Tag Archives: bash

monitor process io

ps -eo state,pid,cmd | awk '/^D/ { print "proccess: " $3 ; system("cat /proc/"$2"/io") }'

proccess: [md1_raid10]
rchar: 0
wchar: 0
syscr: 0
syscw: 0
read_bytes: 0
write_bytes: 0
cancelled_write_bytes: 0
proccess :/opt/cpanel/ea-php56/root/usr/bin/php-cgi
rchar: 334932
wchar: 3941
syscr: 177
syscw: 26
read_bytes: 4096
write_bytes: 8192
cancelled_write_bytes: 4096

check ip by country linux

yum install geoip
geoipupdate
geoiplookup 1.1.1.1

GeoIP Country Edition: AU, Australia
ipaddr: 1.1.1.1
range_by_ip: 1.1.1.0 – 1.1.1.255
network: 1.1.1.0 – 1.1.1.255 ::24
ipnum: 16843009
range_by_num: 16843008 – 16843263
network num: 16843008 – 16843263 ::24

monitor IP connections per IP

#!/bin/bash
# IP BAN v. 1.0.0

WORK_DIR='/root/ddos'
IGNORE_IP_LIST="$WORK_DIR/ignoreip"
BLOCKED_IP_LIST="$WORK_DIR/blockedip"
LOG_FILE="$WORK_DIR/ban.log"

NO_OF_CONNECTIONS=20
APF_BAN=0
KILL=1

add__cron()
{
set="$(readlink -f "$0")"

if [ ! -f $WORK_DIR/ddos.sh ]; then
# mkdir /root/ddos >/dev/null 2>&1
cp $set $WORK_DIR/ddos.sh
chmod +x $WORK_DIR/ddos.sh
fi
if [ ! -f /etc/cron.d/check_ddos ]; then
echo "* * * * * root $WORK_DIR/ddos.sh >/dev/null 2>&1" > /etc/cron.d/check_ddos
fi

}
mk_ignore()
{
if [ ! -d "$WORK_DIR" ]; then
mkdir $WORK_DIR
fi
if [ ! -f $WORK_DIR/systemip ]; then
ip addr show | grep -w inet | awk '{ print $2 }' | cut -d"/" -f1 > $WORK_DIR/systemip
echo "0.0.0.0" >> $WORK_DIR/systemip
fi

}

prog_check()
{
if ! which netstat >/dev/null; then
apt-get install net-tools
fi
}

prog_check
mk_ignore
add__cron
TMP_PREFIX='/tmp/ddos'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
SYSIP="$WORK_DIR/systemip"

BAD_IP_LIST="$TMP_FILE"
netstat -an | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c | sort -nr > $BAD_IP_LIST
if [ $KILL -eq 1 ]; then
IP_BAN_NOW=0
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $NO_OF_CONNECTIONS ]; then
break
fi
IGNORE_BAN=`grep -c $CURR_LINE_IP $IGNORE_IP_LIST`
IGNORE_BAN2=`grep -c $CURR_LINE_IP $SYSIP`
IGNORE_BAN3=`grep -c $CURR_LINE_IP $BLOCKED_IP_LIST`

if [[ $IGNORE_BAN -ge 1 || $IGNORE_BAN2 -ge 1 || $IGNORE_BAN3 -ge 1 ]] ; then
continue
fi
IP_BAN_NOW=1
dt=$(date '+%Y/%m/%d %H:%M:%S');
echo "$CURR_LINE_IP was blocked at $dt" >> $LOG_FILE
echo $CURR_LINE_IP >> $BLOCKED_IP_LIST
if [ $APF_BAN -eq 1 ]; then
$APF -d $CURR_LINE_IP
else
echo $CURR_LINE_IP
/sbin/iptables -I INPUT 1 -s $CURR_LINE_IP -j DROP
/sbin/iptables -I OUTPUT 1 -d $CURR_LINE_IP -j DROP
fi
done < $BAD_IP_LIST fi rm -f $TMP_PREFIX.*

bash rename files for loop

-
rw-rw---- 1 abc mail 47048 Nov 30 13:23 dovecot.index
-rw-rw---- 1 abc mail 800488 Nov 30 15:34 dovecot.index.cache
-rw-rw---- 1 abc mail 28740 Nov 30 15:34 dovecot.index.log
-rw-rw---- 1 abc mail 42928 Nov 30 13:23 dovecot.index.log.2
-rw-rw---- 1 abc mail 72 Sep 25 09:35 dovecot.mailbox.log
-rw-rw---- 1 abc mail 124846 Nov 30 15:34 dovecot-uidlist

hard way (Centos 5):
for i in dove*; do mv -v "$i" "${i%}_old" ; done

simple way:
rename -v 's/$/_old/' dovecot*

-rw-rw---- 1 abc mail 800488 Nov 30 15:34 dovecot.index.cache_old
-rw-rw---- 1 abc mail 42928 Nov 30 13:23 dovecot.index.log.2_old
-rw-rw---- 1 abc mail 28740 Nov 30 15:34 dovecot.index.log_old
-rw-rw---- 1 abc mail 47048 Nov 30 13:23 dovecot.index_old
-rw-rw---- 1 abc mail 72 Sep 25 09:35 dovecot.mailbox.log_old
-rw-rw---- 1 abc mail 124846 Nov 30 15:34 dovecot-uidlist_old

another example extension renaming with for loop:
for f in *.html; do mv $f ${f%.html}.php; done