Wednesday, May 4, 2022

Counting Movies

How many movies do I have?
What years are they from?
Resolution?
Type of encoding?
HEHEHE.

#!/bin/bash
ls -lR /nas/a/movies/ | sort +8 | awk ‘{print $9}’ | grep -v “/” | grep -v .srt > /tmp/movies.list
for YEAR in {1910..2021}
do
COUNT=`grep $YEAR /tmp/movies.list | wc -l`
echo $YEAR “=” $COUNT
done
TEN=`grep 1080 /tmp/movies.list | wc -l`
SEV=`grep 720 /tmp/movies.list | wc -l`
TOT=`cat /tmp/movies.list | wc -l`
AVI=`cat /tmp/movies.list | grep “.avi” | wc -l`
MKV=`cat /tmp/movies.list | grep “.mkv” | wc -l`
MP4=`cat /tmp/movies.list | grep “.mp4” | wc -l`
MPG=`cat /tmp/movies.list | grep “.mpg” | wc -l`
M4V=`cat /tmp/movies.list | grep “.m4v” | wc -l`
echo “___________________________________”
echo “AVI = $AVI”
echo “MKV = $MKV”
echo “MP4 = $MP4”
echo “MPG = $MPG”
echo “M4V = $M4V”
echo “___________________________________”
echo “1080p = $TEN”
echo ” 720p = $SEV”
echo “TOTAL = $TOT”
echo “___________________________________”

/usr/bin/du -ch /nas/a/movies; echo ==========;/usr/bin/du | sort -n | tail -3

Results

root@nas4:~/bin# ./movie.year.sh
1910 = 0
1911 = 2
1912 = 0
1913 = 0
1914 = 1
1915 = 5
1916 = 6
1917 = 3
1918 = 2
1919 = 4
1920 = 7
1921 = 3
1922 = 6
1923 = 4
1924 = 6
1925 = 5
1926 = 6
1927 = 7
1928 = 7
1929 = 10
1930 = 15
1931 = 25
1932 = 28
1933 = 36
1934 = 31
1935 = 46
1936 = 40
1937 = 45
1938 = 32
1939 = 35
1940 = 48
1941 = 48
1942 = 55
1943 = 37
1944 = 34
1945 = 34
1946 = 38
1947 = 38
1948 = 51
1949 = 46
1950 = 63
1951 = 48
1952 = 57
1953 = 60
1954 = 65
1955 = 64
1956 = 63
1957 = 72
1958 = 65
1959 = 55
1960 = 56
1961 = 61
1962 = 65
1963 = 63
1964 = 69
1965 = 85
1966 = 89
1967 = 97
1968 = 98
1969 = 122
1970 = 112
1971 = 131
1972 = 173
1973 = 163
1974 = 167
1975 = 142
1976 = 142
1977 = 166
1978 = 169
1979 = 182
1980 = 170
1981 = 154
1982 = 163
1983 = 159
1984 = 191
1985 = 200
1986 = 202
1987 = 223
1988 = 208
1989 = 224
1990 = 207
1991 = 225
1992 = 215
1993 = 209
1994 = 218
1995 = 219
1996 = 253
1997 = 235
1998 = 254
1999 = 275
2000 = 298
2001 = 311
2002 = 280
2003 = 302
2004 = 342
2005 = 372
2006 = 439
2007 = 445
2008 = 467
2009 = 539
2010 = 487
2011 = 580
2012 = 644
2013 = 670
2014 = 778
2015 = 878
2016 = 947
2017 = 1086
2018 = 1297
2019 = 1746
2020 = 2750
2021 = 2527
___________________________________
AVI = 1811
MKV = 8179
MP4 = 16458
MPG = 2
M4V = 215
___________________________________
1080p = 5653
720p = 4746
TOTAL = 27885

Sunday, February 6, 2022

Make sure a process is running?

I have a openvpn tunnel up normally for certain things and want to kill some processes
if the tunnel goes down…

Check every minute

* * * * * /root/bin/tun.up.sh >> /var/log/tunnel.up.log

Which checks for the tunnel tun0 and kill some processes if it’s not.

IFCONFIG=/sbin/ifconfig
GREP=/usr/bin/grep
ECHO=/usr/bin/echo
AWK=/usr/bin/awk
PS=/usr/bin/ps
PKILL=/usr/bin/pkill
DATE=`/usr/bin/date +"%m.%d.%y.%H.%M"`
PGREP=/usr/bin/pgrep

TEST=`$IFCONFIG | $GREP tun | $AWK '{print $1}'`
TOKILL=`$PS | $GREP ktorrent`

if [ $TEST == "tun0:" ]; then
 $ECHO $TEST " UP " $DATE
 exit
fi

PROC=`$PGREP ktorrent`
#$ECHO "Killing " $PROC
$ECHO $TEST " DOWN " $DATE
$PKILL -f ktorrent

Going to write a bit more code in the near future to bring the tunnel back up when it goes down
but that’s something for a different day.

Killing a process every day at certain time?

Gotta Schedule it with crontab -e (I use joe a wordstar equivalent)

alias cron='crontab -e'

=====================================================

root@ms2:/home/timc/bin# select-editor

Select an editor.  To change later, run 'select-editor'.
  1. /usr/bin/joe
  2. /usr/bin/jstar
  3. /usr/bin/jpico
  4. /usr/bin/jmacs
  5. /bin/nano        <---- easiest
  6. /usr/bin/vim.basic
  7. /usr/bin/rjoe
  8. /usr/bin/vim.tiny
  9. /bin/ed

=====================================================

4 0 * * * /home/timc/bin/kill.exp.sh &> /var/log/kill.log

===========================================================

#!/bin/bash
#ps -elf | grep chia | grep exp > t

TOUCH=/usr/bin/touch
ECHO=/usr/bin/echo
CHMOD=/usr/bin/chmod
RM=/usr/bin/rm
PS=/usr/bin/ps
CAT=/usr/bin/cat
GREP=/usr/bin/grep
AWK=/usr/bin/awk

DIR="/home/timc/bin"
TMPFILE="temp.kill.file"
KILLFILE="kill.up.exp.sh"

$RM $DIR/$TMPFILE
$RM $DIR/$KILLFILE
$TOUCH $DIR/$TMPFILE
$TOUCH $DIR/$KILLFILE

$PS -elf | $GREP chia | $GREP exp | $AWK '{print $4}' >> $TMPFILE

$ECHO "Start kill file to exec  (kill.up.exp.sh)"
$CAT $DIR/$TMPFILE | while read line
do
  $ECHO kill -9 $line >> $DIR/$KILLFILE
done
$CHMOD 755 $DIR/$KILLFILE
$DIR/$KILLFILE

Monday, December 20, 2021

[bmwg] AD Review of draft-ietf-bmwg-ngfw-performance

https://datatracker. … g-ngfw-performance

My recent review of the latest IETF NGFW performance testing Draft for RFC:

I think these guys are way off base with no grasp of reality. If you just want a raw
number of what a firewall can do without any real world issues, then MAYBE it’ll work
although I would argue that point…

=========================================================
Tim copley

Dec 16, 2021, 1:59 PM (4 days ago)

to Warren, draft-ietf-bmwg-ngfw-performance, bmwg
I also, wanted to chime in regarding this and again, I also apologize for not reviewing earlier.

I’ve not really been too involved in security devices until the last couple years, but boy has it changed
drastically from when I was. Also, I noted that this document is basically following prior standards that
are also a bit out dated.

Some of the evolution, I’ve noticed which I think should at least be addressed in. I think you tried
to exclude these in the Scope.? However I’m not really sure you are covering but maybe 1/2 of the devices
that are being deployed at this time without addressing:

Virtualization. / Remote FWs in the next gen.

*) Large FWs are compartmentalizing Customers and serving multiple customers with the same firewall. So while
you have said what would happen to a customer when The Firewall is UT, you don’t really address what’s going
on with all the other customers on this DUT. If there are 10 Customers going through 1 large FW, what are the
other 9 experiencing when this is under Test. Would be interesting to have multiple parallel tests underway
and verify that behaviour is consistent across every “VDOM” within the system?

*) Time to Change. If things are changed during your Load profile.perhaps even on a different virtual Firewall
within the system,

*) Sandbox dips. Several of the firewall vendors send stuff through labs / temp work spaces either online or
offline that allow them to test against Zero Day scenarios. What happens to traffic flows during anomalies
in the traffic flows. Does it change the throughput of the DUT? I know this is kind of an open ended question.
but not sure you have good benchmark stats for a FW without it…

*) Cloud based scenarios. If the firewall is removed, and I’m not really sure how you would test this with
consistent results, but if the FW is offsite and the traffic is being routed through a Cloud based FW What does
that do to your traffic results?

TimC
Fruth Group
tcopley@fruthgroup.com
======================================================================


Timothy Copley
602.350.0633

Wednesday, September 8, 2021

Blacklist…..

One way I’ve done this….

root@azcopley:~# route add 84.38.129.0 gw 127.0.0.1 lo

For people I’ve noticed are attacking me..

Not sure about you. I know there are a lot of easier ways to do this. Some of the programs.. fail2ban and that kind of thing work wonders. However I’m a bit heavy handed :)

BLACKLIST=/tmp/blacklist
GREP="/usr/bin/grep -Ev"
IPT="/usr/sbin/iptables -A"

/root/blacklistip.sh

IPS=$($GREP "^#" $BLACKLIST)

for IP in $IPS
 do
  $IPT INPUT -s $IP -j DROP
  $IPT OUTPUT -d $IP -j DROP
done
root@azcopley:~#

Call out IP addresses / backup the list so I don’t have to re-exmine those people I’ll eventually want to clean it out, so people re-using ip addresses don’t get blocked, but I really don’t supose that’ll happen real frequently.

 cat blacklistip.sh
#!/bin/sh
CAT="/usr/bin/cat"
GREP="/usr/bin/grep -i"
AWK="/usr/bin/awk"
UNIQ="/usr/bin/uniq"
SORT="/usr/bin/sort"

ATTACK="sshd"
TMPFILE=/tmp/$ATTACK.attack
BLACK="/tmp/blacklist"
FILE="/var/log/iptables.log"
#
#  Copy off previous

$CAT $BLACK.new > $BLACK.old

$CAT $FILE | $GREP $ATTACK | $AWK '{ print $11 }' > $TMPFILE.1
$CAT $TMPFILE.1 | $AWK -F "=" '{ print $2 }' >> $TMPFILE.2
$SORT $TMPFILE.2 > $TMPFILE.3

$UNIQ $TMPFILE.3 > $BLACK.new
#
#  Only blacklist ones not done before....
#
$AWK 'NR=FNR{a[$0];next}!($0 in a)' $BLACK.old $BLACK.new > $BLACK

Well, the list keeps growing…. Script kiddies. and the like.

 cat /tmp/blacklist.new
103.108.87.133
103.218.3.18
103.228.183.10
103.254.198.67
103.3.226.166
104.131.84.222
104.40.217.239
106.116.118.89
106.12.119.1
106.12.125.241
106.12.166.166
106.12.179.191
106.12.211.254
106.12.214.145
106.12.99.204
106.13.167.62
106.13.176.163
106.13.35.232
106.13.44.83
106.13.45.212
106.13.78.7
106.51.98.159
106.52.42.153
106.53.89.104
106.54.127.61
106.54.200.209
106.75.141.160
106.75.28.38
111.203.196.62
111.229.43.27
111.230.231.145
111.230.29.17
111.231.238.83
111.231.69.68
111.40.217.92
112.21.188.235
112.3.30.119
112.35.77.101
114.4.227.194
114.80.94.228
117.50.5.198
117.50.77.220
118.24.88.241
118.25.91.168
118.89.219.116
118.89.78.131
119.29.104.238
121.229.18.144
121.66.252.158
122.152.208.61
122.155.17.174
122.51.10.222
122.51.245.240
122.51.34.199
122.51.39.232
122.55.190.12
123.59.199.45
124.152.118.131
124.93.160.82
124.93.18.202
128.199.107.114
128.199.164.253
128.199.99.204
129.204.51.77
129.28.183.62
13.71.21.123
131.108.60.30
132.232.53.85
138.117.179.134
138.219.129.150
138.68.22.231
139.59.10.42
139.59.87.250
140.143.233.29
140.207.96.235
140.86.12.31
142.93.140.242
145.239.83.104
145.239.87.35
150.136.160.141
150.158.122.241
152.136.152.45
152.32.144.26
152.67.47.139
157.230.163.6
159.65.176.156
161.189.144.43
162.0.225.199
162.243.237.90
162.251.23.43
164.132.42.32
164.163.99.10
165.227.203.162
167.114.114.114
170.210.121.208
171.244.51.114
175.24.49.130
176.197.5.34
176.31.162.82
178.128.221.85
178.128.56.89
178.128.57.147
178.32.115.26
179.191.123.46
18.220.207.167
180.168.212.6
180.76.138.132
180.76.186.109
181.123.177.150
181.46.80.183
183.195.121.197
183.81.152.109
185.107.95.231
185.129.148.43
185.165.169.168
185.20.82.2
185.254.207.197
188.168.82.246
190.210.62.45
191.189.238.135
192.35.168.195
192.35.169.20
192.99.12.24
193.112.28.27
194.204.194.11
195.54.160.99
195.54.161.15
198.98.61.68
2.36.136.146
200.204.174.163
202.147.198.154
203.151.146.216
203.177.71.254
203.185.61.140
206.253.166.69
209.126.124.203
211.108.69.103
211.90.37.75
212.51.148.162
213.184.249.95
213.204.124.71
213.217.0.177
216.126.58.224
217.182.94.110
223.240.109.231
35.201.150.16
35.241.72.130
37.187.3.53
41.223.4.155
41.63.0.133
41.93.32.94
43.241.238.152
43.248.124.132
45.118.151.85
45.14.150.103
45.157.120.16
45.170.73.13
45.92.126.74
46.101.40.21
49.232.136.245
49.232.33.182
49.232.59.246
49.233.33.118
49.233.84.128
49.235.151.50
49.247.196.128
5.196.70.107
5.249.159.37
51.178.51.36
51.38.126.75
51.38.188.63
51.68.227.98
51.75.18.212
51.79.44.52
51.79.70.223
51.79.85.142
51.83.75.97
51.91.100.120
54.37.75.210
58.87.78.80
59.13.125.142
60.167.180.193
60.2.224.234
61.12.26.145
61.160.107.66
61.183.139.155
62.171.148.78
62.210.119.215
62.234.167.126
62.4.21.144
65.78.99.127
66.70.205.186
77.122.171.25
79.137.34.248
79.17.217.113
80.211.246.93
84.2.226.70
89.154.4.249
89.248.168.51
91.121.211.59
92.222.156.151
93.148.0.91
94.103.80.118
97.90.110.160
root@azcopley:~#
Next Page »