WebSVN – ALCASAR – Diff – /scripts/alcasar-activity_report.sh

 ######################BL WEBSITE SINCE INSTALLATION######################
 echo "Create BL website since the installation of ALCASAR"
 #find data
 #decompress every logs
-if [ $(ls -1 /var/log/dnsmasq/ | grep dnsmasq-blacklist.log.*.gz | wc -l) -ge 1 ]
+if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
 then
 	gunzip -d dnsmasq-blacklist.log.*.gz
 fi
 #convert logs date in timestamp and find categories of blacklisted website
 do
 	while read LOG_BL
 	do
 		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
 		then
 			#find the current blacklisted category
 			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
 			#we convert www.test.co.uk => test.co.uk to find the category of this website
                         if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
                         then
-                                website_bl=$(echo $website_bl | cut -d'.' -f2-)
+                                	website_bl=$(echo $website_bl | cut -d'.' -f2-)
                         fi
+			#get BL category
+			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
+			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
+			then
-			categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
+				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
+			fi
 			#Calculate its timestamp
 			Y=$(date -R | cut -d' ' -f4)
 			M=$(echo $LOG_BL | cut -d' ' -f1)
 			D=$(echo $LOG_BL | cut -d' ' -f2)
 			H=$(echo $LOG_BL | cut -d' ' -f3)
 			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
-			echo "$CURRENT_TS:$categorie_bl" >> $TMP_BL
+			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
 		fi
 	done < /var/log/dnsmasq/$FILE
 done
 #if data exists, create this section in html document
 if [ -e $TMP_BL ]
 then
 	ENABLE_BL=1
 	#count every BL website consulted since installation (maximum 1 year)
 		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
 		then
 			echo "" >> $HTML_REPORT
 		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
 		then
-			echo "\"nb site\"" >> $HTML_REPORT
+			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
 		else
 			echo $LINE_JS >> $HTML_REPORT
 		fi
 	done
 	echo "</script>" >> $HTML_REPORT
 	done
 	#then we count every occurence for each category in TMP_BL_WEEK
 	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
 	do
-		echo "$CAT:$(grep -o "$CAT" <<< "$(cat $TMP_BL_WEEK)" | wc -l)" >> $TMP_BL_WEEK_CAT
+		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
 	done
 	#we sort by number of occurence and we take the top 10 BL categories
 	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
 	do
 		else
 			echo $LINE_JS >> $HTML_REPORT
 		fi
 	done
 	echo "</script>" >> $HTML_REPORT
-	#Then we finish and remove our files
-	rm $TMP_BL
-	rm $TMP_BL_WEEK
-	rm $TMP_BL_WEEK_CAT
 else
 	echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
 fi
 ######################VIRUS THREAT######################
 echo "Create AV logs since the installation of ALCASAR"
 #decompress every logs, if they exist
-if [ $(ls -1 /var/log/havp/ | grep access.log.*.gz | wc -l) -ge 1 ]
+if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
 then
 	gunzip -d access.log.*.gz
 fi
 for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
 		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
 		then
 			echo "" >> $HTML_REPORT
 		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
 		then
-			echo "\"Menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
+			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
 		else
 			echo $LINE_JS >> $HTML_REPORT
 		fi
 	done
 	echo "</script>" >> $HTML_REPORT
 DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
 DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
 cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
 cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
-rm $TMP_STATS
-rm $TMP_STATS_2
 #we delete our user if he still exists
 if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
 then
         $SED "/^$compte:/d" $DIR_KEY/key_only_manager
         $SED "/^$compte:/d" $DIR_KEY/key_manager
 echo "</body>" >> $HTML_REPORT
 echo "</html>" >> $HTML_REPORT
 #convert html document to PDF
 /usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
 chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
 chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
-#remove HTML report
+#compress every logs, if they exist
+if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
+then
-rm $HTML_REPORT
+	gzip /var/log/havp/access.log.*
+fi
+#compress every logs
+if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
+then
+	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
+fi
+#remove our files
+rm $TMP_BL
+rm $TMP_BL_WEEK
+rm $TMP_BL_WEEK_CAT
+rm $TMP_STATS
+rm $TMP_STATS_2
+rm $HTML_REPORT

Subversion Repositories ALCASAR

(root)/scripts/alcasar-activity_report.sh – Rev 2009 → 2013