182 lines
5.3 KiB
Bash
182 lines
5.3 KiB
Bash
#!/bin/bash
|
|
#CREADOR Henry Chumo | 06/06/2022
|
|
#Alias : @ChumoGH
|
|
# -*- ENCODING: UTF-8 -*-
|
|
|
|
dropbear_pids () {
|
|
port_dropbear=`ps aux|grep 'dropbear'|awk NR==1|awk '{print $17;}'`
|
|
|
|
log=/var/log/auth.log
|
|
loginsukses='Password auth succeeded'
|
|
|
|
pids=`ps ax|grep 'dropbear'|grep " $port_dropbear"|awk -F " " '{print $1}'`
|
|
|
|
for pid in $pids; do
|
|
pidlogs=`grep $pid $log |grep "$loginsukses" |awk -F" " '{print $3}'`
|
|
|
|
i=0
|
|
for pidend in $pidlogs; do
|
|
let i=i+1
|
|
done
|
|
|
|
if [ $pidend ];then
|
|
login=`grep $pid $log |grep "$pidend" |grep "$loginsukses"`
|
|
PID=$pid
|
|
user=`echo $login |awk -F" " '{print $10}' | sed -r "s/'/ /g"`
|
|
waktu=`echo $login |awk -F" " '{print $2"-"$1,$3}'`
|
|
while [ ${#waktu} -lt 13 ]; do
|
|
waktu=$waktu" "
|
|
done
|
|
while [ ${#user} -lt 16 ]; do
|
|
user=$user" "
|
|
done
|
|
while [ ${#PID} -lt 8 ]; do
|
|
PID=$PID" "
|
|
done
|
|
echo "$user $PID $waktu"
|
|
fi
|
|
done
|
|
}
|
|
|
|
mostrar_usuarios () {
|
|
for u in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
|
|
echo "$u"
|
|
done
|
|
}
|
|
|
|
function_onlines () {
|
|
users=$(cat /etc/passwd|grep 'home'|grep 'false'|grep -v 'syslog'|awk -F ':' '{print $1}')
|
|
dpids=$(dropbear_pids)
|
|
time=$(date +%s)
|
|
[[ -e /etc/openvpn/openvpn-status.log ]] && ovpn_log=$(cat /etc/openvpn/openvpn-status.log)
|
|
n='0'
|
|
i='0'
|
|
conect='0'
|
|
for _user in $(mostrar_usuarios); do
|
|
[[ -z "$(ps -u $_user|grep sshd)" ]] && sqd=0 || sqd=1
|
|
[[ -z "$(echo $ovpn_log|grep -E ,"$_user",)" ]] && ovp=0 || ovp=1
|
|
[[ -z "$(echo $dpids|grep -w "$_user")" ]] && drop=0 || drop=1
|
|
conex=$(($sqd + $ovp + $drop))
|
|
[[ $conex -ne 0 ]] && let conect++
|
|
if [[ $(chage -l $_user |grep 'Account expires' |awk -F ': ' '{print $2}') != never ]]; then
|
|
[[ $time -gt $(date '+%s' -d "$(chage -l $_user |grep "Account expires" |awk -F ': ' '{print $2}')") ]] && let n++
|
|
fi
|
|
done
|
|
_tuser=$(echo "$users"|sed '/^$/d'|wc -l)
|
|
#echo "${conect}" > /etc/adm-lite/onlines
|
|
#echo "${n}" > /etc/adm-lite/vencidos
|
|
#echo "${_tuser}" > /etc/adm-lite/total
|
|
}
|
|
|
|
fun_ovpn_onl () {
|
|
for userovpn in `cat /etc/passwd | grep ovpn | awk -F: '{print $1}'`; do
|
|
us=$(cat /etc/openvpn/openvpn-status.log | grep $userovpn | wc -l)
|
|
[[ "$us" != "0" ]] && echo "$userovpn"
|
|
done
|
|
}
|
|
|
|
function_usertime () {
|
|
declare -A data
|
|
declare -A time
|
|
declare -A time2
|
|
declare -A timefinal
|
|
tempousers="./tempo_conexao"
|
|
usr_pids_var="./userDIR"
|
|
[[ ! -e $tempousers ]] && touch $tempousers
|
|
_data_now=$(date +%s)
|
|
for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
|
|
unset ssh
|
|
[[ -e $usr_pids_var/$user.pid ]] && source $usr_pids_var/$user.pid
|
|
ssh+="$(ps -u $user | grep sshd |wc -l)+"
|
|
ssh+="$(dropbear_pids | grep "$user" | wc -l)+"
|
|
[[ -e /etc/openvpn/server.conf ]] && ssh+="$(fun_ovpn_onl | grep "$user" | wc -l)+"
|
|
ssh+="0"
|
|
user_pid=$(echo $ssh|bc)
|
|
if [ "$user_pid" -gt "0" ]; then
|
|
[[ "${data[$user]}" = "" ]] && data[$user]="$_data_now"
|
|
fi
|
|
if [ "$user_pid" = "0" ]; then
|
|
unset data[$user]
|
|
[[ -e "$usr_pids_var/$user.pid" ]] && rm -f $usr_pids_var/$user.pid
|
|
[[ -e $usr_pids_var/$user.pid2 ]] && rm -f $usr_pids_var/$user.pid2
|
|
fi
|
|
if [ "${data[$user]}" != "" ]; then
|
|
time[$user]=$(($_data_now - ${data[$user]}))
|
|
time2[$user]=$(cat $tempousers | grep "$user" | awk '{print $2}')
|
|
[[ "${time2[$user]}" = "" ]] && time2[$user]="0"
|
|
timefinal[$user]=$((${time2[$user]} + ${time[$user]}))
|
|
_arquivo=$(cat $tempousers |grep -v "$user")
|
|
echo "$_arquivo" > $tempousers
|
|
echo "$user ${timefinal[$user]}" >> $tempousers
|
|
echo "data[$user]=$_data_now" > $usr_pids_var/$user.pid
|
|
fi
|
|
done
|
|
}
|
|
|
|
fun_net () {
|
|
(
|
|
log_1="/tmp/tcpdump"
|
|
log_2="/tmp/tcpdumpLOG"
|
|
usr_dir="/etc/adm-lite/userDIR/usr_cnx"
|
|
[[ -e "$log_1" ]] && mv -f $log_1 $log_2
|
|
[[ ! -e $usr_dir ]] && touch $usr_dir
|
|
#ENCERRA TCP
|
|
for pd in `ps x | grep tcpdump | grep -v grep | awk '{print $1}'`; do
|
|
kill -9 $pd &> /dev/null
|
|
done
|
|
#INICIA TCP
|
|
tcpdump -s 50 -n &> /dev/null
|
|
#ANALIZA USER
|
|
for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
|
|
touch /tmp/$user
|
|
ip_openssh $user > /dev/null 2>&1
|
|
ip_drop $user > /dev/null 2>&1
|
|
sed -i '/^$/d' /tmp/$user
|
|
pacotes=$(paste -sd+ /tmp/$user | bc)
|
|
rm /tmp/$user
|
|
if [ "$pacotes" != "" ]; then
|
|
if [ "$(cat $usr_dir | grep "$user")" != "" ]; then
|
|
pacotesuser=$(cat $usr_dir | grep "$user" | awk '{print $2}')
|
|
[[ $pacotesuser = "" ]] && pacotesuser=0
|
|
[[ $pacotesuser != +([0-9]) ]] && pacotesuser=0
|
|
ussrvar=$(cat $usr_dir | grep -v "$user")
|
|
echo "$ussrvar" > $usr_dir
|
|
pacotes=$(($pacotes+$pacotesuser))
|
|
echo -e "$user $pacotes" >> $usr_dir
|
|
else
|
|
echo -e "$user $pacotes" >> $usr_dir
|
|
fi
|
|
fi
|
|
unset pacotes
|
|
done
|
|
) &
|
|
}
|
|
|
|
ip_openssh () {
|
|
user="$1"
|
|
for ip in `lsof -u $user -P -n | grep "ESTABLISHED" | awk -F "->" '{print $2}' |awk -F ":" '{print $1}' | grep -v "127.0.0.1"`; do
|
|
packet=$(cat $log_2 | grep "$ip" | wc -l)
|
|
echo "$packet" >> /tmp/$user
|
|
unset packet
|
|
done
|
|
}
|
|
|
|
ip_drop () {
|
|
user="$1"
|
|
loguser='Password auth succeeded'
|
|
touch /tmp/drop
|
|
for ip in `cat /var/log/auth.log | tail -100 | grep "$user" | grep "$loguser" | awk -F "from" '{print $2}' | awk -F ":" '{print $1}'`; do
|
|
if [ "$(cat /tmp/drop | grep "$ip")" = "" ]; then
|
|
packet=$(cat $log_2 | grep "$ip" | wc -l)
|
|
echo "$packet" >> /tmp/$user
|
|
echo "$ip" >> /tmp/drop
|
|
fi
|
|
done
|
|
rm /tmp/drop
|
|
}
|
|
|
|
function_onlines > /dev/null 2>&1
|
|
#function_usertime > /dev/null 2>&1
|
|
#fun_net > /dev/null 2>&1
|
|
killall verifica > /dev/null 2>&1
|