Subversion Repositories ALCASAR

Rev

Rev 2488 | Rev 2644 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2189 tom.houday 1
#!/bin/bash
2
# $Id: alcasar-activity_report.sh 2521 2018-04-02 19:46:16Z armand.ito $
3
#
2138 richard 4
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
5
# We read configuration files and logs to create cool charts.
2190 tom.houday 6
# Written by Raphaël PION, Rexy & Tom HOUDAYER
2009 raphael.pi 7
 
2474 tom.houday 8
CONF_FILE='/usr/local/etc/alcasar.conf'
2138 richard 9
# files
10
DIR_TMP="/var/tmp"
11
TMP_AV="$DIR_TMP/av_count.txt"
12
TMP_BL="$DIR_TMP/bl_count.txt"
13
TMP_BL_WEEK="$DIR_TMP/bl_count_week.txt"
14
TMP_BL_WEEK_CAT="$DIR_TMP/bl_count_week_cat.txt"
2009 raphael.pi 15
 
2138 richard 16
# Model loaded to create charts
17
DIR_BUILD="/var/www/html/acc/manager/activity_report/"
18
MODEL_CHARTJS="$DIR_BUILD/models/Chart.report.js"
19
MODEL_TABINFO="$DIR_BUILD/models/tabinfo.html"
2009 raphael.pi 20
 
2138 richard 21
# Where the report will be created.
22
HTML_REPORT="$DIR_BUILD/alcasar-report-$(date +%F).html"
2009 raphael.pi 23
 
2138 richard 24
# TIME VALUE
2009 raphael.pi 25
C_TS=$(date +"%s") #current timestamp
26
MAX_DAY_AGO=7
27
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago
28
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO
29
 
2138 richard 30
# PRIVATE IP OF ALCASAR
2474 tom.houday 31
PRIVATE_IP=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2 | cut -d'/' -f1)
2009 raphael.pi 32
 
2138 richard 33
# COLOR for charts
2009 raphael.pi 34
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'"
35
 
2138 richard 36
# Values to create new htdigest user to consult statistique of ACC
2009 raphael.pi 37
DIR_KEY="/usr/local/etc/digest"
2138 richard 38
tmp_account="alcasar"
2009 raphael.pi 39
realm="ALCASAR Control Center (ACC)"
40
password=$(openssl rand -base64 32) #random password (length : 32)
41
SED="/usr/bin/sed -i "
2138 richard 42
TMP_STATS="$DIR_TMP/stats.html"
43
TMP_STATS_2="$DIR_TMP/stats2.html"
2009 raphael.pi 44
 
2138 richard 45
# if empty logs, replace charts by text.
2009 raphael.pi 46
ENABLE_BL=0
47
ENABLE_BL_WEEK=0
48
ENABLE_AV=0
49
 
50
if [ -e $TMP_AV ]
51
then
52
	rm $TMP_AV
53
fi
54
 
55
if [ -e $TMP_BL ]
56
then
2189 tom.houday 57
	rm $TMP_BL
2009 raphael.pi 58
fi
59
 
60
if [ -e $TMP_BL_WEEK ]
61
then
2189 tom.houday 62
	rm $TMP_BL_WEEK
2009 raphael.pi 63
fi
64
 
65
if [ -e $TMP_BL_WEEK_CAT ]
66
then
2189 tom.houday 67
	rm $TMP_BL_WEEK_CAT
2009 raphael.pi 68
fi
69
 
70
if [ -e $HTML_REPORT ]
71
then
2189 tom.houday 72
	rm $HTML_REPORT
2009 raphael.pi 73
fi
74
 
75
echo "<!doctype html>" >> $HTML_REPORT
76
echo "<html>" >> $HTML_REPORT
77
echo "<head>" >> $HTML_REPORT
2189 tom.houday 78
echo "<meta charset=\"utf-8\">" >> $HTML_REPORT
2009 raphael.pi 79
echo "<title>ALCASAR report</title>" >> $HTML_REPORT
2189 tom.houday 80
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/bootstrap.min.css\">" >> $HTML_REPORT
81
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/report.css\">" >> $HTML_REPORT
2317 tom.houday 82
echo "<script src=\"../../../js/Chart.bundle.min.js\"></script>" >> $HTML_REPORT
2189 tom.houday 83
echo "<script src=\"../../../js/jquery.min.js\"></script>" >> $HTML_REPORT
2009 raphael.pi 84
echo "</head>" >> $HTML_REPORT
85
echo "<body>" >> $HTML_REPORT
2474 tom.houday 86
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(grep ^ORGANISM= $CONF_FILE | cut -d'=' -f2-)</center></h1>" >> $HTML_REPORT
2189 tom.houday 87
echo "<i><p style=\"text-align: right;\">Date de création $(date +%F)</p></i>" >> $HTML_REPORT
88
echo "<font size=\"1\">" >> $HTML_REPORT
2009 raphael.pi 89
 
90
######################TABINFO######################
91
echo "Create information about system and ALCASAR"
92
#contain every information about ALCASAR configuration, system and last update
93
 
94
cat $MODEL_TABINFO | while read LINE_HTML
95
do
96
 
97
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
98
then
2474 tom.houday 99
	VALUE=$(grep ^ORGANISM= $CONF_FILE | cut -d'=' -f2-)
2189 tom.houday 100
	echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
101
 
2009 raphael.pi 102
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
103
then
2474 tom.houday 104
	VALUE=$(grep ^INSTALL_DATE= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 105
	echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
106
 
107
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
108
then
2474 tom.houday 109
	VALUE=$(grep ^VERSION= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 110
	echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
111
 
112
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
113
then
2474 tom.houday 114
	VALUE=$(grep ^PUBLIC_IP= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 115
	echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
116
 
117
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
118
then
2474 tom.houday 119
	VALUE=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 120
	echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
121
 
122
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
123
then
2474 tom.houday 124
	VALUE=$(grep ^GW= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 125
	echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
126
 
127
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
128
then
2474 tom.houday 129
	VALUE=$(grep ^DNS1= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 130
	echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
131
 
132
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
133
then
2474 tom.houday 134
	VALUE=$(grep ^DNS2= $CONF_FILE | cut -d'=' -f2)
2009 raphael.pi 135
	echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
136
 
137
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
138
then
139
	VALUE=$(hostname)
140
	echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
141
 
142
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
143
then
144
	VALUE=$( echo $(uname -r) [ $(uname -m) ] )
145
	echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
146
 
147
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
148
then
149
	VALUE=$(echo $(who -b | cut -d' ' -f12-))
150
	echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
151
 
152
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
153
then
2454 tom.houday 154
	VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
2009 raphael.pi 155
	echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
156
 
157
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
158
then
2521 armand.ito 159
	VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
2009 raphael.pi 160
	echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
161
 
162
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
163
then
164
	#show every ALCASAR RPM updated since X day ago
165
	#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
166
	if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
167
	then
2521 armand.ito 168
		PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
2009 raphael.pi 169
		rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
170
		do
171
			RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
172
			RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
173
			RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
174
			RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
175
 
176
			echo "<tr>" >> $HTML_REPORT
177
			echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
178
			echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
179
			echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
180
			echo "</tr>" >> $HTML_REPORT
181
		done
182
	else
2189 tom.houday 183
		echo "<tr><td colspan=\"3\">Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
2009 raphael.pi 184
	fi
185
else
186
	echo $LINE_HTML >> $HTML_REPORT
187
fi
188
done
189
 
190
######################BL WEBSITE SINCE INSTALLATION######################
191
echo "Create BL website since the installation of ALCASAR"
192
#find data
193
 
194
#decompress every logs
2013 raphael.pi 195
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 196
then
197
	gunzip -d dnsmasq-blacklist.log.*.gz
198
fi
199
 
200
#convert logs date in timestamp and find categories of blacklisted website
201
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
202
do
203
	while read LOG_BL
204
	do
205
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
2454 tom.houday 206
		then
2009 raphael.pi 207
			#find the current blacklisted category
208
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
209
 
210
			#we convert www.test.co.uk => test.co.uk to find the category of this website
2189 tom.houday 211
			if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
212
			then
213
					website_bl=$(echo $website_bl | cut -d'.' -f2-)
214
			fi
2009 raphael.pi 215
 
2013 raphael.pi 216
			#get BL category
2189 tom.houday 217
			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
2013 raphael.pi 218
			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
219
			then
220
				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
221
			fi
222
 
2009 raphael.pi 223
			#Calculate its timestamp
224
			Y=$(date -R | cut -d' ' -f4)
225
			M=$(echo $LOG_BL | cut -d' ' -f1)
2189 tom.houday 226
			D=$(echo $LOG_BL | cut -d' ' -f2)
2009 raphael.pi 227
			H=$(echo $LOG_BL | cut -d' ' -f3)
228
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
2013 raphael.pi 229
			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
2009 raphael.pi 230
		fi
231
 
232
	done < /var/log/dnsmasq/$FILE
233
done
234
 
235
#if data exists, create this section in html document
236
if [ -e $TMP_BL ]
237
then
238
	ENABLE_BL=1
239
	#count every BL website consulted since installation (maximum 1 year)
240
	DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 )
241
 
242
 
243
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
244
	do
245
		DATE_1=$TS
246
		DATE_2=$((TS-$STEP_TS))
247
		COUNT_BL_INSTALLATION=0	
248
 
249
		for LINE in $(cat $TMP_BL)
250
		do
251
			TS_FILE=$(echo $LINE | cut -d':' -f1)
252
 
253
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2454 tom.houday 254
			then
2009 raphael.pi 255
				COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
256
 
257
			fi
258
		done
259
 
260
		VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
261
		VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
262
	done
263
 
264
	#create Antivirus section in html document
265
	NAME_BL_INSTALLATION='chart_bl_installation'
266
	CONF_BL_INSTALLATION='config_bl_installation'
267
	echo "<center>" >> $HTML_REPORT
268
	echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT
269
	echo "</center>" >> $HTML_REPORT
270
 
271
	#create chart bar in html file with javascript (chartjs.com)
272
	echo "<script>" >> $HTML_REPORT
273
	cat $MODEL_CHARTJS | while read LINE_JS
274
	do
275
		#name of variable
2454 tom.houday 276
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 277
		then
278
			echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
279
		#chart type
2454 tom.houday 280
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 281
		then
282
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
283
		#chart title
284
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
2454 tom.houday 285
		then
2009 raphael.pi 286
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
287
		#chart data
2454 tom.houday 288
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 289
		then
290
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
291
		#color
2454 tom.houday 292
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 293
		then
294
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
295
		#labels
2454 tom.houday 296
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 297
		then
298
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
2454 tom.houday 299
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 300
		then
301
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
302
		#display value of Y axis, only useful for chart bar
2454 tom.houday 303
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 304
		then
305
			echo "" >> $HTML_REPORT
306
		#display value of Y axis, only useful for chart bar
2454 tom.houday 307
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 308
		then
309
			echo "" >> $HTML_REPORT
2454 tom.houday 310
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
2009 raphael.pi 311
		then
2013 raphael.pi 312
			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
2009 raphael.pi 313
		else
314
			echo $LINE_JS >> $HTML_REPORT
315
		fi
316
	done
317
	echo "</script>" >> $HTML_REPORT
318
else
2209 tom.houday 319
	echo "<h2>Aucune activité de la Blacklist depuis l'installation.</h2>" >> $HTML_REPORT
2009 raphael.pi 320
fi
321
 
322
 
323
 
324
######################DNSMASQ BLACKLIST######################
325
echo "Create BL website since $MAX_DAY_AGO days"
326
 
327
#if data exists, create BL section in html document
328
if [ -e $TMP_BL ]
329
then
330
	ENABLE_BL_WEEK=1
331
	#find data
332
	#count every BL website consulted since DAYS_AGO
333
	DATE_1=$C_TS
334
	DATE_2=$((DATE_1-$STEP_TS))
335
 
2287 tom.houday 336
	touch $TMP_BL_WEEK
337
 
2009 raphael.pi 338
	for LINE in $(cat $TMP_BL)
339
	do
340
		TS_FILE=$(echo $LINE | cut -d':' -f1)
341
		#select only elements between DATE_1 and DATE_2
342
		if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2454 tom.houday 343
		then
2009 raphael.pi 344
			echo $LINE >> $TMP_BL_WEEK
345
		fi
346
	done
347
 
348
	#then we count every occurence for each category in TMP_BL_WEEK
349
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
350
	do
2189 tom.houday 351
		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
2009 raphael.pi 352
	done
353
 
354
	#we sort by number of occurence and we take the top 10 BL categories
355
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
356
	do
357
 
358
		DATA=$(echo $LINE | cut -d':' -f2)
359
		LABEL=$(echo $LINE | cut -d':' -f1)
360
		if [ $DATA -ne 0 ]
361
		then
2189 tom.houday 362
			VALUE_BL_DATA="$VALUE_BL_DATA $DATA, "
363
			VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)',"
2009 raphael.pi 364
		fi
365
	done
366
 
367
	#get other categories (sum them all)
2454 tom.houday 368
	if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
2189 tom.houday 369
	then
2454 tom.houday 370
		VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
371
		VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
2189 tom.houday 372
	fi
2009 raphael.pi 373
 
374
	#create chart pie in html file with javascript (chartjs.com)
375
	NAME_BL='chart_bl'
376
	CONF_BL='config_bl'
377
	echo "<center>" >> $HTML_REPORT
378
	echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT
379
	echo "</center>" >> $HTML_REPORT
380
	echo "<script>" >> $HTML_REPORT
2189 tom.houday 381
 
2009 raphael.pi 382
	cat $MODEL_CHARTJS | while read LINE_JS
383
	do
384
		#variable name
2454 tom.houday 385
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 386
		then
387
			echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
388
		#chart type
2454 tom.houday 389
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 390
		then
391
			echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
392
		#graph title
393
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
394
		then
2189 tom.houday 395
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
2009 raphael.pi 396
		#chart data
2454 tom.houday 397
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 398
		then
399
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
400
		#color
2454 tom.houday 401
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 402
		then
403
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
404
		#labels
2454 tom.houday 405
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 406
		then
407
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
408
		#display legend, only useful for chart pie
2454 tom.houday 409
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 410
		then
411
			echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
412
		#display value of Y axis, only useful for chart bar
2189 tom.houday 413
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 414
		then
415
			echo "/*" >> $HTML_REPORT
416
		#display value of Y axis, only useful for chart bar
2189 tom.houday 417
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 418
		then
419
			echo "*/" >> $HTML_REPORT
420
		else
421
			echo $LINE_JS >> $HTML_REPORT
422
		fi
423
	done
424
	echo "</script>" >> $HTML_REPORT
425
else
2209 tom.houday 426
	echo "<h2>Aucune activité de la Blacklist cette semaine.</h2>" >> $HTML_REPORT
2009 raphael.pi 427
fi
428
 
429
######################VIRUS THREAT######################
430
echo "Create AV logs since the installation of ALCASAR"
431
 
432
#decompress every logs, if they exist
2013 raphael.pi 433
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 434
then
435
	gunzip -d access.log.*.gz
436
fi
437
 
438
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
439
do
440
	while read LINE_AV
441
	do
442
		Y=$(echo $LINE_AV | cut -d' ' -f1)
443
		M=$(echo $LINE_AV | cut -d' ' -f2)
444
		D=$(echo $LINE_AV | cut -d' ' -f3)
445
		H=$(echo $LINE_AV | cut -d' ' -f4)
446
		CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
447
		echo $CURRENT_TS >> $TMP_AV
448
	done < /var/log/havp/$FILE
449
 
450
done
451
 
452
if [ -e $TMP_AV ]
453
then
454
	ENABLE_AV=1
455
	DATE_END=$(cat $TMP_AV | sort -n | head -1)
456
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
457
	do
458
		DATE_1=$TS
459
		DATE_2=$((TS-$STEP_TS))
2189 tom.houday 460
		COUNT_AV=0
2009 raphael.pi 461
 
462
		for TS_FILE in $(cat $TMP_AV)
463
		do
464
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
2189 tom.houday 465
			then
2009 raphael.pi 466
				COUNT_AV=$((COUNT_AV+1))
467
			fi
468
		done
2189 tom.houday 469
 
2009 raphael.pi 470
		VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
471
		VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
472
	done
473
 
474
	#create Antivirus section in html document
475
	NAME_AV='chart_av'
476
	CONF_AV='config_av'
477
	echo "<center>" >> $HTML_REPORT
478
	echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT
479
	echo "</center>" >> $HTML_REPORT
480
 
481
 
482
	#create chart bar in html file with javascript (chartjs.com)
483
	echo "<script>" >> $HTML_REPORT
484
	cat $MODEL_CHARTJS | while read LINE_JS
485
	do
486
		#name of variable
2189 tom.houday 487
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
2009 raphael.pi 488
		then
489
			echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
490
		#chart type
2189 tom.houday 491
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
2009 raphael.pi 492
		then
493
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
494
		#graph title
495
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
496
		then
2189 tom.houday 497
			echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
2009 raphael.pi 498
		#chart data
2189 tom.houday 499
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
2009 raphael.pi 500
		then
501
			echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
502
		#color
2189 tom.houday 503
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
2009 raphael.pi 504
		then
505
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
506
		#labels
2189 tom.houday 507
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
2009 raphael.pi 508
		then
509
			echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
2189 tom.houday 510
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 511
		then
512
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
513
		#display value of Y axis, only useful for chart bar
2189 tom.houday 514
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
2009 raphael.pi 515
		then
516
			echo "" >> $HTML_REPORT
517
		#display value of Y axis, only useful for chart bar
2189 tom.houday 518
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
2009 raphael.pi 519
		then
520
			echo "" >> $HTML_REPORT
2189 tom.houday 521
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
2009 raphael.pi 522
		then
2013 raphael.pi 523
			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
2009 raphael.pi 524
		else
525
			echo $LINE_JS >> $HTML_REPORT
526
		fi
527
	done
528
	echo "</script>" >> $HTML_REPORT
529
else
2209 tom.houday 530
	echo "<h2>Aucune menace virale.</h2>" >> $HTML_REPORT
2009 raphael.pi 531
fi
532
 
533
 
534
######################ALCASAR : DAILY USE######################
535
echo "Get daily use connection of the week"
536
#create html document
2209 tom.houday 537
echo "<h2>Statistiques volumétrie connexions</h2>" >> $HTML_REPORT
2009 raphael.pi 538
 
539
#create new htdigest user to consult statistique of ACC
540
#if user does not exist, we create him
2138 richard 541
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
2009 raphael.pi 542
then
2189 tom.houday 543
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
544
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
545
	(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all
546
	chown -R root:apache $DIR_KEY
547
	chmod 640 $DIR_KEY/key_*
2009 raphael.pi 548
fi
549
 
550
#get stats.php from ACC
2138 richard 551
wget -q -nv --user $tmp_account --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate
2009 raphael.pi 552
 
553
#clean this file to include it in html report.
554
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
555
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
556
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
557
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
558
 
559
#we delete our user if he still exists
2138 richard 560
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
2009 raphael.pi 561
then
2189 tom.houday 562
	$SED "/^$tmp_account:/d" $DIR_KEY/key_only_manager
563
	$SED "/^$tmp_account:/d" $DIR_KEY/key_manager
564
	$SED "/^$tmp_account:/d" $DIR_KEY/key_all
2009 raphael.pi 565
fi
566
 
2190 tom.houday 567
 
568
###################### ALCASAR : LOG ACCESS ######################
569
echo "Get ACC log access of the week"
570
 
2209 tom.houday 571
ROWS=""
572
while read -r access ; do
2267 richard 573
	access_datas=(${access//|/ })
2190 tom.houday 574
 
2209 tom.houday 575
	accces_date_intl=$(echo "${access_datas[0]} ${access_datas[1]}" | sed -E 's@^([0-9]{2})+/+([0-9]{2})+/+([0-9]{4})+@\3-\2-\1@') # Convert date format DD/MM/YYYY to YYYY-MM-DD
576
	access_date=$(date -d "$accces_date_intl" +%s)
577
	access_user=${access_datas[2]}
578
	access_ip=${access_datas[3]}
2286 tom.houday 579
	access_agent=$(echo "$access" | cut -d'|' -f4)
2209 tom.houday 580
	if [ $access_date -lt $SECS_AGO ]; then
581
		break
582
	fi
2190 tom.houday 583
 
2209 tom.houday 584
	access_date_formatted=$(date -d @$access_date +"%x %X")
585
 
2267 richard 586
	ROWS="$ROWS<tr><td>$access_date_formatted</td><td>$access_user</td><td>$access_ip</td><td>$access_agent</td></tr>"
587
done < <(cat /var/Save/security/acc_access.log | sort -r)
2209 tom.houday 588
# TODO: Read archives if necessary
589
 
590
if [ -z "$ROWS" ]; then
2267 richard 591
	ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucune connexion</td></tr>"
2190 tom.houday 592
fi
593
 
2209 tom.houday 594
# Create HTML document
595
echo "<h2>Connexion à l'ALCASAR Control Center (ACC)</h2>" >> $HTML_REPORT
596
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
2267 richard 597
echo "<thead><tr><th>Date</th><th>Utilisateur</th><th>Adresse IP</th><th>Agent</th></tr></thead><tbody>" >> $HTML_REPORT
2209 tom.houday 598
echo $ROWS >> $HTML_REPORT
599
echo "</tbody></table>" >> $HTML_REPORT
2190 tom.houday 600
 
2209 tom.houday 601
 
2190 tom.houday 602
###################### ALCASAR : GLOBAL TRAFFIC ######################
603
echo "Get Global traffic of the last 30 days"
604
 
605
ROWS=""
2474 tom.houday 606
EXTIF=$(grep ^EXTIF= $CONF_FILE | cut -d'=' -f2)
2190 tom.houday 607
for day in $(vnstat --exportdb -i $EXTIF | grep '^d;' | sort -t";" -k3 -r); do
608
	day_datas=(${day//;/ })
609
	day_date=${day_datas[2]}
610
	day_rxMio=${day_datas[3]}
611
	day_txMio=${day_datas[4]}
612
	day_rxKio=${day_datas[5]}
613
	day_txKio=${day_datas[6]}
614
	day_act=${day_datas[7]}
615
 
616
	if [ $day_act -ne 1 ]; then
617
		continue
618
	fi
619
 
620
	if [ $day_date -lt $SECS_AGO ]; then
621
		break
622
	fi
623
 
2209 tom.houday 624
	day_date_formatted=$(date -d @$day_date +%x)
2190 tom.houday 625
	day_rx=$(($day_rxMio * 1048576 + $day_rxKio * 1024))
626
	day_tx=$(($day_txMio * 1048576 + $day_txKio * 1024))
627
	day_total=$(($day_rx + $day_tx))
2209 tom.houday 628
	day_rx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_rx)
629
	day_tx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_tx)
630
	day_total_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_total)
2190 tom.houday 631
 
2209 tom.houday 632
	ROWS="$ROWS<tr><td>$day_date_formatted</td><td>$day_rx_formatted</td><td>$day_tx_formatted</td><td>$day_total_formatted</td></tr>"
2190 tom.houday 633
done
634
 
2209 tom.houday 635
if [ -z "$ROWS" ]; then
636
	ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucun jour capturé</td></tr>"
637
fi
638
 
2190 tom.houday 639
# Create html document
2209 tom.houday 640
echo "<h2>Trafic global</h2>" >> $HTML_REPORT
2190 tom.houday 641
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
642
echo "<thead><tr><th>Date</th><th>Entrant</th><th>Sortant</th><th>Total</th></tr></thead><tbody>" >> $HTML_REPORT
643
echo $ROWS >> $HTML_REPORT
644
echo "</tbody></table>" >> $HTML_REPORT
645
 
646
 
647
###################### ALCASAR : FAIL2BAN ######################
648
echo "Get fail2ban log of the week"
649
 
2209 tom.houday 650
ROWS=""
651
dateDaysAgo_formatted=$(date --date="$MAX_DAY_AGO days ago" +'%Y-%m-%d %H:%M:%S,%N' | rev | cut -c 7- | rev)
652
while read -r log ; do
2190 tom.houday 653
	log_datas=($log)
654
	log_date="${log_datas[0]} ${log_datas[1]}"
655
	log_type=${log_datas[4]:1:-1}
656
	log_ip=${log_datas[6]}
2209 tom.houday 657
	log_date_formatted=$(date -d "$log_date" +"%x %X")
2190 tom.houday 658
 
2209 tom.houday 659
	ROWS="$ROWS<tr><td>$log_date_formatted</td><td>$log_ip</td><td>$log_type</td></tr>"
660
done < <(grep " Ban " /var/log/fail2ban.log | sort -r | awk -v dateDaysAgo="$dateDaysAgo_formatted" '($1 " " $2) >= dateDaysAgo')
2190 tom.houday 661
 
2209 tom.houday 662
if [ -z "$ROWS" ]; then
663
	ROWS="<tr><td colspan=\"3\" style=\"text-align: center;\">Aucune adresse IP bloquée</td></tr>"
664
fi
665
 
666
# Create html document
667
echo "<h2>Adresse(s) IP bloquée(s) (Fail2Ban)</h2>" >> $HTML_REPORT
668
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
669
echo "<thead><tr><th>Date</th><th>Adresse IP</th><th>Règle</th></tr></thead><tbody>" >> $HTML_REPORT
670
echo $ROWS >> $HTML_REPORT
2190 tom.houday 671
echo "</tbody></table>" >> $HTML_REPORT
672
 
673
 
2009 raphael.pi 674
######################FIN HTML######################
675
 
676
#Execute our javascript function to print charts
677
echo "<script>window.onload = function() {" >> $HTML_REPORT
678
#BL SINCE INSTALLATION
679
if [ $ENABLE_BL -eq "1" ]
680
then
681
	echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT
682
	echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT
683
fi
684
#BL WEEK
685
if [ $ENABLE_BL_WEEK -eq "1" ]
686
then
687
	echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT
688
	echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT
689
fi
690
#VIRUS THREAT
691
if [ $ENABLE_AV -eq "1" ]
692
then
693
	echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT
694
	echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT
695
fi
696
echo "};</script>" >> $HTML_REPORT
697
echo "</body>" >> $HTML_REPORT
698
echo "</html>" >> $HTML_REPORT
699
 
700
#convert html document to PDF
701
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
702
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
703
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
2139 richard 704
mv $(echo $HTML_REPORT | cut -d'.' -f1).pdf /var/Save/activity_report/
2009 raphael.pi 705
 
2013 raphael.pi 706
#compress every logs, if they exist
707
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
708
then
709
	gzip /var/log/havp/access.log.*
710
fi
711
 
712
#compress every logs
713
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
714
then
715
	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
716
fi
717
 
718
#remove our files
2141 richard 719
rm -f $TMP_BL
720
rm -f $TMP_BL_WEEK
721
rm -f $TMP_BL_WEEK_CAT
722
rm -f $TMP_STATS
723
rm -f $TMP_STATS_2
724
rm -f $HTML_REPORT