A collection of scripts from The Obscure Organization - a public access UNIX system in continuous use since 1995.
blockip.sh - Use iptables to temporarily block an IP addreess or CIDR block
This script uses iptables to temporarily block an IP address or CIDR block. It can be useful for mitigating unwanted traffic or attacks.
./blockip.sh 192.2.0.0
./blockip.sh 192.2.0.1 now+1daySymlink this into /usr/local/sbin to use it system-wide. To run with debugging information enabled:
DEBUG=true /usr/local/sbin/blockip.shbtidy.sh - Use HTML tidy but only versus the body of an HTML file. Useful for filtering fragments of HTML files, or for using in vim (:'a,'b ! btidy -wrap 0 -i -asxml)
This script uses HTML tidy to clean up the body of an HTML file. It is useful for filtering fragments of HTML files or for use in vim.
./btidy.sh <filename> [options] ...From vi family editors, assuming btidy.sh is in your path:
:% ! btidy.sh [options]
:'a,'b ! btidy.sh -icloud-init-centos-7-ipv6.yml - Use in instance data for CentOS 7.x EC2 servers that are having trouble getting an IPv6 default route. See also cloud-init-centos-7.6-ipv4-ena.yml and cloud-init-centos-7.6-ipv6-ena.yml
This cloud-init configuration is intended for older CentOS 7.x EC2 instances that are having trouble getting an IPv6 default route. It includes specific configurations for the ENA adapter and other settings.
Use this file as instance data when launching or configuring CentOS 7.x EC2 instances.
icinga2-graceful.sh - Check the validity of icinga2 system configuration files, then restart it only if the configuration is ok.
This script validates the icinga2 configuration and restarts the service only if the configuration is valid. It helps prevent service disruptions due to invalid configurations.
./icinga2-graceful.shTo run with debugging information enabled:
DEBUG=true ./icinga2-graceful.shicinga2-watchdog.sh - Ensure that an icinga2 system alerts once per day to let people know it is still alive - and where to complain if it is dead.
This script ensures that an icinga2 system sends a custom notification every day to remind you that it is still alive. It helps monitor the health of the icinga2 system.
Configure an API user called "watchdog" in /etc/icinga2/conf.d/api-users.conf:
object ApiUser "watchdog" {
password = "replace-me-with-a-real-password"
permissions = [ "*" ]
}Set up a host group in your conf.d/host-groups.conf:
object HostGroup "icinga-servers" {
display_name = "Icinga Servers"
assign where host.vars.icinga
}Create a configuration file to customize the message and credentials, and put it in /etc/icinga2/icinga2-watchdog.env:
CREDENTIALS='watchdog:xxxxxxxxxxxxxyyyyyyyyyyyzzzzzz12'
CONTACT_NAME='Snafu Fubar'
CONTACT_PHONE='+1 555 555 1212'Add a crontab entry on your icinga server:
0 16 * * * set -a && . /etc/icinga2/icinga2-watchdog.env && /usr/local/bin/icinga2-watchdog.shimapd-reap-processes.sh - Kill off stale imapd processes that accumulate on a busy mail server
This script purges root-owned imapd processes that started and never got killed off. It helps save process slots and memory on a busy mail server.
Create symlinks to activate this:
sudo ln -s $(pwd)/imapd-reap-processes.sh /usr/local/sbin/imapd-reap-processes.sh
sudo ln -s /usr/local/sbin/imapd-reap-processes.sh /etc/cron.daily/imapd-reap-processespatronus.sh - kill login sessions and processes on other ttys, with a whimsical magic twist.
This script kills login sessions and processes on other ttys the way Harry Potter would have done it. It is a parody of J.K. Rowling's novels; this is perhaps one of the only works of fan fiction or parody written in bash!. Originally released under the GPLv3, now relicensed under the MIT license, and updated to be shellcheck clean.
./patronus.shTo run with debugging information enabled:
DEBUG=true ./patronus.shrun-sysbench.sh - Run sysbench with a standard set of options. Useful for collecting the same set of performance statistics on multiple hosts.
This script runs a complete suite of sysbench performance benchmarks. It is useful for collecting the same set of performance statistics on multiple hosts.
./run-sysbench.sh <storage_type>Replace <storage_type> with either disk or ssd.
ssh-add-all.sh - Alias to add all your SSH keys from $HOME/.ssh/ with one command.
This script adds all your SSH keys from $HOME/.ssh/ with one command. It is useful for quickly adding multiple SSH keys to the SSH agent.
./ssh-add-all.sh- ssh-add-ramdisk.sh - Keep your SSH keys on a USB key, but load them into a RAMDisk on macOS or Linux - so you don't have to keep permanent copies of the SSH keys on the systems you physically use, which is useful sometimes.
This script allows you to copy your SSH keys from removable media to a RAM disk and then adds the SSH keys to your current SSH agent keyring. It is useful for keeping your SSH keys secure and not leaving permanent copies on the systems you use.
./ssh-add-ramdisk.shTo remove the ramdisk:
./ssh-add-ramdisk.sh -r- ssh-env.sh - Use to help reconnect managed terminal sessions (think
screenortmux) terminals to your SSH key agent via environment manipulation.
This script helps propagate the SSH environment inside the current session. It is useful for reconnecting managed terminal sessions (e.g., screen or tmux) to your SSH key agent.
./ssh-env.shInside your .profile, .bash_profile, or .bash_login:
./ssh-env.shWhen running interactively in a tmux or screen session, include the output of ssh-env.sh and regain access to your SSH agent:
. ~/.ssh/env- uptimerobot-firewall-update.sh - Update firewall entries that allow uptimerobot.com to check otherwise resticted services. Uptime Robot is free and is suitable for small-scale monitoring as a primary service or as a secondary monitor that watches your primary monitoring system and most critical services.
This script updates the firewall entries to allow uptimerobot.com to check otherwise restricted services. It is useful for integrating Uptime Robot with your monitoring setup.
Run this on a host that will be monitored through uptimerobot.com. Consider linking it into cron, for example:
sudo ln -s $PWD/uptimerobot-firewall-update.sh /etc/cron.weekly/tiamat-setup.sh - Set up packages and more on tiamat.obscure.org (emergency recovery script)
This script sets up packages and more on tiamat.obscure.org, the main server for The Obscure Organization. It is an emergency recovery script for setting up the system after catastrophic failures, and also gets used to install packages and configure the system on an intermittent basis.
Run this script as root to set up the necessary packages and configurations on tiamat.obscure.org.
sudo ./tiamat-setup.sh- watch-filevault-setup.sh - Watch and log the filevault encryption process, which can take a really long time on an older Macintosh.
This script watches the progress of FileVault and logs the progress to a file. It is useful for monitoring the FileVault encryption process on macOS.
./watch-filevault-setup.shThanks go to Scott Hanselman for the suggestion and instructions on switching the git default branch from master to main. This repository transitioned to using main as its default branch on 2020-06-14.
Copyright (C) 2020 by The Obscure Organization
MIT licensed. See LICENSE for details.