Commit 81fd86fa authored by Shawn Webb's avatar Shawn Webb
Browse files

Add scripts I use on my laptop


Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
parent dcc22f53
#!/usr/local/bin/zsh
amt="${1}"
if [ -z "${amt}" ]; then
echo "USAGE: ${0} [+-]amt"
exit 1
fi
val=$(backlight -q)
val=$((${val} + ${amt}))
backlight ${val}
exit ${?}
#!/usr/local/bin/zsh
HBSDCTRL="/usr/sbin/hbsdcontrol"
dir=""
while getopts "d:" o; do
case "${o}" in
d)
dir="${OPTARG}"
;;
esac
done
nomprotect=( \
)
nopageexec=( \
)
shlibrandom=( \
)
for f in ${nomprotect}; do
f=${dir}/${f}
echo "[*] Disabling PaX MPROTECT for ${f}"
${HBSDCTRL} pax disable mprotect ${f}
if [ ${?} -gt 0 ]; then
echo " [-] Failed"
exit 1
fi
done
for f in ${nopageexec}; do
f=${dir}/${f}
echo "[*] Disabling PaX PAGEEXEC for ${f}"
${HBSDCTRL} pax disable pageexec ${f}
if [ ${?} -gt 0 ]; then
echo " [-] Failed"
exit 1
fi
done
for f in ${shlibrandom}; do
f=${dir}/${f}
echo "[*] Enabling SHLIBRANDOM for ${f}"
${HBSDCTRL} pax enable shlibrandom ${f}
if [ ${?} -gt 0 ]; then
echo " [-] Failed"
exit 1
fi
done
for f in $(find ${dir}/usr/local/openjdk11/bin -type f); do
${HBSDCTRL} pax disable pageexec ${f}
${HBSDCTRL} pax disable mprotect ${f}
done
#!/usr/local/bin/zsh
echo '{ "version": 1 }'
echo '['
echo '[]'
while true; do
cat <<EOF
,[
{
"name": "battery",
"full_text": "Battery: $(sysctl -n hw.acpi.battery.life)%"
},
{
"name": "volume",
"full_text": "Volume: $(mixer -s vol | awk '{print $2;}')"
},
{
"name": "date",
"full_text": "$(date '+%A, %d %b %Y')"
},
{
"name": "time",
"full_text": "$(date '+%T')"
}
]
EOF
sleep 5
done
#!/usr/local/bin/zsh
ifconfig em0 inet6 2001:470:e1e1:1::feed prefixlen 64
route -6 add default 2001:470:e1e1:1::1
#!/usr/local/bin/zsh
ipfw="/sbin/ipfw"
#################
# Configuration #
#################
nats=( \
192.168.7.0/24 \
192.168.8.0/24 \
192.168.10.0/24 \
192.168.20.0/24 \
)
#############
# Prep work #
#############
kldstat -m ipfw > /dev/null 2>&1
if [ ${?} -gt 0 ]; then
kldload ipfw
if [ ${?} -gt 0 ]; then
echo "[-] Could not load ipfw module" >&2
exit 1
fi
kldload ipfw_nat
if [ ${?} -gt 0 ]; then
echo "[-] Could not load ipfw_nat module" >&2
exit 1
fi
fi
${ipfw} -f flush
if [ ${?} -gt 0 ]; then
echo "[-] Could not flush the ruleset" >&2
exit 1
fi
${ipfw} table $NATs list > /dev/null 2>&1
if [ ${?} -gt 0 ]; then
${ipfw} table NATs destroy
if [ ${?} -gt 0 ]; then
echo "[-] Could not destroy NATs table" >&2
exit 1
fi
fi
${ipfw} table NATs create type addr
if [ ${?} -gt 0 ]; then
echo "[-] Could not create NATs table" >&2
exit 1
fi
foreach nat in ${nats}; do
${ipfw} table NATs add ${nat}
if [ ${?} -gt 0 ]; then
echo "[-] Could not add ${nat} to NATs table" >&2
exit 1
fi
done
${ipfw} add check-state
${ipfw} nat 1 config if wlan0 same_ports reset
${ipfw} nat 2 config if em0 same_ports reset
${ipfw} add nat 1 all from 'table(NATs)' to any out
${ipfw} add nat 1 all from any to me in
${ipfw} add nat 2 all from 'table(NATs)' to any out
${ipfw} add nat 2 all from any to me in
${ipfw} add allow ip from any to any
#!/bin/sh
###############
#### SETUP ####
###############
# Protected network (LAN)
cybernet_lanbridge="bridge2"
cybernet_lantaps="tap10"
# pfsync net
cybernet_syncbridge="bridge3"
cybernet_synctaps="tap11"
# WAN side
cybernet_wanbridge="bridge4"
cybernet_wantaps="tap12 tap13"
# Dev VMs
cybernet_devbridge="bridge5"
cybernet_devtaps="tap14 tap15"
cybernet_bridges="${cybernet_lanbridge} ${cybernet_syncbridge} ${cybernet_wanbridge}"
cybernet_taps="${cybernet_lantaps} ${cybernet_synctaps} ${cybernet_wantaps}"
cloned_interfaces="${cloned_interfaces} ${cybernet_bridges}"
cloned_interfaces="${cloned_interfaces} ${cybernet_taps}"
###########################
#### CONFIGURE BRIDGES ####
###########################
#+++++++++++++
#++++ LAN ++++
#+++++++++++++
taps=""
for tap in ${cybernet_lantaps}; do
taps="${taps} addm ${tap}"
done
ifconfig_bridge2="inet 172.16.20.254 netmask 255.255.255.0 ${taps}"
#++++++++++++++++
#++++ PFSYNC ++++
#++++++++++++++++
taps=""
for tap in ${cybernet_synctaps}; do
taps="${taps} addm ${tap}"
done
ifconfig_bridge3="${taps}"
#+++++++++++++
#++++ WAN ++++
#+++++++++++++
taps=""
for tap in ${cybernet_wantaps}; do
taps="${taps} addm ${tap}"
done
ifconfig_bridge4="inet 172.16.40.254 netmask 255.255.255.0 ${taps}"
#+++++++++++++++++
#++++ Dev VMs ++++
#+++++++++++++++++
taps=""
for tap in ${cybernet_devtaps}; do
taps="${taps} addm ${tap}"
done
ifconfig_bridge5="inet 172.16.50.254 netmask 255.255.255.0 ${taps}"
#!/usr/local/bin/zsh
export PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
function wait_ping() {
while ! ping -c 1 -t 1 8.8.8.8 > /dev/null 2>&1; do
sleep 5
done
}
function get_def_route_iface() {
netstat -rn4 | grep default | awk '{print $4;}'
}
function get_ip_addr() {
iface=${1}
ifconfig ${iface} inet | grep inet | awk '{print $2;}'
}
wait_ping
iface=$(get_def_route_iface)
ip=$(get_ip_addr ${iface})
echo "myip=\"${ip}\"" > /etc/pf.ip
echo "myiface=\"${iface}\"" >> /etc/pf.ip
pfctl -f /etc/pf.conf
#!/usr/local/bin/zsh
# power.zsh
# Copyright (C) 2015 Shawn Webb <shawn.webb@hardenedbsd.org>
# License: 2-Clause BSD License
#
# This little script exports non-required pools and detaches their
# geli providers before shutting down or rebooting.
# This needs to be in a specific order as these pools depend on each
# other
pools=( \
blackbox \
thumbie_enc \
thumbie \
)
function sanity_checks() {
if [ ${UID} -gt 0 ]; then
echo "[-] Run this script as root, stupid!"
exit 1
fi
}
function pool_exists() {
pool=${1}
val=$(zpool list -H ${pool} 2> /dev/null)
if [ ! -z "${val}" ]; then
return 0
else
return 1
fi
}
function pool_encrypted() {
pool=${1}
val=$(zpool status ${pool} | grep -F ".eli" | awk '{print $1;}' | head -n 1)
if [ ! -z "${val}" ]; then
return 0
else
return 1
fi
}
function unmount_pool() {
pool=${1}
encfile=""
if pool_exists ${pool}; then
echo "[+] Unmounting ${pool}"
if pool_encrypted ${pool}; then
encfile=$(mktemp -q -t poweroff)
if [ -z "${encfile}" ]; then
echo " [-] Could not create temp file."
exit 1
fi
zpool status ${pool} | grep -F ".eli" | awk '{print $1;}' > ${encfile}
fi
zpool export ${pool}
if [ ! ${?} -eq 0 ]; then
echo " [-] Could not export the pool."
exit 1
fi
if [ ! -z "${encfile}" ]; then
for line in $(cat ${encfile}); do
echo " [*] Detaching geli provider ${line}."
geli detach ${line}
if [ ! ${?} -eq 0 ]; then
echo " [-] Could not detach geli provider ${line}."
exit 1
fi
done
rm -f ${encfile}
fi
fi
}
sanity_checks
for pool in ${pools}; do
unmount_pool ${pool}
done
doreboot=0
while getopts 'r' o; do
case "${o}" in
r)
doreboot=1
;;
esac
done
if [ ${doreboot} -gt 0 ]; then
shutdown -r now
else
shutdown -p now
fi
#!/bin/sh
tmpfile="${HOME}/tmp/agent.txt"
start_agent() {
local res
rm -f ${tmpfile}
ssh-agent > ${tmpfile}
res=${?}
if [ ${res} -gt 0 ]; then
return 1
fi
return 0
}
if [ -z "${SSH_AGENT_PID}" ]; then
SSH_AGENT_PID=$(pgrep ssh-agent)
if [ -z "${SSH_AGENT_PID}" ]; then
start_agent
fi
fi
cat ${tmpfile}
#!/usr/local/bin/zsh
amt="${1}"
if [ -z "${amt}" ]; then
echo "USAGE: ${0} [+-]amt"
exit 1
fi
mixer vol ${amt}
res=${?}
exit ${res}
#!/usr/local/bin/zsh -ex
route add -net 172.16.5.0/24 192.168.99.244
route add -net 192.168.90.0/24 192.168.99.244
route add -net 192.168.75.0/24 192.168.99.244
route add -net 192.168.10.0/24 192.168.99.244
route add -net 192.168.72.0/24 192.168.99.244
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment