2189 |
tom.houday |
1 |
#!/bin/bash
|
|
|
2 |
# $Id: alcasar-activity_report.sh 2286 2017-06-20 08:32:30Z tom.houdayer $
|
|
|
3 |
#
|
2138 |
richard |
4 |
# Create an activity report for ALCASAR every week (sunday at 5.35 pm --> see cron.d).
|
|
|
5 |
# We read configuration files and logs to create cool charts.
|
2190 |
tom.houday |
6 |
# Written by Raphaël PION, Rexy & Tom HOUDAYER
|
2009 |
raphael.pi |
7 |
|
2138 |
richard |
8 |
# files
|
|
|
9 |
DIR_TMP="/var/tmp"
|
|
|
10 |
TMP_AV="$DIR_TMP/av_count.txt"
|
|
|
11 |
TMP_BL="$DIR_TMP/bl_count.txt"
|
|
|
12 |
TMP_BL_WEEK="$DIR_TMP/bl_count_week.txt"
|
|
|
13 |
TMP_BL_WEEK_CAT="$DIR_TMP/bl_count_week_cat.txt"
|
2009 |
raphael.pi |
14 |
|
2138 |
richard |
15 |
# Model loaded to create charts
|
|
|
16 |
DIR_BUILD="/var/www/html/acc/manager/activity_report/"
|
|
|
17 |
MODEL_CHARTJS="$DIR_BUILD/models/Chart.report.js"
|
|
|
18 |
MODEL_TABINFO="$DIR_BUILD/models/tabinfo.html"
|
2009 |
raphael.pi |
19 |
|
2138 |
richard |
20 |
# Where the report will be created.
|
|
|
21 |
HTML_REPORT="$DIR_BUILD/alcasar-report-$(date +%F).html"
|
2009 |
raphael.pi |
22 |
|
2138 |
richard |
23 |
# TIME VALUE
|
2009 |
raphael.pi |
24 |
C_TS=$(date +"%s") #current timestamp
|
|
|
25 |
MAX_DAY_AGO=7
|
|
|
26 |
SECS_AGO=$(date --date="$MAX_DAY_AGO days ago" +"%s") #timestamp ago
|
|
|
27 |
STEP_TS=$((C_TS-$SECS_AGO)) #timestamp between current timestamp and SECS_AGO
|
|
|
28 |
|
2138 |
richard |
29 |
# PRIVATE IP OF ALCASAR
|
2009 |
raphael.pi |
30 |
PRIVATE_IP=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2 | cut -d'/' -f1)
|
|
|
31 |
|
2138 |
richard |
32 |
# COLOR for charts
|
2009 |
raphael.pi |
33 |
COLOR="'#ff0000','#3333cc','#009933','#993300','#1720EE','#D30229','#8D726D','#41C4E4','#8574F4','#A0BC1A','#BFDC1F','#5ADDC3','#B05744','#CD9319','#8CA39B','#D4AA1C','#A76752','#B03088','#445E87','#70424D','#D118C3','#46ABEF','#E9F197','#AEC0D4','#755C79','#94BBD7','#E2E9DC','#8B68D0','#F7EC7C','#1F16B8','#F4DA0A','#2EC17A','#E06483','#48B342','#F510CD','#9B2662','#180E98','#988FC1','#209E4E','#034240','#FDB142','#36B445','#CDD5C9','#6FA0DE','#EE2206','#204E19','#15FC93','#161ECE','#83D33B','#11A44A','#B7BF6C','#87274C','#B52C4F','#AD2805','#427E6C','#91341A','#191315','#FCB290','#13D3CD','#90F0E6','#C870C9','#AD2C14','#201D2A','#E4DB79','#90A919','#FE17FE','#09B35C','#88D950','#3440FC','#A9D42F','#E2DFAC','#DA69EC','#67430A','#43E94E','#5F7349','#22CF16','#CF038F','#0F6427','#F7AD0F','#C5E382','#DB49B6','#F760BF','#0BE701','#EF88D8','#79E6D7','#8A2D3D','#435A30','#A3C8AC','#99B118','#A929FF','#08A36D','#0A1654','#6F8283','#E1CA3E','#3E8577','#580FB6','#DB0E16','#386CBE','#FA0C43','#B713C9'"
|
|
|
34 |
|
2138 |
richard |
35 |
# Values to create new htdigest user to consult statistique of ACC
|
2009 |
raphael.pi |
36 |
DIR_KEY="/usr/local/etc/digest"
|
2138 |
richard |
37 |
tmp_account="alcasar"
|
2009 |
raphael.pi |
38 |
realm="ALCASAR Control Center (ACC)"
|
|
|
39 |
password=$(openssl rand -base64 32) #random password (length : 32)
|
|
|
40 |
SED="/usr/bin/sed -i "
|
2138 |
richard |
41 |
TMP_STATS="$DIR_TMP/stats.html"
|
|
|
42 |
TMP_STATS_2="$DIR_TMP/stats2.html"
|
2009 |
raphael.pi |
43 |
|
2138 |
richard |
44 |
# if empty logs, replace charts by text.
|
2009 |
raphael.pi |
45 |
ENABLE_BL=0
|
|
|
46 |
ENABLE_BL_WEEK=0
|
|
|
47 |
ENABLE_AV=0
|
|
|
48 |
|
|
|
49 |
if [ -e $TMP_AV ]
|
|
|
50 |
then
|
|
|
51 |
rm $TMP_AV
|
|
|
52 |
fi
|
|
|
53 |
|
|
|
54 |
if [ -e $TMP_BL ]
|
|
|
55 |
then
|
2189 |
tom.houday |
56 |
rm $TMP_BL
|
2009 |
raphael.pi |
57 |
fi
|
|
|
58 |
|
|
|
59 |
if [ -e $TMP_BL_WEEK ]
|
|
|
60 |
then
|
2189 |
tom.houday |
61 |
rm $TMP_BL_WEEK
|
2009 |
raphael.pi |
62 |
fi
|
|
|
63 |
|
|
|
64 |
if [ -e $TMP_BL_WEEK_CAT ]
|
|
|
65 |
then
|
2189 |
tom.houday |
66 |
rm $TMP_BL_WEEK_CAT
|
2009 |
raphael.pi |
67 |
fi
|
|
|
68 |
|
|
|
69 |
if [ -e $HTML_REPORT ]
|
|
|
70 |
then
|
2189 |
tom.houday |
71 |
rm $HTML_REPORT
|
2009 |
raphael.pi |
72 |
fi
|
|
|
73 |
|
|
|
74 |
echo "<!doctype html>" >> $HTML_REPORT
|
|
|
75 |
echo "<html>" >> $HTML_REPORT
|
|
|
76 |
echo "<head>" >> $HTML_REPORT
|
2189 |
tom.houday |
77 |
echo "<meta charset=\"utf-8\">" >> $HTML_REPORT
|
2009 |
raphael.pi |
78 |
echo "<title>ALCASAR report</title>" >> $HTML_REPORT
|
2189 |
tom.houday |
79 |
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/bootstrap.min.css\">" >> $HTML_REPORT
|
|
|
80 |
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../../css/report.css\">" >> $HTML_REPORT
|
|
|
81 |
echo "<script src=\"../../../js/Chart.bundle.js\"></script>" >> $HTML_REPORT
|
|
|
82 |
echo "<script src=\"../../../js/jquery.min.js\"></script>" >> $HTML_REPORT
|
2009 |
raphael.pi |
83 |
echo "</head>" >> $HTML_REPORT
|
|
|
84 |
echo "<body>" >> $HTML_REPORT
|
|
|
85 |
echo "<h1><center>Rapport d'activité de l'ALCASAR-$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)</center></h1>" >> $HTML_REPORT
|
2189 |
tom.houday |
86 |
echo "<i><p style=\"text-align: right;\">Date de création $(date +%F)</p></i>" >> $HTML_REPORT
|
|
|
87 |
echo "<font size=\"1\">" >> $HTML_REPORT
|
2009 |
raphael.pi |
88 |
|
|
|
89 |
######################TABINFO######################
|
|
|
90 |
echo "Create information about system and ALCASAR"
|
|
|
91 |
#contain every information about ALCASAR configuration, system and last update
|
|
|
92 |
|
|
|
93 |
cat $MODEL_TABINFO | while read LINE_HTML
|
|
|
94 |
do
|
|
|
95 |
|
|
|
96 |
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
|
|
|
97 |
then
|
|
|
98 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep ORGANISM | cut -d'=' -f2)
|
2189 |
tom.houday |
99 |
echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
|
|
|
100 |
|
2009 |
raphael.pi |
101 |
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
|
|
|
102 |
then
|
|
|
103 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep INSTALL_DATE | cut -d'=' -f2)
|
|
|
104 |
echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
|
|
|
105 |
|
|
|
106 |
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
|
|
|
107 |
then
|
|
|
108 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep VERSION | cut -d'=' -f2)
|
|
|
109 |
echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
|
|
|
110 |
|
|
|
111 |
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
|
|
|
112 |
then
|
|
|
113 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep PUBLIC_IP | cut -d'=' -f2)
|
|
|
114 |
echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
|
|
|
115 |
|
|
|
116 |
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
|
|
|
117 |
then
|
|
|
118 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep PRIVATE_IP | cut -d'=' -f2)
|
|
|
119 |
echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
|
|
|
120 |
|
|
|
121 |
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
|
|
|
122 |
then
|
|
|
123 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep 'GW=' | cut -d'=' -f2)
|
|
|
124 |
echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
|
|
|
125 |
|
|
|
126 |
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
|
|
|
127 |
then
|
|
|
128 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS1 | cut -d'=' -f2)
|
|
|
129 |
echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
|
|
|
130 |
|
|
|
131 |
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
|
|
|
132 |
then
|
|
|
133 |
VALUE=$(cat /usr/local/etc/alcasar.conf | grep DNS2 | cut -d'=' -f2)
|
|
|
134 |
echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
|
|
|
135 |
|
|
|
136 |
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
|
|
|
137 |
then
|
|
|
138 |
VALUE=$(hostname)
|
|
|
139 |
echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
|
|
|
140 |
|
|
|
141 |
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
|
|
|
142 |
then
|
|
|
143 |
VALUE=$( echo $(uname -r) [ $(uname -m) ] )
|
|
|
144 |
echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
|
|
|
145 |
|
|
|
146 |
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
|
|
|
147 |
then
|
|
|
148 |
VALUE=$(echo $(who -b | cut -d' ' -f12-))
|
|
|
149 |
echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
|
|
|
150 |
|
|
|
151 |
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
|
|
|
152 |
then
|
|
|
153 |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
|
|
|
154 |
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
|
|
|
155 |
|
|
|
156 |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
|
|
|
157 |
then
|
|
|
158 |
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
|
|
|
159 |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
|
|
|
160 |
|
|
|
161 |
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
|
|
|
162 |
then
|
|
|
163 |
#show every ALCASAR RPM updated since X day ago
|
|
|
164 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
|
|
|
165 |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
|
|
|
166 |
then
|
|
|
167 |
PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
|
|
|
168 |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
|
|
|
169 |
do
|
|
|
170 |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
|
|
|
171 |
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
|
|
|
172 |
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
|
|
|
173 |
RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
|
|
|
174 |
|
|
|
175 |
echo "<tr>" >> $HTML_REPORT
|
|
|
176 |
echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
|
|
|
177 |
echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
|
|
|
178 |
echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
|
|
|
179 |
echo "</tr>" >> $HTML_REPORT
|
|
|
180 |
done
|
|
|
181 |
else
|
2189 |
tom.houday |
182 |
echo "<tr><td colspan=\"3\">Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
|
2009 |
raphael.pi |
183 |
fi
|
|
|
184 |
else
|
|
|
185 |
echo $LINE_HTML >> $HTML_REPORT
|
|
|
186 |
fi
|
|
|
187 |
done
|
|
|
188 |
|
|
|
189 |
######################BL WEBSITE SINCE INSTALLATION######################
|
|
|
190 |
echo "Create BL website since the installation of ALCASAR"
|
|
|
191 |
#find data
|
|
|
192 |
|
|
|
193 |
#decompress every logs
|
2013 |
raphael.pi |
194 |
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
|
2009 |
raphael.pi |
195 |
then
|
|
|
196 |
gunzip -d dnsmasq-blacklist.log.*.gz
|
|
|
197 |
fi
|
|
|
198 |
|
|
|
199 |
#convert logs date in timestamp and find categories of blacklisted website
|
|
|
200 |
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
|
|
|
201 |
do
|
|
|
202 |
while read LOG_BL
|
|
|
203 |
do
|
|
|
204 |
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
|
|
|
205 |
then
|
|
|
206 |
#find the current blacklisted category
|
|
|
207 |
website_bl=$(echo $LOG_BL | cut -d' ' -f6)
|
|
|
208 |
|
|
|
209 |
#we convert www.test.co.uk => test.co.uk to find the category of this website
|
2189 |
tom.houday |
210 |
if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
|
|
|
211 |
then
|
|
|
212 |
website_bl=$(echo $website_bl | cut -d'.' -f2-)
|
|
|
213 |
fi
|
2009 |
raphael.pi |
214 |
|
2013 |
raphael.pi |
215 |
#get BL category
|
2189 |
tom.houday |
216 |
categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
|
2013 |
raphael.pi |
217 |
if [ $(echo $categorie_bl | wc -w) -gt 1 ]
|
|
|
218 |
then
|
|
|
219 |
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
|
|
|
220 |
fi
|
|
|
221 |
|
2009 |
raphael.pi |
222 |
#Calculate its timestamp
|
|
|
223 |
Y=$(date -R | cut -d' ' -f4)
|
|
|
224 |
M=$(echo $LOG_BL | cut -d' ' -f1)
|
2189 |
tom.houday |
225 |
D=$(echo $LOG_BL | cut -d' ' -f2)
|
2009 |
raphael.pi |
226 |
H=$(echo $LOG_BL | cut -d' ' -f3)
|
|
|
227 |
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
|
2013 |
raphael.pi |
228 |
echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
|
2009 |
raphael.pi |
229 |
fi
|
|
|
230 |
|
|
|
231 |
done < /var/log/dnsmasq/$FILE
|
|
|
232 |
done
|
|
|
233 |
|
|
|
234 |
#if data exists, create this section in html document
|
|
|
235 |
if [ -e $TMP_BL ]
|
|
|
236 |
then
|
|
|
237 |
ENABLE_BL=1
|
|
|
238 |
#count every BL website consulted since installation (maximum 1 year)
|
|
|
239 |
DATE_END=$(cat $TMP_BL | cut -d':' -f1 | sort -n | head -1 )
|
|
|
240 |
|
|
|
241 |
|
|
|
242 |
for TS in $(seq $C_TS -$STEP_TS $DATE_END)
|
|
|
243 |
do
|
|
|
244 |
DATE_1=$TS
|
|
|
245 |
DATE_2=$((TS-$STEP_TS))
|
|
|
246 |
COUNT_BL_INSTALLATION=0
|
|
|
247 |
|
|
|
248 |
for LINE in $(cat $TMP_BL)
|
|
|
249 |
do
|
|
|
250 |
TS_FILE=$(echo $LINE | cut -d':' -f1)
|
|
|
251 |
|
|
|
252 |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
|
|
|
253 |
then
|
|
|
254 |
COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
|
|
|
255 |
|
|
|
256 |
fi
|
|
|
257 |
done
|
|
|
258 |
|
|
|
259 |
VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
|
|
|
260 |
VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
|
|
|
261 |
done
|
|
|
262 |
|
|
|
263 |
#create Antivirus section in html document
|
|
|
264 |
NAME_BL_INSTALLATION='chart_bl_installation'
|
|
|
265 |
CONF_BL_INSTALLATION='config_bl_installation'
|
|
|
266 |
echo "<center>" >> $HTML_REPORT
|
|
|
267 |
echo "<canvas id='$NAME_BL_INSTALLATION' width='450' height='450'></canvas>" >> $HTML_REPORT
|
|
|
268 |
echo "</center>" >> $HTML_REPORT
|
|
|
269 |
|
|
|
270 |
#create chart bar in html file with javascript (chartjs.com)
|
|
|
271 |
echo "<script>" >> $HTML_REPORT
|
|
|
272 |
cat $MODEL_CHARTJS | while read LINE_JS
|
|
|
273 |
do
|
|
|
274 |
#name of variable
|
|
|
275 |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
|
|
|
276 |
then
|
|
|
277 |
echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
|
|
|
278 |
#chart type
|
|
|
279 |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
|
|
|
280 |
then
|
|
|
281 |
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
|
|
|
282 |
#chart title
|
|
|
283 |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
|
|
|
284 |
then
|
|
|
285 |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
|
|
|
286 |
#chart data
|
|
|
287 |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
|
|
|
288 |
then
|
|
|
289 |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
|
|
|
290 |
#color
|
|
|
291 |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
|
|
|
292 |
then
|
|
|
293 |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
|
|
|
294 |
#labels
|
|
|
295 |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
|
|
|
296 |
then
|
|
|
297 |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
|
|
|
298 |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
|
|
|
299 |
then
|
|
|
300 |
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
|
|
|
301 |
#display value of Y axis, only useful for chart bar
|
|
|
302 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
|
|
|
303 |
then
|
|
|
304 |
echo "" >> $HTML_REPORT
|
|
|
305 |
#display value of Y axis, only useful for chart bar
|
|
|
306 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
|
|
|
307 |
then
|
|
|
308 |
echo "" >> $HTML_REPORT
|
|
|
309 |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
|
|
|
310 |
then
|
2013 |
raphael.pi |
311 |
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
|
2009 |
raphael.pi |
312 |
else
|
|
|
313 |
echo $LINE_JS >> $HTML_REPORT
|
|
|
314 |
fi
|
|
|
315 |
done
|
|
|
316 |
echo "</script>" >> $HTML_REPORT
|
|
|
317 |
else
|
2209 |
tom.houday |
318 |
echo "<h2>Aucune activité de la Blacklist depuis l'installation.</h2>" >> $HTML_REPORT
|
2009 |
raphael.pi |
319 |
fi
|
|
|
320 |
|
|
|
321 |
|
|
|
322 |
|
|
|
323 |
######################DNSMASQ BLACKLIST######################
|
|
|
324 |
echo "Create BL website since $MAX_DAY_AGO days"
|
|
|
325 |
|
|
|
326 |
#if data exists, create BL section in html document
|
|
|
327 |
if [ -e $TMP_BL ]
|
|
|
328 |
then
|
|
|
329 |
ENABLE_BL_WEEK=1
|
|
|
330 |
#find data
|
|
|
331 |
#count every BL website consulted since DAYS_AGO
|
|
|
332 |
DATE_1=$C_TS
|
|
|
333 |
DATE_2=$((DATE_1-$STEP_TS))
|
|
|
334 |
|
|
|
335 |
for LINE in $(cat $TMP_BL)
|
|
|
336 |
do
|
|
|
337 |
TS_FILE=$(echo $LINE | cut -d':' -f1)
|
|
|
338 |
#select only elements between DATE_1 and DATE_2
|
|
|
339 |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
|
|
|
340 |
then
|
|
|
341 |
echo $LINE >> $TMP_BL_WEEK
|
|
|
342 |
fi
|
|
|
343 |
done
|
|
|
344 |
|
|
|
345 |
#then we count every occurence for each category in TMP_BL_WEEK
|
|
|
346 |
for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
|
|
|
347 |
do
|
2189 |
tom.houday |
348 |
echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
|
2009 |
raphael.pi |
349 |
done
|
|
|
350 |
|
|
|
351 |
#we sort by number of occurence and we take the top 10 BL categories
|
|
|
352 |
for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
|
|
|
353 |
do
|
|
|
354 |
|
|
|
355 |
DATA=$(echo $LINE | cut -d':' -f2)
|
|
|
356 |
LABEL=$(echo $LINE | cut -d':' -f1)
|
|
|
357 |
if [ $DATA -ne 0 ]
|
|
|
358 |
then
|
2189 |
tom.houday |
359 |
VALUE_BL_DATA="$VALUE_BL_DATA $DATA, "
|
|
|
360 |
VALUE_BL_LABEL="$VALUE_BL_LABEL '$LABEL ($DATA)',"
|
2009 |
raphael.pi |
361 |
fi
|
|
|
362 |
done
|
|
|
363 |
|
|
|
364 |
#get other categories (sum them all)
|
2189 |
tom.houday |
365 |
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
|
|
|
366 |
then
|
|
|
367 |
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
|
|
|
368 |
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
|
|
|
369 |
fi
|
2009 |
raphael.pi |
370 |
|
|
|
371 |
#create chart pie in html file with javascript (chartjs.com)
|
|
|
372 |
NAME_BL='chart_bl'
|
|
|
373 |
CONF_BL='config_bl'
|
|
|
374 |
echo "<center>" >> $HTML_REPORT
|
|
|
375 |
echo "<canvas id='$NAME_BL' width='450' height='450' ></canvas>" >> $HTML_REPORT
|
|
|
376 |
echo "</center>" >> $HTML_REPORT
|
|
|
377 |
echo "<script>" >> $HTML_REPORT
|
2189 |
tom.houday |
378 |
|
2009 |
raphael.pi |
379 |
cat $MODEL_CHARTJS | while read LINE_JS
|
|
|
380 |
do
|
|
|
381 |
#variable name
|
|
|
382 |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
|
|
|
383 |
then
|
|
|
384 |
echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
|
|
|
385 |
#chart type
|
|
|
386 |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
|
|
|
387 |
then
|
|
|
388 |
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
|
|
|
389 |
#graph title
|
|
|
390 |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
|
|
|
391 |
then
|
2189 |
tom.houday |
392 |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
|
2009 |
raphael.pi |
393 |
#chart data
|
|
|
394 |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
|
|
|
395 |
then
|
|
|
396 |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
|
|
|
397 |
#color
|
|
|
398 |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
|
|
|
399 |
then
|
|
|
400 |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
|
|
|
401 |
#labels
|
|
|
402 |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
|
|
|
403 |
then
|
|
|
404 |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
|
|
|
405 |
#display legend, only useful for chart pie
|
|
|
406 |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
|
|
|
407 |
then
|
|
|
408 |
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
|
|
|
409 |
#display value of Y axis, only useful for chart bar
|
2189 |
tom.houday |
410 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
411 |
then
|
|
|
412 |
echo "/*" >> $HTML_REPORT
|
|
|
413 |
#display value of Y axis, only useful for chart bar
|
2189 |
tom.houday |
414 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
415 |
then
|
|
|
416 |
echo "*/" >> $HTML_REPORT
|
|
|
417 |
else
|
|
|
418 |
echo $LINE_JS >> $HTML_REPORT
|
|
|
419 |
fi
|
|
|
420 |
done
|
|
|
421 |
echo "</script>" >> $HTML_REPORT
|
|
|
422 |
else
|
2209 |
tom.houday |
423 |
echo "<h2>Aucune activité de la Blacklist cette semaine.</h2>" >> $HTML_REPORT
|
2009 |
raphael.pi |
424 |
fi
|
|
|
425 |
|
|
|
426 |
######################VIRUS THREAT######################
|
|
|
427 |
echo "Create AV logs since the installation of ALCASAR"
|
|
|
428 |
|
|
|
429 |
#decompress every logs, if they exist
|
2013 |
raphael.pi |
430 |
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
|
2009 |
raphael.pi |
431 |
then
|
|
|
432 |
gunzip -d access.log.*.gz
|
|
|
433 |
fi
|
|
|
434 |
|
|
|
435 |
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
|
|
|
436 |
do
|
|
|
437 |
while read LINE_AV
|
|
|
438 |
do
|
|
|
439 |
Y=$(echo $LINE_AV | cut -d' ' -f1)
|
|
|
440 |
M=$(echo $LINE_AV | cut -d' ' -f2)
|
|
|
441 |
D=$(echo $LINE_AV | cut -d' ' -f3)
|
|
|
442 |
H=$(echo $LINE_AV | cut -d' ' -f4)
|
|
|
443 |
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
|
|
|
444 |
echo $CURRENT_TS >> $TMP_AV
|
|
|
445 |
done < /var/log/havp/$FILE
|
|
|
446 |
|
|
|
447 |
done
|
|
|
448 |
|
|
|
449 |
if [ -e $TMP_AV ]
|
|
|
450 |
then
|
|
|
451 |
ENABLE_AV=1
|
|
|
452 |
DATE_END=$(cat $TMP_AV | sort -n | head -1)
|
|
|
453 |
for TS in $(seq $C_TS -$STEP_TS $DATE_END)
|
|
|
454 |
do
|
|
|
455 |
DATE_1=$TS
|
|
|
456 |
DATE_2=$((TS-$STEP_TS))
|
2189 |
tom.houday |
457 |
COUNT_AV=0
|
2009 |
raphael.pi |
458 |
|
|
|
459 |
for TS_FILE in $(cat $TMP_AV)
|
|
|
460 |
do
|
|
|
461 |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
|
2189 |
tom.houday |
462 |
then
|
2009 |
raphael.pi |
463 |
COUNT_AV=$((COUNT_AV+1))
|
|
|
464 |
fi
|
|
|
465 |
done
|
2189 |
tom.houday |
466 |
|
2009 |
raphael.pi |
467 |
VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
|
|
|
468 |
VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
|
|
|
469 |
done
|
|
|
470 |
|
|
|
471 |
#create Antivirus section in html document
|
|
|
472 |
NAME_AV='chart_av'
|
|
|
473 |
CONF_AV='config_av'
|
|
|
474 |
echo "<center>" >> $HTML_REPORT
|
|
|
475 |
echo "<canvas id='$NAME_AV' width='450' height='450' ></canvas>" >> $HTML_REPORT
|
|
|
476 |
echo "</center>" >> $HTML_REPORT
|
|
|
477 |
|
|
|
478 |
|
|
|
479 |
#create chart bar in html file with javascript (chartjs.com)
|
|
|
480 |
echo "<script>" >> $HTML_REPORT
|
|
|
481 |
cat $MODEL_CHARTJS | while read LINE_JS
|
|
|
482 |
do
|
|
|
483 |
#name of variable
|
2189 |
tom.houday |
484 |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
485 |
then
|
|
|
486 |
echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
|
|
|
487 |
#chart type
|
2189 |
tom.houday |
488 |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
489 |
then
|
|
|
490 |
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
|
|
|
491 |
#graph title
|
|
|
492 |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
|
|
|
493 |
then
|
2189 |
tom.houday |
494 |
echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
|
2009 |
raphael.pi |
495 |
#chart data
|
2189 |
tom.houday |
496 |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
497 |
then
|
|
|
498 |
echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
|
|
|
499 |
#color
|
2189 |
tom.houday |
500 |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
501 |
then
|
|
|
502 |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
|
|
|
503 |
#labels
|
2189 |
tom.houday |
504 |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
505 |
then
|
|
|
506 |
echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
|
2189 |
tom.houday |
507 |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
508 |
then
|
|
|
509 |
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
|
|
|
510 |
#display value of Y axis, only useful for chart bar
|
2189 |
tom.houday |
511 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
512 |
then
|
|
|
513 |
echo "" >> $HTML_REPORT
|
|
|
514 |
#display value of Y axis, only useful for chart bar
|
2189 |
tom.houday |
515 |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
516 |
then
|
|
|
517 |
echo "" >> $HTML_REPORT
|
2189 |
tom.houday |
518 |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
|
2009 |
raphael.pi |
519 |
then
|
2013 |
raphael.pi |
520 |
echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
|
2009 |
raphael.pi |
521 |
else
|
|
|
522 |
echo $LINE_JS >> $HTML_REPORT
|
|
|
523 |
fi
|
|
|
524 |
done
|
|
|
525 |
echo "</script>" >> $HTML_REPORT
|
|
|
526 |
else
|
2209 |
tom.houday |
527 |
echo "<h2>Aucune menace virale.</h2>" >> $HTML_REPORT
|
2009 |
raphael.pi |
528 |
fi
|
|
|
529 |
|
|
|
530 |
|
|
|
531 |
######################ALCASAR : DAILY USE######################
|
|
|
532 |
echo "Get daily use connection of the week"
|
|
|
533 |
#create html document
|
2209 |
tom.houday |
534 |
echo "<h2>Statistiques volumétrie connexions</h2>" >> $HTML_REPORT
|
2009 |
raphael.pi |
535 |
|
|
|
536 |
#create new htdigest user to consult statistique of ACC
|
|
|
537 |
#if user does not exist, we create him
|
2138 |
richard |
538 |
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
|
2009 |
raphael.pi |
539 |
then
|
2189 |
tom.houday |
540 |
(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
|
|
|
541 |
(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
|
|
|
542 |
(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_all
|
|
|
543 |
chown -R root:apache $DIR_KEY
|
|
|
544 |
chmod 640 $DIR_KEY/key_*
|
2009 |
raphael.pi |
545 |
fi
|
|
|
546 |
|
|
|
547 |
#get stats.php from ACC
|
2138 |
richard |
548 |
wget -q -nv --user $tmp_account --password $password https://alcasar/acc/manager/htdocs/stats.php -O $TMP_STATS --no-check-certificate
|
2009 |
raphael.pi |
549 |
|
|
|
550 |
#clean this file to include it in html report.
|
|
|
551 |
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
|
|
|
552 |
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
|
|
|
553 |
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
|
|
|
554 |
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
|
|
|
555 |
|
|
|
556 |
#we delete our user if he still exists
|
2138 |
richard |
557 |
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
|
2009 |
raphael.pi |
558 |
then
|
2189 |
tom.houday |
559 |
$SED "/^$tmp_account:/d" $DIR_KEY/key_only_manager
|
|
|
560 |
$SED "/^$tmp_account:/d" $DIR_KEY/key_manager
|
|
|
561 |
$SED "/^$tmp_account:/d" $DIR_KEY/key_all
|
2009 |
raphael.pi |
562 |
fi
|
|
|
563 |
|
2190 |
tom.houday |
564 |
|
|
|
565 |
###################### ALCASAR : LOG ACCESS ######################
|
|
|
566 |
echo "Get ACC log access of the week"
|
|
|
567 |
|
2209 |
tom.houday |
568 |
ROWS=""
|
|
|
569 |
while read -r access ; do
|
2267 |
richard |
570 |
access_datas=(${access//|/ })
|
2190 |
tom.houday |
571 |
|
2209 |
tom.houday |
572 |
accces_date_intl=$(echo "${access_datas[0]} ${access_datas[1]}" | sed -E 's@^([0-9]{2})+/+([0-9]{2})+/+([0-9]{4})+@\3-\2-\1@') # Convert date format DD/MM/YYYY to YYYY-MM-DD
|
|
|
573 |
access_date=$(date -d "$accces_date_intl" +%s)
|
|
|
574 |
access_user=${access_datas[2]}
|
|
|
575 |
access_ip=${access_datas[3]}
|
2286 |
tom.houday |
576 |
access_agent=$(echo "$access" | cut -d'|' -f4)
|
2209 |
tom.houday |
577 |
if [ $access_date -lt $SECS_AGO ]; then
|
|
|
578 |
break
|
|
|
579 |
fi
|
2190 |
tom.houday |
580 |
|
2209 |
tom.houday |
581 |
access_date_formatted=$(date -d @$access_date +"%x %X")
|
|
|
582 |
|
2267 |
richard |
583 |
ROWS="$ROWS<tr><td>$access_date_formatted</td><td>$access_user</td><td>$access_ip</td><td>$access_agent</td></tr>"
|
|
|
584 |
done < <(cat /var/Save/security/acc_access.log | sort -r)
|
2209 |
tom.houday |
585 |
# TODO: Read archives if necessary
|
|
|
586 |
|
|
|
587 |
if [ -z "$ROWS" ]; then
|
2267 |
richard |
588 |
ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucune connexion</td></tr>"
|
2190 |
tom.houday |
589 |
fi
|
|
|
590 |
|
2209 |
tom.houday |
591 |
# Create HTML document
|
|
|
592 |
echo "<h2>Connexion à l'ALCASAR Control Center (ACC)</h2>" >> $HTML_REPORT
|
|
|
593 |
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
|
2267 |
richard |
594 |
echo "<thead><tr><th>Date</th><th>Utilisateur</th><th>Adresse IP</th><th>Agent</th></tr></thead><tbody>" >> $HTML_REPORT
|
2209 |
tom.houday |
595 |
echo $ROWS >> $HTML_REPORT
|
|
|
596 |
echo "</tbody></table>" >> $HTML_REPORT
|
2190 |
tom.houday |
597 |
|
2209 |
tom.houday |
598 |
|
2190 |
tom.houday |
599 |
###################### ALCASAR : GLOBAL TRAFFIC ######################
|
|
|
600 |
echo "Get Global traffic of the last 30 days"
|
|
|
601 |
|
|
|
602 |
ROWS=""
|
2209 |
tom.houday |
603 |
EXTIF=$(cat /usr/local/etc/alcasar.conf | grep '^EXTIF=' | cut -d'=' -f2)
|
2190 |
tom.houday |
604 |
for day in $(vnstat --exportdb -i $EXTIF | grep '^d;' | sort -t";" -k3 -r); do
|
|
|
605 |
day_datas=(${day//;/ })
|
|
|
606 |
day_date=${day_datas[2]}
|
|
|
607 |
day_rxMio=${day_datas[3]}
|
|
|
608 |
day_txMio=${day_datas[4]}
|
|
|
609 |
day_rxKio=${day_datas[5]}
|
|
|
610 |
day_txKio=${day_datas[6]}
|
|
|
611 |
day_act=${day_datas[7]}
|
|
|
612 |
|
|
|
613 |
if [ $day_act -ne 1 ]; then
|
|
|
614 |
continue
|
|
|
615 |
fi
|
|
|
616 |
|
|
|
617 |
if [ $day_date -lt $SECS_AGO ]; then
|
|
|
618 |
break
|
|
|
619 |
fi
|
|
|
620 |
|
2209 |
tom.houday |
621 |
day_date_formatted=$(date -d @$day_date +%x)
|
2190 |
tom.houday |
622 |
day_rx=$(($day_rxMio * 1048576 + $day_rxKio * 1024))
|
|
|
623 |
day_tx=$(($day_txMio * 1048576 + $day_txKio * 1024))
|
|
|
624 |
day_total=$(($day_rx + $day_tx))
|
2209 |
tom.houday |
625 |
day_rx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_rx)
|
|
|
626 |
day_tx_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_tx)
|
|
|
627 |
day_total_formatted=$(numfmt --from=iec --to=iec --suffix=B $day_total)
|
2190 |
tom.houday |
628 |
|
2209 |
tom.houday |
629 |
ROWS="$ROWS<tr><td>$day_date_formatted</td><td>$day_rx_formatted</td><td>$day_tx_formatted</td><td>$day_total_formatted</td></tr>"
|
2190 |
tom.houday |
630 |
done
|
|
|
631 |
|
2209 |
tom.houday |
632 |
if [ -z "$ROWS" ]; then
|
|
|
633 |
ROWS="<tr><td colspan=\"4\" style=\"text-align: center;\">Aucun jour capturé</td></tr>"
|
|
|
634 |
fi
|
|
|
635 |
|
2190 |
tom.houday |
636 |
# Create html document
|
2209 |
tom.houday |
637 |
echo "<h2>Trafic global</h2>" >> $HTML_REPORT
|
2190 |
tom.houday |
638 |
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
|
|
|
639 |
echo "<thead><tr><th>Date</th><th>Entrant</th><th>Sortant</th><th>Total</th></tr></thead><tbody>" >> $HTML_REPORT
|
|
|
640 |
echo $ROWS >> $HTML_REPORT
|
|
|
641 |
echo "</tbody></table>" >> $HTML_REPORT
|
|
|
642 |
|
|
|
643 |
|
|
|
644 |
###################### ALCASAR : FAIL2BAN ######################
|
|
|
645 |
echo "Get fail2ban log of the week"
|
|
|
646 |
|
2209 |
tom.houday |
647 |
ROWS=""
|
|
|
648 |
dateDaysAgo_formatted=$(date --date="$MAX_DAY_AGO days ago" +'%Y-%m-%d %H:%M:%S,%N' | rev | cut -c 7- | rev)
|
|
|
649 |
while read -r log ; do
|
2190 |
tom.houday |
650 |
log_datas=($log)
|
|
|
651 |
log_date="${log_datas[0]} ${log_datas[1]}"
|
|
|
652 |
log_type=${log_datas[4]:1:-1}
|
|
|
653 |
log_ip=${log_datas[6]}
|
2209 |
tom.houday |
654 |
log_date_formatted=$(date -d "$log_date" +"%x %X")
|
2190 |
tom.houday |
655 |
|
2209 |
tom.houday |
656 |
ROWS="$ROWS<tr><td>$log_date_formatted</td><td>$log_ip</td><td>$log_type</td></tr>"
|
|
|
657 |
done < <(grep " Ban " /var/log/fail2ban.log | sort -r | awk -v dateDaysAgo="$dateDaysAgo_formatted" '($1 " " $2) >= dateDaysAgo')
|
2190 |
tom.houday |
658 |
|
2209 |
tom.houday |
659 |
if [ -z "$ROWS" ]; then
|
|
|
660 |
ROWS="<tr><td colspan=\"3\" style=\"text-align: center;\">Aucune adresse IP bloquée</td></tr>"
|
|
|
661 |
fi
|
|
|
662 |
|
|
|
663 |
# Create html document
|
|
|
664 |
echo "<h2>Adresse(s) IP bloquée(s) (Fail2Ban)</h2>" >> $HTML_REPORT
|
|
|
665 |
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
|
|
|
666 |
echo "<thead><tr><th>Date</th><th>Adresse IP</th><th>Règle</th></tr></thead><tbody>" >> $HTML_REPORT
|
|
|
667 |
echo $ROWS >> $HTML_REPORT
|
2190 |
tom.houday |
668 |
echo "</tbody></table>" >> $HTML_REPORT
|
|
|
669 |
|
|
|
670 |
|
2009 |
raphael.pi |
671 |
######################FIN HTML######################
|
|
|
672 |
|
|
|
673 |
#Execute our javascript function to print charts
|
|
|
674 |
echo "<script>window.onload = function() {" >> $HTML_REPORT
|
|
|
675 |
#BL SINCE INSTALLATION
|
|
|
676 |
if [ $ENABLE_BL -eq "1" ]
|
|
|
677 |
then
|
|
|
678 |
echo "var ctx_$NAME_BL_INSTALLATION = document.getElementById('$NAME_BL_INSTALLATION').getContext('2d');" >> $HTML_REPORT
|
|
|
679 |
echo "var $NAME_BL_INSTALLATION = new Chart(ctx_$NAME_BL_INSTALLATION, $CONF_BL_INSTALLATION);" >> $HTML_REPORT
|
|
|
680 |
fi
|
|
|
681 |
#BL WEEK
|
|
|
682 |
if [ $ENABLE_BL_WEEK -eq "1" ]
|
|
|
683 |
then
|
|
|
684 |
echo "var ctx_$NAME_BL = document.getElementById('$NAME_BL').getContext('2d');" >> $HTML_REPORT
|
|
|
685 |
echo "var $NAME_BL = new Chart(ctx_$NAME_BL, $CONF_BL);" >> $HTML_REPORT
|
|
|
686 |
fi
|
|
|
687 |
#VIRUS THREAT
|
|
|
688 |
if [ $ENABLE_AV -eq "1" ]
|
|
|
689 |
then
|
|
|
690 |
echo "var ctx_$NAME_AV = document.getElementById('$NAME_AV').getContext('2d');" >> $HTML_REPORT
|
|
|
691 |
echo "var $NAME_AV = new Chart(ctx_$NAME_AV, $CONF_AV);" >> $HTML_REPORT
|
|
|
692 |
fi
|
|
|
693 |
echo "};</script>" >> $HTML_REPORT
|
|
|
694 |
echo "</body>" >> $HTML_REPORT
|
|
|
695 |
echo "</html>" >> $HTML_REPORT
|
|
|
696 |
|
|
|
697 |
#convert html document to PDF
|
|
|
698 |
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
|
|
|
699 |
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
|
|
|
700 |
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
|
2139 |
richard |
701 |
mv $(echo $HTML_REPORT | cut -d'.' -f1).pdf /var/Save/activity_report/
|
2009 |
raphael.pi |
702 |
|
2013 |
raphael.pi |
703 |
#compress every logs, if they exist
|
|
|
704 |
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
|
|
|
705 |
then
|
|
|
706 |
gzip /var/log/havp/access.log.*
|
|
|
707 |
fi
|
|
|
708 |
|
|
|
709 |
#compress every logs
|
|
|
710 |
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
|
|
|
711 |
then
|
|
|
712 |
gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
|
|
|
713 |
fi
|
|
|
714 |
|
|
|
715 |
#remove our files
|
2141 |
richard |
716 |
rm -f $TMP_BL
|
|
|
717 |
rm -f $TMP_BL_WEEK
|
|
|
718 |
rm -f $TMP_BL_WEEK_CAT
|
|
|
719 |
rm -f $TMP_STATS
|
|
|
720 |
rm -f $TMP_STATS_2
|
|
|
721 |
rm -f $HTML_REPORT
|