From 4d4d20873dcd9e16d1aef2d0badd04899e80a378 Mon Sep 17 00:00:00 2001 From: red-tux <nelsonab@red-tux.net> Date: Mon, 14 Dec 2020 14:07:41 -0500 Subject: [PATCH 1/2] Added Script to check Satellite IP CDN addresses --- check_satellite_ip.sh | 207 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 207 insertions(+) create mode 100755 check_satellite_ip.sh diff --git a/check_satellite_ip.sh b/check_satellite_ip.sh new file mode 100755 index 0000000..8f99a16 --- /dev/null +++ b/check_satellite_ip.sh @@ -0,0 +1,207 @@ +#!/bin/bash + +# Read a list of IP addresses and determine if port 443 is open +# List was sourced from https://access.redhat.com/articles/1525183 + +# License: GPL-2.0-or-later +# Author: Andrew Nelson (anelson@redhat.com) + +if command -v nmap &> /dev/null; then + echo "nmap found" + HAVE_NMAP=true +elif command -v nc &> /dev/null; then + echo "nmap not found, using nc" + HAVE_NMAP=false +else + echo "nmap or nc not found, exiting" + exit 1 +fi + +read_list() { IFS='\n' read -r -d '' ${1} || true; } + +read_list IPS <<-EOF + 104.67.28.83/32 + 104.68.188.83/32 + 104.76.92.83/32 + 104.78.76.83/32 + 104.81.246.83/32 + 104.82.76.83/32 + 104.83.76.83/32 + 104.83.82.83/32 + 104.83.92.83/32 + 104.91.156.90/32 + 104.94.102.83/32 + 104.98.240.125/32 + 114.108.188.251/32 + 173.222.100.251/32 + 173.222.116.251/32 + 173.222.140.251/32 + 173.222.144.251/32 + 173.222.152.251/32 + 173.222.164.251/32 + 173.222.188.251/32 + 173.222.192.251/32 + 173.222.204.251/32 + 173.222.212.251/32 + 173.222.216.251/32 + 173.222.224.251/32 + 173.222.244.251/32 + 173.223.140.251/32 + 173.223.152.251/32 + 173.223.172.251/32 + 173.223.228.251/32 + 173.223.36.251/32 + 173.223.48.251/32 + 173.223.92.83/32 + 173.223.96.251/32 + 182.51.200.251/32 + 184.26.176.251/32 + 184.26.180.251/32 + 184.27.248.251/32 + 184.27.40.251/32 + 184.50.16.251/32 + 184.51.24.251/32 + 184.51.36.251/32 + 184.51.48.251/32 + 184.51.68.251/32 + 184.84.184.251/32 + 184.84.188.251/32 + 184.84.192.251/32 + 184.84.196.251/32 + 184.84.200.251/32 + 184.86.236.251/32 + 2.16.128.83/32 + 2.16.212.251/32 + 2.16.30.83/32 + 2.17.124.251/32 + 2.18.220.251/32 + 2.20.12.251/32 + 2.21.145.130/32 + 2.22.0.251/32 + 2.22.12.251/32 + 2.22.220.83/32 + 209.132.183.107/32 + 209.132.183.108/32 + 23.0.172.83/32 + 23.0.230.83/32 + 23.0.236.83/32 + 23.1.188.83/32 + 23.1.44.251/32 + 23.1.8.251/32 + 23.10.12.83/32 + 23.10.60.83/32 + 23.12.236.83/32 + 23.13.176.251/32 + 23.13.44.83/32 + 23.14.44.83/32 + 23.15.132.83/32 + 23.15.204.251/32 + 23.15.248.251/32 + 23.194.220.83/32 + 23.194.236.91/32 + 23.197.60.83/32 + 23.198.104.83/32 + 23.198.106.83/32 + 23.204.100.83/32 + 23.206.76.83/32 + 23.207.148.112/32 + 23.212.102.83/32 + 23.214.72.83/32 + 23.215.140.83/32 + 23.221.20.83/32 + 23.222.172.83/32 + 23.223.76.83/32 + 23.3.140.251/32 + 23.3.247.117/32 + 23.32.12.83/32 + 23.38.116.83/32 + 23.40.12.83/32 + 23.42.76.83/32 + 23.45.224.251/32 + 23.46.2.83/32 + 23.48.80.251/32 + 23.49.52.251/32 + 23.5.124.83/32 + 23.50.99.181/32 + 23.51.12.83/32 + 23.51.156.83/32 + 23.52.60.20/32 + 23.54.12.83/32 + 23.57.112.251/32 + 23.57.124.251/32 + 23.58.0.251/32 + 23.58.148.251/32 + 23.58.8.251/32 + 23.58.90.83/32 + 23.59.92.251/32 + 23.60.144.251/32 + 23.61.12.251/32 + 23.61.124.251/32 + 23.63.144.251/32 + 23.63.150.83/32 + 23.63.16.251/32 + 23.64.142.83/32 + 23.64.4.251/32 + 23.64.56.251/32 + 23.65.16.251/32 + 23.65.200.83/32 + 23.65.216.83/32 + 23.66.152.83/32 + 23.66.40.83/32 + 23.75.218.83/32 + 59.151.136.251/32 + 72.246.48.83/32 + 72.247.112.251/32 + 72.247.116.251/32 + 88.221.236.251/32 + 88.221.44.251/32 + 88.221.56.251/32 + 95.100.244.251/32 + 95.101.100.251/32 + 95.101.104.251/32 + 95.101.152.251/32 + 95.101.156.251/32 + 95.101.160.251/32 + 95.101.164.251/32 + 95.101.188.251/32 + 95.101.4.251/32 + 95.101.44.251/32 + 95.101.48.251/32 + 95.101.56.251/32 + 95.101.60.251/32 + 95.101.64.251/32 + 95.101.84.251/32 + 95.101.92.251/32 + 95.101.96.251/32 + 96.17.0.251/32 + 96.6.32.251/32 + 96.6.36.251/32 +EOF + +TOTAL=0 +FAILED=0 +for i in $IPS; do + TOTAL=$(( TOTAL + 1 )) + if $HAVE_NMAP; then + echo -n "$i " + SCAN=$(nmap -PS --reason -n -p 443 $i) + if [[ ! "$SCAN" =~ "done: 1 IP address (1 host up)" ]]; then + FAILED=$(( FAILED + 1 )) + echo "Not open" + else + echo "ok" + fi + else + ip=${i%/32} + echo -n "$ip " + if nc -z -w22 $ip 443; then + echo "ok" + else + FAILED=$(( FAILED + 1 )) + echo "Not open" + fi + fi + +done + +echo "$FAILED out of $TOTAL hosts are not open" From 3d7023b92cc269dd9e8f1c8d34e73684dbb56d5a Mon Sep 17 00:00:00 2001 From: red-tux <nelsonab@red-tux.net> Date: Mon, 14 Dec 2020 14:42:46 -0500 Subject: [PATCH 2/2] updated readme --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e4c2e8f..a20737c 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ Tools for use in supporting the operation of Satellite 6 ##### Tools - [check-perf-tuning](#check-perf-tuning) +- [check-satellite-ip](#check-satellite-ip) - [mongo-benchmark](#mongo-benchmark) - [mongo-size-report](#mongo-size-report) - [postgres-monitor](#postgres-monitor) @@ -18,6 +19,11 @@ Tools for use in supporting the operation of Satellite 6 Utility to check performance tuning parameters on your Satellite 6 server. +## [check-satellite-ip](check_satellite_ip.sh) + +Check the list of IP addresses given in https://access.redhat.com/articles/1525183 +to determine if firewall ports are open for CDN IP addresses. + ## [mongo-benchmark](mongo-benchmark) Utility used for checking IO speed specific to MongoDB. See: