Subversion Repositories ALCASAR

Rev

Rev 2317 | Rev 2474 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2189 tom.houday 1
#!/bin/bash
2
# $Id: alcasar-activity_report.sh 2454 2017-12-09 18:59:31Z tom.houdayer $
3
#
2138 richard 4
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
5
# We read configuration files and logs to create cool charts.
2190 tom.houday 6
# Written by Raphaël PION, Rexy & Tom HOUDAYER
2009 raphael.pi 7
 
2138 richard 8
# files
9
DIR_TMP="/var/tmp"
10
TMP_AV="$DIR_TMP/av_count.txt"
11
TMP_BL="$DIR_TMP/bl_count.txt"
12
TMP_BL_WEEK="$DIR_TMP/bl_count_week.txt"
13
TMP_BL_WEEK_CAT="$DIR_TMP/bl_count_week_cat.txt"
2009 raphael.pi 14
 
2138 richard 15
# Model loaded to create charts
16
DIR_BUILD="/var/www/html/acc/manager/activity_report/"
17
MODEL_CHARTJS="$DIR_BUILD/models/Chart.report.js"
18
MODEL_TABINFO="$DIR_BUILD/models/tabinfo.html"
2009 raphael.pi 19
 
2138 richard 20
# Where the report will be created.
21
HTML_REPORT="$DIR_BUILD/alcasar-report-$(date +%F).html"
2009 raphael.pi 22
 
2138 richard 23
# TIME VALUE
2009 raphael.pi 24
C_TS=$(date +"%s") #current timestamp
25
MAX_DAY_AGO=7
26
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago
27
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO
28
 
2138 richard 29
# PRIVATE IP OF ALCASAR
2009 raphael.pi 30
PRIVATE_IP=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2 | cut -d'/' -f1)
31
 
2138 richard 32
# COLOR for charts
2009 raphael.pi 33
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'"
34
 
2138 richard 35
# Values to create new htdigest user to consult statistique of ACC
2009 raphael.pi 36
DIR_KEY="/usr/local/etc/digest"
2138 richard 37
tmp_account="alcasar"
2009 raphael.pi 38
realm="ALCASAR Control Center (ACC)"
39
password=$(openssl rand -base64 32) #random password (length : 32)
40
SED="/usr/bin/sed -i "
2138 richard 41
TMP_STATS="$DIR_TMP/stats.html"
42
TMP_STATS_2="$DIR_TMP/stats2.html"
2009 raphael.pi 43
 
2138 richard 44
# if empty logs, replace charts by text.
2009 raphael.pi 45
ENABLE_BL=0
46
ENABLE_BL_WEEK=0
47
ENABLE_AV=0
48
 
49
if [ -e $TMP_AV ]
50
then
51
	rm $TMP_AV
52
fi
53
 
54
if [ -e $TMP_BL ]
55
then
2189 tom.houday 56
	rm $TMP_BL
2009 raphael.pi 57
fi
58
 
59
if [ -e $TMP_BL_WEEK ]
60
then
2189 tom.houday 61
	rm $TMP_BL_WEEK
2009 raphael.pi 62
fi
63
 
64
if [ -e $TMP_BL_WEEK_CAT ]
65
then
2189 tom.houday 66
	rm $TMP_BL_WEEK_CAT
2009 raphael.pi 67
fi
68
 
69
if [ -e $HTML_REPORT ]
70
then
2189 tom.houday 71
	rm $HTML_REPORT
2009 raphael.pi 72
fi
73
 
74
echo "<!doctype html>" >> $HTML_REPORT
75
echo "<html>" >> $HTML_REPORT
76
echo "<head>" >> $HTML_REPORT
2189 tom.houday 77
echo "<meta charset=\"utf-8\">" >> $HTML_REPORT
2009 raphael.pi 78
echo "<title>ALCASAR report</title>" >> $HTML_REPORT
2189 tom.houday 79
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/bootstrap.min.css\">" >> $HTML_REPORT
80
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/report.css\">" >> $HTML_REPORT
2317 tom.houday 81
echo "<script src=\"../../../js/Chart.bundle.min.js\"></script>" >> $HTML_REPORT
2189 tom.houday 82
echo "<script src=\"../../../js/jquery.min.js\"></script>" >> $HTML_REPORT
2009 raphael.pi 83
echo "</head>" >> $HTML_REPORT
84
echo "<body>" >> $HTML_REPORT
85
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)</center></h1>" >> $HTML_REPORT
2189 tom.houday 86
echo "<i><p style=\"text-align: right;\">Date de création $(date +%F)</p></i>" >> $HTML_REPORT
87
echo "<font size=\"1\">" >> $HTML_REPORT
2009 raphael.pi 88
 
89
######################TABINFO######################
90
echo "Create information about system and ALCASAR"
91
#contain every information about ALCASAR configuration, system and last update
92
 
93
cat $MODEL_TABINFO | while read LINE_HTML
94
do
95
 
96
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
97
then
98
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)
2189 tom.houday 99
	echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
100
 
2009 raphael.pi 101
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
102
then
103
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep INSTALL_DATE | cut -d'=' -f2)
104
	echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
105
 
106
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
107
then
108
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep VERSION | cut -d'=' -f2)
109
	echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
110
 
111
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
112
then
113
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PUBLIC_IP | cut -d'=' -f2)
114
	echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
115
 
116
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
117
then
118
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2)
119
	echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
120
 
121
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
122
then
123
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep 'GW=' | cut -d'=' -f2)
124
	echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
125
 
126
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
127
then
128
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS1 | cut -d'=' -f2)
129
	echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
130
 
131
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
132
then
133
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS2 | cut -d'=' -f2)
134
	echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
135
 
136
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
137
then
138
	VALUE=$(hostname)
139
	echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
140
 
141
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
142
then
143
	VALUE=$( echo $(uname -r) [ $(uname -m) ] )
144
	echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
145
 
146
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
147
then
148
	VALUE=$(echo $(who -b | cut -d' ' -f12-))
149
	echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
150
 
151
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
152
then
2454 tom.houday 153
	VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
2009 raphael.pi 154
	echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
155
 
156
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
157
then
158
	VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
159
	echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
160
 
161
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
162
then
163
	#show every ALCASAR RPM updated since X day ago
164
	#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
165
	if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
166
	then
167
		PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
168
		rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
169
		do
170
			RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
171
			RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
172
			RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
173
			RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
174
 
175
			echo "<tr>" >> $HTML_REPORT
176
			echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
177
			echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
178
			echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
179
			echo "</tr>" >> $HTML_REPORT
180
		done
181
	else
2189 tom.houday 182
		echo "<tr><td colspan=\"3\">Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
2009 raphael.pi 183
	fi
184
else
185
	echo $LINE_HTML >> $HTML_REPORT
186
fi
187
done
188
 
189
######################BL WEBSITE SINCE INSTALLATION######################
190
echo "Create BL website since the installation of ALCASAR"
191
#find data
192
 
193
#decompress every logs
2013 raphael.pi 194
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 195
then
196
	gunzip -d dnsmasq-blacklist.log.*.gz
197
fi
198
 
199
#convert logs date in timestamp and find categories of blacklisted website
200
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
201
do
202
	while read LOG_BL
203
	do
204
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
2454 tom.houday 205
		then
2009 raphael.pi 206
			#find the current blacklisted category
207
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
208
 
209
			#we convert www.test.co.uk => test.co.uk to find the category of this website
2189 tom.houday 210
			if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
211
			then
212
					website_bl=$(echo $website_bl | cut -d'.' -f2-)
213
			fi
2009 raphael.pi 214
 
2013 raphael.pi 215
			#get BL category
2189 tom.houday 216
			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
2013 raphael.pi 217
			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
218
			then
219
				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
220
			fi
221
 
2009 raphael.pi 222
			#Calculate its timestamp
223
			Y=$(date -R | cut -d' ' -f4)
224
			M=$(echo $LOG_BL | cut -d' ' -f1)
2189 tom.houday 225
			D=$(echo $LOG_BL | cut -d' ' -f2)
2009 raphael.pi 226
			H=$(echo $LOG_BL | cut -d' ' -f3)
227
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
2013 raphael.pi 228
			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
2009 raphael.pi 229
		fi
230
 
231
	done < /var/log/dnsmasq/$FILE
232
done
233
 
234
#if data exists, create this section in html document
235
if [ -e $TMP_BL ]
236
then
237
	ENABLE_BL=1
238
	#count every BL website consulted since installation (maximum 1 year)
239
	DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 )
240
 
241
 
242
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
243
	do
244
		DATE_1=$TS
245
		DATE_2=$((TS-$STEP_TS))
246
		COUNT_BL_INSTALLATION=0	
247
 
248
		for LINE in $(cat $TMP_BL)
249
		do
250
			TS_FILE=$(echo $LINE | cut -d':' -f1)
251
 
252
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2454 tom.houday 253
			then
2009 raphael.pi 254
				COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
255
 
256
			fi
257
		done
258
 
259
		VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
260
		VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
261
	done
262
 
263
	#create Antivirus section in html document
264
	NAME_BL_INSTALLATION='chart_bl_installation'
265
	CONF_BL_INSTALLATION='config_bl_installation'
266
	echo "<center>" >> $HTML_REPORT
267
	echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT
268
	echo "</center>" >> $HTML_REPORT
269
 
270
	#create chart bar in html file with javascript (chartjs.com)
271
	echo "<script>" >> $HTML_REPORT
272
	cat $MODEL_CHARTJS | while read LINE_JS
273
	do
274
		#name of variable
2454 tom.houday 275
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 276
		then
277
			echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
278
		#chart type
2454 tom.houday 279
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 280
		then
281
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
282
		#chart title
283
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
2454 tom.houday 284
		then
2009 raphael.pi 285
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
286
		#chart data
2454 tom.houday 287
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 288
		then
289
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
290
		#color
2454 tom.houday 291
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 292
		then
293
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
294
		#labels
2454 tom.houday 295
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 296
		then
297
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
2454 tom.houday 298
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 299
		then
300
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
301
		#display value of Y axis, only useful for chart bar
2454 tom.houday 302
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 303
		then
304
			echo "" >> $HTML_REPORT
305
		#display value of Y axis, only useful for chart bar
2454 tom.houday 306
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 307
		then
308
			echo "" >> $HTML_REPORT
2454 tom.houday 309
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
2009 raphael.pi 310
		then
2013 raphael.pi 311
			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
2009 raphael.pi 312
		else
313
			echo $LINE_JS >> $HTML_REPORT
314
		fi
315
	done
316
	echo "</script>" >> $HTML_REPORT
317
else
2209 tom.houday 318
	echo "<h2>Aucune activité de la Blacklist depuis l'installation.</h2>" >> $HTML_REPORT
2009 raphael.pi 319
fi
320
 
321
 
322
 
323
######################DNSMASQ BLACKLIST######################
324
echo "Create BL website since $MAX_DAY_AGO days"
325
 
326
#if data exists, create BL section in html document
327
if [ -e $TMP_BL ]
328
then
329
	ENABLE_BL_WEEK=1
330
	#find data
331
	#count every BL website consulted since DAYS_AGO
332
	DATE_1=$C_TS
333
	DATE_2=$((DATE_1-$STEP_TS))
334
 
2287 tom.houday 335
	touch $TMP_BL_WEEK
336
 
2009 raphael.pi 337
	for LINE in $(cat $TMP_BL)
338
	do
339
		TS_FILE=$(echo $LINE | cut -d':' -f1)
340
		#select only elements between DATE_1 and DATE_2
341
		if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2454 tom.houday 342
		then
2009 raphael.pi 343
			echo $LINE >> $TMP_BL_WEEK
344
		fi
345
	done
346
 
347
	#then we count every occurence for each category in TMP_BL_WEEK
348
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
349
	do
2189 tom.houday 350
		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
2009 raphael.pi 351
	done
352
 
353
	#we sort by number of occurence and we take the top 10 BL categories
354
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
355
	do
356
 
357
		DATA=$(echo $LINE | cut -d':' -f2)
358
		LABEL=$(echo $LINE | cut -d':' -f1)
359
		if [ $DATA -ne 0 ]
360
		then
2189 tom.houday 361
			VALUE_BL_DATA="$VALUE_BL_DATA $DATA, "
362
			VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)',"
2009 raphael.pi 363
		fi
364
	done
365
 
366
	#get other categories (sum them all)
2454 tom.houday 367
	if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
2189 tom.houday 368
	then
2454 tom.houday 369
		VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
370
		VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
2189 tom.houday 371
	fi
2009 raphael.pi 372
 
373
	#create chart pie in html file with javascript (chartjs.com)
374
	NAME_BL='chart_bl'
375
	CONF_BL='config_bl'
376
	echo "<center>" >> $HTML_REPORT
377
	echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT
378
	echo "</center>" >> $HTML_REPORT
379
	echo "<script>" >> $HTML_REPORT
2189 tom.houday 380
 
2009 raphael.pi 381
	cat $MODEL_CHARTJS | while read LINE_JS
382
	do
383
		#variable name
2454 tom.houday 384
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 385
		then
386
			echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
387
		#chart type
2454 tom.houday 388
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 389
		then
390
			echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
391
		#graph title
392
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
393
		then
2189 tom.houday 394
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
2009 raphael.pi 395
		#chart data
2454 tom.houday 396
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 397
		then
398
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
399
		#color
2454 tom.houday 400
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 401
		then
402
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
403
		#labels
2454 tom.houday 404
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 405
		then
406
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
407
		#display legend, only useful for chart pie
2454 tom.houday 408
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 409
		then
410
			echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
411
		#display value of Y axis, only useful for chart bar
2189 tom.houday 412
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 413
		then
414
			echo "/*" >> $HTML_REPORT
415
		#display value of Y axis, only useful for chart bar
2189 tom.houday 416
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 417
		then
418
			echo "*/" >> $HTML_REPORT
419
		else
420
			echo $LINE_JS >> $HTML_REPORT
421
		fi
422
	done
423
	echo "</script>" >> $HTML_REPORT
424
else
2209 tom.houday 425
	echo "<h2>Aucune activité de la Blacklist cette semaine.</h2>" >> $HTML_REPORT
2009 raphael.pi 426
fi
427
 
428
######################VIRUS THREAT######################
429
echo "Create AV logs since the installation of ALCASAR"
430
 
431
#decompress every logs, if they exist
2013 raphael.pi 432
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 433
then
434
	gunzip -d access.log.*.gz
435
fi
436
 
437
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
438
do
439
	while read LINE_AV
440
	do
441
		Y=$(echo $LINE_AV | cut -d' ' -f1)
442
		M=$(echo $LINE_AV | cut -d' ' -f2)
443
		D=$(echo $LINE_AV | cut -d' ' -f3)
444
		H=$(echo $LINE_AV | cut -d' ' -f4)
445
		CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
446
		echo $CURRENT_TS >> $TMP_AV
447
	done < /var/log/havp/$FILE
448
 
449
done
450
 
451
if [ -e $TMP_AV ]
452
then
453
	ENABLE_AV=1
454
	DATE_END=$(cat $TMP_AV | sort -n | head -1)
455
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
456
	do
457
		DATE_1=$TS
458
		DATE_2=$((TS-$STEP_TS))
2189 tom.houday 459
		COUNT_AV=0
2009 raphael.pi 460
 
461
		for TS_FILE in $(cat $TMP_AV)
462
		do
463
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2189 tom.houday 464
			then
2009 raphael.pi 465
				COUNT_AV=$((COUNT_AV+1))
466
			fi
467
		done
2189 tom.houday 468
 
2009 raphael.pi 469
		VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
470
		VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
471
	done
472
 
473
	#create Antivirus section in html document
474
	NAME_AV='chart_av'
475
	CONF_AV='config_av'
476
	echo "<center>" >> $HTML_REPORT
477
	echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT
478
	echo "</center>" >> $HTML_REPORT
479
 
480
 
481
	#create chart bar in html file with javascript (chartjs.com)
482
	echo "<script>" >> $HTML_REPORT
483
	cat $MODEL_CHARTJS | while read LINE_JS
484
	do
485
		#name of variable
2189 tom.houday 486
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 487
		then
488
			echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
489
		#chart type
2189 tom.houday 490
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 491
		then
492
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
493
		#graph title
494
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
495
		then
2189 tom.houday 496
			echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
2009 raphael.pi 497
		#chart data
2189 tom.houday 498
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 499
		then
500
			echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
501
		#color
2189 tom.houday 502
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 503
		then
504
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
505
		#labels
2189 tom.houday 506
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 507
		then
508
			echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
2189 tom.houday 509
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 510
		then
511
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
512
		#display value of Y axis, only useful for chart bar
2189 tom.houday 513
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 514
		then
515
			echo "" >> $HTML_REPORT
516
		#display value of Y axis, only useful for chart bar
2189 tom.houday 517
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 518
		then
519
			echo "" >> $HTML_REPORT
2189 tom.houday 520
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
2009 raphael.pi 521
		then
2013 raphael.pi 522
			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
2009 raphael.pi 523
		else
524
			echo $LINE_JS >> $HTML_REPORT
525
		fi
526
	done
527
	echo "</script>" >> $HTML_REPORT
528
else
2209 tom.houday 529
	echo "<h2>Aucune menace virale.</h2>" >> $HTML_REPORT
2009 raphael.pi 530
fi
531
 
532
 
533
######################ALCASAR : DAILY USE######################
534
echo "Get daily use connection of the week"
535
#create html document
2209 tom.houday 536
echo "<h2>Statistiques volumétrie connexions</h2>" >> $HTML_REPORT
2009 raphael.pi 537
 
538
#create new htdigest user to consult statistique of ACC
539
#if user does not exist, we create him
2138 richard 540
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
2009 raphael.pi 541
then
2189 tom.houday 542
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
543
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
544
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all
545
	chown -R root:apache $DIR_KEY
546
	chmod 640 $DIR_KEY/key_*
2009 raphael.pi 547
fi
548
 
549
#get stats.php from ACC
2138 richard 550
wget -q -nv --user $tmp_account --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate
2009 raphael.pi 551
 
552
#clean this file to include it in html report.
553
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
554
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
555
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
556
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
557
 
558
#we delete our user if he still exists
2138 richard 559
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
2009 raphael.pi 560
then
2189 tom.houday 561
	$SED "/^$tmp_account:/d" $DIR_KEY/key_only_manager
562
	$SED "/^$tmp_account:/d" $DIR_KEY/key_manager
563
	$SED "/^$tmp_account:/d" $DIR_KEY/key_all
2009 raphael.pi 564
fi
565
 
2190 tom.houday 566
 
567
###################### ALCASAR : LOG ACCESS ######################
568
echo "Get ACC log access of the week"
569
 
2209 tom.houday 570
ROWS=""
571
while read -r access ; do
2267 richard 572
	access_datas=(${access//|/ })
2190 tom.houday 573
 
2209 tom.houday 574
	accces_date_intl=$(echo "${access_datas[0]} ${access_datas[1]}" | sed -E 's@^([0-9]{2})+/+([0-9]{2})+/+([0-9]{4})+@\3-\2-\1@') # Convert date format DD/MM/YYYY to YYYY-MM-DD
575
	access_date=$(date -d "$accces_date_intl" +%s)
576
	access_user=${access_datas[2]}
577
	access_ip=${access_datas[3]}
2286 tom.houday 578
	access_agent=$(echo "$access" | cut -d'|' -f4)
2209 tom.houday 579
	if [ $access_date -lt $SECS_AGO ]; then
580
		break
581
	fi
2190 tom.houday 582
 
2209 tom.houday 583
	access_date_formatted=$(date -d @$access_date +"%x %X")
584
 
2267 richard 585
	ROWS="$ROWS<tr><td>$access_date_formatted</td><td>$access_user</td><td>$access_ip</td><td>$access_agent</td></tr>"
586
done < <(cat /var/Save/security/acc_access.log | sort -r)
2209 tom.houday 587
# TODO: Read archives if necessary
588
 
589
if [ -z "$ROWS" ]; then
2267 richard 590
	ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucune connexion</td></tr>"
2190 tom.houday 591
fi
592
 
2209 tom.houday 593
# Create HTML document
594
echo "<h2>Connexion à l'ALCASAR Control Center (ACC)</h2>" >> $HTML_REPORT
595
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
2267 richard 596
echo "<thead><tr><th>Date</th><th>Utilisateur</th><th>Adresse IP</th><th>Agent</th></tr></thead><tbody>" >> $HTML_REPORT
2209 tom.houday 597
echo $ROWS >> $HTML_REPORT
598
echo "</tbody></table>" >> $HTML_REPORT
2190 tom.houday 599
 
2209 tom.houday 600
 
2190 tom.houday 601
###################### ALCASAR : GLOBAL TRAFFIC ######################
602
echo "Get Global traffic of the last 30 days"
603
 
604
ROWS=""
2209 tom.houday 605
EXTIF=$(cat /usr/local/etc/alcasar.conf | grep '^EXTIF=' | cut -d'=' -f2)
2190 tom.houday 606
for day in $(vnstat --exportdb -i $EXTIF | grep '^d;' | sort -t";" -k3 -r); do
607
	day_datas=(${day//;/ })
608
	day_date=${day_datas[2]}
609
	day_rxMio=${day_datas[3]}
610
	day_txMio=${day_datas[4]}
611
	day_rxKio=${day_datas[5]}
612
	day_txKio=${day_datas[6]}
613
	day_act=${day_datas[7]}
614
 
615
	if [ $day_act -ne 1 ]; then
616
		continue
617
	fi
618
 
619
	if [ $day_date -lt $SECS_AGO ]; then
620
		break
621
	fi
622
 
2209 tom.houday 623
	day_date_formatted=$(date -d @$day_date +%x)
2190 tom.houday 624
	day_rx=$(($day_rxMio * 1048576 + $day_rxKio * 1024))
625
	day_tx=$(($day_txMio * 1048576 + $day_txKio * 1024))
626
	day_total=$(($day_rx + $day_tx))
2209 tom.houday 627
	day_rx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_rx)
628
	day_tx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_tx)
629
	day_total_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_total)
2190 tom.houday 630
 
2209 tom.houday 631
	ROWS="$ROWS<tr><td>$day_date_formatted</td><td>$day_rx_formatted</td><td>$day_tx_formatted</td><td>$day_total_formatted</td></tr>"
2190 tom.houday 632
done
633
 
2209 tom.houday 634
if [ -z "$ROWS" ]; then
635
	ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucun jour capturé</td></tr>"
636
fi
637
 
2190 tom.houday 638
# Create html document
2209 tom.houday 639
echo "<h2>Trafic global</h2>" >> $HTML_REPORT
2190 tom.houday 640
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
641
echo "<thead><tr><th>Date</th><th>Entrant</th><th>Sortant</th><th>Total</th></tr></thead><tbody>" >> $HTML_REPORT
642
echo $ROWS >> $HTML_REPORT
643
echo "</tbody></table>" >> $HTML_REPORT
644
 
645
 
646
###################### ALCASAR : FAIL2BAN ######################
647
echo "Get fail2ban log of the week"
648
 
2209 tom.houday 649
ROWS=""
650
dateDaysAgo_formatted=$(date --date="$MAX_DAY_AGO days ago" +'%Y-%m-%d %H:%M:%S,%N' | rev | cut -c 7- | rev)
651
while read -r log ; do
2190 tom.houday 652
	log_datas=($log)
653
	log_date="${log_datas[0]} ${log_datas[1]}"
654
	log_type=${log_datas[4]:1:-1}
655
	log_ip=${log_datas[6]}
2209 tom.houday 656
	log_date_formatted=$(date -d "$log_date" +"%x %X")
2190 tom.houday 657
 
2209 tom.houday 658
	ROWS="$ROWS<tr><td>$log_date_formatted</td><td>$log_ip</td><td>$log_type</td></tr>"
659
done < <(grep " Ban " /var/log/fail2ban.log | sort -r | awk -v dateDaysAgo="$dateDaysAgo_formatted" '($1 " " $2) >= dateDaysAgo')
2190 tom.houday 660
 
2209 tom.houday 661
if [ -z "$ROWS" ]; then
662
	ROWS="<tr><td colspan=\"3\" style=\"text-align: center;\">Aucune adresse IP bloquée</td></tr>"
663
fi
664
 
665
# Create html document
666
echo "<h2>Adresse(s) IP bloquée(s) (Fail2Ban)</h2>" >> $HTML_REPORT
667
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
668
echo "<thead><tr><th>Date</th><th>Adresse IP</th><th>Règle</th></tr></thead><tbody>" >> $HTML_REPORT
669
echo $ROWS >> $HTML_REPORT
2190 tom.houday 670
echo "</tbody></table>" >> $HTML_REPORT
671
 
672
 
2009 raphael.pi 673
######################FIN HTML######################
674
 
675
#Execute our javascript function to print charts
676
echo "<script>window.onload = function() {" >> $HTML_REPORT
677
#BL SINCE INSTALLATION
678
if [ $ENABLE_BL -eq "1" ]
679
then
680
	echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT
681
	echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT
682
fi
683
#BL WEEK
684
if [ $ENABLE_BL_WEEK -eq "1" ]
685
then
686
	echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT
687
	echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT
688
fi
689
#VIRUS THREAT
690
if [ $ENABLE_AV -eq "1" ]
691
then
692
	echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT
693
	echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT
694
fi
695
echo "};</script>" >> $HTML_REPORT
696
echo "</body>" >> $HTML_REPORT
697
echo "</html>" >> $HTML_REPORT
698
 
699
#convert html document to PDF
700
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
701
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
702
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
2139 richard 703
mv $(echo $HTML_REPORT | cut -d'.' -f1).pdf /var/Save/activity_report/
2009 raphael.pi 704
 
2013 raphael.pi 705
#compress every logs, if they exist
706
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
707
then
708
	gzip /var/log/havp/access.log.*
709
fi
710
 
711
#compress every logs
712
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
713
then
714
	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
715
fi
716
 
717
#remove our files
2141 richard 718
rm -f $TMP_BL
719
rm -f $TMP_BL_WEEK
720
rm -f $TMP_BL_WEEK_CAT
721
rm -f $TMP_STATS
722
rm -f $TMP_STATS_2
723
rm -f $HTML_REPORT