25. February 2015 · Comments Off on Root Auth Monitor: iptables DROP evil networks · Categories: Linux, Linux Admin, Linux Scripts, Linux Security, Networking

The following is an upstart script that monitors & blocks networks that fail to log into your Ubuntu server as root. Its great script to stop brute force logins to your server.

The following are a couple commands for reference:

Start/Stop the script…
start tty12
stop tty12

List INPUT rules w/line numbers…
iptables -L INPUT -n –line-numbers

Delete an INPUT rule by line number…
iptables -D INPUT 1

# /etc/init/tty12 - Root Auth Monitor: iptables DROP evil networks
# Required modifying/adding PermitRootLogin & AllowUsers to /etc/ssh/sshd_config
start on runlevel [23] and not-container
stop on runlevel [!23]
exec > /dev/tty12
tail -fn0 /var/log/auth.log | while read LINE
do echo "$LINE" | grep ": Failed password for invalid user root from"
 if [ $? = 0 ]
   whois -h whois.cymru.com " -p $(echo "$LINE" | awk '{print $13}')" | grep ^[0-9] | sed 's/ *| */|/g' |\
   while IFS="|" read AS IP PREFIX NAME
    do iptables -I INPUT -s $PREFIX -j DROP -m comment --comment "AS$AS: $NAME"
end script
29. January 2015 · Comments Off on Quickly Add or Delete an Infoblox host entry. · Categories: Linux, Linux Admin, Linux Scripts

I was going through the published Infoblox /wapidoc documentation and decided to write a shell script that gives me the ability to bulk add/delete Infoblox HOST records at my office. This script uses cURL to post against an Infoblox grid master. You will need to make sure your user account has API permissions and the DNS zone association for the IPAM address range is configured to allow the particular domains host entries.

The following is the output of the script adding and deleting HOST records on an Infoblox in my lab.

Adding/Updating a HOST record

$ ibHOST.sh -u -h testing -i
D: "record:host/ZG5zLmhvc3QkLjEuY29tLnNweC5nbG9iYWwuZGUtdGVzdGluZw:testing.domain.contoso.com/Internal%20View"
U: "record:host/ZG5zLmhvc3QkLjEuY29tLnNweC5nbG9iYWwuZGUtdGVzdGluZw:testing.domain.contoso.com/Internal%20View"
$ host testing
testing.domain.contoso.com has address

Deleting a HOST record

$ ibHOST.sh -d -h testing
D: "record:host/ZG5zLmhvc3QkLjEuY29tLnNweC5nbG9iYWwuZGUtdGVzdGluZw:testing.domain.contoso.com/Internal%20View"
$ host testing
Host testing.domain.contoso.com not found: 3(NXDOMAIN)

This script has been very handy for most of my data center migrations. Using simple loop iteration to go through a list you can bulk add host records using the Infoblox WebAPI’s. This is not the best script to show off Infoblox WebAPI’s, but it gets the job done. If your looking to use this script, be very careful and test it before any mass runs! I take no responsibility if you damage anything in your environment.


Just an FYI; this script is a modification of a previous post I did in 2012 that uses nsupdate to update A records on a bind server: Quickly update or delete a zonefile host entry.

## Created By: deaves
# Quickly Add or Delete an Infoblox host entry.
## Requires: curl, WebAPI enabled on Infoblox.
DNSVIEW="Internal View"
##### Begin Script #####
function DELETE () {
 echo -n "D: "
 curl -k -u ${USER} -X DELETE https://${SERVER}/wapi/v1.0/`curl -k -u ${USER} -X GET https://${SERVER}/wapi/v1.0/record:host -d name=${HOST}.${DOMAIN} 2> /dev/null | grep "_ref" | head -n1 | awk -F\" '{print $4}'` 2> /dev/null
function ADD () {
### Update DNS record for HOST ###
 echo -n "U: "
 curl -k -u ${USER} -H "Content-Type: application/json" -X POST https://${SERVER}/wapi/v1.0/record:host -d "{ \"ipv4addrs\":[{\"configure_for_dhcp\": false,\"ipv4addr\": \"${IPv4}\"}],\"name\": \"${HOST}.${DOMAIN}\",\"view\": \"${DNSVIEW}\"}" 2> /dev/null
function usage () {
  ### Display the script arguments.
  printf "Usage: $0 [-du] -h  -i \n\n"
  printf "Requires one option!\n"
  printf "\t-d: Delete a \"${DOMAIN}\" HOST record\n"
  printf "\t-u: Update/Add a \"${DOMAIN}\" HOST record\n\n"
while getopts "duh:i:" ARG; do
  case "${ARG}" in
    d) [ -z $ACTION ] && { ACTION="D"; };;
    u) [ -z $ACTION ] && { ACTION="U"; };;
    h) HOST="$(echo $OPTARG | tr [:upper:] [:lower:])";;
    i) IPv4="$OPTARG";;
    ?) echo "Invalid option -$OPTARG"; exit 1;;
done 2> /dev/null
if [ "$ACTION" == "U" ]; then
  [ -z "$IPv4" ] && { echo "Error: Missing IP" && exit 1; }
  [ "$(host ${HOST}.${DOMAIN} | awk '{print $NF}')" != "3(NXDOMAIN)" ] && { DELETE ;}
elif [ "$ACTION" == "D" ]; then
  [ -z "$HOST" ] && { echo "Error: Missing HOST" && exit 1; }
  [ "$(host ${HOST}.${DOMAIN} | awk '{print $NF}')" != "3(NXDOMAIN)" ] && { DELETE ;}
  usage && exit 1;
19. January 2015 · Comments Off on Cisco autonomous AP associated users script. · Categories: Cisco, Linux Scripts

Apparently there is no SNMP string to query to get the number of users associated to each of your SSIDs. So I created a small script to connect to the AP via its web interface and pull down an associated user count. Eventually I’ll create a cacti template for this script. In the meanwhile its just standalone script.

## Created by: deaves
# Query an autonomous Cisco AP and display a count of all users associated to each SSID.
## Requires: curl
# Required script variables.
APHOST=""            # AP hostname
AUTHUP="joeuser:joepassword"        # USERNAME:PASSWORD
# FUNCTION: End Script if error.
DIE() {
 echo "ERROR: Validate \"$_\" is installed and working on your system."
 exit 0
# Validate script requirements are meet.
type -p curl > /dev/null || DIE
printf "%-8s %-20s %-5s\n" "Radio" "SSID" "Users"
printf "%-8s %-20s %-5s\n" "=======" "===================" "====="
# Main Loop.
curl --user ${AUTHUP} http://${APHOST}/ap_assoc.shtml 2> /dev/null | awk 'sub(/\"htmlClients\"/,""){f=1} /^">/{f=0} f' | awk 'NR > 2' | while read LINE
 do eval ARRAY=( $LINE )
  [ "${ARRAY[0]}" == "802.11" -a "${ARRAY[4]}" == "Dot11Radio0:" ] && { RADIO="2.4GHz" ;}
  [ "${ARRAY[0]}" == "802.11" -a "${ARRAY[4]}" == "Dot11Radio1:" ] && { RADIO="5GHz" ;}
  [ "${ARRAY[0]}" == "SSID" ] && { SSID="${ARRAY[1]}"; echo; unset MAC ;}
  [ "${ARRAY[6]}" == "Assoc" ] && { MAC+=( "${ARRAY[0]}" ) ;}
  [ -n "${SSID}" -a -n "${ARRAY[0]}" ] && { printf "${RADIO} ${SSID} ${#MAC[@]} " ;}
 done | awk '{print $1,$2,$NF}' | sed '1d;s/\[//g;s/\] / /g' | while read RADIO SSID ASSOC
  printf "%-8s %-20s %-5s\n" "${RADIO}" "${SSID}" "${ASSOC}"
09. January 2015 · Comments Off on Create screen session to all ttyUSB devices · Categories: Linux, Linux Admin, Uncategorized

The following one-liner will create a new window for each /dev/ttyUSB port connected to the system. Assuming you’re in the dialout group. :)


for g in `groups`
 do [ "$g" == "dialout" ] &&
          for TTY in /dev/ttyUSB*
           do TERM=`basename $TTY`
                screen -t "$TERM" $TTY 9600,-ixoff,-ixon || screen -s "$TERM"


03. December 2014 · Comments Off on HWIC-8A Base Config · Categories: Cisco, Networking

Normally they are to expensive for what they do, but the other day I found a HWIC-8A from ebay at a good price. As a result, I now have remote Serial & JTAG access to a bunch of test equipment via my Cisco Router. The following is a quick sample config I tossed together on how to configure it.

If needed the following is the pin-out to the Cisco Octal Cable: http://www.cisco.com/c/en/us/support/docs/dial-access/asynchronous-connections/14958-24.html

! Create a AAA authentication policy that will
! not make the user supply local credentials to
! connect to the Async TTY's. 
aaa new-model
aaa authentication login TERMSERV none
! Create an ACL to control who can connect.
! Warning: Anyone will be able to connect to the
! tty's when transport is configured.
ip access-list standard TERMSERV
 remark *** TERMSERV ACCESS ***
! Need to change the physical-layer to async
! Interface descriptions correspond to the
! CAB-HD8-ASYNC cable each port will represent.
interface Serial0/0/0
 physical-layer async
 description [0-3/0]
interface Serial0/0/1
 physical-layer async
 description [0-3/2]
interface Serial0/0/2
 physical-layer async
 description [0-3/4]
interface Serial0/0/3
 physical-layer async
 description [0-3/6]
interface Serial0/0/4
 physical-layer async
 description [4-7/0]
interface Serial0/0/5
 physical-layer async
 description [4-7/2]
interface Serial0/0/6
 physical-layer async
 description [4-7/4]
interface Serial0/0/7
 physical-layer async
 description [4-7/6]
! Set transport type and bind ACL/AAA to the Async lines.
line 0/0/0 0/0/7
 access-class TERMSERV in vrf-also
 login authentication TERMSERV
 transport input all
 transport output all