linux: eGW-shell

[root@localhost eGW]# cat startAll.sh 
#!/bin/bash -

#########################################################################################
# startAll.sh
# 管理所有进程的启动和配置
# version:1.0
# update:20170921
#########################################################################################

CUR_DIR=/root/eGW/config.sh

#配置sshd
source ${CUR_DIR}/sshd.sh

#配置防火墙
source ${CUR_DIR}/iptables.sh

#配置网络
source ${CUR_DIR}/net.sh 

#检查环境
source ${CUR_DIR}/env.sh

#拉起主进程
source ${CUR_DIR}/ltegwd.sh
sleep 2

#配置eGW
source ${CUR_DIR}/egw.sh

#启动watchdog
source ${CUR_DIR}/watchdog.sh

[root@localhost config.sh]# cat watchdog_secure.sh 
#!/bin/bash -

#########################################################################################
# watchdog_secure.sh
# 防暴力破解程序,防范远程扫描和暴力破解
# version:1.0
# update:20171123
#########################################################################################

protect_time=600

function set_sshd_protect() {
    sshd_protect=`cat /root/eGW/networkcfg.conf |grep '^set_sshd_protect_enable' |awk '{ print $2 }'`
    HEAD=$(lastb|grep ssh|head -n 20|tail -n 1|awk '{print $5" "$6" "$7}')
    #echo $HEAD
    TIME=$(($(date +%s)-$(date +%s -d "$HEAD")))
    #echo $TIME
    if [ $TIME -lt 600 ]; then
        time_all=`date +%Y-%m-%d' '%H:%M:%S`
        echo $time_all "login error too much!" >> /root/eGW/Logs/watchdog/secure.log
        if [[ $sshd_protect -eq 1 ]];then
            lastb|grep ssh|head -n 20 |awk '{ip[$3]++}END{ for(key in ip){ if(ip[key]>5){print key}}}' >> /root/eGW/Logs/watchdog/secure.txt
            cat /root/eGW/Logs/watchdog/secure.txt |sort |uniq > /root/eGW/Logs/watchdog/secure_sort.txt
            mv /root/eGW/Logs/watchdog/secure_sort.txt /root/eGW/Logs/watchdog/secure.txt
            echo "#hosts.deny" > /etc/hosts.deny
            while read line
            do
                echo "sshd:"$line >> /etc/hosts.deny
            done < /root/eGW/Logs/watchdog/secure.txt 
        fi
    fi
}



function protect_while() {
    while true
    do
        set_sshd_protect
        systemctl restart sshd
        sleep $protect_time
    done
}

#set_sshd_protect
protect_while &

[root@localhost config.sh]# cat egw.sh 
#!/bin/bash -
#########################################################################################
#egw.sh
#配置eGW
#version:1.0
#update:20170921
#########################################################################################
#time_log=`date +%Y%m%d%H%M%S`
#egw_log_DIR=/root/eGW/Logs/config
#echo "#egw.log" > ${egw_log_DIR}/egw_${time_log}.log
#exec 1>>${egw_log_DIR}/egw_${time_log}.log
#exec 2>>${egw_log_DIR}/egw_${time_log}.log

DIR=/root/eGW
dlipsec=`cat ${DIR}/networkcfg.conf |grep "^set_dlipsec_enable" |awk -F " " '{print $2}'`
ulipsec=`cat ${DIR}/networkcfg.conf |grep "^set_ulipsec_enable" |awk -F " " '{print $2}'`

#替换配置中到EPC的链路IP地址为分配的ipsec地址
function replace_ipaddr() {
    if [[ $ulipsec -eq  1 ]];then
        while :
        do
            ip_conf=`ipsec status | grep client | grep === | awk '{print $2}' | awk 'BEGIN {FS = "/"} {print $1}'`
            if [ -n "$ip_conf" ];then
                        echo "$ip_conf"
                        break
            fi
            sleep 2
        done
        sed -i "s#^lccmd set_gtp_ip uplink add .*#lccmd set_gtp_ip uplink add $ip_conf#g" /root/eGW/config.txt
        prereg="^lccmd set_gwenb_link [0-9]\{1,\} [0-9]\{1,\} "
        ipreg="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
        postreg=":.*"
        sed -i "s/\($prereg\)$ipreg\($postreg\)/\1$ip_conf\2/g"  /root/eGW/config.txt
    fi
}

#配置gtp
function set_gtp() {
    rmmod ${DIR}/gtp-relay.ko
    insmod ${DIR}/gtp-relay.ko
    gtp_a=`cat ${DIR}/networkcfg.conf |grep "^set_gtp1_1_address" |awk '{print $2}'|awk -F '.' '{print $1}'`
    gtp_b=`cat ${DIR}/networkcfg.conf |grep "^set_gtp1_1_address" |awk '{print $2}'|awk -F '.' '{print $2}'`
    gtp_address=`cat ${DIR}/networkcfg.conf |grep "^set_gtp1_1_address" |awk '{print $2}'`
    ifconfig gtp1_1 $gtp_address 2>&1>/dev/null
    if [ $gtp_a ] && [ $gtp_b ];then 
        var=`expr $gtp_a \* 256 + $gtp_b`
        echo $var > /sys/module/gtp_relay/parameters/gtp_lip
    fi

    local_forward_flag=`cat ${DIR}/networkcfg.conf |grep '^set_local_forwarding' |awk '{print $2}'`
    
    [ $local_forward_flag ] && echo $local_forward_flag > /sys/module/gtp_relay/parameters/gtp_islip

    if [[ $dlipsec -eq  1 ]];then
        echo 1 > /sys/module/gtp_relay/parameters/gtp_ipsec_dl
    else
        echo 0 > /sys/module/gtp_relay/parameters/gtp_ipsec_dl
    fi

    if [[ $ulipsec -eq  1 ]];then
        echo 1 > /sys/module/gtp_relay/parameters/gtp_ipsec_ul
    else
        echo 0 > /sys/module/gtp_relay/parameters/gtp_ipsec_ul
    fi
}

#读取配置
function set_configure() {
    CONFIGFILE=/root/eGW/config.txt
    while read line
    do
        if [ "${line:0:1}" != "#" ]; then
            [ -z "$line" ] && continue
            exename=`echo $line | cut -d' ' -f1`
            #echo $exename
            #echo $line

            if [[ "$exename" == "lccmd"  && -f /usr/sbin/$exename ]];then
                usleep 4000
                $line 2>&1>/dev/null &
            else
                echo "Unable to execute :: /usr/sbin/$exename: file not found"
            fi
        fi
    done < $CONFIGFILE
}

function config_egw() {
    replace_ipaddr
    set_gtp
    set_configure
}


config_egw

[root@localhost config.sh]# cat env.sh 
#!/bin/bash -

#########################################################################################
# env.sh
# 环境校验
# version:1.0
# update:20170921
#########################################################################################

#启动OMC接口监听服务
function check_omc_interface() {
    egw_manage=`ps -ef |grep egw_manage$ |awk '{ print $8 }'`
    egw_report=`ps -ef |grep egw_report$ |awk '{ print $8 }'`

    if [[ $egw_manage != '/root/eGW/OMC/egw_manage' ]];then
        spawn-fcgi -a 127.0.0.1 -p 4001 -f /root/eGW/OMC/egw_manage 2>&1>/dev/null
    fi

    if [[ $egw_report != '/root/eGW/OMC/egw_report' ]];then
        /root/eGW/OMC/egw_report &  2>&1>/dev/null
    fi
}

function check_nginx_interface() {
    systemctl start nginx 
}

function check_redis_interface() {
    systemctl start redis 
}


check_omc_interface
check_nginx_interface
check_redis_interface

[root@localhost config.sh]# cat iptables.sh 
#!/bin/bash -

#########################################################################################
# iptables.sh
# 防火墙程序,定义iptables规则,对公网口进行过滤
# version:1.0
# update:20170921
#########################################################################################



function init_iptables() {
    iptables -F         #删除所有链中所有规则 
    iptables -F -t nat  #删除nat表中的所有规则
    iptables -X         #删除用户定义规则链   
    iptables -Z         #清空计数器
}


function set_default_policy_iptables() {
    iptables -P INPUT ACCEPT      #允许所有包进入
    iptables -P OUTPUT ACCEPT     #允许所有包出去
    iptables -P FORWARD ACCEPT    #允许所有包转发
}

function set_firewalld_iptables() {
    iptables_switch=`cat /root/eGW/networkcfg.conf |grep '^set_iptables_enable' |awk '{print $2}'`
    public_interface=`cat /root/eGW/networkcfg.conf |grep '^set_public_address' |awk '{print $2}' |awk -F ':' '{print $1}'`
    if [[ $iptables_switch -eq 1 ]];then
        iptables -A INPUT -p udp --sport 53 -j ACCEPT                                       #允许DNS
        iptables -A INPUT -p udp --dport 53 -j ACCEPT                                       #允许DNS
        iptables -A INPUT -p tcp --dport 50683 -j ACCEPT                                    #允许SSH登录
        iptables -A INPUT -p udp --dport 500 -j ACCEPT                                      #允许IPSEC握手
        iptables -A INPUT -p udp --dport 4500 -j ACCEPT                                     #允许IPSEC隧道包
        iptables -A INPUT -p sctp --dport 36412 -j ACCEPT                                   #允许SCTP包
        iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT                                #允许已经建链的包和响应包
        iptables -A INPUT -p icmp -j ACCEPT                                         #允许ICMP包
        iptables -A INPUT -p esp -j ACCEPT                                                              #允许ESP包
        [ $public_interface ] && iptables -A INPUT -p all -i ${public_interface} -j DROP                    #丢弃指定端口包
    fi
}

function set_nat_iptables() {
    local_forward_enable=`cat /root/eGW/networkcfg.conf |grep '^set_local_forwarding' |awk '{print $2}'`
    gtpnat_interface=`cat /root/eGW/networkcfg.conf |grep '^set_gtpnat_address' |awk '{print $2}' |awk -F ':' '{print $1}'`
    gtpnat_ip=`cat /root/eGW/networkcfg.conf |grep '^set_gtpnat_address' |awk '{print $2}' |awk -F ':' '{print $2}'`
    gtp_a=`cat /root/eGW/networkcfg.conf |grep "^set_gtp1_1_address" |awk '{print $2}'|awk -F '.' '{print $1}'`
    gtp_b=`cat /root/eGW/networkcfg.conf |grep "^set_gtp1_1_address" |awk '{print $2}' |awk -F '.' '{print $2}'`
    if [[ $local_forward_enable -eq 1 ]] && [ $gtp_a ] && [ $gtp_b ] && [ $gtpnat_interface ] && [ $gtpnat_ip ];then
        iptables -t nat -A POSTROUTING -s ${gtp_a}.${gtp_b}.0.0/16 -o $gtpnat_interface -j SNAT --to-source $gtpnat_ip   #nat转换
    fi
}

function config_iptables() {
    init_iptables
    set_default_policy_iptables
    set_firewalld_iptables
    set_nat_iptables
}

config_iptables

[root@localhost config.sh]# cat ltegwd.sh 
#!/bin/bash -

#########################################################################################
# ltegwd.sh
# 启动ltegwd进程
# version:1.0
# update:20170925
#########################################################################################

function start_ltegwd() {
    /root/eGW/ltegwd 0 1 & 2>&1>/dev/null
}


start_ltegwd

[root@localhost config.sh]# cat net.sh 
#!/bin/bash -

#########################################################################################
# net.sh
# 配置网络
# version:1.0
# update:20170921
#########################################################################################

function init_net() {
    systemctl stop NetworkManager.service
    #systemctl restart network.service
}


function start_ipsec() {
    ipsec_down=`cat /root/eGW/networkcfg.conf |grep "^set_dlipsec_enable" |awk '{print $2}'`
    ipsec_up=`cat /root/eGW/networkcfg.conf |grep "^set_ulipsec_enable" |awk '{print $2}'`
    if [[ $ipsec_down -eq  1 ]];then
        ipsec start
    fi
    if [[ $ipsec_up -eq  1 ]];then
        ipsec start
    fi
}

#读取networkcfg.conf并配置
function set_net(){
    while read line
    do
        if [ "${line:0:1}" != "#" ]; then
            [ -z "$line" ] && continue
            $line 2>&1>/dev/null
        fi  
    done < /root/eGW/networkcfg.conf
}


function config_net() {
    init_net
    set_net
    start_ipsec
}


config_net

[root@localhost config.sh]# cat sshd.sh 
#!/bin/bash -

#########################################################################################
# sshd.sh
# 远程登录程序,定义ssh登录端口,防范远程扫描和暴力破解
# version:1.0
# update:20171023
#########################################################################################

function set_sshd() {
    sshd_port=`cat /root/eGW/networkcfg.conf |grep '^set_sshd_port' |awk '{ print $2 }'`
    if [[ -n $sshd_port ]];then
        #grep '^Port' /etc/ssh/sshd_config 2>&1>/dev/null
        sshd_config_port=`cat /etc/ssh/sshd_config |grep '^Port' |awk '{ print $2 }'`
        if [[ ! -n $sshd_config_port ]];then
                echo "Port $sshd_port" >> /etc/ssh/sshd_config
                systemctl restart sshd
        elif [[ -n $sshd_config_port ]];then
            if [[ $sshd_port -ne $sshd_config_port ]];then
                sed -i "s/${sshd_config_port}/${sshd_port}/g" /etc/ssh/sshd_config
                systemctl restart sshd
            fi
        else
            echo "ERROR"
        fi
    fi
}

set_sshd

[root@eGW config.sh]# cat watchdog_cdr_log.sh 
#!/bin/bash -

#########################################################################################
# watchdog_cdr_log.sh
# 看门狗程序,定时上传话单,归档话单,删除话单,删除log
# version:1.0
# update:20170926
#########################################################################################

cdr_log_interval_time=5    #脚本运行间隔时间
time_HM_reset='0000'

function cdr_upload() {   
    cdr_tftp_ip=`cat /root/eGW/config.txt |grep "set_charge_service " |awk '{print $5}'`    #tftp上传地址
    list_cdr=`ls -lt /root/eGW/CDR/*.dat 2>/dev/null |awk '{if(NR>=2){print $9}}'`
    for i in $list_cdr
    do
    {
        #echo $i
        cdr_tmp=`echo $i |awk -F '_' '{print $4}'`  
        #echo ${cdr_tmp:0:8}
        if [ ! -d "/root/eGW/CDR/cdrDat/${cdr_tmp:0:8}" ];then
            mkdir -p /root/eGW/CDR/cdrDat/${cdr_tmp:0:8}
        fi
        #tftp $cdr_tftp_ip -c put $i
        mv $i /root/eGW/CDR/cdrDat/${cdr_tmp:0:8}
    } &
    done
}
function cdr_compress() {
    list_cdr_fold=`ls -lt /root/eGW/CDR/cdrDat |grep '^d' |awk '{if(NR>=2){print $9}}'`
    cd /root/eGW/CDR/cdrDat 
    for i in $list_cdr_fold
    do
    {
        tar -zcvf ${i}.tar.gz $i 
        rm -rf $i   
    } &
    done    
}

function cdr_del() {
    time_HM=`date +%H%M`
    if [ $time_HM -eq $time_HM_reset ];then
        ls -lt /root/eGW/CDR/cdrDat/*.tar.gz |awk '{if(NR>=10){print $9}}' |xargs rm -rf
    fi
}

function log_compress() {
    time_Ymd_HM=`date +%Y%m%d%H%M`
    size_watchdog_log=`ls -lt /root/eGW/Logs/watchdog/ps.log |awk '{ print $5}'`
    if [[ $size_watchdog_log -gt 1024000 ]];then
        mv /root/eGW/Logs/watchdog/ps.log /root/eGW/Logs/watchdog/${time_Ymd_HM}.ps.log.bak
    fi  
    list_history_log=`ls -lt /root/eGW/Logs/history/*.log |awk '{ print $9}'`
    for i in $list_history_log
    do
    {
        size_history_log=`ls -lt $i |awk '{ print $5}'`
        ii=`echo $i|awk -F '.' '{print $1}'`
        if [[ $size_history_log -gt 1024000 ]];then
            mv $i /root/eGW/Logs/history/${time_Ymd_HM}.log.bak
        fi
    } &
    done
}

function log_del() {
    time_HM=`date +%H%M`
    if [ $time_HM -eq $time_HM_reset ];then
        ls -lt /root/eGW/Logs/ltegwd/* |awk '{if(NR>=10){print $9}}' |xargs rm -rf
        ls -lt /root/eGW/Logs/manage/* |awk '{if(NR>=10){print $9}}' |xargs rm -rf
        ls -lt /root/eGW/Logs/report/* |awk '{if(NR>=10){print $9}}' |xargs rm -rf
        ls -lt /root/eGW/Logs/watchdog/*.bak |awk '{if(NR>=10){print $9}}' |xargs rm -rf
        ls -lt /root/eGW/Logs/history/*.bak |awk '{if(NR>=10){print $9}}' |xargs rm -rf
    fi  
}


function cdr_log_manager() {
    while true
    do
        cdr_upload
        cdr_compress
        log_compress
        log_del
        cdr_del
        sleep $cdr_log_interval_time
    done
}
cdr_log_manager &


[root@localhost config.sh]# cat watchdog_iostatic.sh 
#!/bin/bash -

#########################################################################################
# watchdog_iostatic.sh
# 看门狗程序,统计流量
# version:1.0
# update:20170926
#########################################################################################

iostatic_interval_time=20
time_HM_check='2359'
time_HM_reset='0000'
flag_iostatic=0    #流量统计重置标志

function check_fold_iostatic() {
    if [ ! -d "/root/eGW/static/dailystatic" ]; then
        mkdir -p /root/eGW/static/dailystatic
    fi
}

function iostatic() {
    time_HM=`date +%H%M`
    if [ $time_HM -eq $time_HM_check ] && [ $flag_iostatic -eq 0 ];then
        #/root/eGW/dailystatic.py $time_Ymd
        #/root/eGW/emailontime.py
        flag_iostatic=1
    fi
    if [ $time_HM -eq $time_HM_reset ];then
        flag_iostatic=0
    fi
}

function iostatic_manager() {
    while true
    do
        check_fold_iostatic
        iostatic
        sleep $iostatic_interval_tim
    done
}

iostatic_manager &

[root@localhost config.sh]# cat watchdog_ps.sh 
#!/bin/bash -

#########################################################################################
# watchdog_ps.sh
# 看门狗程序,定时检测进程
# version:1.1
# update:20171023
#########################################################################################

interval_time=5    #脚本运行间隔时间

function ps_ltegwd() {
    ltegwd=`ps -aux |grep 'ltegwd 0 1'$ |awk '{ print $11 }'`
    ltegwd_stat=`ps -aux |grep 'ltegwd 0 1'$ |awk '{ print $8 }'`
    if [[ $ltegwd != '/root/eGW/ltegwd' ]];then
        time_all=`date +%Y-%m-%d' '%H:%M:%S`
        echo $time_all " watchdog: ltegwd restart" >> /root/eGW/Logs/watchdog/ps.log
        /root/eGW/config.sh/ltegwd.sh
        sleep 2
        /root/eGW/config.sh/egw.sh
    fi
}



function ps_egw_manage() {
    egw_manage=`ps -ef |grep egw_manage$ |awk '{ print $8 }'`
    if [[ $egw_manage != '/root/eGW/OMC/egw_manage' ]];then
        time_all=`date +%Y-%m-%d' '%H:%M:%S`
        echo $time_all " watchdog: egw_manage restart" >> /root/eGW/Logs/watchdog/ps.log
        spawn-fcgi -a 127.0.0.1 -p 4001 -f /root/eGW/OMC/egw_manage
    fi
}

function ps_egw_report() {
    egw_report=`ps -ef |grep egw_report$ |awk '{ print $8 }'`
    if [[ $egw_report != '/root/eGW/OMC/egw_report' ]];then
        time_all=`date +%Y-%m-%d' '%H:%M:%S`
        echo $time_all " watchdog: egw_report restart" >> /root/eGW/Logs/watchdog/ps.log
        /root/eGW/OMC/egw_report &
    fi
}


function ps_while() {
    while true
    do
        ps_ltegwd
        ps_egw_manage
        ps_egw_report
        sleep $interval_time
    done
}

ps_while &

[root@localhost config.sh]# cat watchdog_userstatic.sh 
#!/bin/bash -

#########################################################################################
# watchdog_userstatic.sh
# 看门狗程序,定时统计用户数
# version:1.0
# update:20170926
#########################################################################################

userstatic_interval_time=20    #脚本运行间隔时间
time_M_check='59'
time_M_reset='00'
flag_userstatic=0    #用户数统计重置标志

function check_fold_userstatic() {
    if [ ! -d "/root/eGW/static/userstatic" ]; then
        mkdir -p /root/eGW/static/userstatic
    fi
}

function userstatic() {
    time_Ymd=`date +%Y%m%d`
    if [ $time_M -eq $time_M_check ] && [ $flag2 -eq 0 ];then
        str=$(printf "%-190s" "*")
        tmp_userstatic=`/root/eGW/lccmd show_enb_list`
        echo "${str// /*}" >> /root/eGW/static/userstatic/${time_Ymd}.txt
        echo -e "`date` \n" >> /root/eGW/static/userstatic/${time_Ymd}.txt
        echo -e "$tmp_userstatic \n" >> /root/eGW/static/userstatic/${time_Ymd}.txt
        flag_userstatic=1
    fi
    if [ $time_M -eq $time_M_reset ];then
        flag_userstatic=0
    fi
}

function userstatic_manager() {
    while true
    do
        check_fold_userstatic
        userstatic
        sleep $userstatic_interval_time
    done
}

userstatic_manager &

[root@localhost config.sh]# cat watchdog.sh 
#!/bin/bash -

#########################################################################################
# watchdog.sh
# 看门狗程序,定时上传话单,删除话单,删除log,统计流量和用户数
# version:2.0
# update:20170926
#########################################################################################

. /root/eGW/config.sh/watchdog_ps.sh 

. /root/eGW/config.sh/watchdog_cdr_log.sh

你可能感兴趣的:(linux: eGW-shell)