0,0 → 1,678 |
#Create an activity report for ALCASAR every week. |
#We read configuration files and logs to create cool charts. |
|
#file |
TMP_AV="/var/tmp/av_count.txt" |
TMP_BL="/var/tmp/bl_count.txt" |
TMP_BL_WEEK="/var/tmp/bl_count_week.txt" |
TMP_BL_WEEK_CAT="/var/tmp/bl_count_week_cat.txt" |
|
#Model loaded to create charts |
MODEL_CHARTJS="/var/www/html/acc/manager/activity_report/models/Chart.report.js" |
MODEL_TABINFO="/var/www/html/acc/manager/activity_report/models/tabinfo.html" |
|
#Where the report will be created. |
HTML_REPORT="/var/www/html/acc/manager/activity_report/alcasar-report-$(date +%F).html" |
|
#password of MariaDB |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
|
#TIME VALUE |
C_TS=$(date +"%s") #current timestamp |
MAX_DAY_AGO=7 |
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago |
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO |
|
#PRIVATE IP OF ALCASAR |
PRIVATE_IP=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2 | cut -d'/' -f1) |
|
#COLOR for charts |
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'" |
|
#Values to create new htdigest user to consult statistique of ACC |
DIR_KEY="/usr/local/etc/digest" |
compte="papa" |
realm="ALCASAR Control Center (ACC)" |
password=$(openssl rand -base64 32) #random password (length : 32) |
SED="/usr/bin/sed -i " |
TMP_STATS="/var/tmp/stats.html" |
TMP_STATS_2="/var/tmp/stats2.html" |
|
#if empty logs, replace charts by text. |
ENABLE_BL=0 |
ENABLE_BL_WEEK=0 |
ENABLE_AV=0 |
|
|
if [ -e $TMP_AV ] |
then |
rm $TMP_AV |
fi |
|
if [ -e $TMP_BL ] |
then |
rm $TMP_BL |
fi |
|
if [ -e $TMP_BL_WEEK ] |
then |
rm $TMP_BL_WEEK |
fi |
|
if [ -e $TMP_BL_WEEK_CAT ] |
then |
rm $TMP_BL_WEEK_CAT |
fi |
|
if [ -e $HTML_REPORT ] |
then |
rm $HTML_REPORT |
fi |
|
echo "<!doctype html>" >> $HTML_REPORT |
echo "<html>" >> $HTML_REPORT |
echo "<head>" >> $HTML_REPORT |
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>" >> $HTML_REPORT |
echo "<title>ALCASAR report</title>" >> $HTML_REPORT |
echo "<link rel='stylesheet' type='text/css' href='../../../css/bootstrap.min.css'>" >> $HTML_REPORT |
echo "<link rel='stylesheet' type='text/css' href='../../../css/report.css'>" >> $HTML_REPORT |
echo "<script src='../../../js/Chart.bundle.js'></script>" >> $HTML_REPORT |
echo "<script src='../../../js/jquery.min.js'></script>" >> $HTML_REPORT |
echo "</head>" >> $HTML_REPORT |
echo "<body>" >> $HTML_REPORT |
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)</center></h1>" >> $HTML_REPORT |
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $HTML_REPORT |
echo "<font size='1'>" >> $HTML_REPORT |
|
######################TABINFO###################### |
echo "Create information about system and ALCASAR" |
#contain every information about ALCASAR configuration, system and last update |
|
cat $MODEL_TABINFO | while read LINE_HTML |
do |
|
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2) |
echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep INSTALL_DATE | cut -d'=' -f2) |
echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep VERSION | cut -d'=' -f2) |
echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep PUBLIC_IP | cut -d'=' -f2) |
echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2) |
echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep 'GW=' | cut -d'=' -f2) |
echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS1 | cut -d'=' -f2) |
echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS2 | cut -d'=' -f2) |
echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ] |
then |
VALUE=$(hostname) |
echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ] |
then |
VALUE=$( echo $(uname -r) [ $(uname -m) ] ) |
echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ] |
then |
VALUE=$(echo $(who -b | cut -d' ' -f12-)) |
echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ] |
then |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S") |
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6) |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT |
|
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ] |
then |
#show every ALCASAR RPM updated since X day ago |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ] |
then |
PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S") |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2) |
RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3) |
|
|
echo "<tr>" >> $HTML_REPORT |
echo "<td>$RPM_NAME</td>" >> $HTML_REPORT |
echo "<td>$RPM_DATE</td>" >> $HTML_REPORT |
echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT |
echo "</tr>" >> $HTML_REPORT |
done |
else |
echo "<td>Pas de RPM mis à jour cette semaine</td>" >> $HTML_REPORT |
echo "</tr>" >> $HTML_REPORT |
fi |
else |
echo $LINE_HTML >> $HTML_REPORT |
fi |
|
done |
|
|
######################BL WEBSITE SINCE INSTALLATION###################### |
echo "Create BL website since the installation of ALCASAR" |
#find data |
|
#decompress every logs |
if [ $(ls -1 /var/log/dnsmasq/ | grep dnsmasq-blacklist.log.*.gz | wc -l) -ge 1 ] |
then |
gunzip -d dnsmasq-blacklist.log.*.gz |
fi |
|
#convert logs date in timestamp and find categories of blacklisted website |
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log') |
do |
while read LOG_BL |
do |
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ] |
then |
|
#find the current blacklisted category |
website_bl=$(echo $LOG_BL | cut -d' ' -f6) |
|
#we convert www.test.co.uk => test.co.uk to find the category of this website |
if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ] |
then |
website_bl=$(echo $website_bl | cut -d'.' -f2-) |
fi |
|
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1) |
|
#Calculate its timestamp |
Y=$(date -R | cut -d' ' -f4) |
M=$(echo $LOG_BL | cut -d' ' -f1) |
D=$(echo $LOG_BL | cut -d' ' -f2) |
H=$(echo $LOG_BL | cut -d' ' -f3) |
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s") |
echo "$CURRENT_TS:$categorie_bl" >> $TMP_BL |
fi |
|
done < /var/log/dnsmasq/$FILE |
done |
|
#if data exists, create this section in html document |
if [ -e $TMP_BL ] |
then |
ENABLE_BL=1 |
#count every BL website consulted since installation (maximum 1 year) |
DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 ) |
|
|
for TS in $(seq $C_TS -$STEP_TS $DATE_END) |
do |
DATE_1=$TS |
DATE_2=$((TS-$STEP_TS)) |
COUNT_BL_INSTALLATION=0 |
|
for LINE in $(cat $TMP_BL) |
do |
TS_FILE=$(echo $LINE | cut -d':' -f1) |
|
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ] |
then |
COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1)) |
|
fi |
done |
|
VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL" |
VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA" |
done |
|
#create Antivirus section in html document |
NAME_BL_INSTALLATION='chart_bl_installation' |
CONF_BL_INSTALLATION='config_bl_installation' |
echo "<center>" >> $HTML_REPORT |
echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT |
echo "</center>" >> $HTML_REPORT |
|
#create chart bar in html file with javascript (chartjs.com) |
echo "<script>" >> $HTML_REPORT |
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#name of variable |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT |
#chart title |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
then |
echo "\"nb site\"" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
done |
echo "</script>" >> $HTML_REPORT |
else |
echo "<h3>Aucune activité de la Blacklist depuis l'installation.</h3>" >> $HTML_REPORT |
fi |
|
|
|
######################DNSMASQ BLACKLIST###################### |
echo "Create BL website since $MAX_DAY_AGO days" |
|
#if data exists, create BL section in html document |
if [ -e $TMP_BL ] |
then |
ENABLE_BL_WEEK=1 |
#find data |
#count every BL website consulted since DAYS_AGO |
DATE_1=$C_TS |
DATE_2=$((DATE_1-$STEP_TS)) |
|
for LINE in $(cat $TMP_BL) |
do |
TS_FILE=$(echo $LINE | cut -d':' -f1) |
#select only elements between DATE_1 and DATE_2 |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ] |
then |
echo $LINE >> $TMP_BL_WEEK |
fi |
done |
|
#then we count every occurence for each category in TMP_BL_WEEK |
for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1) |
do |
echo "$CAT:$(grep -o "$CAT" <<< "$(cat $TMP_BL_WEEK)" | wc -l)" >> $TMP_BL_WEEK_CAT |
done |
|
#we sort by number of occurence and we take the top 10 BL categories |
for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10) |
do |
|
DATA=$(echo $LINE | cut -d':' -f2) |
LABEL=$(echo $LINE | cut -d':' -f1) |
if [ $DATA -ne 0 ] |
then |
VALUE_BL_DATA="$VALUE_BL_DATA $DATA, " |
VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)'," |
|
fi |
done |
|
#get other categories (sum them all) |
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ] |
then |
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)" |
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'" |
fi |
|
#create chart pie in html file with javascript (chartjs.com) |
NAME_BL='chart_bl' |
CONF_BL='config_bl' |
echo "<center>" >> $HTML_REPORT |
echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT |
echo "</center>" >> $HTML_REPORT |
echo "<script>" >> $HTML_REPORT |
|
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#variable name |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT |
#graph title |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT |
#display legend, only useful for chart pie |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
then |
echo "/*" >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
then |
echo "*/" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
done |
echo "</script>" >> $HTML_REPORT |
#Then we finish and remove our files |
rm $TMP_BL |
rm $TMP_BL_WEEK |
rm $TMP_BL_WEEK_CAT |
else |
echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT |
fi |
|
######################VIRUS THREAT###################### |
echo "Create AV logs since the installation of ALCASAR" |
|
#decompress every logs, if they exist |
if [ $(ls -1 /var/log/havp/ | grep access.log.*.gz | wc -l) -ge 1 ] |
then |
gunzip -d access.log.*.gz |
fi |
|
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log') |
do |
while read LINE_AV |
do |
Y=$(echo $LINE_AV | cut -d' ' -f1) |
M=$(echo $LINE_AV | cut -d' ' -f2) |
D=$(echo $LINE_AV | cut -d' ' -f3) |
H=$(echo $LINE_AV | cut -d' ' -f4) |
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s") |
echo $CURRENT_TS >> $TMP_AV |
done < /var/log/havp/$FILE |
|
done |
|
if [ -e $TMP_AV ] |
then |
ENABLE_AV=1 |
DATE_END=$(cat $TMP_AV | sort -n | head -1) |
for TS in $(seq $C_TS -$STEP_TS $DATE_END) |
do |
DATE_1=$TS |
DATE_2=$((TS-$STEP_TS)) |
COUNT_AV=0 |
|
|
for TS_FILE in $(cat $TMP_AV) |
do |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ] |
then |
COUNT_AV=$((COUNT_AV+1)) |
|
fi |
done |
|
VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL" |
VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA" |
done |
|
#create Antivirus section in html document |
NAME_AV='chart_av' |
CONF_AV='config_av' |
echo "<center>" >> $HTML_REPORT |
echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT |
echo "</center>" >> $HTML_REPORT |
|
|
#create chart bar in html file with javascript (chartjs.com) |
echo "<script>" >> $HTML_REPORT |
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#name of variable |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT |
#graph title |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
then |
echo "\"Menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
done |
echo "</script>" >> $HTML_REPORT |
else |
echo "<h3>Aucune menace virale.</h3>" >> $HTML_REPORT |
fi |
|
######################AUTHORIZED CONNECTIONS###################### |
|
echo "Create authorized connections since the installation of ALCASAR" |
#get number of authorized, forbidden and fail2ban connections : |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"User-Request\" ORDER BY acctstarttime" |
AUTHORIZED=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" | cut -d')' -f2) |
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"Admin-Reset\" ORDER BY acctstarttime" |
FORBIDDEN=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" | cut -d')' -f2) |
FAIL2BAN=$(strings /var/log/fail2ban.log | grep " Ban " | wc -l) |
|
VALUE_AUTH="$AUTHORIZED, $FORBIDDEN, $FAIL2BAN" |
LABEL_AUTH="'Autorisées ($AUTHORIZED) ', 'Interdites ($FORBIDDEN)', 'fail2ban($FAIL2BAN)'" |
|
#create chart pie in html file with javascript (chartjs.com) |
NAME_AUTH='chart_auth' |
CONF_AUTH='config_auth' |
echo "<center>" >> $HTML_REPORT |
echo "<canvas id='$NAME_AUTH' width='450' height='450' ></canvas>" >> $HTML_REPORT |
echo "</center>" >> $HTML_REPORT |
echo "<script>" >> $HTML_REPORT |
|
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#variable name |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_AUTH} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT |
#graph title |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTITLEXX/"Connexions des utilisateurs"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_AUTH} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/"'#000099','#ff6600','#ff0000'"} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$LABEL_AUTH} >> $HTML_REPORT |
#display legend, only useful for chart pie |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
then |
echo "/*" >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
then |
echo "*/" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
done |
echo "</script>" >> $HTML_REPORT |
|
|
######################ALCASAR : DAILY USE###################### |
echo "Get daily use connection of the week" |
#create html document |
echo "<h3>Statistiques volumétrie connexions</h3>" >> $HTML_REPORT |
|
#create new htdigest user to consult statistique of ACC |
#if user does not exist, we create him |
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ] |
then |
(echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager |
(echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager |
(echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all |
chown -R root:apache $DIR_KEY |
chmod 640 $DIR_KEY/key_* |
fi |
|
#get stats.php from ACC |
wget -q -nv --user $compte --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate |
|
#clean this file to include it in html report. |
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>" |
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>" |
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2 |
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT |
|
rm $TMP_STATS |
rm $TMP_STATS_2 |
|
#we delete our user if he still exists |
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ] |
then |
$SED "/^$compte:/d" $DIR_KEY/key_only_manager |
$SED "/^$compte:/d" $DIR_KEY/key_manager |
$SED "/^$compte:/d" $DIR_KEY/key_all |
fi |
|
######################FIN HTML###################### |
|
|
#Execute our javascript function to print charts |
echo "<script>window.onload = function() {" >> $HTML_REPORT |
#BL SINCE INSTALLATION |
if [ $ENABLE_BL -eq "1" ] |
then |
echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT |
echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT |
fi |
#BL WEEK |
if [ $ENABLE_BL_WEEK -eq "1" ] |
then |
echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT |
echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT |
fi |
#VIRUS THREAT |
if [ $ENABLE_AV -eq "1" ] |
then |
echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT |
echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT |
fi |
#CONNEXIONS AUTHORIZED |
echo "var ctx_$NAME_AUTH = document.getElementById('$NAME_AUTH').getContext('2d');" >> $HTML_REPORT |
echo "var $NAME_AUTH = new Chart(ctx_$NAME_AUTH, $CONF_AUTH);" >> $HTML_REPORT |
echo "};</script>" >> $HTML_REPORT |
|
|
|
echo "</body>" >> $HTML_REPORT |
echo "</html>" >> $HTML_REPORT |
|
#convert html document to PDF |
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
|
#remove HTML report |
rm $HTML_REPORT |
|