├── README.md
├── cron.sh
├── md5sum.txt
├── sendmsg.sh
├── setting.conf
├── vddos-autoswitch.sh
├── vddos-sensor.sh
└── vddos-switch.sh


/README.md:
--------------------------------------------------------------------------------
  1 | <div alt="vDDoS-Auto-Switch Logo" class="separator" style="clear: both; text-align: center;">
  2 | <a href="https://lh4.googleusercontent.com/-4Q9alJIq6t4/WxJvtkED6lI/AAAAAAAAB7M/mX3JTKXyNyQcKUBNsrEQNaX98UkUQQkNACEwYBhgL/s1600/vDDoS-Auto-Switch-vDDoS-Proxy-Protection-Icon-Logo-voduy.com.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img align="right" border="0" src="https://lh4.googleusercontent.com/-4Q9alJIq6t4/WxJvtkED6lI/AAAAAAAAB7M/mX3JTKXyNyQcKUBNsrEQNaX98UkUQQkNACEwYBhgL/s333/vDDoS-Auto-Switch-vDDoS-Proxy-Protection-Icon-Logo-voduy.com.png" /></a></div>
  3 | 
  4 | vDDoS Auto Switch
  5 | ===================
  6 | 
  7 | 
  8 | vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies **overloaded websites** and changes their **Security Mode**.
  9 | 
 10 | ----------
 11 | 
 12 | 1/ Install vDDoS Proxy Protection:
 13 | -------------
 14 | To install vDDoS Proxy Protection please visit this site: http://vddos.voduy.com
 15 | 
 16 | ----------
 17 | 
 18 | 
 19 | 2/ Install vDDoS Auto Switch:
 20 | -------------
 21 | ```
 22 | curl -L https://github.com/duy13/vDDoS-Auto-Switch/archive/master.zip -o vddos-auto-switch.zip ; unzip vddos-auto-switch.zip ; rm -f vddos-auto-switch.zip
 23 | mv vDDoS-Auto-Switch-master /vddos/auto-switch
 24 | chmod 700 /vddos/auto-switch/*.sh
 25 | ln -s /vddos/auto-switch/vddos-autoswitch.sh /usr/bin/vddos-autoswitch
 26 | ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch
 27 | ln -s /vddos/auto-switch/vddos-sensor.sh /usr/bin/vddos-sensor
 28 | 
 29 | ```
 30 | 
 31 | ----------
 32 | 
 33 | 3/ Config vDDoS Auto Switch:
 34 | -------------
 35 | 
 36 | ```
 37 | nano /vddos/auto-switch/setting.conf
 38 | 
 39 | 
 40 | # This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"
 41 | 
 42 | 
 43 | hostname="vDDoS Master"							#(Name this server, it will show up in Email notifications)
 44 | 
 45 | vddos_master_slave_mode="no"					#(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
 46 | backend_url_check="no"			#(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))
 47 | 
 48 | send_notifications="no"						#(Turn on "yes" if you want receive notification)
 49 | smtp_server="smtps://smtp.gmail.com"		#(SMTP Server)
 50 | smtp_username="xxx@gmail.com"				#(Your Mail)
 51 | smtp_password="xxxxxxxxxxxxx" 				#(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
 52 | send_notifications_to="xxxx@gmail.com"		#(Your Email Address will receive notification)
 53 | 
 54 | 
 55 | maximum_allowable_delay_for_backend=2 			#(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
 56 | maximum_allowable_delay_for_website=2 			#(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)
 57 | 
 58 | default_switch_mode_not_attack="no"				#(Default Mode vDDoS use when it's not under attacked)
 59 | default_switch_mode_under_attack="high"			#(Default Mode vDDoS use when it's under attack)
 60 | default_waiting_time_to_release="60"			#(For example 60 minutes, release time from challenge)
 61 | 
 62 | ```
 63 | 
 64 | 
 65 | ----------
 66 | 
 67 | 4/ Using vDDoS Auto Switch:
 68 | -------------
 69 | 
 70 | */usr/bin/vddos-autoswitch* automatically *identifies* **overloaded websites**  (if the website can not respond **200 HTTP Status** after 2 seconds - it mean they are too slow or high load...) And after that *vddos-autoswitch* will *changes* their **Security Mode** in */vddos/conf.d/website.conf*:
 71 | 
 72 | **WARNING: Please remove [...] in all the below commands!**
 73 | 
 74 | Auto check/switch for a domain:
 75 | -------------
 76 | 
 77 | Auto check/switch security mode for a domain (already in the *website.conf* file) to 5s mode (if it is being slow/high load):
 78 | ```
 79 | /usr/bin/vddos-autoswitch [checkdomain] your-domain.com 5s
 80 | 
 81 | ```
 82 | 
 83 | Auto check/switch for a list domains:
 84 | -------------
 85 | 
 86 | Auto check/switch security mode for each all domains (already in the *website.conf* file) to 5s mode (if it is being slow/high load):
 87 | ```
 88 | /usr/bin/vddos-autoswitch [checkalldomain] 5s
 89 | 
 90 | ```
 91 | 
 92 | Auto check/switch security mode for each domain in the list domains to 5s mode (if it is being slow/high load):
 93 | ```
 94 | /usr/bin/vddos-autoswitch [checklist] /etc/listdomains.txt 5s
 95 | 
 96 | ```
 97 | 
 98 | Flush all security mode for all domain (already in the *website.conf* file) if they are not slow/high load:
 99 | ```
100 | /usr/bin/vddos-autoswitch [flushalldomain] /etc/listdomains.txt no
101 | 
102 | ```
103 | 
104 | 5/ Crontab vDDoS Auto Switch:
105 | -------------
106 | 
107 | If you want to automate the inspection and changes website's **Security Mode**. You can configure vDDoS Auto Switch to crontab as follows:
108 | 
109 | For example, check the status of every website every 3 minutes and automatically flush all security mode for them (if their **security mode** have been switch) every 30 minutes:
110 | ```
111 | echo '*/3  *  *  *  * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
112 | echo '*/30  *  *  *  * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
113 | echo '*  *  *  *  * root /usr/bin/vddos-sensor' >> /etc/crontab
114 | ```
115 | Or you have a list of special domains that need to check the status of every website every 3 minutes and automatically flush all security mode for them every 30 minutes: 
116 | ```
117 | echo '*/3  *  *  *  * root /usr/bin/vddos-autoswitch checklist /etc/listspecialdomains.txt captcha' >> /etc/crontab
118 | echo '*/30  *  *  *  * root /usr/bin/vddos-autoswitch flushalldomain /etc/listspecialdomains.txt no' >> /etc/crontab
119 | 
120 | ```
121 | 
122 | 
123 | 6/ More Config:
124 | ---------------
125 | Document: http://vddos.voduy.com
126 | ```
127 | Still in beta, use at your own risk! It is provided without any warranty!
128 | ```


--------------------------------------------------------------------------------
/cron.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | #chmod 700 /vddos/auto-switch/cron.sh
  4 | #ln -s /vddos/auto-switch/cron.sh /usr/bin/vddos-autoswitch
  5 | #chmod 700 /vddos/auto-switch/vddos-switch.sh
  6 | #ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch
  7 | 
  8 | # Example:
  9 | # Auto check/switch security mode for a domain (in website.conf) if it is being slow/high load:
 10 | # vddos-autoswitch [checkdomain] your-domain.com 5s
 11 | 
 12 | # Auto check/switch security mode for each domain in the list website.conf if it is being slow/high load:
 13 | # vddos-autoswitch [checkalldomain] 5s
 14 | 
 15 | # Auto check/switch for each domain in the list domains if it is being slow/high load:
 16 | # vddos-autoswitch [checklist] /etc/listdomains.txt 5s
 17 | 
 18 | # Flush all security mode for all domain (in website.conf) if they are not slow/high load:
 19 | # vddos-autoswitch [flushalldomain] /etc/listdomains.txt no
 20 | # OR:
 21 | # vddos-switch [allsite] [no/307/200...] ; vddos restart
 22 | 
 23 | 
 24 | 
 25 | if [ ! -f /usr/bin/vddos-switch ] || [ ! -f /usr/bin/vddos-autoswitch ]; then
 26 | chmod 700 /vddos/auto-switch/cron.sh
 27 | ln -s /vddos/auto-switch/cron.sh /usr/bin/vddos-autoswitch
 28 | chmod 700 /vddos/auto-switch/vddos-switch.sh
 29 | ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch
 30 | fi
 31 | 
 32 | function showerror()
 33 | {
 34 | echo 'ERROR!
 35 | 
 36 | Command is ['$1'] ...
 37 | Website or List is ['$2'] ...
 38 | Security mode is ['$3']
 39 | 
 40 | # Example:
 41 | # Auto check/switch security mode for a domain (in website.conf) if it is being slow/high load:
 42 |  vddos-autoswitch [checkdomain] your-domain.com 5s
 43 | 
 44 | # Auto check/switch security mode for each domain in the list website.conf if it is being slow/high load:
 45 |  vddos-autoswitch [checkalldomain] 5s
 46 | 
 47 | # Auto check/switch for each domain in the list domains if it is being slow/high load:
 48 |  vddos-autoswitch [checklist] /etc/listdomains.txt 5s
 49 | 
 50 | 
 51 | # Flush all security mode for all domain (in website.conf) if they are not slow/high load:
 52 |  vddos-switch [allsite] no
 53 | # OR:
 54 |  vddos-switch [allsite] [no/307/200...]
 55 | 
 56 | '|tee -a /vddos/auto-switch/log.txt
 57 | return 0
 58 | }
 59 | function checklog()
 60 | {
 61 | echo '
 62 | (Check logs at /vddos/auto-switch/log.txt)
 63 | '
 64 | return 0
 65 | }
 66 | 
 67 | 
 68 | 
 69 | 
 70 | 
 71 | 
 72 | Command="$1"
 73 | Security_mode="$3"
 74 | 
 75 | 
 76 | if [ "$1" = "" ] || [ "$2" = "" ]; then
 77 | showerror
 78 | exit 0
 79 | fi	
 80 | 
 81 | if [ "$Command" != "checkdomain" ] && [ "$Command" != "checklist" ] && [ "$Command" != "checkalldomain" ];  then
 82 | showerror
 83 | exit 0
 84 | fi
 85 | 
 86 | if [ "$Command" = "checkdomain" ] || [ "$Command" = "checklist" ];  then
 87 | if [ "$3" = "" ]; then
 88 | showerror
 89 | exit 0
 90 | fi
 91 | fi
 92 | 
 93 | 
 94 | 
 95 | if [ "$Command" = "checkdomain" ]; then
 96 | 	echo "
 97 | 		[[[[[[[ `date` ]]]]]]]
 98 | 	" > /vddos/auto-switch/log.txt
 99 | 
100 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
101 | 
102 | 	Website="$2"
103 | 	Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
104 | 	WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
105 | 	if [ "$Available" = "" ]; then
106 | 		echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
107 | 	fi
108 | 	if [ "$Available" != "" ]; then
109 | 		if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
110 | 			echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
111 | 		fi
112 | 		if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
113 | 			websitestatus=`curl --user-agent "vDDos Auto Switch Check" --connect-timeout 2 --max-time 2 -s -o /dev/null -L -I -w "%{http_code}" $Website | awk '{print substr($0,1,1)}'`
114 | 			if [ "$websitestatus" != "2" ] && [ "$websitestatus" != "3" ]; then
115 | 				echo ' Found ['$Website'] in /vddos/conf.d/website.conf seems to be in the offline state: ['$websitestatus'xx']|tee -a /vddos/auto-switch/log.txt
116 | 				/usr/bin/vddos-switch $Website $Security_mode
117 | 			fi
118 | 			if [ "$websitestatus" = "2" ] || [ "$websitestatus" = "3" ]; then
119 | 				echo '- Re-check: ['$Website'] seems to be in the online state: ['$websitestatus'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
120 | 			fi
121 | 		fi
122 | 	fi
123 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
124 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
125 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
126 | 	fi
127 | 	checklog
128 | 	exit 0
129 | fi
130 | 
131 | if [ "$Command" = "checklist" ]; then
132 | 	listdomains_source="$2"
133 | 	listdomains="/vddos/auto-switch/list/listdomains.txt"
134 | 	if [ ! -f $listdomains_source ]; then
135 | 		showerror
136 | 		echo ''$listdomains_source' not found!'
137 | 		exit 0
138 | 	fi
139 | 
140 | 	if [ ! -d /vddos/auto-switch/list/ ]; then
141 | 		mkdir -p /vddos/auto-switch/list/
142 | 	fi
143 | 
144 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
145 | 
146 | 	echo "
147 | 		[[[[[[[ `date` ]]]]]]]
148 | 	" > /vddos/auto-switch/log.txt
149 | 	echo "`cat $listdomains_source | grep . | awk '!x[$0]++'`" > $listdomains
150 | 	numberlinelistdomains=`cat $listdomains | grep . | wc -l`
151 | 	startlinenumber=1
152 | 
153 | 	dong=$startlinenumber
154 | 	while [ $dong -le $numberlinelistdomains ]
155 | 	do
156 | 		Website=$(awk " NR == $dong " $listdomains); echo $Website
157 | 		Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
158 | 		WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
159 | 		if [ "$Available" = "" ]; then
160 | 			echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
161 | 		fi
162 | 		if [ "$Available" != "" ]; then
163 | 			if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
164 | 				echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
165 | 			fi
166 | 			if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
167 | 				if [ "$Available" != "" ]; then
168 | 					websitestatus=`curl --user-agent "vDDos Auto Switch Check" --connect-timeout 2 --max-time 2 -s -o /dev/null -L -I -w "%{http_code}" $Website | awk '{print substr($0,1,1)}'`
169 | 					if [ "$websitestatus" != "2" ] && [ "$websitestatus" != "3" ]; then
170 | 						echo ' Found ['$Website'] in '$listdomains_source' seems to be in the offline state: ['$websitestatus'xx']|tee -a /vddos/auto-switch/log.txt
171 | 						/usr/bin/vddos-switch $Website $Security_mode
172 | 					fi
173 | 					if [ "$websitestatus" = "2" ] || [ "$websitestatus" = "3" ]; then
174 | 						echo '- Re-check: ['$Website'] seems to be in the online state: ['$websitestatus'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
175 | 					fi
176 | 				fi
177 | 			fi
178 | 		fi
179 | 		dong=$((dong + 1))
180 | 	done
181 | 
182 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
183 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
184 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
185 | 	fi
186 | 	checklog
187 | 	exit 0
188 | fi
189 | 
190 | 
191 | 
192 | if [ "$Command" = "checkalldomain" ]; then
193 | 	Security_mode="$2"
194 | 	listdomains_source="/vddos/conf.d/website.conf"
195 | 	listdomains="/vddos/auto-switch/checkalldomain/listdomains.txt"
196 | 	if [ ! -f $listdomains_source ]; then
197 | 		showerror
198 | 		echo ''$listdomains_source' not found!'
199 | 		exit 0
200 | 	fi
201 | 
202 | 	if [ ! -d /vddos/auto-switch/checkalldomain/ ]; then
203 | 		mkdir -p /vddos/auto-switch/checkalldomain/
204 | 	fi
205 | 
206 | 	echo "
207 | 		[[[[[[[ `date` ]]]]]]]
208 | 	" > /vddos/auto-switch/log.txt
209 | 	echo "`cat $listdomains_source | grep . | awk '{print $1}'| awk '!x[$0]++'|grep -v '^#'|grep -v '^*'|grep -v '^default'`" > $listdomains
210 | 
211 | 	/usr/bin/vddos-autoswitch checklist $listdomains $Security_mode
212 | 
213 | 	exit 0
214 | fi
215 | 
216 | 
217 | 
218 | 
219 | if [ "$Command" = "flushalldomain" ]; then
220 | 	listdomains_source="$2"
221 | 	listdomains="/vddos/auto-switch/flushalldomain/listdomains.txt"
222 | 	if [ ! -f $listdomains_source ]; then
223 | 		showerror
224 | 		echo ''$listdomains_source' not found!'
225 | 		exit 0
226 | 	fi
227 | 
228 | 	if [ ! -d /vddos/auto-switch/flushalldomain/ ]; then
229 | 		mkdir -p /vddos/auto-switch/flushalldomain/
230 | 	fi
231 | 
232 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
233 | 
234 | 	echo "
235 | 		[[[[[[[ `date` ]]]]]]]
236 | 	" > /vddos/auto-switch/log.txt
237 | 	echo "`cat $listdomains_source | grep .|grep -v '^#'|grep -v '^*' | awk '{print $1}'| awk '!x[$0]++'`" > $listdomains
238 | 	numberlinelistdomains=`cat $listdomains | grep . | wc -l`
239 | 	startlinenumber=1
240 | 
241 | 	dong=$startlinenumber
242 | 	while [ $dong -le $numberlinelistdomains ]
243 | 	do
244 | 		Website=$(awk " NR == $dong " $listdomains);
245 | 		Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
246 | 		WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
247 | 		if [ "$Available" = "" ]; then
248 | 			echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
249 | 		fi
250 | 		if [ "$Available" != "" ]; then
251 | 			if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
252 | 				echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
253 | 			fi
254 | 			if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
255 | 				if [ "$Available" != "" ]; then
256 | 					/usr/bin/vddos-switch $Website $Security_mode
257 | 				fi
258 | 			fi
259 | 		fi
260 | 		dong=$((dong + 1))
261 | 	done
262 | 
263 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
264 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
265 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
266 | 	fi
267 | 	checklog
268 | 	exit 0
269 | fi
270 | 
271 | 
272 | 
273 | 
274 | 
275 | 
276 | 
277 | 
278 | 
279 | 
280 | 


--------------------------------------------------------------------------------
/md5sum.txt:
--------------------------------------------------------------------------------
1 | 1441836bd295837b6ab85238f6aebcea  cron.sh
2 | 6ce6dc5edbcd4254396444fb95825fe6  md5sum.txt
3 | aad7494f3f2bdcf8e299653f563eb843  README.md
4 | bfd39f2f8054a5ddb11daf3a11d8458c  sendmsg.sh
5 | d179fa40eca4fd5cc387bc775627ac2d  setting.conf
6 | 0ba1c3805f205db864749d2175b29dc1  vddos-autoswitch.sh
7 | eaee476fdaa6e6984d03866cadacfc05  vddos-sensor.sh
8 | 319818ca9cb06efb1e3c62b81e3b5250  vddos-switch.sh
9 | 


--------------------------------------------------------------------------------
/sendmsg.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Teal Dulcet
  4 | # Send e-mail, with optional message and attachments
  5 | 
  6 | # Requires the curl and netcat commands
  7 | 
  8 | # Optional S/MIME digital signatures require the openssl command
  9 | # Optional PGP/MIME digital signatures require the gpg command
 10 | 
 11 | # Run: ./sendmsg.sh <OPTION(S)>... -s <subject>
 12 | 
 13 | set -e
 14 | 
 15 | # Set the variables below
 16 | 
 17 | # Send e-mails
 18 | # Comment this out to temporally disable
 19 | SEND=1
 20 | 
 21 | # To e-mail addresses
 22 | # Send SMSs by using your mobile providers e-mail to SMS or MMS gateway (https://en.wikipedia.org/wiki/SMS_gateway#Email_clients)
 23 | TOEMAILS=(
 24 | 
 25 | )
 26 | 
 27 | # CC e-mail addresses
 28 | CCEMAILS=(
 29 | 
 30 | )
 31 | 
 32 | # BCC e-mail addresses
 33 | BCCEMAILS=(
 34 | 
 35 | )
 36 | 
 37 | # Optional From e-mail address
 38 | # FROMEMAIL="Example <example@example.com>"
 39 | 
 40 | # Optional SMTP server to send e-mails
 41 | # Supported protocols: "smtp" and "smtps".
 42 | # Requires From e-mail address above
 43 | 
 44 | # SMTP="smtps://mail.example.com"
 45 | # USERNAME="example"
 46 | # PASSWORD="password"
 47 | 
 48 | # E-mail Priority
 49 | # Supported priorities: "5 (Lowest)", "4 (Low)", "Normal", "2 (High)" and "1 (Highest)"
 50 | # Requires SMTP server above
 51 | # Uncomment this to enable
 52 | # PRIORITY="Normal"
 53 | 
 54 | # Optional Digitally sign the e-mails with an S/MIME Certificate
 55 | # Requires SMTP server above
 56 | 
 57 | # List of free S/MIME Certificates: http://kb.mozillazine.org/Getting_an_SMIME_certificate
 58 | # Enter the certificate's filename for the CERT variable below.
 59 | 
 60 | # CERT="cert.p12"
 61 | 
 62 | CLIENTCERT="cert.pem"
 63 | 
 64 | # Optional Digitally sign the e-mails with PGP/MIME
 65 | # Requires SMTP server above
 66 | 
 67 | # Generate a PGP key pair: gpg --gen-key
 68 | # Use the same e-mail address as used for the FROMEMAIL variable above. Enter the passphrase for the PASSPHRASE variable below.
 69 | # Make sure to send your PGP public key to the recipients before sending them digitally signed e-mails. You can export your PGP public key with: gpg -o key.asc -a --export <e-mail address> and attach key.asc to an e-mail.
 70 | 
 71 | # PASSPHRASE="passphrase"
 72 | 
 73 | # Days to warn before certificate expiration
 74 | WARNDAYS=3
 75 | 
 76 | # Compress attachment(s) with zip
 77 | # Uncomment this to enable
 78 | # ZIPFILE="attachments.zip"
 79 | 
 80 | # Set Content-Language
 81 | # Uses value of LANG environment variable
 82 | # Uncomment this to enable
 83 | # CONTENTLANG=1
 84 | 
 85 | # Sanitize the Date
 86 | # Uses Coordinated Universal Time (UTC), to prevent leaking the local time zone and rounds date down to whole minute, to prevent fingerprinting of clock offset.
 87 | # Uncomment this to enable
 88 | # UTC=1
 89 | 
 90 | # Show the client-server communication
 91 | # Requires SMTP server above
 92 | # Uncomment this to enable
 93 | # VERBOSE=1
 94 | 
 95 | # Do not change anything below this
 96 | 
 97 | # Output usage
 98 | # usage <programname>
 99 | usage() {
100 | 	echo "Usage:  $1 <OPTION(S)>... -s <subject>
101 | or:     $1 <OPTION>
102 | One or more To, CC or BCC e-mail addresses are required. Send text messages by using the mobile providers e-mail to SMS or MMS gateway (https://en.wikipedia.org/wiki/SMS_gateway#Email_clients). All the options can also be set by opening the script in an editor and setting the variables at the top. See examples below.
103 | 
104 | Options:
105 |     -s <subject>    Subject
106 |                         Escape sequences are expanded. Supports Unicode characters.
107 |     -m <message>    Message body
108 |                         Escape sequences are expanded. Supports Unicode characters.
109 |     -a <attachment> Attachment filename
110 |                         Use multiple times for multiple attachments. Supports Unicode characters in filename.
111 |     -t <To address> To e-mail address
112 |                         Use multiple times for multiple To e-mail addresses.
113 |     -c <CC address> CC e-mail address
114 |                         Use multiple times for multiple CC e-mail addresses.
115 |     -b <BCC address>BCC e-mail address
116 |                         Use multiple times for multiple BCC e-mail addresses.
117 |     -f <From address>From e-mail address
118 | 
119 |     -S <SMTP server>SMTP server
120 |                         Supported protocols: \"smtp\" and \"smtps\". Requires From e-mail address. Use \"smtp://localhost\" if running a mail server on this device.
121 |     -u <username>   SMTP server username
122 |     -p <password>   SMTP server password
123 |     -P <priority>   Priority
124 |                         Supported priorities: \"5 (Lowest)\", \"4 (Low)\", \"Normal\", \"2 (High)\" and \"1 (Highest)\". Requires SMTP server.
125 |     -C <certificate>S/MIME Certificate filename for digitally signing the e-mails
126 |                         It will ask you for the password the first time you run the script with this option. Requires SMTP server.
127 |     -k <passphrase> PGP secret key passphrase for digitally signing the e-mails with PGP/MIME
128 |                         Requires SMTP server.
129 |     -z <zipfile>    Compress attachment(s) with zip
130 |     -l              Set Content-Language
131 |                         Uses value of LANG environment variable.
132 |     -U              Sanitize the Date
133 |                         Uses Coordinated Universal Time (UTC) and rounds date down to whole minute. Set the TZ environment variable to change time zone.
134 |     -d              Dry run, do not send the e-mail
135 |     -V              Verbose, show the client-server communication
136 |                         Requires SMTP server.
137 | 
138 |     -h              Display this help and exit
139 |     -v              Output version information and exit
140 | 
141 | Examples:
142 |     Send e-mail
143 |     $ $1 -s \"Example\" -t \"Example <example@example.com>\"
144 | 
145 |     Send e-mail with message
146 |     $ $1 -s \"Example\" -m \"This is an example"'!'"\" -t \"Example <example@example.com>\"
147 | 
148 |     Send e-mail with message and single attachment
149 |     $ $1 -s \"Example\" -m \"This is an example"'!'"\" -a example.txt -t \"Example <example@example.com>\"
150 | 
151 |     Send e-mail with message and multiple attachments
152 |     $ $1 -s \"Example\" -m \"This is an example"'!'"\" -a example1.txt -a example2.txt -t \"Example <example@example.com>\"
153 | 
154 |     Send e-mail to a CC address
155 |     $ $1 -s \"Example\" -t \"Example 1 <example1@example.com>\" -c \"Example 2 <example2@example.com>\"
156 | 
157 |     Send e-mail with a From address
158 |     $ $1 -s \"Example\" -f \"Example <example@example.com>\" -t \"Example <example@example.com>\"
159 | 
160 |     Send e-mail with an external SMTP server
161 |     $ $1 -s \"Example\" -f \"Example <example@example.com>\" -S \"smtps://mail.example.com\" -u \"example\" -p \"password\" -t \"Example <example@example.com>\"
162 | 
163 |     Send high priority e-mail
164 |     $ $1 -s \"Example\" -f \"Example <example@example.com>\" -S \"smtps://mail.example.com\" -u \"example\" -p \"password\" -P \"1 (Highest)\" -t \"Example <example@example.com>\"
165 | 
166 |     Send e-mail digitally signed with an S/MIME Certificate
167 |     $ $1 -s \"Example\" -f \"Example <example@example.com>\" -S \"smtps://mail.example.com\" -u \"example\" -p \"password\" -C \"cert.p12\" -t \"Example <example@example.com>\"
168 | 
169 |     Send e-mail digitally signed with PGP/MIME
170 |     $ $1 -s \"Example\" -f \"Example <example@example.com>\" -S \"smtps://mail.example.com\" -u \"example\" -p \"password\" -k \"passphrase\" -t \"Example <example@example.com>\"
171 | " >&2
172 | }
173 | 
174 | if [[ $# -eq 0 ]]; then
175 | 	usage "$0"
176 | 	exit 1
177 | fi
178 | 
179 | NOW=$(date -u)
180 | 
181 | SUBJECT=''
182 | MESSAGE=''
183 | ATTACHMENTS=()
184 | 
185 | # Check if on Linux
186 | if ! echo "$OSTYPE" | grep -iq "linux"; then
187 | 	echo "Error: This script must be run on Linux." >&2
188 | 	exit 1
189 | fi
190 | 
191 | while getopts "a:b:c:df:hk:lm:p:s:t:u:vz:C:P:S:UV" c; do
192 | 	case ${c} in
193 | 	a )
194 | 		ATTACHMENTS+=( "$OPTARG" )
195 | 	;;
196 | 	b )
197 | 		BCCEMAILS+=( "$OPTARG" )
198 | 	;;
199 | 	c )
200 | 		CCEMAILS+=( "$OPTARG" )
201 | 	;;
202 | 	d )
203 | 		SEND=''
204 | 	;;
205 | 	f )
206 | 		FROMEMAIL=$OPTARG
207 | 	;;
208 | 	h )
209 | 		usage "$0"
210 | 		exit 0
211 | 	;;
212 | 	k )
213 | 		PASSPHRASE=$OPTARG
214 | 	;;
215 | 	l )
216 | 		CONTENTLANG=1
217 | 	;;
218 | 	m )
219 | 		MESSAGE=$OPTARG
220 | 	;;
221 | 	p )
222 | 		PASSWORD=$OPTARG
223 | 	;;
224 | 	s )
225 | 		SUBJECT=$OPTARG
226 | 	;;
227 | 	t )
228 | 		TOEMAILS+=( "$OPTARG" )
229 | 	;;
230 | 	u )
231 | 		USERNAME=$OPTARG
232 | 	;;
233 | 	v )
234 | 		echo -e "Send Msg CLI 1.0\n"
235 | 		exit 0
236 | 	;;
237 | 	z )
238 | 		ZIPFILE="${OPTARG%.zip}.zip"
239 | 	;;
240 | 	C )
241 | 		CERT=$OPTARG
242 | 	;;
243 | 	P )
244 | 		PRIORITY=$OPTARG
245 | 	;;
246 | 	S )
247 | 		SMTP=$OPTARG
248 | 	;;
249 | 	U )
250 | 		UTC=1
251 | 	;;
252 | 	V )
253 | 		VERBOSE=1
254 | 	;;
255 | 	\? )
256 | 		echo -e "Try '$0 -h' for more information.\n" >&2
257 | 		exit 1
258 | 	;;
259 | 	esac
260 | done
261 | shift $((OPTIND - 1))
262 | 
263 | if [[ $# -ne 0 ]]; then
264 | 	usage "$0"
265 | 	exit 1
266 | fi
267 | 
268 | if [[ -z "$SUBJECT" ]]; then
269 | 	echo "Error: A subject is required." >&2
270 | 	exit 1
271 | fi
272 | 
273 | if [[ -n "$PRIORITY" || -n "$CERT" || -n "$PASSPHRASE" || -n "$SMTP" || -n "$USERNAME" || -n "$PASSWORD" ]] && ! [[ -n "$FROMEMAIL" && -n "$SMTP" ]]; then
274 | 	echo -e "Warning: One or more of the options you set requires that you also provide an external SMTP server. Try '$0 -h' for more information.\n"
275 | fi
276 | 
277 | if [[ ${#TOEMAILS[@]} -eq 0 && ${#CCEMAILS[@]} -eq 0 && ${#BCCEMAILS[@]} -eq 0 ]]; then
278 | 	echo "Error: One or more To, CC or BCC e-mail addresses are required." >&2
279 | 	exit 1
280 | fi
281 | 
282 | if [[ ${#ATTACHMENTS[@]} -gt 0 ]]; then
283 | 	TOTAL=0
284 | 	table=''
285 | 	for i in "${ATTACHMENTS[@]}"; do
286 | 		if [[ -z "$i" || ! -r "$i" ]]; then
287 | 			echo "Error: Cannot read \"$i\" file." >&2
288 | 			exit 1
289 | 		fi
290 | 	done
291 | 	
292 | 	if [[ -n "$ZIPFILE" ]]; then
293 | 		if [[ -e "$ZIPFILE" ]]; then
294 | 			echo "Error: File \"$ZIPFILE\" already exists." >&2
295 | 			exit 1
296 | 		fi
297 | 		
298 | 		zip -q "$ZIPFILE" -- "${ATTACHMENTS[@]}"
299 | 		trap 'rm -- "$ZIPFILE"' EXIT
300 | 		
301 | 		ATTACHMENTS=( "$ZIPFILE" )
302 | 	fi
303 | 	
304 | 	echo "Attachments:"
305 | 	for i in "${ATTACHMENTS[@]}"; do
306 | 		SIZE=$(du -b -- "$i" | awk '{ print $1 }')
307 | 		((TOTAL+=SIZE))
308 | 		table+=$(printf '%s\t%s\t%s\n' "$i" "$(numfmt --to=iec-i "$SIZE")B" "$([[ $SIZE -ge 1000 ]] && echo "($(numfmt --to=si "$SIZE")B)" || echo)")
309 | 	done
310 | 	echo "$table" | column -t -s $'\t'
311 | 	
312 | 	echo -e "\nTotal Size:\t$(numfmt --to=iec-i "$TOTAL")B$([[ $TOTAL -ge 1000 ]] && echo " ($(numfmt --to=si "$TOTAL")B)")\n"
313 | 	# du -bch -- "${ATTACHMENTS[@]}"
314 | 	
315 | 	if [[ $TOTAL -ge 26214400 ]]; then
316 | 		echo -e "Warning: The total size of all attachments is greater than 25 MiB. The message may be rejected by your or the recipient's mail server. You may want to upload large files to an external storage service, such as Send: https://send.vis.ee/ (formerly Firefox Send) or transfer.sh: https://transfer.sh\n"
317 | 	fi
318 | fi
319 | 
320 | # Adapted from: https://github.com/mail-in-a-box/mailinabox/blob/master/setup/network-checks.sh
321 | if ! [[ -n "$FROMEMAIL" && -n "$SMTP" ]] && ! nc -z -w5 aspmx.l.google.com 25; then
322 | 	echo -e "Warning: Could not reach Google's mail server on port 25. Port 25 seems to be blocked by your network. You will need to provide an external SMTP server in order to send e-mails.\n"
323 | fi
324 | 
325 | # encoded-word <text>
326 | encoded-word() {
327 | 	# ASCII
328 | 	RE='^[] !"#$%&'\''()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\^_`abcdefghijklmnopqrstuvwxyz{|}~-]*$' # '^[ -~]*$' # '^[[:ascii:]]*$'
329 | 	if [[ $1 =~ $RE ]]; then
330 | 		echo "$1"
331 | 	else
332 | 		echo "=?utf-8?B?$(echo -e "$1" | base64 -w 0)?="
333 | 	fi
334 | }
335 | 
336 | TOADDRESSES=( "${TOEMAILS[@]}" )
337 | TONAMES=( "${TOEMAILS[@]}" )
338 | CCADDRESSES=( "${CCEMAILS[@]}" )
339 | CCNAMES=( "${CCEMAILS[@]}" )
340 | BCCADDRESSES=( "${BCCEMAILS[@]}" )
341 | FROMADDRESS=$FROMEMAIL
342 | FROMNAME=$FROMEMAIL
343 | 
344 | # Get e-mail address(es): "Example <example@example.com>" -> "example@example.com"
345 | RE='^(([[:print:]]{1,64}@[-.[:alnum:]]{4,254})|([[:print:]]*) *<([[:print:]]{1,64}@[-.[:alnum:]]{4,254})>)$'
346 | for i in "${!TOADDRESSES[@]}"; do
347 | 	if [[ ${TOADDRESSES[i]} =~ $RE ]]; then
348 | 		TOADDRESSES[i]=${BASH_REMATCH[2]:-${BASH_REMATCH[4]}}
349 | 		TONAMES[i]=${BASH_REMATCH[2]:-$(encoded-word "${BASH_REMATCH[3]}")<${BASH_REMATCH[4]}>}
350 | 	fi
351 | done
352 | 
353 | for i in "${!CCADDRESSES[@]}"; do
354 | 	if [[ ${CCADDRESSES[i]} =~ $RE ]]; then
355 | 		CCADDRESSES[i]=${BASH_REMATCH[2]:-${BASH_REMATCH[4]}}
356 | 		CCNAMES[i]=${BASH_REMATCH[2]:-$(encoded-word "${BASH_REMATCH[3]}")<${BASH_REMATCH[4]}>}
357 | 	fi
358 | done
359 | 
360 | for i in "${!BCCADDRESSES[@]}"; do
361 | 	if [[ ${BCCADDRESSES[i]} =~ $RE ]]; then
362 | 		BCCADDRESSES[i]=${BASH_REMATCH[2]:-${BASH_REMATCH[4]}}
363 | 	fi
364 | done
365 | 
366 | if [[ -n "$FROMADDRESS" ]] && [[ $FROMADDRESS =~ $RE ]]; then
367 | 	FROMADDRESS=${BASH_REMATCH[2]:-${BASH_REMATCH[4]}}
368 | 	FROMNAME=${BASH_REMATCH[2]:-$(encoded-word "${BASH_REMATCH[3]}")<${BASH_REMATCH[4]}>}
369 | fi
370 | 
371 | # E-mail address regular expressions
372 | RE1='^.{6,254}$'
373 | RE2='^.{1,64}@'
374 | # RE3='^[[:alnum:]!#$%&'\''*+/=?^_`{|}~-]+(\.[[:alnum:]!#$%&'\''*+/=?^_`{|}~-]+)*@([[:alnum:]_]([[:alnum:]_-]{0,61}[[:alnum:]_])?\.)+(xn--[[:alnum:]-]{0,58}[[:alnum:]]|[[:alpha:]]{2,63})$'
375 | RE3='^(([^][:space:]@"(),:;<>[\\.]|\\[^():;<>.])+|"([^"\\]|\\.)+")(\.(([^][:space:]@"(),:;<>[\\.]|\\[^():;<>.])+|"([^"\\]|\\.)+"))*@([[:alnum:]_]([[:alnum:]_-]{0,61}[[:alnum:]_])?\.)+(xn--[[:alnum:]-]{0,58}[[:alnum:]]|[[:alpha:]]{2,63})$'
376 | for email in "${TOADDRESSES[@]}"; do
377 | 	if ! [[ $email =~ $RE1 && $email =~ $RE2 && $email =~ $RE3 ]]; then
378 | 		echo "Error: \"$email\" is not a valid e-mail address." >&2
379 | 		exit 1
380 | 	fi
381 | done
382 | 
383 | for email in "${CCADDRESSES[@]}"; do
384 | 	if ! [[ $email =~ $RE1 && $email =~ $RE2 && $email =~ $RE3 ]]; then
385 | 		echo "Error: \"$email\" is not a valid e-mail address." >&2
386 | 		exit 1
387 | 	fi
388 | done
389 | 
390 | for email in "${BCCADDRESSES[@]}"; do
391 | 	if ! [[ $email =~ $RE1 && $email =~ $RE2 && $email =~ $RE3 ]]; then
392 | 		echo "Error: \"$email\" is not a valid e-mail address." >&2
393 | 		exit 1
394 | 	fi
395 | done
396 | 
397 | if [[ -n "$FROMADDRESS" ]] && ! [[ $FROMADDRESS =~ $RE1 && $FROMADDRESS =~ $RE2 && $FROMADDRESS =~ $RE3 ]]; then
398 | 	echo "Error: \"$FROMADDRESS\" is not a valid e-mail address." >&2
399 | 	exit 1
400 | fi
401 | 
402 | if [[ -n "$CERT" ]]; then
403 | 	if [[ ! -r "$CERT" && ! -f "$CLIENTCERT" ]]; then
404 | 		echo "Error: \"$CERT\" certificate file does not exist." >&2
405 | 		exit 1
406 | 	fi
407 | 
408 | 	if [[ ! -s "$CLIENTCERT" ]]; then
409 | 		echo -e "Saving the client certificate from \"$CERT\" to \"$CLIENTCERT\""
410 | 		echo -e "Please enter the password when prompted.\n"
411 | 		openssl pkcs12 -in "$CERT" -out "$CLIENTCERT" -clcerts -nodes
412 | 	fi
413 | 	
414 | 	# if ! output=$(openssl verify -verify_email "$FROMADDRESS" "$CLIENTCERT" 2>/dev/null); then
415 | 		# echo "Error verifying the S/MIME Certificate: $output" >&2
416 | 		# exit 1
417 | 	# fi
418 | 
419 | 	if aissuer=$(openssl x509 -in "$CLIENTCERT" -noout -issuer -nameopt multiline,-align,-esc_msb,utf8,-space_eq); then
420 | 		issuer=$(echo "$aissuer" | awk -F'=' '/commonName=/ { print $2 }')
421 | 	else
422 | 		issuer=''
423 | 	fi
424 | 	date=$(openssl x509 -in "$CLIENTCERT" -noout -enddate | awk -F'=' '/notAfter=/ { print $2 }')
425 | 	if openssl x509 -in "$CLIENTCERT" -noout -checkend 0 > /dev/null; then
426 | 		sec=$(( $(date -d "$date" +%s) - $(date -d "$NOW" +%s) ))
427 | 		if [[ $(( sec / 86400 )) -lt $WARNDAYS ]]; then
428 | 			echo -e "Warning: The S/MIME Certificate ${issuer:+from “$issuer” }expires in less than $WARNDAYS days ($(date -d "$date")).\n"
429 | 		fi
430 | 	else
431 | 		echo "Error: The S/MIME Certificate ${issuer:+from “$issuer” }expired $(date -d "$date")." >&2
432 | 		exit 1
433 | 	fi
434 | fi
435 | 
436 | if [[ -n "$PASSPHRASE" ]]; then
437 | 	if ! echo "$PASSPHRASE" | gpg --pinentry-mode loopback --batch -o /dev/null -ab -u "$FROMADDRESS" --passphrase-fd 0 <(echo); then
438 | 		echo "Error: A PGP key pair does not yet exist for \"$FROMADDRESS\" or the passphrase was incorrect." >&2
439 | 		exit 1
440 | 	fi
441 | 	
442 | 	date=$(gpg -k --with-colons "$FROMADDRESS" | awk -F':' '/^pub/ { print $7 }')
443 | 	if [[ -n "$date" ]]; then
444 | 		date=$(echo "$date" | head -n 1)
445 | 		sec=$(( date - $(date -d "$NOW" +%s) ))
446 | 		fingerprint=$(gpg --fingerprint --with-colons "$FROMADDRESS" | awk -F':' '/^fpr/ { print $10 }' | head -n 1)
447 | 		if [[ $sec -gt 0 ]]; then
448 | 			if [[ $(( sec / 86400 )) -lt $WARNDAYS ]]; then
449 | 				echo -e "Warning: The PGP key pair for \"$FROMADDRESS\" with fingerprint $fingerprint expires in less than $WARNDAYS days ($(date -d "@$date")).\n"
450 | 			fi
451 | 		else
452 | 			echo "Error: The PGP key pair for \"$FROMADDRESS\" with fingerprint $fingerprint expired $(date -d "@$date")." >&2
453 | 			exit 1
454 | 		fi
455 | 	fi
456 | fi
457 | 
458 | if [[ -n "$CERT" && -n "$PASSPHRASE" ]]; then
459 | 	echo -e "Warning: You cannot digitally sign the e-mails with both an S/MIME Certificate and PGP/MIME. S/MIME will be used.\n"
460 | fi
461 | 
462 | # Send e-mail, with optional message and attachments
463 | # Supports Unicode characters in subject, message and attachment filename
464 | # send <subject> [message] [attachment(s)]...
465 | send() {
466 | 	local headers message amessage lang=${LANG%.*}
467 | 	if [[ -n "$SEND" ]]; then
468 | 		if [[ -n "$FROMADDRESS" && -n "$SMTP" ]]; then
469 | 			headers="${PRIORITY:+X-Priority: $PRIORITY\n}From: $FROMNAME\n$(if [[ ${#TONAMES[@]} -eq 0 && ${#CCNAMES[@]} -eq 0 ]]; then echo "To: undisclosed-recipients: ;\n"; else [[ -n "$TONAMES" ]] && echo "To: ${TONAMES[0]}$([[ ${#TONAMES[@]} -gt 1 ]] && printf ', %s' "${TONAMES[@]:1}")\n"; fi)$([[ -n "$CCNAMES" ]] && echo "Cc: ${CCNAMES[0]}$([[ ${#CCNAMES[@]} -gt 1 ]] && printf ', %s' "${CCNAMES[@]:1}")\n")Subject: $(encoded-word "$1")\nDate: $(if [[ -n "$UTC" ]]; then date -Rud "@$(( ${EPOCHSECONDS:-$(date +%s)} / 60 * 60 ))"; else date -R; fi)\n"
470 | 			if [[ $# -ge 3 ]]; then
471 | 				message="Content-Type: multipart/mixed; boundary=\"MULTIPART-MIXED-BOUNDARY\"\n\n--MULTIPART-MIXED-BOUNDARY\nContent-Type: text/plain; charset=UTF-8\nContent-Transfer-Encoding: 8bit\n${CONTENTLANG:+$([[ ${#lang} -ge 2 ]] && echo "Content-Language: ${lang/_/-}\n")}\n$2\n$(for i in "${@:3}"; do echo "--MULTIPART-MIXED-BOUNDARY\nContent-Type: $(file --mime-type -- "$i" | sed -n 's/^.\+: //p')\nContent-Transfer-Encoding: base64\nContent-Disposition: attachment; filename*=utf-8''$(curl -Gs -w '%{url_effective}\n' --data-urlencode "$(basename -- "$i")" "" | sed -n 's/\/?//p')\n\n$(base64 -- "$i")\n"; done)--MULTIPART-MIXED-BOUNDARY--"
472 | 			else
473 | 				message="Content-Type: text/plain; charset=UTF-8\nContent-Transfer-Encoding: 8bit\n${CONTENTLANG:+$([[ ${#lang} -ge 2 ]] && echo "Content-Language: ${lang/_/-}\n")}\n$2"
474 | 			fi
475 | 			if [[ -n "$CERT" ]]; then
476 | 				echo -e -n "${headers}"
477 | 				echo -e "$message" | openssl cms -sign -signer "$CLIENTCERT"
478 | 			elif [[ -n "$PASSPHRASE" ]]; then
479 | 				amessage=$(echo -e "$message")
480 | 				echo -e -n "${headers}MIME-Version: 1.0\nContent-Type: multipart/signed; protocol=\"application/pgp-signature\"; micalg=pgp-sha1; boundary=\"----MULTIPART-SIGNED-BOUNDARY\"\n\n------MULTIPART-SIGNED-BOUNDARY\n"
481 | 				echo -n "$amessage"
482 | 				echo -e "\n------MULTIPART-SIGNED-BOUNDARY\nContent-Type: application/pgp-signature; name=\"signature.asc\"\nContent-Disposition: attachment; filename=\"signature.asc\"\n\n$(echo "$PASSPHRASE" | gpg --pinentry-mode loopback --batch -o - -ab -u "$FROMADDRESS" --passphrase-fd 0 <(echo -n "${amessage//$'\n'/$'\r\n'}"))\n\n------MULTIPART-SIGNED-BOUNDARY--"
483 | 			else
484 | 				echo -e "${headers}MIME-Version: 1.0\n$message"
485 | 			fi | eval curl -sS"${VERBOSE:+v}" "$SMTP" --mail-from "$FROMADDRESS" $(printf -- '--mail-rcpt "%s" ' "${TOADDRESSES[@]}" "${CCADDRESSES[@]}" "${BCCADDRESSES[@]}") -T - -u "$USERNAME:$PASSWORD"
486 | 		else
487 | 			{ echo -e "$2"; [[ $# -ge 3 ]] && for i in "${@:3}"; do uuencode -- "$i" "$(basename -- "$i")"; done; } | eval mail ${FROMADDRESS:+-r "$FROMADDRESS"} $([[ -n "$CCADDRESSES" ]] && printf -- '-c "%s" ' "${CCADDRESSES[@]}" || echo) $([[ -n "$BCCADDRESSES" ]] && printf -- '-b "%s" ' "${BCCADDRESSES[@]}" || echo) -s "\"$1\"" -- "$([[ ${#TOADDRESSES[@]} -eq 0 ]] && echo "\"undisclosed-recipients: ;\"" || printf -- '"%s" ' "${TOADDRESSES[@]}")"
488 | 		fi
489 | 	fi
490 | }
491 | 
492 | send "$SUBJECT" "$MESSAGE" "${ATTACHMENTS[@]}"
493 | 


--------------------------------------------------------------------------------
/setting.conf:
--------------------------------------------------------------------------------
 1 | # This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"
 2 | 
 3 | 
 4 | hostname="vDDoS Master"							#(Name this server, it will show up in Email notifications)
 5 | 
 6 | vddos_master_slave_mode="no"					#(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
 7 | backend_url_check="no"			#(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))
 8 | 
 9 | send_notifications="no"						#(Turn on "yes" if you want receive notification)
10 | smtp_server="smtps://smtp.gmail.com"		#(SMTP Server)
11 | smtp_username="xxx@gmail.com"				#(Your Mail)
12 | smtp_password="xxxxxxxxxxxxx" 				#(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
13 | send_notifications_to="xxxx@gmail.com"		#(Your Email Address will receive notification)
14 | 
15 | 
16 | maximum_allowable_delay_for_backend=2 			#(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
17 | maximum_allowable_delay_for_website=2 			#(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)
18 | 
19 | default_switch_mode_not_attack="no"				#(Default Mode vDDoS use when it's not under attacked)
20 | default_switch_mode_under_attack="high"			#(Default Mode vDDoS use when it's under attack)
21 | default_waiting_time_to_release="60"			#(For example 60 minutes, release time from challenge)


--------------------------------------------------------------------------------
/vddos-autoswitch.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | #chmod 700 /vddos/auto-switch/vddos-autoswitch.sh
  4 | #ln -s /vddos/auto-switch/vddos-autoswitch.sh /usr/bin/vddos-autoswitch
  5 | #chmod 700 /vddos/auto-switch/vddos-switch.sh
  6 | #ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch
  7 | 
  8 | # Example:
  9 | # Auto check/switch security mode for a domain (in website.conf) if it is being slow/high load:
 10 | # vddos-autoswitch [checkdomain] your-domain.com 5s
 11 | 
 12 | # Auto check/switch security mode for each domain in the list website.conf if it is being slow/high load:
 13 | # vddos-autoswitch [checkalldomain] 5s
 14 | 
 15 | # Auto check/switch for each domain in the list domains if it is being slow/high load:
 16 | # vddos-autoswitch [checklist] /etc/listdomains.txt 5s
 17 | 
 18 | # Flush all security mode for all domain (in website.conf) if they are not slow/high load:
 19 | # vddos-autoswitch [flushalldomain] /etc/listdomains.txt no
 20 | # OR:
 21 | # vddos-switch [allsite] [no/307/200...] ; vddos restart
 22 | 
 23 | 
 24 | 
 25 | if [ ! -f /usr/bin/vddos-switch ] || [ ! -f /usr/bin/vddos-autoswitch ] || [ ! -f /usr/bin/vddos-sensor ]; then
 26 | chmod 700 /vddos/auto-switch/*.sh  >/dev/null 2>&1
 27 | ln -s /vddos/auto-switch/vddos-autoswitch.sh /usr/bin/vddos-autoswitch  >/dev/null 2>&1
 28 | ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch  >/dev/null 2>&1
 29 | ln -s /vddos/auto-switch/vddos-sensor.sh /usr/bin/vddos-sensor  >/dev/null 2>&1
 30 | fi
 31 | source /vddos/auto-switch/setting.conf
 32 | 
 33 | if [ -f /vddos/auto-switch/vddos-sensor.tmp ]; then
 34 | exit 0
 35 | fi
 36 | touch /vddos/auto-switch/vddos-autoswitch.tmp
 37 | 
 38 | function showerror()
 39 | {
 40 | echo 'ERROR!
 41 | 
 42 | Command is ['$1'] ...
 43 | Website or List is ['$2'] ...
 44 | Security mode is ['$3']
 45 | 
 46 | # Example:
 47 | # Auto check/switch security mode for a domain (in website.conf) if it is being slow/high load:
 48 |  vddos-autoswitch [checkdomain] your-domain.com 5s
 49 | 
 50 | # Auto check/switch security mode for each domain in the list website.conf if it is being slow/high load:
 51 |  vddos-autoswitch [checkalldomain] 5s
 52 | 
 53 | # Auto check/switch for each domain in the list domains if it is being slow/high load:
 54 |  vddos-autoswitch [checklist] /etc/listdomains.txt 5s
 55 | 
 56 | 
 57 | # Flush all security mode for all domain (in website.conf) if they are not slow/high load:
 58 |  vddos-switch [allsite] no
 59 | # OR:
 60 |  vddos-switch [allsite] [no/307/200...]
 61 | 
 62 | '|tee -a /vddos/auto-switch/log.txt
 63 | return 0
 64 | }
 65 | function checklog()
 66 | {
 67 | echo '
 68 | (Check logs at /vddos/auto-switch/log.txt)
 69 | '
 70 | return 0
 71 | }
 72 | 
 73 | 
 74 | 
 75 | 
 76 | 
 77 | 
 78 | Command="$1"
 79 | Security_mode="$3"
 80 | 
 81 | 
 82 | if [ "$1" = "" ] || [ "$2" = "" ]; then
 83 | showerror
 84 | rm -f /vddos/auto-switch/vddos-autoswitch.tmp
 85 | exit 0
 86 | fi	
 87 | 
 88 | if [ "$Command" != "checkdomain" ] && [ "$Command" != "checklist" ] && [ "$Command" != "checkalldomain" ];  then
 89 | showerror
 90 | rm -f /vddos/auto-switch/vddos-autoswitch.tmp
 91 | exit 0
 92 | fi
 93 | 
 94 | if [ "$Command" = "checkdomain" ] || [ "$Command" = "checklist" ];  then
 95 | if [ "$3" = "" ]; then
 96 | showerror
 97 | rm -f /vddos/auto-switch/vddos-autoswitch.tmp
 98 | exit 0
 99 | fi
100 | fi
101 | 
102 | 
103 | 
104 | if [ "$Command" = "checkdomain" ]; then
105 | 	echo "
106 | 		[[[[[[[ `date` ]]]]]]]
107 | 	" > /vddos/auto-switch/log.txt
108 | 
109 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
110 | 
111 | 	Website="$2"
112 | 	Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
113 | 	WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
114 | 	if [ "$Available" = "" ]; then
115 | 		echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
116 | 	fi
117 | 	if [ "$Available" != "" ]; then
118 | 		if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
119 | 			echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
120 | 		fi
121 | 		if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
122 | 			websitestatus=`curl --user-agent "vDDoS Auto Switch Check" --connect-timeout $maximum_allowable_delay_for_website --max-time $maximum_allowable_delay_for_website -s -o /dev/null -L -I -w "%{http_code}" $Website | awk '{print substr($0,1,1)}'`
123 | 			if [ "$websitestatus" != "2" ] && [ "$websitestatus" != "3" ]; then
124 | 				echo ' Found ['$Website'] in /vddos/conf.d/website.conf seems to be in the offline state: ['$websitestatus'xx']|tee -a /vddos/auto-switch/log.txt
125 | 				/usr/bin/vddos-switch $Website $Security_mode
126 | 			fi
127 | 			if [ "$websitestatus" = "2" ] || [ "$websitestatus" = "3" ]; then
128 | 				echo '- Re-check: ['$Website'] seems to be in the online state: ['$websitestatus'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
129 | 			fi
130 | 		fi
131 | 	fi
132 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
133 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
134 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
135 | 	fi
136 | 	checklog
137 | 	rm -f /vddos/auto-switch/vddos-autoswitch.tmp
138 | 	exit 0
139 | fi
140 | 
141 | if [ "$Command" = "checklist" ]; then
142 | 	listdomains_source="$2";
143 | 	listdomains="/vddos/auto-switch/list/listdomains.txt"
144 | 	if [ ! -f $listdomains_source ]; then
145 | 		showerror
146 | 		echo ''$listdomains_source' not found!'
147 | 		rm -f /vddos/auto-switch/vddos-autoswitch.tmp
148 | 		exit 0
149 | 	fi
150 | 
151 | 	if [ ! -d /vddos/auto-switch/list/ ]; then
152 | 		mkdir -p /vddos/auto-switch/list/
153 | 	fi
154 | 
155 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
156 | 
157 | 	echo "
158 | 		[[[[[[[ `date` ]]]]]]]
159 | 	" > /vddos/auto-switch/log.txt
160 | 	echo "`cat $listdomains_source | grep . | awk '!x[$0]++'`" > $listdomains
161 | 	numberlinelistdomains=`cat $listdomains | grep . | wc -l`
162 | 	startlinenumber=1
163 | 
164 | 	dong=$startlinenumber
165 | 	while [ $dong -le $numberlinelistdomains ]
166 | 	do
167 | 		echo $dong
168 | 		Website=`cat $listdomains|awk 'NR == '$dong' {print $1}'`; echo " $Website "
169 | 		URL_Website=`cat $listdomains|awk  'NR == '$dong' {print $2}'`; echo " $URL_Website "
170 | 		Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
171 | 		WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
172 | 		if [ "$Available" = "" ]; then
173 | 			echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
174 | 		fi
175 | 		if [ "$URL_Website" = "" ]; then
176 | 			if [ "$Available" != "" ]; then
177 | 				if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
178 | 					echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
179 | 				fi
180 | 				if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
181 | 					if [ "$Available" != "" ]; then
182 | 						websitestatus=`curl --user-agent "vDDoS Auto Switch Check" --connect-timeout $maximum_allowable_delay_for_website --max-time $maximum_allowable_delay_for_website -s -o /dev/null -L -I -w "%{http_code}" $Website | awk '{print substr($0,1,1)}'`
183 | 						if [ "$websitestatus" != "2" ] && [ "$websitestatus" != "3" ]; then
184 | 							echo ' Found ['$Website'] in '$listdomains_source' seems to be in the offline state: ['$websitestatus'xx']|tee -a /vddos/auto-switch/log.txt
185 | 							/usr/bin/vddos-switch $Website $Security_mode
186 | 						fi
187 | 						if [ "$websitestatus" = "2" ] || [ "$websitestatus" = "3" ]; then
188 | 							echo '- Re-check: ['$Website'] seems to be in the online state: ['$websitestatus'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
189 | 						fi
190 | 					fi
191 | 				fi
192 | 			fi
193 | 		fi
194 | 		if [ "$URL_Website" != "" ]; then
195 | 			if [ "$Available" != "" ]; then
196 | 				if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
197 | 					echo '- Re-check: ['$URL_Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
198 | 				fi
199 | 				if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
200 | 					if [ "$Available" != "" ]; then
201 | 						websitestatus=`curl --user-agent "vDDoS Auto Switch Check" --connect-timeout $maximum_allowable_delay_for_website --max-time $maximum_allowable_delay_for_website -s -o /dev/null -L -I -w "%{http_code}" $URL_Website | awk '{print substr($0,1,1)}'`
202 | 						if [ "$websitestatus" != "2" ] && [ "$websitestatus" != "3" ]; then
203 | 							echo ' Found ['$URL_Website'] in '$listdomains_source' seems to be in the offline state: ['$websitestatus'xx']|tee -a /vddos/auto-switch/log.txt
204 | 							/usr/bin/vddos-switch $Website $Security_mode
205 | 						fi
206 | 						if [ "$websitestatus" = "2" ] || [ "$websitestatus" = "3" ]; then
207 | 							echo '- Re-check: ['$URL_Website'] seems to be in the online state: ['$websitestatus'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
208 | 						fi
209 | 					fi
210 | 				fi
211 | 			fi
212 | 		fi
213 | 
214 | 
215 | 		dong=$((dong + 1))
216 | 	done
217 | 
218 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
219 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
220 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
221 | 	fi
222 | 	checklog
223 | 	rm -f /vddos/auto-switch/vddos-autoswitch.tmp
224 | 	exit 0
225 | fi
226 | 
227 | 
228 | 
229 | if [ "$Command" = "checkalldomain" ]; then
230 | 	Security_mode="$2"
231 | 	listdomains_source="/vddos/conf.d/website.conf"
232 | 	listdomains="/vddos/auto-switch/checkalldomain/listdomains.txt"
233 | 	if [ ! -f $listdomains_source ]; then
234 | 		showerror
235 | 		echo ''$listdomains_source' not found!'
236 | 		rm -f /vddos/auto-switch/vddos-autoswitch.tmp
237 | 		exit 0
238 | 	fi
239 | 
240 | 	if [ ! -d /vddos/auto-switch/checkalldomain/ ]; then
241 | 		mkdir -p /vddos/auto-switch/checkalldomain/
242 | 	fi
243 | 
244 | 	echo "
245 | 		[[[[[[[ `date` ]]]]]]]
246 | 	" > /vddos/auto-switch/log.txt
247 | 	echo "`cat $listdomains_source | grep .| awk '!x[$0]++'|grep -v '^#'|grep -v '^*'|grep -v '^default' | awk '{print $1" "$2}'| tr : " "|tr ] " " |awk '{print $1" "$2"://"$1":"$4"/"}'`" > $listdomains
248 | 
249 | 	/usr/bin/vddos-autoswitch checklist $listdomains $Security_mode
250 | 	rm -f /vddos/auto-switch/vddos-autoswitch.tmp
251 | 	exit 0
252 | fi
253 | 
254 | 
255 | 
256 | 
257 | if [ "$Command" = "flushalldomain" ]; then
258 | 	listdomains_source="$2"
259 | 	listdomains="/vddos/auto-switch/flushalldomain/listdomains.txt"
260 | 	if [ ! -f $listdomains_source ]; then
261 | 		showerror
262 | 		echo ''$listdomains_source' not found!'
263 | 		rm -f /vddos/auto-switch/vddos-autoswitch.tmp
264 | 		exit 0
265 | 	fi
266 | 
267 | 	if [ ! -d /vddos/auto-switch/flushalldomain/ ]; then
268 | 		mkdir -p /vddos/auto-switch/flushalldomain/
269 | 	fi
270 | 
271 | 	md5sum_website_conf_latest=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
272 | 
273 | 	echo "
274 | 		[[[[[[[ `date` ]]]]]]]
275 | 	" > /vddos/auto-switch/log.txt
276 | 	echo "`cat $listdomains_source | grep .|grep -v '^#'|grep -v '^*' | awk '{print $1}'| awk '!x[$0]++'`" > $listdomains
277 | 	numberlinelistdomains=`cat $listdomains | grep . | wc -l`
278 | 	startlinenumber=1
279 | 
280 | 	dong=$startlinenumber
281 | 	while [ $dong -le $numberlinelistdomains ]
282 | 	do
283 | 		Website=$(awk " NR == $dong " $listdomains);
284 | 		Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
285 | 		WebsiteSecurityModeCurrent=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| awk 'NR==1 {print $5}'`
286 | 		if [ "$Available" = "" ]; then
287 | 			echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
288 | 		fi
289 | 		if [ "$Available" != "" ]; then
290 | 			if [ "$WebsiteSecurityModeCurrent" = "$Security_mode" ]; then
291 | 				echo '- Re-check: ['$Website'] is already ['$WebsiteSecurityModeCurrent'] security mode ===> Skip!'|tee -a /vddos/auto-switch/log.txt
292 | 			fi
293 | 			if [ "$WebsiteSecurityModeCurrent" != "$Security_mode" ]; then
294 | 				if [ "$Available" != "" ]; then
295 | 					/usr/bin/vddos-switch $Website $Security_mode
296 | 				fi
297 | 			fi
298 | 		fi
299 | 		dong=$((dong + 1))
300 | 	done
301 | 
302 | 	md5sum_website_conf_new=`cat /vddos/conf.d/website.conf| grep . | awk '!x[$0]++'| md5sum | awk 'NR==1 {print $1}'`
303 | 	if [ "$md5sum_website_conf_latest" != "$md5sum_website_conf_new" ]; then
304 | 		/usr/bin/vddos reload |tee -a /vddos/auto-switch/log.txt
305 | 	fi
306 | 	checklog
307 | 	rm -f /vddos/auto-switch/vddos-autoswitch.tmp
308 | 	exit 0
309 | fi
310 | 
311 | rm -f /vddos/auto-switch/vddos-autoswitch.tmp
312 | 
313 | 
314 | 
315 | 
316 | 
317 | 
318 | 
319 | 
320 | 


--------------------------------------------------------------------------------
/vddos-sensor.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # echo '* * * * * root /vddos/auto-switch/vddos-sensor.sh' >> /etc/crontab
  3 | 
  4 | # if you usually backup on Thurvday, you might want to disable cpu, ram... check on Thurvday (because it can misrepresent when cpu, network... highload because of backup operation)
  5 | # today=`date '+%A'`
  6 | # backup_yn=n
  7 | # if [ $today = "Thurvday" ]; then
  8 | # backup_yn=y
  9 | # fi
 10 | 
 11 | # Check vddos-sensor still running?
 12 | 
 13 | if [ -f /vddos/auto-switch/vddos-sensor.tmp ] || [ -f /vddos/auto-switch/vddos-autoswitch.tmp ]; then
 14 | exit 0
 15 | fi
 16 | 
 17 | 
 18 | 
 19 | source /vddos/auto-switch/setting.conf
 20 | touch /vddos/auto-switch/vddos-sensor.tmp
 21 | 
 22 | if [ ! -f /usr/bin/vddos-switch ] || [ ! -f /usr/bin/vddos-autoswitch ] || [ ! -f /usr/bin/vddos-sensor ]; then
 23 | chmod 700 /vddos/auto-switch/*.sh  >/dev/null 2>&1
 24 | ln -s /vddos/auto-switch/vddos-autoswitch.sh /usr/bin/vddos-autoswitch  >/dev/null 2>&1
 25 | ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch  >/dev/null 2>&1
 26 | ln -s /vddos/auto-switch/vddos-sensor.sh /usr/bin/vddos-sensor  >/dev/null 2>&1
 27 | fi
 28 | if [ ! -f /vddos/auto-switch/protect/waiting-time-to-release.db ]; then
 29 | 	mkdir -p /vddos/auto-switch/protect/
 30 | 	touch /vddos/auto-switch/protect/waiting-time-to-release.db
 31 | fi
 32 | 
 33 | 
 34 | ################################################################################
 35 | # SET MAX LIMIT:
 36 | # If the following 8 indicators are exceeded, vDDoS will enable challenge mode:
 37 | 
 38 | CPU_Problems_Sensor_MAX_Limit=$(grep -c processor /proc/cpuinfo)				#Max number of cores the server has to enable_challenge
 39 | RAM_Problems_Sensor_MAX_Limit=90												#Max RAM the server can use (unit of measure: %) to enable_challenge
 40 | IOdisk_Problems_Sensor_MAX_Limit=70												#Limit 70% IO Disk to enable_challenge
 41 | NET_Problems_Sensor_MAX_Limit=10000												#Max Bandwidth/sec of IN + OUT combined (unit of measure: kB/s)
 42 | Connections_Problems_Sensor_MAX_Limit=10000										#Max connections/sec
 43 | IPconnections_Problems_Sensor_MAX_Limit=1000									#Max number IPs connect
 44 | status444_Problems_Sensor_MAX_Limit=10											#Percentage of Deny/Allow connections (unit of measure: %)
 45 | Backendstatus_Problems_Sensor_MAX_Limit=$maximum_allowable_delay_for_backend	
 46 | 
 47 | 
 48 | 
 49 | 
 50 | function disable_challenge ()
 51 | {
 52 | vddos-switch allsite $default_switch_mode_not_attack
 53 | 
 54 | if [ "$vddos_master_slave_mode" = "no" ]; then
 55 | 	vddos reload
 56 | else
 57 | 	vddos reload; vddos-master synall; vddos-master reloadall
 58 | fi
 59 | 
 60 | return
 61 | }
 62 | 
 63 | 
 64 | function check_waiting_time ()
 65 | {
 66 | time_remaining=`cat  /vddos/auto-switch/protect/waiting-time-to-release.db| grep ^$1 | awk 'NR==1 {print $2}'`
 67 | if [ "$time_remaining" = "" ]; then
 68 | 	echo "
 69 | 
 70 | 
 71 |   Checking: [$1] not on the protected list (waiting-time-to-release.db)" 
 72 | 	already_protected_yn=n
 73 | 	out_of_time_yn=""
 74 | else
 75 | 	already_protected_yn=y
 76 | 	the_present_time=`date +"%s"`
 77 | 	echo "
 78 | 
 79 | 
 80 |   Checking: [$1] already on the protected list (waiting-time-to-release.db)" 
 81 | 	if [ "$the_present_time" > "$time_remaining"  ] ; then
 82 | 		out_of_time_yn=y; 
 83 | 	else
 84 | 		out_of_time_yn=n;
 85 | 	fi
 86 | 	
 87 | fi
 88 | return
 89 | }
 90 | 
 91 | function put_waiting_time ()
 92 | {
 93 | 	sed -i "/^$1.*/d" /vddos/auto-switch/protect/waiting-time-to-release.db  >/dev/null 2>&1
 94 | 	the_present_time=`date +"%s"`
 95 | 	waiting_time=`date +"%s" -d '+ '$default_waiting_time_to_release' minutes'`
 96 | 	echo "$1 $waiting_time (set at $the_present_time)" >> /vddos/auto-switch/protect/waiting-time-to-release.db
 97 | return
 98 | }
 99 | 
100 | 
101 | check_waiting_time allsite
102 | ((time_remaining>the_present_time)) && out_of_time_yn=n
103 | ((time_remaining<the_present_time)) && out_of_time_yn=y
104 | if [ "$already_protected_yn" = "y" ] && [ "$out_of_time_yn" = "n" ] ; then
105 | 	already_allsite_yn=y 
106 | 	echo "===> [SKIP, [allsite] will be released later... ($(((the_present_time-time_remaining)*-1)) seconds left)]"
107 | 	rm -f /vddos/auto-switch/vddos-sensor.tmp
108 | 	exit 0
109 | fi
110 | 
111 | if [ "$already_protected_yn" = "y" ] && [ "$out_of_time_yn" = "y" ]; then
112 | 	echo "===> [CONGRATULATIONS, [allsite] released at `date`]"
113 | 	echo > /vddos/auto-switch/protect/waiting-time-to-release.db
114 | 	disable_challenge
115 | 	if [ "$send_notifications" = "yes" ] && [ "$notifications_yn" = "y" ]; then
116 | 	send_notifications
117 | 	fi
118 | 	rm -f /vddos/auto-switch/vddos-sensor.tmp
119 | 	exit 0
120 | fi
121 | 
122 | 
123 | function send_notifications ()
124 | {
125 | now=`date +"TIME:%Hh%M_DATE:%d"`
126 | subject="[$now] CPU: $CPU_Problems_Sensor_Current_Now/$CPU_Problems_Sensor_MAX_Limit(Core) | RAM: $RAM_Problems_Sensor_Current_Now(%) | IO: $IOdisk_Problems_Sensor_Current_Now(%) | NET: $NET_Problems_Sensor_Current_Now(kB/s) | Connections: $Connections_Problems_Sensor_Current_Now | $IPconnections_Problems_Sensor_Current_Now(IP) | BACKEND: $Backendstatus"
127 | tail -n200 /vddos/auto-switch/log.txt >> /vddos/auto-switch/send_notifications.tmp
128 | body=`cat /vddos/auto-switch/send_notifications.tmp`
129 | 
130 | /vddos/auto-switch/sendmsg.sh -s "$subject" -m "$body" -f "$hostname <$smtp_username>" -S "$smtp_server" -u "$smtp_username" -p "$smtp_password" -t "Receiver <$send_notifications_to>"
131 | rm -f /vddos/auto-switch/send_notifications.tmp
132 | return
133 | }
134 | 
135 | function enable_challenge ()
136 | {
137 | vddos-switch allsite $default_switch_mode_under_attack
138 | 
139 | if [ "$vddos_master_slave_mode" = "no" ]; then
140 | 	vddos reload
141 | else
142 | 	vddos reload; vddos-master synall; vddos-master reloadall
143 | fi
144 | 
145 | return
146 | }
147 | 
148 | function log_overload ()
149 | {
150 | echo '===> WARNING: '$1'-Overload '$2'/'$3'' |tee -a /vddos/auto-switch/send_notifications.tmp
151 | return
152 | }
153 | 
154 | ################################################################################
155 | # CURRENT NOW:
156 | BWsar="`sar -n DEV 1 1`"
157 | NETBW_IN=$(echo "scale=3;(`echo "$BWsar"|grep Average:| grep -v "IFACE"| awk {'print $5'} |tr "\n" "+"`0)"| bc -q| awk '{printf "%.0f\n", $0}')
158 | NETBW_OUT=$(echo "scale=3;(`echo "$BWsar"|grep Average:| grep -v "IFACE"| awk {'print $6'} |tr "\n" "+"`0)"| bc -q| awk '{printf "%.0f\n", $0}')
159 | io_raw=`cat  <(cat /sys/block/vda/stat && cat /proc/uptime) <(sleep 1 && cat /sys/block/vda/stat && cat /proc/uptime)`
160 | a1=`echo "$io_raw" | awk 'NR==1 {print $10}'| tr . " "| awk '{printf $1}'`;a2=`echo "$io_raw" | awk 'NR==3 {print $10}'| tr . " "| awk '{printf $1}'`;
161 | b1=`echo "$io_raw" | awk 'NR==2 {print $1}'| tr . " "| awk '{printf $1}'`;b2=`echo "$io_raw" | awk 'NR==4 {print $1}'| tr . " "| awk '{printf $1}'`;
162 | IO=$(((a2-a1)/(b2-b1)/10))
163 | RAM_Now=$(free -m| awk 'NR==2 {print $3}')	
164 | RAM_MAX=$(free -m| awk 'NR==2 {print $2}')
165 | 
166 | CPU_Problems_Sensor_Current_Now=$(cat /proc/loadavg |tr . " " | awk {'print $1'}) 	#LoadAVG now (number of cores needed - unit of measure: cpu or core)
167 | RAM_Problems_Sensor_Current_Now=$((RAM_Now*100/RAM_MAX))							#RAM Used now (unit of measure: %)
168 | IOdisk_Problems_Sensor_Current_Now=$IO 												#Current IO usage percentage (unit of measure: %)
169 | 
170 | 
171 | NET_Problems_Sensor_Current_Now=$((NETBW_IN+NETBW_OUT))								#Total net-traffic used by the server in 1 second (unit of measure: KB/s)
172 | Connections_Problems_Sensor_Current_Now=$(netstat -n | grep :| wc -l)				#Total connections to server in 1 second
173 | IPconnections_Problems_Sensor_Current_Now=$(netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c| wc -l) # Number of IPs connected to the server
174 | 
175 | 
176 | echo "
177 | 	[[[[[[[ `date` ]]]]]]
178 | 
179 | 	SERVER ($hostname) Current Status:
180 | 	-CPU used: $CPU_Problems_Sensor_Current_Now/$CPU_Problems_Sensor_MAX_Limit(core)
181 | 	-RAM used: $RAM_Problems_Sensor_Current_Now%
182 | 	-IO Disk used: $IOdisk_Problems_Sensor_Current_Now%
183 | 
184 | 	-Network: $NET_Problems_Sensor_Current_Now(kB/s)
185 | 	-Connections per second: $Connections_Problems_Sensor_Current_Now(connections/s)
186 | 	-Number of IPs connected per second: $IPconnections_Problems_Sensor_Current_Now(IP/s)
187 | " |tee -a /vddos/auto-switch/log.txt
188 | 
189 | 
190 | ################################################################################
191 | # IF CURRENT NOW > MAX LIMIT ----> WHAT TO DO:
192 | 
193 | enable_challenge_yn=n
194 | 
195 | if [ "$CPU_Problems_Sensor_Current_Now" -gt "$CPU_Problems_Sensor_MAX_Limit" ]; then 
196 | 	log_overload CPU $CPU_Problems_Sensor_Current_Now $CPU_Problems_Sensor_MAX_Limit;
197 | 	enable_challenge_yn=y
198 | 	
199 | fi
200 | if [ "$RAM_Problems_Sensor_Current_Now" -gt "$RAM_Problems_Sensor_MAX_Limit" ]; then 
201 | 	log_overload RAM $RAM_Problems_Sensor_Current_Now $RAM_Problems_Sensor_MAX_Limit; 
202 | 	enable_challenge_yn=y
203 | fi
204 | if [ "$IOdisk_Problems_Sensor_Current_Now" -gt "$IOdisk_Problems_Sensor_MAX_Limit" ]; then 
205 | 	log_overload IOdisk $IOdisk_Problems_Sensor_Current_Now $IOdisk_Problems_Sensor_MAX_Limit; 
206 | 	enable_challenge_yn=y
207 | fi
208 | 
209 | if [ "$NET_Problems_Sensor_Current_Now" -gt "$NET_Problems_Sensor_MAX_Limit" ]; then 
210 | 	log_overload NET $NET_Problems_Sensor_Current_Now $NET_Problems_Sensor_MAX_Limit; 
211 | 	enable_challenge_yn=y
212 | fi
213 | if [ "$Connections_Problems_Sensor_Current_Now" -gt "$Connections_Problems_Sensor_MAX_Limit" ]; then 
214 | 	log_overload Connections $Connections_Problems_Sensor_Current_Now $Connections_Problems_Sensor_MAX_Limit; 
215 | 	enable_challenge_yn=y
216 | fi
217 | if [ "$IPconnections_Problems_Sensor_Current_Now" -gt "$IPconnections_Problems_Sensor_MAX_Limit" ]; then 
218 | 	log_overload IPconnections $IPconnections_Problems_Sensor_Current_Now $IPconnections_Problems_Sensor_MAX_Limit; 
219 | 	enable_challenge_yn=y
220 | fi
221 | 
222 | if [ "$backend_url_check" != "no" ]; then
223 | 	Backendstatus_Problems_Sensor_Current_Now=`curl --insecure --user-agent "vDDoS Auto Sensor Switch Check" --connect-timeout $maximum_allowable_delay_for_website --max-time $maximum_allowable_delay_for_website -s -o /dev/null -L -I -w "%{http_code}" $backend_url_check | awk '{print substr($0,1,1)}'`
224 | 	if [ "$Backendstatus_Problems_Sensor_Current_Now" != "2" ] && [ "$Backendstatus_Problems_Sensor_Current_Now" != "3" ]; then
225 | 		echo ' Found Backend ['$backend_url_check'] seems to be in the offline state: ['$Backendstatus_Problems_Sensor_Current_Now'xx']|tee -a /vddos/auto-switch/log.txt
226 | 		Backendstatus=DOWN
227 | 		enable_challenge_yn=y
228 | 	fi
229 | 	if [ "$Backendstatus_Problems_Sensor_Current_Now" = "2" ] || [ "$Backendstatus_Problems_Sensor_Current_Now" = "3" ]; then
230 | 		echo '- Re-check: ['$backend_url_check'] seems to be in the online state: ['$Backendstatus_Problems_Sensor_Current_Now'xx] ===> Skip!'|tee -a /vddos/auto-switch/log.txt
231 | 		Backendstatus=UP
232 | 	fi
233 | else
234 | 	Backendstatus='no'
235 | fi
236 | 
237 | 
238 | if [ "$enable_challenge_yn" = "y" ]; then 
239 | 	notifications_yn=y
240 | 	if [ "$backup_yn" != "y" ]; then 
241 | 	put_waiting_time allsite;
242 | 	enable_challenge; 
243 | 	fi
244 | fi
245 | 
246 | 
247 | function status444_calculator ()
248 | {
249 | rawcons=`tail -n500 /var/log/vddos/$1.access.log|awk 'NF'`; echo "   Check 444 logs: $1"
250 | allcons=$(echo "$rawcons"|awk 'NF'|grep -v access.log| wc -l);  if [ "$allcons" = "0" ]; then allcons=1; fi; echo " + $allcons (number of connections obtained)"
251 | only444=$(echo "$rawcons"|grep ' "444" '| wc -l); echo " + $only444 (connection 444)"
252 | status444_Problems_Sensor_Current_Now=$((only444*100/allcons)); echo "   --> Result: $status444_Problems_Sensor_Current_Now%"
253 | return
254 | }
255 | 
256 | if [ "$enable_challenge_yn" = "n" ]; then 
257 | 	vddosreload_yn=n
258 | 	ls -1 /var/log/vddos/|grep -v whitelistip.log|grep -v error.log|grep -v 444.log|grep -v ^access.log|awk '{ print substr( $0, 1, length($0)-11 ) }' > /vddos/auto-switch/status444.tmp
259 | 	ten_file_chua_list="/vddos/auto-switch/status444.tmp"
260 | 	so_dong_file_chua_list=`cat $ten_file_chua_list | grep . | wc -l`
261 | 	so_dong_bat_dau_tim=1
262 | 	dong=$so_dong_bat_dau_tim
263 | 	while [ $dong -le $so_dong_file_chua_list ]
264 | 	do
265 | 	ten=$(awk " NR == $dong " $ten_file_chua_list)
266 | 	#
267 | 	check_waiting_time $ten
268 | 	((time_remaining>the_present_time)) && out_of_time_yn=n
269 | 	((time_remaining<the_present_time)) && out_of_time_yn=y
270 | 		if [ "$already_protected_yn" = "y" ] && [ "$out_of_time_yn" = "n" ]; then
271 | 			skip_yn=y
272 | 			echo "===> [SKIP, $ten will be released later... ($(((the_present_time-time_remaining)*-1)) seconds left)]"
273 | 		fi
274 | 
275 | 		if [ "$already_protected_yn" = "y" ] && [ "$out_of_time_yn" = "y" ]; then
276 | 			echo "===> [CONGRATULATIONS, $ten released at `date`]"
277 | 			sed -i "/^$ten.*/d" /vddos/auto-switch/protect/waiting-time-to-release.db  >/dev/null 2>&1
278 | 			vddos-switch "$ten" "$default_switch_mode_not_attack"
279 | 			vddosreload_yn=y
280 | 		fi
281 | 		
282 | 		if [ "$already_protected_yn" = "n" ] ; then
283 | 			status444_calculator $ten
284 | 			if [ "$status444_Problems_Sensor_Current_Now" -gt "$status444_Problems_Sensor_MAX_Limit" ]; then 
285 | 				log_overload "$ten"_status444 "$status444_Problems_Sensor_Current_Now" "$status444_Problems_Sensor_MAX_Limit";
286 | 				echo '===> WARNING: '$ten' status444: '$status444_Problems_Sensor_Current_Now'%' |tee -a /vddos/auto-switch/send_notifications.tmp
287 | 				challenge_extended_to=`date -d '+ '$default_waiting_time_to_release' minutes'`
288 | 				echo "===> WARNING: Turn on the challenge for the domain $ten $default_waiting_time_to_release minutes [Will be released at: $challenge_extended_to]" |tee -a /vddos/auto-switch/send_notifications.tmp
289 | 				vddos-switch "$ten" "$default_switch_mode_under_attack"
290 | 				put_waiting_time $ten;
291 | 				vddosreload_yn=y
292 | 			else
293 | 				echo '===> SKIP!'
294 | 			fi
295 | 		fi
296 | 
297 | 
298 | 	#
299 | 	dong=$((dong + 1))
300 | 	done
301 | 	rm -f $ten_file_chua_list
302 | 
303 | 
304 | 	if [ "$vddosreload_yn" = "y" ]; then 
305 | 		if [ "$vddos_master_slave_mode" = "no" ]; then
306 | 			vddos reload
307 | 		else
308 | 			vddos reload; vddos-master synall; vddos-master reloadall
309 | 		fi
310 | 		notifications_yn=y
311 | 	fi
312 | fi
313 | 
314 | 
315 | if [ "$send_notifications" = "yes" ] && [ "$notifications_yn" = "y" ]; then
316 | 	send_notifications
317 | fi
318 | ##################################################################################
319 | 
320 | 
321 | 
322 | 
323 | 
324 | 
325 | 
326 | 
327 | 
328 | 
329 | 
330 | 
331 | # Notification vddos-sensor End:
332 | rm -f /vddos/auto-switch/send_notifications.tmp
333 | rm -f /vddos/auto-switch/vddos-sensor.tmp
334 | 
335 | 


--------------------------------------------------------------------------------
/vddos-switch.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Auto switch security mode for a website
 3 | # Example Command:
 4 | # vddos-switch allsite [no]
 5 | # vddos-switch your-domain.com [no]
 6 | # ...
 7 | # vddos-switch your-domain.com [high]
 8 | ################################################################
 9 | 
10 | 
11 | if [ ! -f /usr/bin/vddos-switch ] || [ ! -f /usr/bin/vddos-autoswitch ] || [ ! -f /usr/bin/vddos-sensor ]; then
12 | chmod 700 /vddos/auto-switch/*.sh  >/dev/null 2>&1
13 | ln -s /vddos/auto-switch/vddos-autoswitch.sh /usr/bin/vddos-autoswitch  >/dev/null 2>&1
14 | ln -s /vddos/auto-switch/vddos-switch.sh /usr/bin/vddos-switch  >/dev/null 2>&1
15 | ln -s /vddos/auto-switch/vddos-sensor.sh /usr/bin/vddos-sensor  >/dev/null 2>&1
16 | fi
17 | 
18 | if [ ! -f /vddos/conf.d/website.conf ]; then
19 | echo 'ERROR!
20 | 
21 | /vddos/conf.d/website.conf not found! 
22 | Please Install vDDoS Master Server!'|tee -a /vddos/auto-switch/log.txt
23 | exit 0
24 | fi
25 | 
26 | 
27 | Issetting="$2" ;
28 | 
29 | if [ "$Issetting" != "" ] && [ "$1" != "" ] && [ "$2" != "" ]; then
30 | 	Website="$1"
31 | 	switch_to_mode="$2"
32 | fi
33 | 
34 | function showerror()
35 | {
36 | echo 'ERROR!
37 | 
38 | Website is ['$Website'] ...
39 | 
40 | # Example Command:
41 |  vddos-switch allsite [no]
42 |  vddos-switch your-domain.com [no]
43 |  ...
44 |  vddos-switch your-domain.com [high]
45 | 
46 | 
47 | '|tee -a /vddos/auto-add/log.txt
48 | return 0
49 | }
50 | 
51 | if [ "$Website" = "" ] || [ "$switch_to_mode" = "" ]; then
52 | 	showerror
53 | 	exit 0
54 | fi
55 | if [ "$Website" = "allsite" ]; then
56 | 	data1=`cat /vddos/conf.d/website.conf| grep .|grep '^#'`
57 | 	data2=`cat /vddos/conf.d/website.conf| grep .|grep -v '^#' | awk '{$5="'$switch_to_mode'"; print $0}'`
58 | 
59 | 	echo "$data1
60 | $data2
61 | " >  /vddos/conf.d/website.conf
62 | 	echo '+ New-Switch: [All existing websites] has switched to ['$switch_to_mode'] security mode ===> Done!'|tee -a /vddos/auto-switch/log.txt
63 | 	exit 0
64 | fi
65 | 
66 | Available=`awk -F: "/^$Website/" /vddos/conf.d/website.conf`
67 | if [ "$Available" = "" ]; then
68 | 	echo '- Re-check: ['$Website'] is not available in /vddos/conf.d/website.conf ===> Skip!'|tee -a /vddos/auto-switch/log.txt
69 | 	exit 0
70 | fi
71 | 
72 | if [ "$Available" != "" ]; then
73 | 
74 | 	data=`awk -F: "/^$Website/" /vddos/conf.d/website.conf| grep .| awk '{$5="'$switch_to_mode'"; print $0}'`
75 | 	sed -i "/^$Website.*/d" /vddos/conf.d/website.conf
76 | 
77 | 	echo "
78 | $data" >>  /vddos/conf.d/website.conf
79 | 	echo '+ New-Switch: ['$Website'] has switched to ['$switch_to_mode'] security mode ===> Done!'|tee -a /vddos/auto-switch/log.txt
80 | 	exit 0
81 | fi
82 | 
83 | 


--------------------------------------------------------------------------------