#!/bin/bash
#CREADOR Henry Chumo | 06/06/2022
#Alias : @ChumoGH
# -*- ENCODING: UTF-8 -*-

dropbear_pids () {
  port_dropbear=`ps aux|grep 'dropbear'|awk NR==1|awk '{print $17;}'`

  log=/var/log/auth.log
  loginsukses='Password auth succeeded'

  pids=`ps ax|grep 'dropbear'|grep " $port_dropbear"|awk -F " " '{print $1}'`

  for pid in $pids; do
    pidlogs=`grep $pid $log |grep "$loginsukses" |awk -F" " '{print $3}'`

    i=0
    for pidend in $pidlogs; do
      let i=i+1
    done

    if [ $pidend ];then
       login=`grep $pid $log |grep "$pidend" |grep "$loginsukses"`
       PID=$pid
       user=`echo $login |awk -F" " '{print $10}' | sed -r "s/'/ /g"`
       waktu=`echo $login |awk -F" " '{print $2"-"$1,$3}'`
       while [ ${#waktu} -lt 13 ]; do
           waktu=$waktu" "
       done
       while [ ${#user} -lt 16 ]; do
           user=$user" "
       done
       while [ ${#PID} -lt 8 ]; do
           PID=$PID" "
       done
       echo "$user $PID $waktu"
    fi
done
}

mostrar_usuarios () {
for u in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
echo "$u"
done
}

function_onlines () {
	users=$(cat /etc/passwd|grep 'home'|grep 'false'|grep -v 'syslog'|awk -F ':' '{print $1}')
	dpids=$(dropbear_pids)
	time=$(date +%s)
	[[ -e /etc/openvpn/openvpn-status.log ]] && ovpn_log=$(cat /etc/openvpn/openvpn-status.log)
	n='0'
	i='0'
	conect='0'
	for _user in $(mostrar_usuarios); do
		[[ -z "$(ps -u $_user|grep sshd)" ]] && sqd=0 || sqd=1
		[[ -z "$(echo $ovpn_log|grep -E ,"$_user",)" ]] && ovp=0 || ovp=1
        [[ -z "$(echo $dpids|grep -w "$_user")" ]] && drop=0 || drop=1
        conex=$(($sqd + $ovp + $drop))
        [[ $conex -ne 0 ]] && let conect++
		if [[ $(chage -l $_user |grep 'Account expires' |awk -F ': ' '{print $2}') != never ]]; then
			[[ $time -gt $(date '+%s' -d "$(chage -l $_user |grep "Account expires" |awk -F ': ' '{print $2}')") ]] && let n++
		fi
	done
_tuser=$(echo "$users"|sed '/^$/d'|wc -l)
#echo "${conect}" > /etc/adm-lite/onlines
#echo "${n}" > /etc/adm-lite/vencidos
#echo "${_tuser}" > /etc/adm-lite/total
}

fun_ovpn_onl () {
for userovpn in `cat /etc/passwd | grep ovpn | awk -F: '{print $1}'`; do
us=$(cat /etc/openvpn/openvpn-status.log | grep $userovpn | wc -l)
[[ "$us" != "0" ]] && echo "$userovpn"
done
}

function_usertime () {
declare -A data
declare -A time
declare -A time2
declare -A timefinal
tempousers="./tempo_conexao"
usr_pids_var="./userDIR"
[[ ! -e $tempousers ]] && touch $tempousers
_data_now=$(date +%s)
 for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
 unset ssh
 [[ -e $usr_pids_var/$user.pid ]] && source $usr_pids_var/$user.pid
ssh+="$(ps -u $user | grep sshd |wc -l)+"
ssh+="$(dropbear_pids | grep "$user" | wc -l)+"
[[ -e /etc/openvpn/server.conf ]] && ssh+="$(fun_ovpn_onl | grep "$user" | wc -l)+"
ssh+="0"
user_pid=$(echo $ssh|bc)
if [ "$user_pid" -gt "0" ]; then
 [[ "${data[$user]}" = "" ]] && data[$user]="$_data_now"
 fi
if [ "$user_pid" = "0" ]; then
unset data[$user]
[[ -e "$usr_pids_var/$user.pid" ]] && rm -f $usr_pids_var/$user.pid
[[ -e $usr_pids_var/$user.pid2 ]] && rm -f $usr_pids_var/$user.pid2
fi
if [ "${data[$user]}" != "" ]; then
time[$user]=$(($_data_now - ${data[$user]}))
time2[$user]=$(cat $tempousers | grep "$user" | awk '{print $2}')
  [[ "${time2[$user]}" = "" ]] && time2[$user]="0"
timefinal[$user]=$((${time2[$user]} + ${time[$user]}))
_arquivo=$(cat $tempousers |grep -v "$user")
echo "$_arquivo" > $tempousers
echo "$user ${timefinal[$user]}" >> $tempousers
echo "data[$user]=$_data_now" > $usr_pids_var/$user.pid
fi
 done
}

fun_net () {
(
log_1="/tmp/tcpdump"
log_2="/tmp/tcpdumpLOG"
usr_dir="/etc/adm-lite/userDIR/usr_cnx"
[[ -e "$log_1" ]] &&  mv -f $log_1 $log_2
[[ ! -e $usr_dir ]] && touch $usr_dir
#ENCERRA TCP
for pd in `ps x | grep tcpdump | grep -v grep | awk '{print $1}'`; do
kill -9 $pd &> /dev/null
done
#INICIA TCP
tcpdump -s 50 -n &> /dev/null
#ANALIZA USER
for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
touch /tmp/$user
ip_openssh $user > /dev/null 2>&1
ip_drop $user > /dev/null 2>&1
sed -i '/^$/d' /tmp/$user
pacotes=$(paste -sd+ /tmp/$user | bc)
rm /tmp/$user
if [ "$pacotes" != "" ]; then
  if [ "$(cat $usr_dir | grep "$user")" != "" ]; then
  pacotesuser=$(cat $usr_dir | grep "$user" | awk '{print $2}')
  [[ $pacotesuser = "" ]] && pacotesuser=0
  [[ $pacotesuser != +([0-9]) ]] && pacotesuser=0
  ussrvar=$(cat $usr_dir | grep -v "$user")
  echo "$ussrvar" > $usr_dir
  pacotes=$(($pacotes+$pacotesuser))
  echo -e "$user $pacotes" >> $usr_dir
  else
  echo -e "$user $pacotes" >> $usr_dir
  fi
fi
unset pacotes
done
) &
}

ip_openssh () {
user="$1"
for ip in `lsof -u $user -P -n | grep "ESTABLISHED" | awk -F "->" '{print $2}' |awk -F ":" '{print $1}' | grep -v "127.0.0.1"`; do
 packet=$(cat $log_2 | grep "$ip" | wc -l)
 echo "$packet" >> /tmp/$user
 unset packet
done
}

ip_drop () {
user="$1"
loguser='Password auth succeeded'
touch /tmp/drop
for ip in `cat /var/log/auth.log | tail -100 | grep "$user" | grep "$loguser" | awk -F "from" '{print $2}' | awk -F ":" '{print $1}'`; do
 if [ "$(cat /tmp/drop | grep "$ip")" = "" ]; then
 packet=$(cat $log_2 | grep "$ip" | wc -l)
 echo "$packet" >> /tmp/$user
 echo "$ip" >> /tmp/drop
 fi
done
rm /tmp/drop
}

function_onlines > /dev/null 2>&1
#function_usertime > /dev/null 2>&1
#fun_net > /dev/null 2>&1
killall verifica > /dev/null 2>&1