Scanners...'
+sudo apt install chkrootkit rkhunter
+echo 'Scanning...'
+sudo chkrootkit
+sudo rkhunter -c -x --sk
+echo 'Done.'
+read -n1
+clear

scl

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+#clear; tail -f /var/log/suricata/suricata.log
+clear; tail -f /var/log/suricata/fast.log

servinst

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+sudo clear
+echo "Installing firewall and remote access tools..."
+sudo apt install -y --ignore-missing ssh openssh-server openssl xrdp cockpit ufw fail2ban portsentry libapache2-mod-security2 snort remmina avahi-daemon #guacamole
+wget https://servzero.net/arc/tools/f2b/jail.local; sudo mv jail.local /etc/fail2ban/
+wget https://servzero.net/arc/tools/f2b/ufw.f2b.conf; sudo mv ufw.f2b.conf /etc/fail2ban/filter.d/
+sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf; sudo sh -c 'echo "SecRuleEngine On" >> /etc/modsecurity/modsecurity.conf'
+sudo ufw allow ssh
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw allow 9090
+sudo ufw enable
+echo "DONE."
+read -n1
+
+echo 'Installing webstack (LAMP)...'
+sudo apt update
+sudo apt install -y --ignore-missing apache2 mariadb-server php libapache2-mod-php php-mysql php-sqlite3 phpmyadmin snap snapd  #adminer
+#sudo apt install -y certbot python3-certbot-apache
+sudo snap install certbot --classic
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+sudo service apache2 start
+sudo service mariadb start
+sudo mysql_secure_installation
+#sudo echo 'Include /etc/phpmyadmin/apache.conf' >> /etc/apache2/apache2.conf
+sudo mysql -u root -p<< CMD
+CREATE USER 'webroot'@'localhost' IDENTIFIED BY 'w3bp4ssw0rd';
+GRANT ALL PRIVILEGES ON *.* TO 'webroot'@'localhost' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+CMD
+echo ''
+echo 'LOGIN PAGE:'
+echo 'http://127.0.0.1/phpmyadmin'
+echo 'http://localhost/phpmyadmin'
+echo 'USER: webroot'
+echo 'PASSWORD: w3bp4ssw0rd'
+echo ''
+echo 'Done.'
+read -n1
+
+echo 'Installing Mumble and ejabberd...'
+sudo apt install -y --ignore-missing mumble mumble-server ejabberd
+echo 'Done.'
+read -n1

snrt

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+clear
+sudo apt install snort;
+wget https://snort.org/downloads/community/community-rules.tar.gz -O ~/snortrules.tar.gz
+sudo tar -xvzf ~/snortrules.tar.gz -C /etc/snort/rules
+sudo rm -rf ~/snortrules.tar.gz
+mkdir ~/snortlogs
+sudo snort -d -b -A fast -c /etc/snort/snort.conf -l ~/snortlogs & sudo snort -d -b -A console -c /etc/snort/snort.conf

snrtlg

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+clear
+sudo tail -f /var/log/snort/snort.alert.fast
+

srvbkp

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+d=$(date +%Y%m%d)
+echo "SERVER BACKUP"
+echo "SERVER NAME:"
+read n
+#echo "DATE CODE:"
+#read d
+echo "BACKING UP SERVER..."
+echo "DUMPING SQL FILES..."
+mkdir dbs
+sudo mysql -N -e 'show databases' | while read dbname; do sudo mysqldump --complete-insert --routines --triggers --single-transaction "$dbname" | gzip > "./dbs/$dbname.sql.gz"; done
+echo "FINISHED DUMPING SQL FILES."
+echo "COMPRESSING FILES TO 7Z ACHIVES..."
+7z a $n-$d-sql.7z ./dbs/*
+sudo 7z a $n-$d-www.7z /var/www/html/*
+sudo 7z a $n-$d-etc.7z /etc/apache2/
+sudo 7z a $n-$d-etc.7z /etc/mysql/
+sudo 7z a $n-$d-etc.7z /etc/php/
+sudo 7z a $n-$d-etc.7z /etc/phpmyadmin/
+sudo 7z a $n-$d-etc.7z /etc/ufw/
+sudo 7z a $n-$d-etc.7z /etc/fail2ban/
+sudo 7z a $n-$d-etc.7z /etc/portsentry/
+sudo 7z a $n-$d-etc.7z /etc/snort/
+sudo 7z a $n-$d-etc.7z /etc/suricata/
+sudo 7z a $n-$d-etc.7z /etc/dnsmasq.d/
+sudo 7z a $n-$d-etc.7z /etc/hosts
+sudo 7z a $n-$d-etc.7z /etc/mumble-server.ini
+sudo 7z a $n-$d-etc-ejabberd.7z /etc/ejabberd/
+sudo 7z a $n-$d-opt-ejabberd.7z /opt/ejabberd/
+sudo 7z a $n-$d-var-lib-ejabberd.7z /var/lib/ejabberd/
+sudo 7z a $n-$d-ejabberd.7z $n-$d-etc-ejabberd.7z $n-$d-opt-ejabberd.7z $n-$d-var-lib-ejabberd.7z
+sudo 7z a $n-$d.7z $n-$d-www.7z $n-$d-sql.7z $n-$d-etc.7z $n-$d-ejabberd.7z
+echo "FINISHED COMPRESSING FILES TO 7Z ARCHIVES."
+echo "MOVING FILES..."
+sudo mkdir /var/www/html/-bkp/
+sudo mv $n-$d.7z /var/www/html/-bkp/
+echo "FINSISHED MOVING FILES."
+echo "CLEANING UP..."
+sudo chown www-data:www-data /var/www/html/-bkp/
+sudo chown www-data:www-data /var/www/html/-bkp/*
+rm -r dbs
+sudo rm $n-$d-www.7z $n-$d-sql.7z $n-$d-etc.7z $n-$d-ejabberd.7z $n-$d-etc-ejabberd.7z $n-$d-opt-ejabberd.7z $n-$d-var-lib-ejabberd.7z
+echo "SERVER BACKUP FINISHED."

tools

@@ -0,0 +1,64 @@
+#!/bin/bash
+clear
+echo -ne "
+CLI TOOLS
+---------------------------------
+1) HTOP [TASK MANAGER]
+2) YTREE [FILE MANAGER]
+3) NANO [TEXT EDITOR]
+4) HEXEDIT [HEX EDITOR]
+5) IFTOP [NETWORK TRAFFIC VEIWER]
+6) LINKS [WEB BROWSER]
+7) IRSSI [IRC CLIENT]
+9) INSTALL TOOLS
+0) EXIT
+ENTER NUMBER: "
+read -r x
+case $x in
+1)
+	htop
+	./tools
+	;;
+2)
+	ytree
+	./tools
+	;;
+3)
+	nano
+	./tools
+	;;
+4)
+	hexedit
+	./tools
+	;;
+5)
+	sudo iftop
+	./tools
+	;;
+6)
+	links
+	./tools
+	;;
+7)
+	irssi
+	./tools
+	;;
+9)
+	clear
+	echo 'INSTALLING TOOLS...'
+	sudo apt update; sudo apt install htop ytree nano hexedit iftop links irssi 
+	echo 'DONE.'
+	read -n1
+	./tools
+	;;
+0)
+	clear
+	exit
+	;;
+*)
+	clear
+	echo "NO OPTION"
+	./tools
+	;;
+esac
+

ufwb

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+clear
+echo BLOCK IP:
+read x
+sudo ufw insert 1 deny from $x 
+sudo ufw reload
+sudo ufw status numbered
+

ufwb6

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+clear
+sudo ufw status numbered
+echo IPV6 START NUMBER:
+read n
+echo BLOCK IP:
+read x
+sudo ufw insert $n deny from $x 
+sudo ufw reload
+sudo ufw status numbered
+

up

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+echo 'Updating & Upgrading...'
+sudo apt update
+sudo apt upgrade
+sudo apt autoremove
+sudo apt update
+sudo snap refresh
+sudo flatpak update
+echo 'Done.'
+read -n1; echo

upcerts

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+echo "UPDATING CERTS..."
+echo "CERT DOMAIN NAME:"
+read d
+
+# STOP SERVICES
+sudo systemctl stop cockpit.socket
+sudo systemctl stop mumble-server
+sudo systemctl stop ejabberd 
+
+## COCKPIT 
+sudo mkdir -p /etc/cockpit/ws-certs.d/
+sudo rm -rf /etc/cockpit/ws-certs.d/99-letsencrypt.cert
+sudo rm -rf /etc/cockpit/ws-certs.d/99-letsencrypt.key
+sudo cp /etc/letsencrypt/live/$d/fullchain.pem /etc/cockpit/ws-certs.d/99-letsencrypt.cert
+sudo cp /etc/letsencrypt/live/$d/privkey.pem   /etc/cockpit/ws-certs.d/99-letsencrypt.key
+
+# MUMBLE-SERVER
+sudo rm /opt/mumble-server/cert.pem
+sudo rm /opt/mumble-server/privkey.pem
+sudo rm /opt/mumble-server/chain.pem
+sudo rm /opt/mumble-server/fullchain.pem
+sudo cat /etc/letsencrypt/live/$d/cert.pem >> /opt/mumble-server/cert.pem
+sudo cat /etc/letsencrypt/live/$d/privkey.pem >> /opt/mumble-server/privkey.pem
+sudo cat /etc/letsencrypt/live/$d/chain.pem >> /opt/mumble-server/chain.pem
+sudo cat /etc/letsencrypt/live/$d/fullchain.pem >> /opt/mumble-server/fullchain.pem
+
+# EJABBERD 
+sudo rm /opt/ejabberd/conf/ejabberd.pem
+sudo cat /etc/letsencrypt/live/$d/privkey.pem /etc/letsencrypt/live/$d/fullchain.pem >> /opt/ejabberd/conf/ejabberd.pem
+
+# START SERVICES
+sudo systemctl start cockpit.socket
+sudo systemctl start mumble-server
+sudo systemctl start ejabberd
+
+# RESTART SERVICES AND SHOW STATUS
+sudo systemctl restart cockpit.socket
+sudo systemctl restart mumble-server
+sudo systemctl restart ejabberd
+sudo systemctl status cockpit.socket
+sudo systemctl status mumble-server
+sudo systemctl status ejabberd 
+
+#sudo /usr/lib/cockpit/cockpit-certificate-ensure --check