2079 |
raphael.pi |
1 |
#Corrélation et Generation des logs d'imputabilité au format PDF.
|
|
|
2 |
#Ce script permet de générer un fichier HTML qui sera converti en PDF a l'aide du RPM wkhtmltopdf.
|
|
|
3 |
#Ce PDF sera placé dans une archive protégé par un mot de passe.
|
|
|
4 |
#Pour extraire ce fichier PDF, il faudra installer le paquet p7zip.
|
|
|
5 |
#La génération de ce document préviendra les utilisateurs lors de leur prochaine connection. (utilisateur flagué dans le 4ème 'bit' de l'attribut FilterID de la BDD radius.
|
|
|
6 |
#
|
|
|
7 |
#Attribut FilterID dans la table radreply: 12345678
|
|
|
8 |
#1-> profile1
|
|
|
9 |
#2-> profile2
|
|
|
10 |
#3-> profile3
|
|
|
11 |
#4-> warn_user (if imputability report has been generated)
|
|
|
12 |
#6-> WL
|
|
|
13 |
#7-> BL
|
|
|
14 |
#8-> HAVP
|
|
|
15 |
#
|
|
|
16 |
#Il est possible de demander les logs d'imputabilité :
|
2010 |
raphael.pi |
17 |
#-depuis le début (pas d'argument)
|
|
|
18 |
#-à partir d'une date (un seul argument)
|
|
|
19 |
#-en spécifiant un intervale (deux arguments correspondant aux bornes respectives)
|
|
|
20 |
#Par Raphaël Pion
|
|
|
21 |
|
|
|
22 |
|
|
|
23 |
|
|
|
24 |
usage="Usage: alcasar-generate_log.sh PASSWORD && ({ '' } | { 'YYYY-MM-DD HH:MM:SS' } | { 'YYYY-MM-DD HH:MM:SS' 'YYYY-MM-DD HH:MM:SS' })"
|
|
|
25 |
nb_args=$#
|
|
|
26 |
DIR='/var/www/html/acc/backup/'
|
|
|
27 |
TMP_SQL="/tmp/log_sql.csv"
|
|
|
28 |
TMP_USERS="/tmp/log_users"
|
|
|
29 |
TMP_HTML="$DIR/log_nf.html"
|
|
|
30 |
TMP_PDF="$DIR/imputabilities_logs-$(date +%F).pdf"
|
|
|
31 |
PASSWD_FILE="/root/ALCASAR-passwords.txt"
|
2412 |
tom.houday |
32 |
DB_ROOT_PW=$(grep '^db_root=' $PASSWD_FILE | cut -d'=' -f 2-)
|
2010 |
raphael.pi |
33 |
ARCHIVE_LOCATION="$DIR/imputabilities_logs.zip"
|
|
|
34 |
|
|
|
35 |
|
|
|
36 |
if [ $nb_args -eq 1 ]
|
|
|
37 |
then
|
|
|
38 |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
|
|
|
39 |
SECTION_LOG="Extraction de tous les journaux"
|
|
|
40 |
fi
|
|
|
41 |
|
|
|
42 |
if [ $nb_args -eq 2 ]
|
|
|
43 |
then
|
|
|
44 |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
|
|
|
45 |
echo $QUERY
|
|
|
46 |
SECTION_LOG="Extraction des journaux à partir du $2"
|
|
|
47 |
fi
|
|
|
48 |
|
|
|
49 |
if [ $nb_args -eq 3 ]
|
|
|
50 |
then
|
|
|
51 |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
|
|
|
52 |
SECTION_LOG="Extraction des journaux entre $2 et $3"
|
|
|
53 |
fi
|
|
|
54 |
|
|
|
55 |
if [ $nb_args -eq 0 ]
|
|
|
56 |
then
|
|
|
57 |
echo $usage
|
|
|
58 |
exit
|
|
|
59 |
fi
|
|
|
60 |
|
|
|
61 |
|
|
|
62 |
if [ $nb_args -gt 3 ]
|
|
|
63 |
then
|
|
|
64 |
echo $usage
|
|
|
65 |
exit
|
|
|
66 |
fi
|
|
|
67 |
|
|
|
68 |
if [ -e $TMP_SQL ]
|
|
|
69 |
then
|
|
|
70 |
rm $TMP_SQL
|
|
|
71 |
fi
|
|
|
72 |
|
|
|
73 |
if [ -e $TMP_PDF ]
|
|
|
74 |
then
|
|
|
75 |
rm $TMP_PDF
|
|
|
76 |
fi
|
|
|
77 |
|
|
|
78 |
if [ -e $ARCHIVE_LOCATION ]
|
|
|
79 |
then
|
|
|
80 |
rm $ARCHIVE_LOCATION
|
|
|
81 |
fi
|
|
|
82 |
|
|
|
83 |
|
|
|
84 |
#get log information for each users
|
2412 |
tom.houday |
85 |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
|
2010 |
raphael.pi |
86 |
|
|
|
87 |
#Create HTML document which contains every informations about users
|
|
|
88 |
echo "<!DOCTYPE html>" > $TMP_HTML
|
|
|
89 |
echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>" >> $TMP_HTML
|
|
|
90 |
echo "<TITLE>ALCASAR Report</TITLE>" >> $TMP_HTML
|
|
|
91 |
echo "<link rel='stylesheet' type='text/css' href='../../css/bootstrap.min.css'>" >> $TMP_HTML
|
|
|
92 |
echo "<link rel='stylesheet' type='text/css' href='../../css/report.css'>" >> $TMP_HTML
|
|
|
93 |
echo "</HEAD>" >> $TMP_HTML
|
|
|
94 |
echo "<body>" >> $TMP_HTML
|
|
|
95 |
echo "<h1>$SECTION_LOG</h1>" >> $TMP_HTML
|
|
|
96 |
|
|
|
97 |
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $TMP_HTML
|
|
|
98 |
echo "<font size='1'>" >> $TMP_HTML
|
|
|
99 |
cat $TMP_SQL | while read LIGNE_SQL
|
|
|
100 |
do
|
|
|
101 |
LOG_IP=$(echo $LIGNE_SQL | cut -d',' -f3)
|
|
|
102 |
LOG_DATE1=$(echo $LIGNE_SQL | cut -d',' -f4)
|
|
|
103 |
LOG_DATE2=$(echo $LIGNE_SQL | cut -d',' -f5)
|
|
|
104 |
|
|
|
105 |
LOG_Y1=$(echo $LOG_DATE1 | cut -d'-' -f1)
|
|
|
106 |
LOG_M1=$(echo $LOG_DATE1 | cut -d'-' -f2)
|
|
|
107 |
LOG_D1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f1)
|
|
|
108 |
LOG_H1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f2)
|
|
|
109 |
|
|
|
110 |
LOG_Y2=$(echo $LOG_DATE2 | cut -d'-' -f1)
|
|
|
111 |
LOG_M2=$(echo $LOG_DATE2 | cut -d'-' -f2)
|
|
|
112 |
LOG_D2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f1)
|
|
|
113 |
LOG_H2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f2)
|
|
|
114 |
|
|
|
115 |
DUMP=$(nfdump -O tstart -R /var/log/nfsen/profiles-data/live/alcasar_netflow/ -t $LOG_Y1/$LOG_M1/$LOG_D1.$LOG_H1-$LOG_Y2/$LOG_M2/$LOG_D2.$LOG_H2 -o "fmt:<tr><td class='numberLine'></td><td>%sa</td><td>%sp</td><td>%da</td><td>%dp</td><td>%ts</td></tr>" | tail -n +2 | head -n -4 | grep "$LOG_IP")
|
|
|
116 |
if [ ! -z "$DUMP" ]
|
|
|
117 |
then
|
|
|
118 |
echo "<div class='container'> " >> $TMP_HTML
|
|
|
119 |
echo "<table class='table table-striped'>" >> $TMP_HTML
|
|
|
120 |
echo "<thead>" >> $TMP_HTML
|
|
|
121 |
echo "<tr>" >> $TMP_HTML
|
|
|
122 |
echo "<th>Username</th>" >> $TMP_HTML
|
|
|
123 |
echo "<th>Client @MAC</th>" >> $TMP_HTML
|
|
|
124 |
echo "<th>Client @IP</th>" >> $TMP_HTML
|
|
|
125 |
echo "<th>Login Time</th>" >> $TMP_HTML
|
|
|
126 |
echo "<th>Logout Time</th>" >> $TMP_HTML
|
|
|
127 |
echo "<th>Upload</th>" >> $TMP_HTML
|
|
|
128 |
echo "<th>Download</th>" >> $TMP_HTML
|
|
|
129 |
echo "<th>Cause</th>" >> $TMP_HTML
|
|
|
130 |
echo "</tr></thead><tbody><tr>" >> $TMP_HTML
|
|
|
131 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f1) "</td>" >> $TMP_HTML
|
|
|
132 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f2) "</td>" >> $TMP_HTML
|
|
|
133 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f3) "</td>" >> $TMP_HTML
|
|
|
134 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f4) "</td>" >> $TMP_HTML
|
|
|
135 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f5) "</td>" >> $TMP_HTML
|
2079 |
raphael.pi |
136 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f7) "</td>" >> $TMP_HTML
|
2010 |
raphael.pi |
137 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f6) "</td>" >> $TMP_HTML
|
|
|
138 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f8) "</td>" >> $TMP_HTML
|
|
|
139 |
echo "</tr></tbody></table></div>" >> $TMP_HTML
|
|
|
140 |
echo "<div class='container mySpace'> " >> $TMP_HTML
|
|
|
141 |
echo "<table class='table table-striped'>" >> $TMP_HTML
|
|
|
142 |
echo "<thead>" >> $TMP_HTML
|
|
|
143 |
echo "<tr>" >> $TMP_HTML
|
|
|
144 |
echo "<th>N°</th>" >> $TMP_HTML
|
|
|
145 |
echo "<th>@IP src</th>" >> $TMP_HTML
|
|
|
146 |
echo "<th>Port src</th>" >> $TMP_HTML
|
|
|
147 |
echo "<th>@IP dst</th>" >> $TMP_HTML
|
|
|
148 |
echo "<th>Port dst</th>" >> $TMP_HTML
|
|
|
149 |
echo "<th>Date</th>" >> $TMP_HTML
|
|
|
150 |
echo "</tr></thead><tbody>" >> $TMP_HTML
|
|
|
151 |
echo $DUMP >> $TMP_HTML
|
|
|
152 |
echo "</tbody></table></div>" >> $TMP_HTML
|
|
|
153 |
fi
|
|
|
154 |
done
|
|
|
155 |
echo "</font>" >> $TMP_HTML
|
|
|
156 |
echo "</body>" >> $TMP_HTML
|
|
|
157 |
echo "</HTML>" >> $TMP_HTML
|
|
|
158 |
|
|
|
159 |
#inform users about that by setting the fourth bit of Filter-Id at 1.
|
|
|
160 |
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
|
2412 |
tom.houday |
161 |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
|
2010 |
raphael.pi |
162 |
|
|
|
163 |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ]
|
|
|
164 |
then
|
|
|
165 |
for user in $(cat $TMP_USERS)
|
|
|
166 |
do
|
|
|
167 |
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;"
|
2412 |
tom.houday |
168 |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
|
2010 |
raphael.pi |
169 |
done
|
|
|
170 |
fi
|
|
|
171 |
rm $TMP_USERS
|
|
|
172 |
|
|
|
173 |
|
|
|
174 |
/usr/bin/wkhtmltopdf $TMP_HTML $TMP_PDF
|
|
|
175 |
|
|
|
176 |
|
|
|
177 |
/usr/bin/7za a -tzip -p$1 -mem=AES256 $ARCHIVE_LOCATION $TMP_PDF
|
|
|
178 |
chown apache:apache $ARCHIVE_LOCATION
|
|
|
179 |
|
|
|
180 |
|
|
|
181 |
rm $TMP_HTML
|
|
|
182 |
rm $TMP_SQL
|
|
|
183 |
rm $TMP_PDF
|