Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar-activity_report.sh 2474 2017-12-30 02:00:04Z tom.houdayer $
|
2 |
# $Id: alcasar-activity_report.sh 2488 2018-02-25 14:53:54Z lucas.echard $
|
3 |
#
|
3 |
#
|
4 |
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
|
4 |
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
|
5 |
# We read configuration files and logs to create cool charts.
|
5 |
# We read configuration files and logs to create cool charts.
|
6 |
# Written by Raphaël PION, Rexy & Tom HOUDAYER
|
6 |
# Written by Raphaël PION, Rexy & Tom HOUDAYER
|
7 |
|
7 |
|
Line 163... |
Line 163... |
163 |
then
|
163 |
then
|
164 |
#show every ALCASAR RPM updated since X day ago
|
164 |
#show every ALCASAR RPM updated since X day ago
|
165 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
|
165 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
|
166 |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
|
166 |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
|
167 |
then
|
167 |
then
|
168 |
PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
|
168 |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
|
169 |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
|
169 |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
|
170 |
do
|
170 |
do
|
171 |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
|
171 |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
|
172 |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
|
172 |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
|
173 |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
|
173 |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
|