dpbt/Bot/update/verifica

#!/bin/bash
#CREADOR Henry Chumo | 06/06/2022
#Alias : @ChumoGH
# -*- ENCODING: UTF-8 -*-

dropbear_pids () {
  port_dropbear=`ps aux|grep 'dropbear'|awk NR==1|awk '{print $17;}'`

  log=/var/log/auth.log
  loginsukses='Password auth succeeded'

  pids=`ps ax|grep 'dropbear'|grep " $port_dropbear"|awk -F " " '{print $1}'`

  for pid in $pids; do
    pidlogs=`grep $pid $log |grep "$loginsukses" |awk -F" " '{print $3}'`

    i=0
    for pidend in $pidlogs; do
      let i=i+1
    done

    if [ $pidend ];then
       login=`grep $pid $log |grep "$pidend" |grep "$loginsukses"`
       PID=$pid
       user=`echo $login |awk -F" " '{print $10}' | sed -r "s/'/ /g"`
       waktu=`echo $login |awk -F" " '{print $2"-"$1,$3}'`
       while [ ${#waktu} -lt 13 ]; do
           waktu=$waktu" "
       done
       while [ ${#user} -lt 16 ]; do
           user=$user" "
       done
       while [ ${#PID} -lt 8 ]; do
           PID=$PID" "
       done
       echo "$user $PID $waktu"
    fi
done
}

mostrar_usuarios () {
for u in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
echo "$u"
done
}

function_onlines () {
	users=$(cat /etc/passwd|grep 'home'|grep 'false'|grep -v 'syslog'|awk -F ':' '{print $1}')
	dpids=$(dropbear_pids)
	time=$(date +%s)
	[[ -e /etc/openvpn/openvpn-status.log ]] && ovpn_log=$(cat /etc/openvpn/openvpn-status.log)
	n='0'
	i='0'
	conect='0'
	for _user in $(mostrar_usuarios); do
		[[ -z "$(ps -u $_user|grep sshd)" ]] && sqd=0 || sqd=1
		[[ -z "$(echo $ovpn_log|grep -E ,"$_user",)" ]] && ovp=0 || ovp=1
        [[ -z "$(echo $dpids|grep -w "$_user")" ]] && drop=0 || drop=1
        conex=$(($sqd + $ovp + $drop))
        [[ $conex -ne 0 ]] && let conect++
		if [[ $(chage -l $_user |grep 'Account expires' |awk -F ': ' '{print $2}') != never ]]; then
			[[ $time -gt $(date '+%s' -d "$(chage -l $_user |grep "Account expires" |awk -F ': ' '{print $2}')") ]] && let n++
		fi
	done
_tuser=$(echo "$users"|sed '/^$/d'|wc -l)
#echo "${conect}" > /etc/adm-lite/onlines
#echo "${n}" > /etc/adm-lite/vencidos
#echo "${_tuser}" > /etc/adm-lite/total
}

fun_ovpn_onl () {
for userovpn in `cat /etc/passwd | grep ovpn | awk -F: '{print $1}'`; do
us=$(cat /etc/openvpn/openvpn-status.log | grep $userovpn | wc -l)
[[ "$us" != "0" ]] && echo "$userovpn"
done
}

function_usertime () {
declare -A data
declare -A time
declare -A time2
declare -A timefinal
tempousers="./tempo_conexao"
usr_pids_var="./userDIR"
[[ ! -e $tempousers ]] && touch $tempousers
_data_now=$(date +%s)
 for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
 unset ssh
 [[ -e $usr_pids_var/$user.pid ]] && source $usr_pids_var/$user.pid
ssh+="$(ps -u $user | grep sshd |wc -l)+"
ssh+="$(dropbear_pids | grep "$user" | wc -l)+"
[[ -e /etc/openvpn/server.conf ]] && ssh+="$(fun_ovpn_onl | grep "$user" | wc -l)+"
ssh+="0"
user_pid=$(echo $ssh|bc)
if [ "$user_pid" -gt "0" ]; then
 [[ "${data[$user]}" = "" ]] && data[$user]="$_data_now"
 fi
if [ "$user_pid" = "0" ]; then
unset data[$user]
[[ -e "$usr_pids_var/$user.pid" ]] && rm -f $usr_pids_var/$user.pid
[[ -e $usr_pids_var/$user.pid2 ]] && rm -f $usr_pids_var/$user.pid2
fi
if [ "${data[$user]}" != "" ]; then
time[$user]=$(($_data_now - ${data[$user]}))
time2[$user]=$(cat $tempousers | grep "$user" | awk '{print $2}')
  [[ "${time2[$user]}" = "" ]] && time2[$user]="0"
timefinal[$user]=$((${time2[$user]} + ${time[$user]}))
_arquivo=$(cat $tempousers |grep -v "$user")
echo "$_arquivo" > $tempousers
echo "$user ${timefinal[$user]}" >> $tempousers
echo "data[$user]=$_data_now" > $usr_pids_var/$user.pid
fi
 done
}

fun_net () {
(
log_1="/tmp/tcpdump"
log_2="/tmp/tcpdumpLOG"
usr_dir="/etc/adm-lite/userDIR/usr_cnx"
[[ -e "$log_1" ]] &&  mv -f $log_1 $log_2
[[ ! -e $usr_dir ]] && touch $usr_dir
#ENCERRA TCP
for pd in `ps x | grep tcpdump | grep -v grep | awk '{print $1}'`; do
kill -9 $pd &> /dev/null
done
#INICIA TCP
tcpdump -s 50 -n &> /dev/null
#ANALIZA USER
for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
touch /tmp/$user
ip_openssh $user > /dev/null 2>&1
ip_drop $user > /dev/null 2>&1
sed -i '/^$/d' /tmp/$user
pacotes=$(paste -sd+ /tmp/$user | bc)
rm /tmp/$user
if [ "$pacotes" != "" ]; then
  if [ "$(cat $usr_dir | grep "$user")" != "" ]; then
  pacotesuser=$(cat $usr_dir | grep "$user" | awk '{print $2}')
  [[ $pacotesuser = "" ]] && pacotesuser=0
  [[ $pacotesuser != +([0-9]) ]] && pacotesuser=0
  ussrvar=$(cat $usr_dir | grep -v "$user")
  echo "$ussrvar" > $usr_dir
  pacotes=$(($pacotes+$pacotesuser))
  echo -e "$user $pacotes" >> $usr_dir
  else
  echo -e "$user $pacotes" >> $usr_dir
  fi
fi
unset pacotes
done
) &
}

ip_openssh () {
user="$1"
for ip in `lsof -u $user -P -n | grep "ESTABLISHED" | awk -F "->" '{print $2}' |awk -F ":" '{print $1}' | grep -v "127.0.0.1"`; do
 packet=$(cat $log_2 | grep "$ip" | wc -l)
 echo "$packet" >> /tmp/$user
 unset packet
done
}

ip_drop () {
user="$1"
loguser='Password auth succeeded'
touch /tmp/drop
for ip in `cat /var/log/auth.log | tail -100 | grep "$user" | grep "$loguser" | awk -F "from" '{print $2}' | awk -F ":" '{print $1}'`; do
 if [ "$(cat /tmp/drop | grep "$ip")" = "" ]; then
 packet=$(cat $log_2 | grep "$ip" | wc -l)
 echo "$packet" >> /tmp/$user
 echo "$ip" >> /tmp/drop
 fi
done
rm /tmp/drop
}

function_onlines > /dev/null 2>&1
#function_usertime > /dev/null 2>&1
#fun_net > /dev/null 2>&1
killall verifica > /dev/null 2>&1
@drowkid01 2025-05-30 06:21:54 -06:00			`#!/bin/bash`
			`#CREADOR Henry Chumo \| 06/06/2022`
			`#Alias : @ChumoGH`
			`# -- ENCODING: UTF-8 --`

			`dropbear_pids () {`
			port_dropbear=`ps aux\|grep 'dropbear'\|awk NR==1\|awk '{print $17;}'`

			`log=/var/log/auth.log`
			`loginsukses='Password auth succeeded'`

			pids=`ps ax\|grep 'dropbear'\|grep " $port_dropbear"\|awk -F " " '{print $1}'`

			`for pid in $pids; do`
			pidlogs=`grep $pid $log \|grep "$loginsukses" \|awk -F" " '{print $3}'`

			`i=0`
			`for pidend in $pidlogs; do`
			`let i=i+1`
			`done`

			`if [ $pidend ];then`
			login=`grep $pid $log \|grep "$pidend" \|grep "$loginsukses"`
			`PID=$pid`
			user=`echo $login \|awk -F" " '{print $10}' \| sed -r "s/'/ /g"`
			waktu=`echo $login \|awk -F" " '{print $2"-"$1,$3}'`
			`while [ ${#waktu} -lt 13 ]; do`
			`waktu=$waktu" "`
			`done`
			`while [ ${#user} -lt 16 ]; do`
			`user=$user" "`
			`done`
			`while [ ${#PID} -lt 8 ]; do`
			`PID=$PID" "`
			`done`
			`echo "$user $PID $waktu"`
			`fi`
			`done`
			`}`

			`mostrar_usuarios () {`
			for u in `cat "/etc/passwd"\|grep 'home'\|grep 'false'\|grep -v 'syslog' \| cut -d: -f1`; do
			`echo "$u"`
			`done`
			`}`

			`function_onlines () {`
			`users=$(cat /etc/passwd\|grep 'home'\|grep 'false'\|grep -v 'syslog'\|awk -F ':' '{print $1}')`
			`dpids=$(dropbear_pids)`
			`time=$(date +%s)`
			`[[ -e /etc/openvpn/openvpn-status.log ]] && ovpn_log=$(cat /etc/openvpn/openvpn-status.log)`
			`n='0'`
			`i='0'`
			`conect='0'`
			`for _user in $(mostrar_usuarios); do`
			`[[ -z "$(ps -u $_user\|grep sshd)" ]] && sqd=0 \|\| sqd=1`
			`[[ -z "$(echo $ovpn_log\|grep -E ,"$_user",)" ]] && ovp=0 \|\| ovp=1`
			`[[ -z "$(echo $dpids\|grep -w "$_user")" ]] && drop=0 \|\| drop=1`
			`conex=$(($sqd + $ovp + $drop))`
			`[[ $conex -ne 0 ]] && let conect++`
			`if [[ $(chage -l $_user \|grep 'Account expires' \|awk -F ': ' '{print $2}') != never ]]; then`
			`[[ $time -gt $(date '+%s' -d "$(chage -l $_user \|grep "Account expires" \|awk -F ': ' '{print $2}')") ]] && let n++`
			`fi`
			`done`
			`_tuser=$(echo "$users"\|sed '/^$/d'\|wc -l)`
			`#echo "${conect}" > /etc/adm-lite/onlines`
			`#echo "${n}" > /etc/adm-lite/vencidos`
			`#echo "${_tuser}" > /etc/adm-lite/total`
			`}`

			`fun_ovpn_onl () {`
			for userovpn in `cat /etc/passwd \| grep ovpn \| awk -F: '{print $1}'`; do
			`us=$(cat /etc/openvpn/openvpn-status.log \| grep $userovpn \| wc -l)`
			`[[ "$us" != "0" ]] && echo "$userovpn"`
			`done`
			`}`

			`function_usertime () {`
			`declare -A data`
			`declare -A time`
			`declare -A time2`
			`declare -A timefinal`
			`tempousers="./tempo_conexao"`
			`usr_pids_var="./userDIR"`
			`[[ ! -e $tempousers ]] && touch $tempousers`
			`_data_now=$(date +%s)`
			for user in `cat "/etc/passwd"\|grep 'home'\|grep 'false'\|grep -v 'syslog' \| cut -d: -f1`; do
			`unset ssh`
			`[[ -e $usr_pids_var/$user.pid ]] && source $usr_pids_var/$user.pid`
			`ssh+="$(ps -u $user \| grep sshd \|wc -l)+"`
			`ssh+="$(dropbear_pids \| grep "$user" \| wc -l)+"`
			`[[ -e /etc/openvpn/server.conf ]] && ssh+="$(fun_ovpn_onl \| grep "$user" \| wc -l)+"`
			`ssh+="0"`
			`user_pid=$(echo $ssh\|bc)`
			`if [ "$user_pid" -gt "0" ]; then`
			`[[ "${data[$user]}" = "" ]] && data[$user]="$_data_now"`
			`fi`
			`if [ "$user_pid" = "0" ]; then`
			`unset data[$user]`
			`[[ -e "$usr_pids_var/$user.pid" ]] && rm -f $usr_pids_var/$user.pid`
			`[[ -e $usr_pids_var/$user.pid2 ]] && rm -f $usr_pids_var/$user.pid2`
			`fi`
			`if [ "${data[$user]}" != "" ]; then`
			`time[$user]=$(($_data_now - ${data[$user]}))`
			`time2[$user]=$(cat $tempousers \| grep "$user" \| awk '{print $2}')`
			`[[ "${time2[$user]}" = "" ]] && time2[$user]="0"`
			`timefinal[$user]=$((${time2[$user]} + ${time[$user]}))`
			`_arquivo=$(cat $tempousers \|grep -v "$user")`
			`echo "$_arquivo" > $tempousers`
			`echo "$user ${timefinal[$user]}" >> $tempousers`
			`echo "data[$user]=$_data_now" > $usr_pids_var/$user.pid`
			`fi`
			`done`
			`}`

			`fun_net () {`
			`(`
			`log_1="/tmp/tcpdump"`
			`log_2="/tmp/tcpdumpLOG"`
			`usr_dir="/etc/adm-lite/userDIR/usr_cnx"`
			`[[ -e "$log_1" ]] && mv -f $log_1 $log_2`
			`[[ ! -e $usr_dir ]] && touch $usr_dir`
			`#ENCERRA TCP`
			for pd in `ps x \| grep tcpdump \| grep -v grep \| awk '{print $1}'`; do
			`kill -9 $pd &> /dev/null`
			`done`
			`#INICIA TCP`
			`tcpdump -s 50 -n &> /dev/null`
			`#ANALIZA USER`
			for user in `cat "/etc/passwd"\|grep 'home'\|grep 'false'\|grep -v 'syslog' \| cut -d: -f1`; do
			`touch /tmp/$user`
			`ip_openssh $user > /dev/null 2>&1`
			`ip_drop $user > /dev/null 2>&1`
			`sed -i '/^$/d' /tmp/$user`
			`pacotes=$(paste -sd+ /tmp/$user \| bc)`
			`rm /tmp/$user`
			`if [ "$pacotes" != "" ]; then`
			`if [ "$(cat $usr_dir \| grep "$user")" != "" ]; then`
			`pacotesuser=$(cat $usr_dir \| grep "$user" \| awk '{print $2}')`
			`[[ $pacotesuser = "" ]] && pacotesuser=0`
			`[[ $pacotesuser != +([0-9]) ]] && pacotesuser=0`
			`ussrvar=$(cat $usr_dir \| grep -v "$user")`
			`echo "$ussrvar" > $usr_dir`
			`pacotes=$(($pacotes+$pacotesuser))`
			`echo -e "$user $pacotes" >> $usr_dir`
			`else`
			`echo -e "$user $pacotes" >> $usr_dir`
			`fi`
			`fi`
			`unset pacotes`
			`done`
			`) &`
			`}`

			`ip_openssh () {`
			`user="$1"`
			for ip in `lsof -u $user -P -n \| grep "ESTABLISHED" \| awk -F "->" '{print $2}' \|awk -F ":" '{print $1}' \| grep -v "127.0.0.1"`; do
			`packet=$(cat $log_2 \| grep "$ip" \| wc -l)`
			`echo "$packet" >> /tmp/$user`
			`unset packet`
			`done`
			`}`

			`ip_drop () {`
			`user="$1"`
			`loguser='Password auth succeeded'`
			`touch /tmp/drop`
			for ip in `cat /var/log/auth.log \| tail -100 \| grep "$user" \| grep "$loguser" \| awk -F "from" '{print $2}' \| awk -F ":" '{print $1}'`; do
			`if [ "$(cat /tmp/drop \| grep "$ip")" = "" ]; then`
			`packet=$(cat $log_2 \| grep "$ip" \| wc -l)`
			`echo "$packet" >> /tmp/$user`
			`echo "$ip" >> /tmp/drop`
			`fi`
			`done`
			`rm /tmp/drop`
			`}`

			`function_onlines > /dev/null 2>&1`
			`#function_usertime > /dev/null 2>&1`
			`#fun_net > /dev/null 2>&1`
			`killall verifica > /dev/null 2>&1`