Subversion Repositories ALCASAR

Rev

Rev 2840 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2840 Rev 2841
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-activity_report.sh 2840 2020-06-27 22:35:40Z rexy $
 2 
# $Id: alcasar-activity_report.sh 2841 2020-06-28 21:49:00Z rexy $
3 
#
 3 
#
4 
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
 4 
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
5 
# We read configuration files and logs to create cool charts.
 5 
# We read configuration files and logs to create cool charts.
6 
# Written by Raphaël PION, Rexy & Tom HOUDAYER
 6 
# Written by Raphaël PION, Rexy & Tom HOUDAYER
7 
 
 7 
 
Line 417... Line 417...
417 
 
 417 
 
418 
######################VIRUS THREAT######################
 418 
######################VIRUS THREAT######################
419 
echo "Create AV logs since the installation of ALCASAR"
 419 
echo "Create AV logs since the installation of ALCASAR"
420 
 
 420 
 
421 
#decompress every logs, if they exist
 421 
#decompress every logs, if they exist
422 
if [ "$(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l)" -ge 1 ]
 422 
if [ "$(ls -1 /var/log/clamav/clamd.log.*.gz 2>/dev/null | wc -l)" -ge 1 ]
423 
then
 423 
then
424 
	gunzip -d access.log.*.gz
 424 
	gunzip -d clamd.log.*.gz
425 
fi
 425 
fi
426 
 
 426 
 
427 
for FILE in /var/log/havp/access.log*
 427 
for FILE in /var/log/clamav/clamd.log*
428 
do
 428 
do
429 
	while read LINE_AV
 429 
	while read LINE_AV
430 
	do
 430 
	do
- 
 
 431 
		if [ "`echo $LINE_AV|grep -c FOUND`" == 1 ]
- 
 
 432 
		then
431 
		Y=$(echo $LINE_AV | cut -d' ' -f1)
 433 
			Y=$(echo $LINE_AV | cut -d' ' -f5)
432 
		M=$(echo $LINE_AV | cut -d' ' -f2)
 434 
			M=$(echo $LINE_AV | cut -d' ' -f2)
433 
		D=$(echo $LINE_AV | cut -d' ' -f3)
 435 
			D=$(echo $LINE_AV | cut -d' ' -f3)
434 
		H=$(echo $LINE_AV | cut -d' ' -f4)
 436 
			H=$(echo $LINE_AV | cut -d' ' -f4)
435 
		CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
 437 
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
436 
		echo $CURRENT_TS >> $TMP_AV
 438 
			echo $CURRENT_TS >> $TMP_AV
- 
 
 439 
		fi
437 
	done < $FILE
 440 
	done < $FILE
438 
done
 441 
done
439 
 
 442 
 
440 
if [ -e $TMP_AV ]
 443 
if [ -e $TMP_AV ]
441 
then
 444 
then
Line 690... Line 693...
690 
chown apache:apache "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
 693 
chown apache:apache "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
691 
chmod 644 "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
 694 
chmod 644 "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
692 
mv "$(echo $HTML_REPORT | cut -d'.' -f1).pdf" /var/Save/activity_report/
 695 
mv "$(echo $HTML_REPORT | cut -d'.' -f1).pdf" /var/Save/activity_report/
693 
 
 696 
 
694 
#compress every logs, if they exist
 697 
#compress every logs, if they exist
695 
if [ "$(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l)" -ge 1 ]
 698 
if [ "$(ls -1 /var/log/clamav/clamd.log.* 2>/dev/null | wc -l)" -ge 1 ]
696 
then
 699 
then
697 
	gzip /var/log/havp/access.log.*
 700 
	gzip /var/log/clamav/clamd.log.*
698 
fi
 701 
fi
699 
 
 702 
 
700 
#compress every logs
 703 
#compress every logs
701 
if [ "$(ls -1 /var/log/unbound/unbound-blacklist.log.* 2>/dev/null | wc -l)" -ge 1 ]
 704 
if [ "$(ls -1 /var/log/unbound/unbound-blacklist.log.* 2>/dev/null | wc -l)" -ge 1 ]
702 
then
 705 
then