| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-activity_report.sh 2488 2018-02-25 14:53:54Z lucas.echard $
|
2 |
# $Id: alcasar-activity_report.sh 2521 2018-04-02 19:46:16Z armand.ito $
|
| 3 |
#
|
3 |
#
|
| 4 |
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
|
4 |
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
|
| 5 |
# We read configuration files and logs to create cool charts.
|
5 |
# We read configuration files and logs to create cool charts.
|
| 6 |
# Written by Raphaël PION, Rexy & Tom HOUDAYER
|
6 |
# Written by Raphaël PION, Rexy & Tom HOUDAYER
|
| 7 |
|
7 |
|
| Line 154... |
Line 154... |
| 154 |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
|
154 |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
|
| 155 |
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
|
155 |
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
|
| 156 |
|
156 |
|
| 157 |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
|
157 |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
|
| 158 |
then
|
158 |
then
|
| 159 |
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
|
159 |
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
|
| 160 |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
|
160 |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
|
| 161 |
|
161 |
|
| 162 |
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
|
162 |
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
|
| 163 |
then
|
163 |
then
|
| 164 |
#show every ALCASAR RPM updated since X day ago
|
164 |
#show every ALCASAR RPM updated since X day ago
|
| 165 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
|
165 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
|
| 166 |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
|
166 |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
|
| 167 |
then
|
167 |
then
|
| 168 |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
|
168 |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
|
| 169 |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
|
169 |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
|
| 170 |
do
|
170 |
do
|
| 171 |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
|
171 |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
|
| 172 |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
|
172 |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
|
| 173 |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
|
173 |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
|