Calculate navigation size SQUID logs

IP’s used by administrator user

user = administrator

(xzcat *access*.xz; zcat *access*.gz) | grep administrator | awk '{if(data[$3]==0)ips[++cnt]=$3; data[$3]+=$5}END{for(i=1;i<=cnt;i++){print ips[i]" "data[ips[i]]/1048576}}'

IP’s used by impresora¬†user without DENY

(xzcat *access*.xz; zcat *access*.gz) | grep -v TCP_DENIED | awk '$8 ~ /impresora/ {if(data[$3]==0)ips[++cnt]=$3; data[$3]+=$5}END{for(i=1;i<=cnt;i++){print ips[i]" "data[ips[i]]/1048576}}'
Advertisements

List openvpn valid certificates (using index.txt)

list_valid_certificates.sh

#!/bin/bash

# Run this script inside openvpn certificates directory.

rm -fv listado_certificados_validos.txt

CNT=`grep ^V index.txt | wc -l`

for i in 6 7
do
 grep ^V index.txt | cut -d / -f $i | sed 's+/emailAddress++g' | grep ^"CN" >> listado_certificados_validos.txt
done

CNT2=`cat listado_certificados_validos.txt | wc -l`

echo -e "-- VALIDANDO DATOS -- \n"

echo -e $CNT $CNT2" \n"

if [ $CNT2 -eq $CNT ]
then
 cat listado_certificados_validos.txt | sort | nl && echo -e "\nOK"
fi

Sync or copy playlist (.m3u) files

sync_playlist.sh

#!/bin/bash

PLAYLISTS=( rock_tracks.m3u jazz_songs.m3u shazam_01.m3u best_albums.m3u )
ROOTDIR=/home/user/Music/Playlists
DSTDIR=/home/user/Board
CMD="/usr/bin/rsync --progress -u"
TMP=`pwd`/.temp

mkdir $TMP

for i in "${PLAYLISTS[@]}"
do
 grep -v "^#" $ROOTDIR/$i | while read tracks; do du -k "${tracks}" >> $TMP/${i}.sum; done
done

cd $TMP
for i in *.sum
do
 FILE=`echo ${i} | sed s/.sum//g`
 SUM=`cat ${i} | awk '{total=total+$1} END {print total}' | awk '{ human = $1 / 1024} END {print human" M"}'`
 echo -e "$FILE == >> $SUM"
done
cd ..

echo -e "Do you want to synchronize the playlists? (y/n)"
read answer

if [ $answer = y ]
then
 for i in ${PLAYLISTS[@]}
 do
 DIRNAME=`echo ${i} | sed s/.m3u//g`
 mkdir -p $DSTDIR/"${DIRNAME}"
 grep -v "^#" $ROOTDIR/$i | while read tracks; do $CMD "${tracks}" $DSTDIR/"${DIRNAME}"; done
 ls -tr $DSTDIR/"${DIRNAME}" > $TMP/${i}
 mv $TMP/${i} $DSTDIR/"${DIRNAME}"
 done
fi

if [ $answer = n ]
then
 echo -e "OK"
fi

rm -r $TMP

Ossim lookup ip script – Execute using a rule

lookup_ip.pl

This script parse an ip address looking up geoip information and populating a database with its information and suricata ids information.

#!/usr/bin/perl

use Geo::IP::PurePerl;
use Email::MIME;
use Email::Sender::Simple qw(sendmail);
use Net::IP::Match::Regexp qw( create_iprange_regexp match_ip );
use DBI;

my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIP.dat", GEOIP_STANDARD);
my $srcip = $ARGV[0];
my $country = $gi->country_code_by_addr($ARGV[0]);
my $date = qx(date +%Y-%m-%d);
my $time = qx(date +%H:%M:%S);
my $sidname = $ARGV[1];
my $srcport = $ARGV[2];
my $protocol = $ARGV[3];
my $dstip = $ARGV[4];
my $dstport = $ARGV[5];

open (MYFILE, '>/tmp/temp.txt');
foreach $argnum (0 .. $#ARGV) {
 print MYFILE "$ARGV[$argnum]\n";
}
close (MYFILE);

my $regexp = create_iprange_regexp('192.168.0.0/16','10.0.0.0/8','172.16.0.0/16','172.17.0.0/16');
if ( match_ip($srcip, $regexp) ) {
 print "ip interna \n";
 exit 0;
} else {
 print "ip externa \n";
}

my $dbh = DBI->connect("DBI:Pg:dbname=siem;host=localhost", "database", "password", {'RaiseError' => 1});
my $registry = $dbh->do("INSERT INTO ips_db (date,time,sensor,sid_name,src_ip,src_port,dst_ip,dst_port,src_country,action) VALUES ('$date','$time','192.168.56.10','$sidname','$srcip','$srcport','$dstip','$dstport','$country','database')");

Perl transfer files using ssh (shortcut command)

transfer.pl

#!/usr/bin/perl

use Term::ANSIColor;

if (! defined $ARGV[0]) {
 print "Don't be stupid please...";
 exit 0;
}

my $file = "/home/user/hosts.txt";
my $keysdir = "/home/user/keys";
my $username = $ARGV[1];
my $remote_hostname = $ARGV[0];
my $xfer = $ARGV[2];
my $time = qx/date/;

if ( $ARGV[0] =~ /edit/) {
 my $command = "vim $file";
 system ($command);
 exit 0;
}

if ( $ARGV[0] =~ /list/) {
 print "\n";
 open (my $data, "<" , "$file")
 or die "Failed to open file: $!\n";
 while (my $row = <$data>) {
 chomp $row;
 print "$row\n"
 }
 exit 0;
}

if (! defined $ARGV[2]) {
 print "Please load a file!";
 exit 0;
}

open (my $data, "<" , "$file")
or die "Failed to open file: $!\n";

while (my $row = <$data>) {
 chomp $row;
 if ( $row =~ /$remote_hostname/) {
 if ( defined $ARGV[3] ) {
 my @args = ($row, $ARGV[3]);
 ssh_transfer_key(@args);
 exit 0;
 }
 else {
 ssh_transfer($row);
 exit 0;
 }
 }
}

print "Remote host not found!";

sub ssh_transfer() {

 my $row = $_[0];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Transfering file to $hostname ...\n";
 print color("red"), "scp -P $port $xfer $username@$ipaddress:/tmp \n", color("reset");
 my $command = "scp -P $port $xfer $username"."@"."$ipaddress:/tmp/";
 system($command);
 exit 0;

}

sub ssh_transfer_key() {

 my $row = $_[0];
 my $key = $_[1];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Transfering file to $hostname ...\n";
 print color("red"), "scp -i $keysdir/$key -P $port $xfer $username"."@"."$ipaddress:/tmp \n", color("reset");
 my $command = "scp -i $keysdir/$key -P $port $xfer $username"."@"."$ipaddress:/tmp/";
 system($command);
 exit 0;

}

close $data;

handy linux and technology info