Subversion Repositories ALCASAR

Rev

Rev 2013 | Rev 2139 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2138 richard 1
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
2
# We read configuration files and logs to create cool charts.
3
# Written by Raphaël PION & Rexy
2009 raphael.pi 4
 
2138 richard 5
# files
6
DIR_TMP="/var/tmp"
7
TMP_AV="$DIR_TMP/av_count.txt"
8
TMP_BL="$DIR_TMP/bl_count.txt"
9
TMP_BL_WEEK="$DIR_TMP/bl_count_week.txt"
10
TMP_BL_WEEK_CAT="$DIR_TMP/bl_count_week_cat.txt"
2009 raphael.pi 11
 
2138 richard 12
# Model loaded to create charts
13
DIR_BUILD="/var/www/html/acc/manager/activity_report/"
14
MODEL_CHARTJS="$DIR_BUILD/models/Chart.report.js"
15
MODEL_TABINFO="$DIR_BUILD/models/tabinfo.html"
2009 raphael.pi 16
 
2138 richard 17
# Where the report will be created.
18
HTML_REPORT="$DIR_BUILD/alcasar-report-$(date +%F).html"
2009 raphael.pi 19
 
2138 richard 20
# TIME VALUE
2009 raphael.pi 21
C_TS=$(date +"%s") #current timestamp
22
MAX_DAY_AGO=7
23
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago
24
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO
25
 
2138 richard 26
# PRIVATE IP OF ALCASAR
2009 raphael.pi 27
PRIVATE_IP=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2 | cut -d'/' -f1)
28
 
2138 richard 29
# COLOR for charts
2009 raphael.pi 30
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'"
31
 
2138 richard 32
# Values to create new htdigest user to consult statistique of ACC
2009 raphael.pi 33
DIR_KEY="/usr/local/etc/digest"
2138 richard 34
tmp_account="alcasar"
2009 raphael.pi 35
realm="ALCASAR Control Center (ACC)"
36
password=$(openssl rand -base64 32) #random password (length : 32)
37
SED="/usr/bin/sed -i "
2138 richard 38
TMP_STATS="$DIR_TMP/stats.html"
39
TMP_STATS_2="$DIR_TMP/stats2.html"
2009 raphael.pi 40
 
2138 richard 41
# if empty logs, replace charts by text.
2009 raphael.pi 42
ENABLE_BL=0
43
ENABLE_BL_WEEK=0
44
ENABLE_AV=0
45
 
46
if [ -e $TMP_AV ]
47
then
48
	rm $TMP_AV
49
fi
50
 
51
if [ -e $TMP_BL ]
52
then
53
        rm $TMP_BL
54
fi
55
 
56
if [ -e $TMP_BL_WEEK ]
57
then
58
        rm $TMP_BL_WEEK
59
fi
60
 
61
if [ -e $TMP_BL_WEEK_CAT ]
62
then
63
        rm $TMP_BL_WEEK_CAT
64
fi
65
 
66
if [ -e $HTML_REPORT ]
67
then
68
        rm $HTML_REPORT
69
fi
70
 
71
echo "<!doctype html>" >> $HTML_REPORT
72
echo "<html>" >> $HTML_REPORT
73
echo "<head>" >> $HTML_REPORT
74
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>" >> $HTML_REPORT
75
echo "<title>ALCASAR report</title>" >> $HTML_REPORT
76
echo "<link rel='stylesheet' type='text/css' href='../../../css/bootstrap.min.css'>" >> $HTML_REPORT
77
echo "<link rel='stylesheet' type='text/css' href='../../../css/report.css'>" >> $HTML_REPORT
78
echo "<script src='../../../js/Chart.bundle.js'></script>" >> $HTML_REPORT
79
echo "<script src='../../../js/jquery.min.js'></script>" >> $HTML_REPORT
80
echo "</head>" >> $HTML_REPORT
81
echo "<body>" >> $HTML_REPORT
82
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)</center></h1>" >> $HTML_REPORT
83
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $HTML_REPORT
84
echo "<font size='1'>" >> $HTML_REPORT
85
 
86
######################TABINFO######################
87
echo "Create information about system and ALCASAR"
88
#contain every information about ALCASAR configuration, system and last update
89
 
90
cat $MODEL_TABINFO | while read LINE_HTML
91
do
92
 
93
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
94
then
95
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)
96
        echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
97
 
98
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
99
then
100
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep INSTALL_DATE | cut -d'=' -f2)
101
	echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
102
 
103
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
104
then
105
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep VERSION | cut -d'=' -f2)
106
	echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
107
 
108
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
109
then
110
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PUBLIC_IP | cut -d'=' -f2)
111
	echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
112
 
113
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
114
then
115
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2)
116
	echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
117
 
118
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
119
then
120
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep 'GW=' | cut -d'=' -f2)
121
	echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
122
 
123
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
124
then
125
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS1 | cut -d'=' -f2)
126
	echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
127
 
128
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
129
then
130
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS2 | cut -d'=' -f2)
131
	echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
132
 
133
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
134
then
135
	VALUE=$(hostname)
136
	echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
137
 
138
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
139
then
140
	VALUE=$( echo $(uname -r) [ $(uname -m) ] )
141
	echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
142
 
143
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
144
then
145
	VALUE=$(echo $(who -b | cut -d' ' -f12-))
146
	echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
147
 
148
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
149
then
150
	VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n"  | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
151
	echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
152
 
153
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
154
then
155
	VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
156
	echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
157
 
158
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
159
then
160
	#show every ALCASAR RPM updated since X day ago
161
	#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
162
	if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
163
	then
164
		PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
165
		rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
166
		do
167
			RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
168
			RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
169
			RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
170
			RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
171
 
172
			echo "<tr>" >> $HTML_REPORT
173
			echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
174
			echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
175
			echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
176
			echo "</tr>" >> $HTML_REPORT
177
		done
178
	else
2138 richard 179
		echo "<tr collspan="3"><td>Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
2009 raphael.pi 180
	fi
181
else
182
	echo $LINE_HTML >> $HTML_REPORT
183
fi
184
done
185
 
186
######################BL WEBSITE SINCE INSTALLATION######################
187
echo "Create BL website since the installation of ALCASAR"
188
#find data
189
 
190
#decompress every logs
2013 raphael.pi 191
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 192
then
193
	gunzip -d dnsmasq-blacklist.log.*.gz
194
fi
195
 
196
#convert logs date in timestamp and find categories of blacklisted website
197
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
198
do
199
	while read LOG_BL
200
	do
201
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
202
		then
203
			#find the current blacklisted category
204
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
205
 
206
			#we convert www.test.co.uk => test.co.uk to find the category of this website
207
                        if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
208
                        then
2013 raphael.pi 209
                                	website_bl=$(echo $website_bl | cut -d'.' -f2-)
2009 raphael.pi 210
                        fi
211
 
2013 raphael.pi 212
			#get BL category
213
			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
214
			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
215
			then
216
				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
217
			fi
218
 
2009 raphael.pi 219
			#Calculate its timestamp
220
			Y=$(date -R | cut -d' ' -f4)
221
			M=$(echo $LOG_BL | cut -d' ' -f1)
222
			D=$(echo $LOG_BL | cut -d' ' -f2)
223
			H=$(echo $LOG_BL | cut -d' ' -f3)
224
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
2013 raphael.pi 225
			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
2009 raphael.pi 226
		fi
227
 
228
	done < /var/log/dnsmasq/$FILE
229
done
230
 
231
#if data exists, create this section in html document
232
if [ -e $TMP_BL ]
233
then
234
	ENABLE_BL=1
235
	#count every BL website consulted since installation (maximum 1 year)
236
	DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 )
237
 
238
 
239
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
240
	do
241
		DATE_1=$TS
242
		DATE_2=$((TS-$STEP_TS))
243
		COUNT_BL_INSTALLATION=0
244
 
245
		for LINE in $(cat $TMP_BL)
246
		do
247
			TS_FILE=$(echo $LINE | cut -d':' -f1)
248
 
249
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
250
			then
251
				COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
252
 
253
			fi
254
		done
255
 
256
		VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
257
		VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
258
	done
259
 
260
	#create Antivirus section in html document
261
	NAME_BL_INSTALLATION='chart_bl_installation'
262
	CONF_BL_INSTALLATION='config_bl_installation'
263
	echo "<center>" >> $HTML_REPORT
264
	echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT
265
	echo "</center>" >> $HTML_REPORT
266
 
267
	#create chart bar in html file with javascript (chartjs.com)
268
	echo "<script>" >> $HTML_REPORT
269
	cat $MODEL_CHARTJS | while read LINE_JS
270
	do
271
		#name of variable
272
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
273
		then
274
			echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
275
		#chart type
276
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
277
		then
278
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
279
		#chart title
280
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
281
		        then
282
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
283
		#chart data
284
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
285
		then
286
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
287
		#color
288
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
289
		then
290
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
291
		#labels
292
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
293
		then
294
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
295
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
296
		then
297
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
298
		#display value of Y axis, only useful for chart bar
299
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
300
		then
301
			echo "" >> $HTML_REPORT
302
		#display value of Y axis, only useful for chart bar
303
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
304
		then
305
			echo "" >> $HTML_REPORT
306
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
307
		then
2013 raphael.pi 308
			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
2009 raphael.pi 309
		else
310
			echo $LINE_JS >> $HTML_REPORT
311
		fi
312
	done
313
	echo "</script>" >> $HTML_REPORT
314
else
315
	echo "<h3>Aucune activité de la Blacklist depuis l'installation.</h3>" >> $HTML_REPORT
316
fi
317
 
318
 
319
 
320
######################DNSMASQ BLACKLIST######################
321
echo "Create BL website since $MAX_DAY_AGO days"
322
 
323
#if data exists, create BL section in html document
324
if [ -e $TMP_BL ]
325
then
326
	ENABLE_BL_WEEK=1
327
	#find data
328
	#count every BL website consulted since DAYS_AGO
329
	DATE_1=$C_TS
330
	DATE_2=$((DATE_1-$STEP_TS))
331
 
332
	for LINE in $(cat $TMP_BL)
333
	do
334
		TS_FILE=$(echo $LINE | cut -d':' -f1)
335
		#select only elements between DATE_1 and DATE_2
336
		if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
337
		then
338
			echo $LINE >> $TMP_BL_WEEK
339
		fi
340
	done
341
 
342
	#then we count every occurence for each category in TMP_BL_WEEK
343
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
344
	do
2013 raphael.pi 345
		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
2009 raphael.pi 346
	done
347
 
348
	#we sort by number of occurence and we take the top 10 BL categories
349
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
350
	do
351
 
352
		DATA=$(echo $LINE | cut -d':' -f2)
353
		LABEL=$(echo $LINE | cut -d':' -f1)
354
		if [ $DATA -ne 0 ]
355
		then
356
		        VALUE_BL_DATA="$VALUE_BL_DATA $DATA, "
357
		        VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)',"
358
 
359
		fi
360
	done
361
 
362
	#get other categories (sum them all)
363
        if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc) -gt 0 ]
364
        then
365
                VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc)"
366
                VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc))'"
367
        fi
368
 
369
	#create chart pie in html file with javascript (chartjs.com)
370
	NAME_BL='chart_bl'
371
	CONF_BL='config_bl'
372
	echo "<center>" >> $HTML_REPORT
373
	echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT
374
	echo "</center>" >> $HTML_REPORT
375
	echo "<script>" >> $HTML_REPORT
376
 
377
	cat $MODEL_CHARTJS | while read LINE_JS
378
	do
379
		#variable name
380
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
381
		then
382
			echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
383
		#chart type
384
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
385
		then
386
			echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
387
		#graph title
388
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
389
		then
390
		        echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
391
		#chart data
392
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
393
		then
394
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
395
		#color
396
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
397
		then
398
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
399
		#labels
400
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
401
		then
402
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
403
		#display legend, only useful for chart pie
404
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
405
		then
406
			echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
407
		#display value of Y axis, only useful for chart bar
408
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
409
		then
410
			echo "/*" >> $HTML_REPORT
411
		#display value of Y axis, only useful for chart bar
412
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
413
		then
414
			echo "*/" >> $HTML_REPORT
415
		else
416
			echo $LINE_JS >> $HTML_REPORT
417
		fi
418
	done
419
	echo "</script>" >> $HTML_REPORT
420
else
421
	echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
422
fi
423
 
424
######################VIRUS THREAT######################
425
echo "Create AV logs since the installation of ALCASAR"
426
 
427
#decompress every logs, if they exist
2013 raphael.pi 428
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 429
then
430
	gunzip -d access.log.*.gz
431
fi
432
 
433
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
434
do
435
	while read LINE_AV
436
	do
437
		Y=$(echo $LINE_AV | cut -d' ' -f1)
438
		M=$(echo $LINE_AV | cut -d' ' -f2)
439
		D=$(echo $LINE_AV | cut -d' ' -f3)
440
		H=$(echo $LINE_AV | cut -d' ' -f4)
441
		CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
442
		echo $CURRENT_TS >> $TMP_AV
443
	done < /var/log/havp/$FILE
444
 
445
done
446
 
447
if [ -e $TMP_AV ]
448
then
449
	ENABLE_AV=1
450
	DATE_END=$(cat $TMP_AV | sort -n | head -1)
451
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
452
	do
453
		DATE_1=$TS
454
		DATE_2=$((TS-$STEP_TS))
455
		COUNT_AV=0
456
 
457
 
458
		for TS_FILE in $(cat $TMP_AV)
459
		do
460
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
461
			then
462
				COUNT_AV=$((COUNT_AV+1))
463
 
464
			fi
465
		done
466
 
467
		VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
468
		VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
469
	done
470
 
471
	#create Antivirus section in html document
472
	NAME_AV='chart_av'
473
	CONF_AV='config_av'
474
	echo "<center>" >> $HTML_REPORT
475
	echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT
476
	echo "</center>" >> $HTML_REPORT
477
 
478
 
479
	#create chart bar in html file with javascript (chartjs.com)
480
	echo "<script>" >> $HTML_REPORT
481
	cat $MODEL_CHARTJS | while read LINE_JS
482
	do
483
		#name of variable
484
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
485
		then
486
			echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
487
		#chart type
488
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
489
		then
490
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
491
		#graph title
492
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
493
		then
494
		        echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
495
		#chart data
496
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
497
		then
498
			echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
499
		#color
500
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
501
		then
502
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
503
		#labels
504
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
505
		then
506
			echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
507
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
508
		then
509
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
510
		#display value of Y axis, only useful for chart bar
511
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
512
		then
513
			echo "" >> $HTML_REPORT
514
		#display value of Y axis, only useful for chart bar
515
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
516
		then
517
			echo "" >> $HTML_REPORT
518
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
519
		then
2013 raphael.pi 520
			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
2009 raphael.pi 521
		else
522
			echo $LINE_JS >> $HTML_REPORT
523
		fi
524
	done
525
	echo "</script>" >> $HTML_REPORT
526
else
527
	echo "<h3>Aucune menace virale.</h3>" >> $HTML_REPORT
528
fi
529
 
530
######################AUTHORIZED CONNECTIONS######################
531
 
532
echo "Create authorized connections since the installation of ALCASAR"
533
#get number of authorized, forbidden and fail2ban connections :
534
PASSWD_FILE="/root/ALCASAR-passwords.txt"
535
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"User-Request\" ORDER BY acctstarttime"
536
AUTHORIZED=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' '  -f1 | rev) -e "$QUERY" | cut -d')' -f2)
537
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"Admin-Reset\" ORDER BY acctstarttime"
538
FORBIDDEN=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' '  -f1 | rev) -e "$QUERY" | cut -d')' -f2)
539
FAIL2BAN=$(strings /var/log/fail2ban.log | grep " Ban " | wc -l)
540
 
541
VALUE_AUTH="$AUTHORIZED, $FORBIDDEN, $FAIL2BAN"
542
LABEL_AUTH="'Autorisées ($AUTHORIZED) ', 'Interdites ($FORBIDDEN)', 'fail2ban($FAIL2BAN)'"
543
 
544
#create chart pie in html file with javascript (chartjs.com)
545
NAME_AUTH='chart_auth'
546
CONF_AUTH='config_auth'
547
echo "<center>" >> $HTML_REPORT
548
echo "<canvas id='$NAME_AUTH' width='450' height='450' ></canvas>" >> $HTML_REPORT
549
echo "</center>" >> $HTML_REPORT
550
echo "<script>" >> $HTML_REPORT
551
 
552
cat $MODEL_CHARTJS | while read LINE_JS
553
do
554
	#variable name
555
	if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
556
	then
557
		echo ${LINE_JS/XXCONFXX/$CONF_AUTH} >> $HTML_REPORT
558
	#chart type
559
	elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
560
	then
561
		echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
562
	#graph title
563
	elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
564
	then
565
	        echo ${LINE_JS/XXTITLEXX/"Connexions des utilisateurs"} >> $HTML_REPORT
566
	#chart data
567
	elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
568
	then
569
		echo ${LINE_JS/XXDATAXX/$VALUE_AUTH} >> $HTML_REPORT
570
	#color
571
	elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
572
	then
573
		echo ${LINE_JS/XXCOLORXX/"'#000099','#ff6600','#ff0000'"} >> $HTML_REPORT
574
	#labels
575
	elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
576
	then
577
		echo ${LINE_JS/XXLABELSXX/$LABEL_AUTH} >> $HTML_REPORT
578
	#display legend, only useful for chart pie
579
	elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
580
	then
581
		echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
582
	#display value of Y axis, only useful for chart bar
583
	elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
584
	then
585
		echo "/*" >> $HTML_REPORT
586
	#display value of Y axis, only useful for chart bar
587
	elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
588
	then
589
		echo "*/" >> $HTML_REPORT
590
	else
591
		echo $LINE_JS >> $HTML_REPORT
592
	fi
593
done
594
echo "</script>" >> $HTML_REPORT
595
 
596
 
597
######################ALCASAR : DAILY USE######################
598
echo "Get daily use connection of the week"
599
#create html document
600
echo "<h3>Statistiques volumétrie connexions</h3>" >> $HTML_REPORT
601
 
602
#create new htdigest user to consult statistique of ACC
603
#if user does not exist, we create him
2138 richard 604
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
2009 raphael.pi 605
then
2138 richard 606
        (echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
607
        (echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
608
        (echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all
2009 raphael.pi 609
        chown -R root:apache $DIR_KEY
610
        chmod 640 $DIR_KEY/key_*
611
fi
612
 
613
#get stats.php from ACC
2138 richard 614
wget -q -nv --user $tmp_account --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate
2009 raphael.pi 615
 
616
#clean this file to include it in html report.
617
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
618
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
619
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
620
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
621
 
622
#we delete our user if he still exists
2138 richard 623
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
2009 raphael.pi 624
then
2138 richard 625
        $SED "/^$tmp_account:/d" $DIR_KEY/key_only_manager
626
        $SED "/^$tmp_account:/d" $DIR_KEY/key_manager
627
       	$SED "/^$tmp_account:/d" $DIR_KEY/key_all
2009 raphael.pi 628
fi
629
 
630
######################FIN HTML######################
631
 
632
#Execute our javascript function to print charts
633
echo "<script>window.onload = function() {" >> $HTML_REPORT
634
#BL SINCE INSTALLATION
635
if [ $ENABLE_BL -eq "1" ]
636
then
637
	echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT
638
	echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT
639
fi
640
#BL WEEK
641
if [ $ENABLE_BL_WEEK -eq "1" ]
642
then
643
	echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT
644
	echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT
645
fi
646
#VIRUS THREAT
647
if [ $ENABLE_AV -eq "1" ]
648
then
649
	echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT
650
	echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT
651
fi
652
#CONNEXIONS AUTHORIZED
653
echo "var ctx_$NAME_AUTH = document.getElementById('$NAME_AUTH').getContext('2d');" >> $HTML_REPORT
654
echo "var $NAME_AUTH = new Chart(ctx_$NAME_AUTH, $CONF_AUTH);" >> $HTML_REPORT
655
echo "};</script>" >> $HTML_REPORT
656
echo "</body>" >> $HTML_REPORT
657
echo "</html>" >> $HTML_REPORT
658
 
659
#convert html document to PDF
2138 richard 660
cp $HTML_REPORT $DIR_BUILD/rapport.html
2009 raphael.pi 661
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
662
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
663
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
2138 richard 664
mv $(echo $HTML_REPORT | cut -d'.' -f1).pdf /var/Save/
2009 raphael.pi 665
 
2013 raphael.pi 666
#compress every logs, if they exist
667
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
668
then
669
	gzip /var/log/havp/access.log.*
670
fi
671
 
672
#compress every logs
673
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
674
then
675
	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
676
fi
677
 
678
#remove our files
679
rm $TMP_BL
680
rm $TMP_BL_WEEK
681
rm $TMP_BL_WEEK_CAT
682
rm $TMP_STATS
683
rm $TMP_STATS_2
2009 raphael.pi 684
rm $HTML_REPORT