Subversion Repositories ALCASAR

Rev

Rev 2009 | Rev 2138 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2009 raphael.pi 1
#Create an activity report for ALCASAR every week.
2
#We read configuration files and logs to create cool charts.
3
 
4
#file
5
TMP_AV="/var/tmp/av_count.txt"
6
TMP_BL="/var/tmp/bl_count.txt"
7
TMP_BL_WEEK="/var/tmp/bl_count_week.txt"
8
TMP_BL_WEEK_CAT="/var/tmp/bl_count_week_cat.txt"
9
 
10
#Model loaded to create charts
11
MODEL_CHARTJS="/var/www/html/acc/manager/activity_report/models/Chart.report.js"
12
MODEL_TABINFO="/var/www/html/acc/manager/activity_report/models/tabinfo.html"
13
 
14
#Where the report will be created.
15
HTML_REPORT="/var/www/html/acc/manager/activity_report/alcasar-report-$(date +%F).html"
16
 
17
#password of MariaDB
18
PASSWD_FILE="/root/ALCASAR-passwords.txt"
19
 
20
#TIME VALUE
21
C_TS=$(date +"%s") #current timestamp
22
MAX_DAY_AGO=7
23
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago
24
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO
25
 
26
#PRIVATE IP OF ALCASAR
27
PRIVATE_IP=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2 | cut -d'/' -f1)
28
 
29
#COLOR for charts
30
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'"
31
 
32
#Values to create new htdigest user to consult statistique of ACC
33
DIR_KEY="/usr/local/etc/digest"
34
compte="papa"
35
realm="ALCASAR Control Center (ACC)"
36
password=$(openssl rand -base64 32) #random password (length : 32)
37
SED="/usr/bin/sed -i "
38
TMP_STATS="/var/tmp/stats.html"
39
TMP_STATS_2="/var/tmp/stats2.html"
40
 
41
#if empty logs, replace charts by text.
42
ENABLE_BL=0
43
ENABLE_BL_WEEK=0
44
ENABLE_AV=0
45
 
46
 
47
if [ -e $TMP_AV ]
48
then
49
	rm $TMP_AV
50
fi
51
 
52
if [ -e $TMP_BL ]
53
then
54
        rm $TMP_BL
55
fi
56
 
57
if [ -e $TMP_BL_WEEK ]
58
then
59
        rm $TMP_BL_WEEK
60
fi
61
 
62
if [ -e $TMP_BL_WEEK_CAT ]
63
then
64
        rm $TMP_BL_WEEK_CAT
65
fi
66
 
67
if [ -e $HTML_REPORT ]
68
then
69
        rm $HTML_REPORT
70
fi
71
 
72
echo "<!doctype html>" >> $HTML_REPORT
73
echo "<html>" >> $HTML_REPORT
74
echo "<head>" >> $HTML_REPORT
75
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>" >> $HTML_REPORT
76
echo "<title>ALCASAR report</title>" >> $HTML_REPORT
77
echo "<link rel='stylesheet' type='text/css' href='../../../css/bootstrap.min.css'>" >> $HTML_REPORT
78
echo "<link rel='stylesheet' type='text/css' href='../../../css/report.css'>" >> $HTML_REPORT
79
echo "<script src='../../../js/Chart.bundle.js'></script>" >> $HTML_REPORT
80
echo "<script src='../../../js/jquery.min.js'></script>" >> $HTML_REPORT
81
echo "</head>" >> $HTML_REPORT
82
echo "<body>" >> $HTML_REPORT
83
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)</center></h1>" >> $HTML_REPORT
84
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $HTML_REPORT
85
echo "<font size='1'>" >> $HTML_REPORT
86
 
87
######################TABINFO######################
88
echo "Create information about system and ALCASAR"
89
#contain every information about ALCASAR configuration, system and last update
90
 
91
cat $MODEL_TABINFO | while read LINE_HTML
92
do
93
 
94
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
95
then
96
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)
97
        echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
98
 
99
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
100
then
101
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep INSTALL_DATE | cut -d'=' -f2)
102
	echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
103
 
104
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
105
then
106
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep VERSION | cut -d'=' -f2)
107
	echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
108
 
109
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
110
then
111
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PUBLIC_IP | cut -d'=' -f2)
112
	echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
113
 
114
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
115
then
116
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2)
117
	echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
118
 
119
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
120
then
121
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep 'GW=' | cut -d'=' -f2)
122
	echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
123
 
124
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
125
then
126
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS1 | cut -d'=' -f2)
127
	echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
128
 
129
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
130
then
131
	VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS2 | cut -d'=' -f2)
132
	echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
133
 
134
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
135
then
136
	VALUE=$(hostname)
137
	echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
138
 
139
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
140
then
141
	VALUE=$( echo $(uname -r) [ $(uname -m) ] )
142
	echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
143
 
144
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
145
then
146
	VALUE=$(echo $(who -b | cut -d' ' -f12-))
147
	echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
148
 
149
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
150
then
151
	VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n"  | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
152
	echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
153
 
154
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
155
then
156
	VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
157
	echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
158
 
159
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
160
then
161
	#show every ALCASAR RPM updated since X day ago
162
	#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
163
	if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
164
	then
165
		PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
166
		rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
167
		do
168
			RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
169
			RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
170
			RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
171
			RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
172
 
173
 
174
			echo "<tr>" >> $HTML_REPORT
175
			echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
176
			echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
177
			echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
178
			echo "</tr>" >> $HTML_REPORT
179
		done
180
	else
181
		echo "<td>Pas de RPM mis à jour cette semaine</td>" >> $HTML_REPORT
182
		echo "</tr>" >> $HTML_REPORT
183
	fi
184
else
185
	echo $LINE_HTML >> $HTML_REPORT
186
fi
187
 
188
done
189
 
190
 
191
######################BL WEBSITE SINCE INSTALLATION######################
192
echo "Create BL website since the installation of ALCASAR"
193
#find data
194
 
195
#decompress every logs
2013 raphael.pi 196
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 197
then
198
	gunzip -d dnsmasq-blacklist.log.*.gz
199
fi
200
 
201
#convert logs date in timestamp and find categories of blacklisted website
202
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
203
do
204
	while read LOG_BL
205
	do
206
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
207
		then 
208
			#find the current blacklisted category
209
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
210
 
211
			#we convert www.test.co.uk => test.co.uk to find the category of this website
212
                        if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
213
                        then
2013 raphael.pi 214
                                	website_bl=$(echo $website_bl | cut -d'.' -f2-)
2009 raphael.pi 215
                        fi
216
 
2013 raphael.pi 217
			#get BL category
218
			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1) 
219
			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
220
			then
221
				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
222
			fi
223
 
2009 raphael.pi 224
			#Calculate its timestamp
225
			Y=$(date -R | cut -d' ' -f4)
226
			M=$(echo $LOG_BL | cut -d' ' -f1)
227
			D=$(echo $LOG_BL | cut -d' ' -f2) 
228
			H=$(echo $LOG_BL | cut -d' ' -f3)
229
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
2013 raphael.pi 230
			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
2009 raphael.pi 231
		fi
232
 
233
	done < /var/log/dnsmasq/$FILE
234
done
235
 
2013 raphael.pi 236
 
2009 raphael.pi 237
#if data exists, create this section in html document
238
if [ -e $TMP_BL ]
239
then
240
	ENABLE_BL=1
241
	#count every BL website consulted since installation (maximum 1 year)
242
	DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 )
243
 
244
 
245
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
246
	do
247
		DATE_1=$TS
248
		DATE_2=$((TS-$STEP_TS))
249
		COUNT_BL_INSTALLATION=0	
250
 
251
		for LINE in $(cat $TMP_BL)
252
		do
253
			TS_FILE=$(echo $LINE | cut -d':' -f1)
254
 
255
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
256
			then 
257
				COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
258
 
259
			fi
260
		done
261
 
262
		VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
263
		VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
264
	done
265
 
266
	#create Antivirus section in html document
267
	NAME_BL_INSTALLATION='chart_bl_installation'
268
	CONF_BL_INSTALLATION='config_bl_installation'
269
	echo "<center>" >> $HTML_REPORT
270
	echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT
271
	echo "</center>" >> $HTML_REPORT
272
 
273
	#create chart bar in html file with javascript (chartjs.com)
274
	echo "<script>" >> $HTML_REPORT
275
	cat $MODEL_CHARTJS | while read LINE_JS
276
	do
277
		#name of variable
278
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] 
279
		then
280
			echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
281
		#chart type
282
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] 
283
		then
284
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
285
		#chart title
286
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
287
		        then
288
			echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
289
		#chart data
290
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] 
291
		then
292
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
293
		#color
294
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] 
295
		then
296
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
297
		#labels
298
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] 
299
		then
300
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
301
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] 
302
		then
303
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
304
		#display value of Y axis, only useful for chart bar
305
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] 
306
		then
307
			echo "" >> $HTML_REPORT
308
		#display value of Y axis, only useful for chart bar
309
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
310
		then
311
			echo "" >> $HTML_REPORT
312
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
313
		then
2013 raphael.pi 314
			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
2009 raphael.pi 315
		else
316
			echo $LINE_JS >> $HTML_REPORT
317
		fi
318
	done
319
	echo "</script>" >> $HTML_REPORT
320
else
321
	echo "<h3>Aucune activité de la Blacklist depuis l'installation.</h3>" >> $HTML_REPORT
322
fi
323
 
324
 
325
 
326
######################DNSMASQ BLACKLIST######################
327
echo "Create BL website since $MAX_DAY_AGO days"
328
 
329
#if data exists, create BL section in html document
330
if [ -e $TMP_BL ]
331
then
332
	ENABLE_BL_WEEK=1
333
	#find data
334
	#count every BL website consulted since DAYS_AGO
335
	DATE_1=$C_TS
336
	DATE_2=$((DATE_1-$STEP_TS))
337
 
338
	for LINE in $(cat $TMP_BL)
339
	do
340
		TS_FILE=$(echo $LINE | cut -d':' -f1)
341
		#select only elements between DATE_1 and DATE_2
342
		if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
343
		then 
344
			echo $LINE >> $TMP_BL_WEEK
345
		fi
346
	done
347
 
348
	#then we count every occurence for each category in TMP_BL_WEEK
349
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
350
	do
2013 raphael.pi 351
		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT  
2009 raphael.pi 352
	done
353
 
354
	#we sort by number of occurence and we take the top 10 BL categories
355
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
356
	do
357
 
358
		DATA=$(echo $LINE | cut -d':' -f2)
359
		LABEL=$(echo $LINE | cut -d':' -f1)
360
		if [ $DATA -ne 0 ]
361
		then
362
		        VALUE_BL_DATA="$VALUE_BL_DATA $DATA, "
363
		        VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)',"
364
 
365
		fi
366
	done
367
 
368
	#get other categories (sum them all)
369
        if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc) -gt 0 ]
370
        then
371
                VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc)"
372
                VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) |  paste -sd+ | bc))'"
373
        fi
374
 
375
	#create chart pie in html file with javascript (chartjs.com)
376
	NAME_BL='chart_bl'
377
	CONF_BL='config_bl'
378
	echo "<center>" >> $HTML_REPORT
379
	echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT
380
	echo "</center>" >> $HTML_REPORT
381
	echo "<script>" >> $HTML_REPORT
382
 
383
	cat $MODEL_CHARTJS | while read LINE_JS
384
	do
385
		#variable name
386
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] 
387
		then
388
			echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
389
		#chart type
390
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] 
391
		then
392
			echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
393
		#graph title
394
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
395
		then
396
		        echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
397
		#chart data
398
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] 
399
		then
400
			echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
401
		#color
402
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] 
403
		then
404
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
405
		#labels
406
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] 
407
		then
408
			echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
409
		#display legend, only useful for chart pie
410
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] 
411
		then
412
			echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
413
		#display value of Y axis, only useful for chart bar
414
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] 
415
		then
416
			echo "/*" >> $HTML_REPORT
417
		#display value of Y axis, only useful for chart bar
418
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
419
		then
420
			echo "*/" >> $HTML_REPORT
421
		else
422
			echo $LINE_JS >> $HTML_REPORT
423
		fi
424
	done
425
	echo "</script>" >> $HTML_REPORT
426
else
427
	echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
428
fi
429
 
430
######################VIRUS THREAT######################
431
echo "Create AV logs since the installation of ALCASAR"
432
 
433
#decompress every logs, if they exist
2013 raphael.pi 434
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
2009 raphael.pi 435
then
436
	gunzip -d access.log.*.gz
437
fi
438
 
439
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
440
do
441
	while read LINE_AV
442
	do
443
		Y=$(echo $LINE_AV | cut -d' ' -f1)
444
		M=$(echo $LINE_AV | cut -d' ' -f2)
445
		D=$(echo $LINE_AV | cut -d' ' -f3)
446
		H=$(echo $LINE_AV | cut -d' ' -f4)
447
		CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
448
		echo $CURRENT_TS >> $TMP_AV
449
	done < /var/log/havp/$FILE
450
 
451
done
452
 
453
if [ -e $TMP_AV ]
454
then
455
	ENABLE_AV=1
456
	DATE_END=$(cat $TMP_AV | sort -n | head -1)
457
	for TS in $(seq $C_TS -$STEP_TS $DATE_END)
458
	do
459
		DATE_1=$TS
460
		DATE_2=$((TS-$STEP_TS))
461
		COUNT_AV=0	
462
 
463
 
464
		for TS_FILE in $(cat $TMP_AV)
465
		do
466
			if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
467
			then 
468
				COUNT_AV=$((COUNT_AV+1))
469
 
470
			fi
471
		done
472
 
473
		VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
474
		VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
475
	done
476
 
477
	#create Antivirus section in html document
478
	NAME_AV='chart_av'
479
	CONF_AV='config_av'
480
	echo "<center>" >> $HTML_REPORT
481
	echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT
482
	echo "</center>" >> $HTML_REPORT
483
 
484
 
485
	#create chart bar in html file with javascript (chartjs.com)
486
	echo "<script>" >> $HTML_REPORT
487
	cat $MODEL_CHARTJS | while read LINE_JS
488
	do
489
		#name of variable
490
		if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] 
491
		then
492
			echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
493
		#chart type
494
		elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] 
495
		then
496
			echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
497
		#graph title
498
		elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
499
		then
500
		        echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
501
		#chart data
502
		elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] 
503
		then
504
			echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
505
		#color
506
		elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] 
507
		then
508
			echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
509
		#labels
510
		elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] 
511
		then
512
			echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
513
		elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] 
514
		then
515
			echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
516
		#display value of Y axis, only useful for chart bar
517
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] 
518
		then
519
			echo "" >> $HTML_REPORT
520
		#display value of Y axis, only useful for chart bar
521
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
522
		then
523
			echo "" >> $HTML_REPORT
524
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
525
		then
2013 raphael.pi 526
			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
2009 raphael.pi 527
		else
528
			echo $LINE_JS >> $HTML_REPORT
529
		fi
530
	done
531
	echo "</script>" >> $HTML_REPORT
532
else
533
	echo "<h3>Aucune menace virale.</h3>" >> $HTML_REPORT
534
fi
535
 
536
######################AUTHORIZED CONNECTIONS######################
537
 
538
echo "Create authorized connections since the installation of ALCASAR"
539
#get number of authorized, forbidden and fail2ban connections :
540
PASSWD_FILE="/root/ALCASAR-passwords.txt"
541
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"User-Request\" ORDER BY acctstarttime"
542
AUTHORIZED=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' '  -f1 | rev) -e "$QUERY" | cut -d')' -f2)
543
QUERY="SELECT COUNT(acctterminatecause) FROM radacct WHERE acctterminatecause=\"Admin-Reset\" ORDER BY acctstarttime"
544
FORBIDDEN=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' '  -f1 | rev) -e "$QUERY" | cut -d')' -f2)
545
FAIL2BAN=$(strings /var/log/fail2ban.log | grep " Ban " | wc -l)
546
 
547
VALUE_AUTH="$AUTHORIZED, $FORBIDDEN, $FAIL2BAN"
548
LABEL_AUTH="'Autorisées ($AUTHORIZED) ', 'Interdites ($FORBIDDEN)', 'fail2ban($FAIL2BAN)'"
549
 
550
#create chart pie in html file with javascript (chartjs.com)
551
NAME_AUTH='chart_auth'
552
CONF_AUTH='config_auth'
553
echo "<center>" >> $HTML_REPORT
554
echo "<canvas id='$NAME_AUTH' width='450' height='450' ></canvas>" >> $HTML_REPORT
555
echo "</center>" >> $HTML_REPORT
556
echo "<script>" >> $HTML_REPORT
557
 
558
cat $MODEL_CHARTJS | while read LINE_JS
559
do
560
	#variable name
561
	if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] 
562
	then
563
		echo ${LINE_JS/XXCONFXX/$CONF_AUTH} >> $HTML_REPORT
564
	#chart type
565
	elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] 
566
	then
567
		echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
568
	#graph title
569
	elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
570
	then
571
	        echo ${LINE_JS/XXTITLEXX/"Connexions des utilisateurs"} >> $HTML_REPORT
572
	#chart data
573
	elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] 
574
	then
575
		echo ${LINE_JS/XXDATAXX/$VALUE_AUTH} >> $HTML_REPORT
576
	#color
577
	elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] 
578
	then
579
		echo ${LINE_JS/XXCOLORXX/"'#000099','#ff6600','#ff0000'"} >> $HTML_REPORT
580
	#labels
581
	elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] 
582
	then
583
		echo ${LINE_JS/XXLABELSXX/$LABEL_AUTH} >> $HTML_REPORT
584
	#display legend, only useful for chart pie
585
	elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] 
586
	then
587
		echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
588
	#display value of Y axis, only useful for chart bar
589
	elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] 
590
	then
591
		echo "/*" >> $HTML_REPORT
592
	#display value of Y axis, only useful for chart bar
593
	elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
594
	then
595
		echo "*/" >> $HTML_REPORT
596
	else
597
		echo $LINE_JS >> $HTML_REPORT
598
	fi
599
done
600
echo "</script>" >> $HTML_REPORT
601
 
602
 
603
######################ALCASAR : DAILY USE######################
604
echo "Get daily use connection of the week"
605
#create html document
606
echo "<h3>Statistiques volumétrie connexions</h3>" >> $HTML_REPORT
607
 
608
#create new htdigest user to consult statistique of ACC
609
#if user does not exist, we create him
610
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
611
then
612
        (echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
613
        (echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
614
        (echo -n "$compte:$realm:" && echo -n "$compte:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all
615
        chown -R root:apache $DIR_KEY
616
        chmod 640 $DIR_KEY/key_*
617
fi
618
 
619
#get stats.php from ACC
620
wget -q -nv --user $compte --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate
621
 
622
#clean this file to include it in html report.
623
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
624
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
625
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
626
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
627
 
628
#we delete our user if he still exists
629
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
630
then
631
        $SED "/^$compte:/d" $DIR_KEY/key_only_manager
632
        $SED "/^$compte:/d" $DIR_KEY/key_manager
633
       	$SED "/^$compte:/d" $DIR_KEY/key_all
634
fi
635
 
636
######################FIN HTML######################
637
 
638
 
639
#Execute our javascript function to print charts
640
echo "<script>window.onload = function() {" >> $HTML_REPORT
641
#BL SINCE INSTALLATION
642
if [ $ENABLE_BL -eq "1" ]
643
then
644
	echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT
645
	echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT
646
fi
647
#BL WEEK
648
if [ $ENABLE_BL_WEEK -eq "1" ]
649
then
650
	echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT
651
	echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT
652
fi
653
#VIRUS THREAT
654
if [ $ENABLE_AV -eq "1" ]
655
then
656
	echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT
657
	echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT
658
fi
659
#CONNEXIONS AUTHORIZED
660
echo "var ctx_$NAME_AUTH = document.getElementById('$NAME_AUTH').getContext('2d');" >> $HTML_REPORT
661
echo "var $NAME_AUTH = new Chart(ctx_$NAME_AUTH, $CONF_AUTH);" >> $HTML_REPORT
662
echo "};</script>" >> $HTML_REPORT
663
 
664
 
665
 
666
echo "</body>" >> $HTML_REPORT
667
echo "</html>" >> $HTML_REPORT
668
 
2013 raphael.pi 669
 
2009 raphael.pi 670
#convert html document to PDF
671
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
672
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
673
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
674
 
2013 raphael.pi 675
#compress every logs, if they exist
676
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
677
then
678
	gzip /var/log/havp/access.log.*
679
fi
680
 
681
#compress every logs
682
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
683
then
684
	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
685
fi
686
 
687
#remove our files
688
rm $TMP_BL
689
rm $TMP_BL_WEEK
690
rm $TMP_BL_WEEK_CAT
691
rm $TMP_STATS
692
rm $TMP_STATS_2
2009 raphael.pi 693
rm $HTML_REPORT