UBNTMOD check range of IP addresses and see if they resolve DNS

The following uses the ubntmod.sh script to check a device then report if it is resolving DNS or not. ip=”192.168.1.” specifies the first part of the ip, the “for ((i=1; i<=254;i++))” tells it to go from 192.168.1.1 – 192.168.1.254, change the beginning and ending number if you want to change the ip range.

ip="192.168.1." && for ((i=10; i<=30;i++)); do if ( fping ${ip}$i -r1 | grep alive); then ./ubntmod.sh -i ${ip}${i} -e ; else echo ${ip}$i not alive; fi ; done 

Broken out for easier reading.

ip="192.168.1." 
for ((i=10; i<=30;i++))
do
if ( fping ${ip}$i -r1 | grep alive); then
./ubntmod.sh -i ${ip}${i} -e
else echo ${ip}$i not alive
fi
done

If the script is able to log into the device and resolve DNS you should get

192.168.1.1 Resolves DNS

Linux night light script

The following script let you turn your screen brightness up/down, but also adjust the color for night time.

Copy and paste code below in a nightlight.sh file

chmod +x nightlight.sh

and run

./nightlight.sh on .5

Code:

#!/bin/sh
export DISPLAY=$(w $(id -un) | awk 'NF > 7 && $2 ~ /tty[0-9]+/ {print $3; exit}')
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

display=`xrandr | grep "\ connected" | cut -d" " -f1`
brightness="$2"
# Check if brightness was specified.  If not, set screen to 50% brightness
if (echo $2 | grep [0-9]);then
         brightness="$2"
elif (echo $1 | grep -q help);then
         echo "############"
else
         brightness=".5"
         echo "Brightness variable not set, setting to fallback of 50%"
fi
night_mode() {
   for disp in ${display}; do
     xrandr --output $disp --gamma $1 --brightness ${brightness}
  done }
# auto is for future development
# auto() {
# The idea behind auto is to setup something that can pull the actual sunrise/sunset times then automatically adjust the display.
# Ideally there would be an algorithm so it does it slowly over a period of time, say slightly change the color over 30 minutes.
# until the desired color limit is reached
#
# curl sunrise-sunset.com/timezone/time
# if (time > sunset && colorTemp != colorTempMin); then
# set color to current temp-1
# elif (time > sunrise && colorTemp != colorTempMax); then);
# set to full brightness and temp
# else
# unable to parse, skipping.
# fi
#}
 
help() {
echo " Help for nightmode script.  
How to run script
./nightmode.sh on/off brightness
Examples: 
Turn nightmode on and set screen brightness to 75%
./nightmode.sh on .75
Turn night mode off and set screen brightness to 100%
./nightmode.sh off 1
"
}
case $1 in
  off) night_mode 1:1:1 1.0 ;;
  help) help ;;
  auto) auto ;;
  *) night_mode 1:1:0.5 ;;
esac

Setup in crontab to automatically trigger when it gets night or morning

* 21 * * * ~/nightlight.sh on .5  # Turn on at night
* 7 * * * ~/nightlight.sh off 1  # Turn off in the morning

Raspberry Pi – Ping IP Address and Toggle LED

The following script is for monitoring if an IP address is reachable or not. If it becomes unavailable the script will turn on a LED that is plugged into one of the GPIO pins of the Raspberry Pi. View pinout here

Script

#!/bin/bash
# Script to ping ip address and turn on LED on if device is unreachable.
                                                                                                                                                                                                 nPin="18"  # Change if GPIO pin is different                                                                                                     
ledPin="gpio${nPin}"                                                                                                                                                                                                                            toPing="8.8.8.8"  # Change to address you want to ping

echo "${nPin}" > /sys/class/gpio/export
echo "out" > /sys/class/gpio/${ledPin}/direction

if ( fping -r1 $toPing | grep -v alive ); then
         echo "Internet unreachable"
         # Turn on LED
         echo "1" > /sys/class/gpio/${ledPin}/value
 else
         # Turn off LED 
         echo "0" > /sys/class/gpio/${ledPin}/value
 fi

Save script as ping_led.sh and make it executable.

chmod +x ping_led.sh

and run the script.

sh ping_led.sh

Run script in crontab

You can setup the script to run every minute using a crontab

crontab -e

Add the following line

*/1 * * * * /home/pi/ping_led.sh

Should now execute the script every minute and not need any human interaction.

Auto renew ssl cert for UniFI and UniFi-Video

The following script was taken from here

Added unifi-video support. Script uses letsencrypt to get the cert and automatically updates the UniFi and UniFi-Video Keystores.

Would be a good idea to check and make sure the the UniFi-Video cameras reconnect and still work after running script.

Installing Let’s Encrypt

Install Let’s Encrypt with the following

sudo apt install letsencrypt

And generate a cert for your domain with

sudo certbot certonly -d unifi.domain.com

Executing Script to Renew Certificate

Copy the script at the bottom of this post and put it in a file called gen-unifi-cert.sh
Run the script to insert the cert into the UniFi and UniFi-Video services.

sudo ./gen-unifi-cert.sh -e email@domain.com -d unifi.domain.com

You can run it with no or the -h argument to show the options and arguments to use.

./gen-unifi-cert.sh -h

Setup Cron Job

You should be able to add the following to a cronjob to auto renew the certificate. Replace path to script and domain name.

30 2 * * * /root/gen-unifi-cert.sh -r -d unifi.domain.com

UniFi SSL Cert Renew Script

#!/usr/bin/env bash
# Added support to do UniFi and UniFi controllers at the same time using the same cert.
# Original script from https://git.sosdg.org/brielle/lets-encrypt-scripts/raw/branch/master/gen-unifi-cert.sh
# More info here https://www.reddit.com/r/Ubiquiti/comments/43v23u/using_letsencrypt_with_the_unifi_controller/ 
# And here https://www.reddit.com/r/Ubiquiti/comments/43v23u/using_letsencrypt_with_the_unifi_controller/
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
# Modified by: Brielle Bruns <bruns@2mbit.com>
# Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
# Version: 1.7
# Last Changed: 09/26/2018
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
# 02/27/2016: More verbose progress report
# 03/08/2016: Add renew option, reformat code, command line options
# 03/24/2016: More sanity checking, embedding cert
# 10/23/2017: Apparently don't need the ace.jar parts, so disable them
# 02/04/2018: LE disabled tls-sni-01, so switch to just tls-sni, as certbot 0.22 and later automatically fall back to http/80 for auth
# 05/29/2018: Integrate patch from Donald Webster <fryfrog[at]gmail.com> to cleanup and improve tests
# 09/26/2018: Change from TLS to HTTP authenticator

# Location of LetsEncrypt binary we use.  Leave unset if you want to let it find automatically
#LEBINARY="/usr/src/letsencrypt/certbot-auto"

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

function usage() {
  echo "Usage: $0 -d <domain> [-e <email>] [-r] [-i]"
  echo "  -d <domain>: The domain name to use."
  echo "  -e <email>: Email address to use for certificate."
  echo "  -r: Renew domain."
  echo "  -i: Insert only, use to force insertion of certificate."
}

while getopts "hird:e:" opt; do
  case $opt in
    i) onlyinsert="yes";;
    r) renew="yes";;
    d) domains+=("$OPTARG");;
    e) email="$OPTARG";;
    h) usage
       exit;;
  esac
done

DEFAULTLEBINARY="/usr/bin/certbot /usr/bin/letsencrypt /usr/sbin/certbot
  /usr/sbin/letsencrypt /usr/local/bin/certbot /usr/local/sbin/certbot
  /usr/local/bin/letsencrypt /usr/local/sbin/letsencrypt
  /usr/src/letsencrypt/certbot-auto /usr/src/letsencrypt/letsencrypt-auto
  /usr/src/certbot/certbot-auto /usr/src/certbot/letsencrypt-auto
  /usr/src/certbot-master/certbot-auto /usr/src/certbot-master/letsencrypt-auto"

if [[ ! -v LEBINARY ]]; then
  for i in ${DEFAULTLEBINARY}; do
    if [[ -x ${i} ]]; then
      LEBINARY=${i}
      echo "Found LetsEncrypt/Certbot binary at ${LEBINARY}"
      break
    fi
  done
fi

# Command line options depending on New or Renew.
NEWCERT="--renew-by-default certonly"
RENEWCERT="-n renew"

# Check for required binaries
if [[ ! -x ${LEBINARY} ]]; then
  echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
  echo "You'll need to do one of the following:"
  echo "1) Change LEBINARY variable in this script"
  echo "2) Install LE manually or via your package manager and do #1"
  echo "3) Use the included get-letsencrypt.sh script to install it"
  exit 1
fi

if [[ ! -x $( which keytool ) ]]; then
  echo "Error: Java keytool binary not found."
  exit 1
fi

if [[ ! -x $( which openssl ) ]]; then
  echo "Error: OpenSSL binary not found."
  exit 1
fi

if [[ ! -z ${email} ]]; then
  email="--email ${email}"
else
  email=""
fi

shift $((OPTIND -1))
for val in "${domains[@]}"; do
        DOMAINS="${DOMAINS} -d ${val} "
done

MAINDOMAIN=${domains[0]}

if [[ -z ${MAINDOMAIN} ]]; then
  echo "Error: At least one -d argument is required"
  usage
  exit 1
fi

if [[ ${renew} == "yes" ]]; then
  LEOPTIONS="${RENEWCERT}"
else
  LEOPTIONS="${email} ${DOMAINS} ${NEWCERT}"
fi

#if [[ ${onlyinsert} != "yes" ]]; then
if [[ ${onlyinsert} == "yes" ]]; then
  echo "Firing up standalone authenticator on TCP port 80 and requesting cert..."
  ${LEBINARY} --server https://acme-v01.api.letsencrypt.org/directory \
              --agree-tos --standalone --preferred-challenges http ${LEOPTIONS}
fi

#if [[ ${onlyinsert} != "yes" ]] && md5sum -c "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5" &>/dev/null; then
if [[ ${onlyinsert} == "yes" ]] && md5sum -c "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5" &>/dev/null; then
  echo "Cert has not changed, not updating controller."
  exit 0
else
  echo "Cert has changed or -i option was used, updating controller..."
  TEMPFILE=$(mktemp)
  CATEMPFILE=$(mktemp)

  # Identrust cross-signed CA cert needed by the java keystore for import.
  # Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
  cat > "${CATEMPFILE}" <<'_EOF'
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
_EOF

  md5sum "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem" > "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5"
  echo "Using openssl to prepare certificate..."
  cat "/etc/letsencrypt/live/${MAINDOMAIN}/chain.pem" >> "${CATEMPFILE}"
  openssl pkcs12 -export  -passout pass:aircontrolenterprise \
          -in "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem" \
          -inkey "/etc/letsencrypt/live/${MAINDOMAIN}/privkey.pem" \
          -out "${TEMPFILE}" -name unifi \
          -CAfile "${CATEMPFILE}" -caname root

  echo "Stopping Unifi and UniFi-Video controllers..."
  systemctl stop unifi unifi-video  

  echo "Removing existing certificate from Unifi protected keystore..."
  keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore -deststorepass aircontrolenterprise
  echo "Removing existing certificate from Unifi-Video protected keystore..."
  keytool -delete -alias unifi -keystore /usr/lib/unifi-video/data/keystore -deststorepass ubiquiti
  # following lines are needed for unifi-video
 
  echo "Inserting certificate into Unifi keystore..."
  keytool -trustcacerts -importkeystore \
          -deststorepass aircontrolenterprise \
          -destkeypass aircontrolenterprise \
          -destkeystore /usr/lib/unifi/data/keystore \
          -srckeystore "${TEMPFILE}" -srcstoretype PKCS12 \
          -srcstorepass aircontrolenterprise \
          -alias unifi

  echo "Inserting certificate into Unifi-Video keystore..."
  keytool -trustcacerts -importkeystore \
          -deststorepass ubiquiti \
          -destkeypass ubiquiti \
          -destkeystore /usr/lib/unifi-video/data/keystore \
          -srckeystore "${TEMPFILE}" -srcstoretype PKCS12 \
          -srcstorepass aircontrolenterprise \

          rm -f "${TEMPFILE}" "${CATEMPFILE}"

  mv /usr/lib/unifi-video/data/ufv-truststore{,.old} # Delete old unifi-video keystore
  sleep 5
  echo "Starting Unifi and UniFi-Video controllers..."
  systemctl start unifi unifi-video 

  echo "Done!"
fi

Bash script to send messages to Microsoft Teams

Copy and save into teams.sh file. Make executable. Change web hook, Run!

The script is a modified Slack script from off the web.

#!/bin/bash
# bash script to send messages to Microsoft Teams.
function usage {
echo "HELP ME!"
echo "description: send messages to Microsoft Teams channels"
echo "special notes: You'll need to change the teamsUrl variable to contain your webhook from Teams."
echo "usage: ${0} -b \"Message contents\""
echo " -m Message body"
echo " -h This help info"
exit 1
}
while getopts "m:h" opt; do
case ${opt} in
m) msgBody="$OPTARG"
;;
h) usage
;;
\?) echo "Invalid option -$OPTARG" >&2
;;
esac
done
# Add/Change the webhook to one you created in Teams
teamsUrl="https://teamswebhook"
if [[ ! "${msgBody}" ]]; then
echo "You didn't specify a message!"
usage
fi
read -d '' payLoad << EOF
{
"text": "${msgBody}",
}
EOF
statusCode=$(curl \
--write-out %{http_code} \
--silent \
--output /dev/null \
-X POST \
-H 'Content-type: application/json' \
--data "${payLoad}" ${teamsUrl})
echo ${statusCode}

BASH Script to add new SFTP user and setup permissions

This script adds a new SFTP user with only sftp access.  Refer to this post on setting up a SFTP server.

Download script

wget www.incredigeek.com/home/downloads/scripts/sftpUserAdd.sh

Make executable

chmod +x sftpUserAdd.sh

Run with the new user you want to create.

./sftpUserAdd.sh sftpUsername

You may need to edit the script and modify the location parameters.

#!/bin/bash
# Automatically setup and add SFTP user
# Script creates new user and setups permissions
newUser=$1
sftpDir="/sftp/"
if grep -q ${newUser} /etc/passwd ;then
echo ${newUser} Already exsists. Aborting!
exit 1
else
mkdir -p ${sftpDir}/${newUser}/files
useradd -g sftpusers -d ${sftpDir}/${newUser}/files -s /sbin/nologin ${newUser}
passwd ${newUser}
chown ${newUser}:sftpusers /sftp/CareMark/files
fi

LibreNMS bulk delete

There is a php script in /opt/librenms/ that lets you delete a host from the command line.

sudo /opt/librenms/delhost.php 192.168.1.20

Replace 192.168.1.20 with the hostname/ip address of the host you want to delete.

Delete Multiple Hosts

First you’ll need to get a list of devices you want to remove.  You can do this by viewing the devices in the LibreNMS MySQL database;

Example:

$ mysql -u librenms -p librenms
MariaDB [librenms]> select hostname from devices;
+----------------------------------------+
| hostname |
+----------------------------------------+
| 192.168.88.1 |
| 192.168.1.20 |
| 192.168.1.12 |
| 192.168.88.5 |
4 rows in set (0.00 sec)
MariaDB [librenms]> exit

Put all the IP addresses you want to remove into a file and run the following for loop.  Replace “remove_ip.lst” with the name of your ip list file.

for i in `cat ~/remove_ip.lst`; do sudo /opt/librenms/delhost.php $i; done

Zenoss 5 backup Script

#!/bin/bash

# Zenoss 5 backup script
# 
#

# CHANGE THESE VARIABLES 
# Zenoss 5 Backup log file
log="/root/zenbackup.log"
# Backup directory
bdir="/backup/zenbackup/"

echo "Starting Zenoss backup Script"

echo "Starting backup to ${bdir}." $(date) >> ${log}
echo "Starting Backup to ${bdir}." $(date)

# Stop Zenoss Service
serviced service stop Zenoss.core

wait

# Wait for Zenoss to stop and then continue the backup
while [ -ne `serviced service status Zenoss.core | grep Stopped` ]
do
        echo "Waiting for Zenoss to Stop"
        sleep 5
done

# Backup
echo "Starting Zenoss Backup"
serviced backup ${bdir} 
echo "Backup Finished"

wait    

# Start Zenoss
echo "Starting Zenoss"
serviced service start Zenoss.core

echo "Finished backup." $(date) >> ${log}
echo "Finished backup." $(date)

exit

Upload ssh key to multiple servers automatically

Here is a quick script I created to automate copying a ssh key to multiple remote servers.

Basic command – the command uses sshpass to upload the ssh key to a remote server, this allows you to execute the command and not have to enter in a password to authenticate.

sshpass -p password ssh-copy-id -o StrictHostKeyChecking=no admin@remotehost

Script

#!/bin/bash

remotehosts="$1"
username="admin"
password="MyCoolPassword123"

for host in `cat ${remotehosts}`
do
sshpass -p${password} ssh-copy-id -o StrictHostKeyChecking=no ${username}@${host}
echo "Uploaded key to " ${host}
done

echo "Finished!"

 

Using the script

  1. Download here.
  2. Make it executable
    chmod +x sshcopy.sh
    
  3. Edit the script and change the username and password.
  4. Create a file that contains each host’s IP address or hostname.
  5. Run script (change hostlist.txt to your host list you created in step 3.)
    ./sshcopy.sh hostlist.txt
  6. Wait for the script to finish.

Example:

wget www.incredigeek.com/home/downloads/SSHCopy/sshcopy.sh
chmod +x sshcopy.sh
sed -i s/admin/bob/g sshcopy.sh                      <-- Change username - you can just manually edit the file,
sed -i s/MyCoolPassword123/password/g sshcopy.sh     <-- Change password - it might be easier than using sed
echo "192.168.1.100" >> host.txt                     <-- Add 192.168.1.100 to the host list
echo "Bob" >> host.txt                               <-- Add hostname bob to host list
./sshcopy.sh host.txt                                <-- Upload ssh key to all host's in the host file i.e. "bob" and "192.168.1.100"

SNMP and Shell Script

First you will need to make sure SNMP is installed.

apt-get install snmpd snmp snmp-mibs-downloader

You’ll need to configure a new snmpd.conf file with

snmpconf

Run through the steps and when your done replace your current snmpd.conf file in /etc/snmp/ with the new one.

Now open up your new snmpd.conf file

vi /etc/snmp/snmpd.conf

and add the following to the bottom of the file.

extend myshscript /path/to/your.sh

Save and close the file and restart the snmpd service.

service snmpd restart

Now we need to find the OID of our new data point.  Do this by running

snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2

It should display something similar to the following.

root@localhost:/etc/snmp# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2
iso.3.6.1.4.1.8072.1.3.2.1.0 = INTEGER: 1
iso.3.6.1.4.1.8072.1.3.2.2.1.2.4.118.111.108.116 = STRING: "/etc/snmp/volt.sh"
iso.3.6.1.4.1.8072.1.3.2.3.1.4.4.118.111.108.116 = INTEGER: 0
iso.3.6.1.4.1.8072.1.3.2.4.1.2.4.118.111.108.116.1 = STRING: "14.3"
root@localhost:/etc/snmp#

The OID we are interested in is the one on the last line.  If you run a snmpwalk command with the OID you should get your data point.

root@localhost:/etc/snmp# snmpwalk -v2c -c public localhost 1.3.6.1.4.1.8072.1.3.2.4.1.2.4.118.111.108.116.1
iso.3.6.1.4.1.8072.1.3.2.4.1.2.4.118.111.108.116.1 = STRING: "14.3"
root@localhost:/etc/snmp#

All that’s left is to add the OID to your SNMP monitor.  If You run into issues with your SNMP server not monitoring the OID, you might need do what I did in the above command, replace the beginning of the OID “iso.” with a “1”.