Subversion Repositories ALCASAR

Rev

Rev 2009 | Rev 2138 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2009 Rev 2013
Line 191... Line 191...
191
######################BL WEBSITE SINCE INSTALLATION######################
191
######################BL WEBSITE SINCE INSTALLATION######################
192
echo "Create BL website since the installation of ALCASAR"
192
echo "Create BL website since the installation of ALCASAR"
193
#find data
193
#find data
194
 
194
 
195
#decompress every logs
195
#decompress every logs
196
if [ $(ls -1 /var/log/dnsmasq/ | grep dnsmasq-blacklist.log.*.gz | wc -l) -ge 1 ]
196
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
197
then
197
then
198
	gunzip -d dnsmasq-blacklist.log.*.gz
198
	gunzip -d dnsmasq-blacklist.log.*.gz
199
fi
199
fi
200
 
200
 
201
#convert logs date in timestamp and find categories of blacklisted website
201
#convert logs date in timestamp and find categories of blacklisted website
Line 203... Line 203...
203
do
203
do
204
	while read LOG_BL
204
	while read LOG_BL
205
	do
205
	do
206
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
206
		if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
207
		then 
207
		then 
208
		
-
 
209
			#find the current blacklisted category
208
			#find the current blacklisted category
210
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
209
			website_bl=$(echo $LOG_BL | cut -d' ' -f6)
211
			
210
			
212
			#we convert www.test.co.uk => test.co.uk to find the category of this website
211
			#we convert www.test.co.uk => test.co.uk to find the category of this website
213
                        if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
212
                        if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
214
                        then
213
                        then
215
                                website_bl=$(echo $website_bl | cut -d'.' -f2-)
214
                                	website_bl=$(echo $website_bl | cut -d'.' -f2-)
216
                        fi
215
                        fi
217
 
216
 
-
 
217
			#get BL category
-
 
218
			categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1) 
-
 
219
			if [ $(echo $categorie_bl | wc -w) -gt 1 ]
-
 
220
			then
218
			categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
221
				categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
-
 
222
			fi
219
 
223
			
220
			#Calculate its timestamp
224
			#Calculate its timestamp
221
			Y=$(date -R | cut -d' ' -f4)
225
			Y=$(date -R | cut -d' ' -f4)
222
			M=$(echo $LOG_BL | cut -d' ' -f1)
226
			M=$(echo $LOG_BL | cut -d' ' -f1)
223
			D=$(echo $LOG_BL | cut -d' ' -f2) 
227
			D=$(echo $LOG_BL | cut -d' ' -f2) 
224
			H=$(echo $LOG_BL | cut -d' ' -f3)
228
			H=$(echo $LOG_BL | cut -d' ' -f3)
225
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
229
			CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
226
			echo "$CURRENT_TS:$categorie_bl" >> $TMP_BL
230
			echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
227
		fi
231
		fi
228
		
232
		
229
	done < /var/log/dnsmasq/$FILE
233
	done < /var/log/dnsmasq/$FILE
230
done
234
done
231
 
235
 
-
 
236
 
232
#if data exists, create this section in html document
237
#if data exists, create this section in html document
233
if [ -e $TMP_BL ]
238
if [ -e $TMP_BL ]
234
then
239
then
235
	ENABLE_BL=1
240
	ENABLE_BL=1
236
	#count every BL website consulted since installation (maximum 1 year)
241
	#count every BL website consulted since installation (maximum 1 year)
Line 304... Line 309...
304
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
309
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
305
		then
310
		then
306
			echo "" >> $HTML_REPORT
311
			echo "" >> $HTML_REPORT
307
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
312
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
308
		then
313
		then
309
			echo "\"nb site\"" >> $HTML_REPORT
314
			echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
310
		else
315
		else
311
			echo $LINE_JS >> $HTML_REPORT
316
			echo $LINE_JS >> $HTML_REPORT
312
		fi
317
		fi
313
	done
318
	done
314
	echo "</script>" >> $HTML_REPORT
319
	echo "</script>" >> $HTML_REPORT
Line 341... Line 346...
341
	done
346
	done
342
 
347
 
343
	#then we count every occurence for each category in TMP_BL_WEEK
348
	#then we count every occurence for each category in TMP_BL_WEEK
344
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
349
	for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
345
	do
350
	do
346
		echo "$CAT:$(grep -o "$CAT" <<< "$(cat $TMP_BL_WEEK)" | wc -l)" >> $TMP_BL_WEEK_CAT  
351
		echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT  
347
	done
352
	done
348
 
353
 
349
	#we sort by number of occurence and we take the top 10 BL categories
354
	#we sort by number of occurence and we take the top 10 BL categories
350
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
355
	for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
351
	do
356
	do
Line 416... Line 421...
416
		else
421
		else
417
			echo $LINE_JS >> $HTML_REPORT
422
			echo $LINE_JS >> $HTML_REPORT
418
		fi
423
		fi
419
	done
424
	done
420
	echo "</script>" >> $HTML_REPORT
425
	echo "</script>" >> $HTML_REPORT
421
	#Then we finish and remove our files
-
 
422
	rm $TMP_BL
-
 
423
	rm $TMP_BL_WEEK
-
 
424
	rm $TMP_BL_WEEK_CAT
-
 
425
else
426
else
426
	echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
427
	echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
427
fi
428
fi
428
 
429
 
429
######################VIRUS THREAT######################
430
######################VIRUS THREAT######################
430
echo "Create AV logs since the installation of ALCASAR"
431
echo "Create AV logs since the installation of ALCASAR"
431
 
432
 
432
#decompress every logs, if they exist
433
#decompress every logs, if they exist
433
if [ $(ls -1 /var/log/havp/ | grep access.log.*.gz | wc -l) -ge 1 ]
434
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
434
then
435
then
435
	gunzip -d access.log.*.gz
436
	gunzip -d access.log.*.gz
436
fi
437
fi
437
 
438
 
438
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
439
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
Line 520... Line 521...
520
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
521
		elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] 
521
		then
522
		then
522
			echo "" >> $HTML_REPORT
523
			echo "" >> $HTML_REPORT
523
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
524
		elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] 
524
		then
525
		then
525
			echo "\"Menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
526
			echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
526
		else
527
		else
527
			echo $LINE_JS >> $HTML_REPORT
528
			echo $LINE_JS >> $HTML_REPORT
528
		fi
529
		fi
529
	done
530
	done
530
	echo "</script>" >> $HTML_REPORT
531
	echo "</script>" >> $HTML_REPORT
Line 622... Line 623...
622
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
623
DELIM_1="<td colspan=10 height=20><img src=\"images\/pixel.gif\"><\/td>"
623
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
624
DELIM_2="<\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <\/td><\/tr> <\/table> <p>"
624
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
625
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
625
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
626
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
626
 
627
 
627
rm $TMP_STATS
-
 
628
rm $TMP_STATS_2
-
 
629
 
-
 
630
#we delete our user if he still exists
628
#we delete our user if he still exists
631
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
629
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
632
then
630
then
633
        $SED "/^$compte:/d" $DIR_KEY/key_only_manager
631
        $SED "/^$compte:/d" $DIR_KEY/key_only_manager
634
        $SED "/^$compte:/d" $DIR_KEY/key_manager
632
        $SED "/^$compte:/d" $DIR_KEY/key_manager
Line 666... Line 664...
666
 
664
 
667
 
665
 
668
echo "</body>" >> $HTML_REPORT
666
echo "</body>" >> $HTML_REPORT
669
echo "</html>" >> $HTML_REPORT
667
echo "</html>" >> $HTML_REPORT
670
 
668
 
-
 
669
 
671
#convert html document to PDF
670
#convert html document to PDF
672
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
671
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
673
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
672
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
674
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
673
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
675
 
674
 
676
#remove HTML report
675
#compress every logs, if they exist
-
 
676
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
-
 
677
then
677
rm $HTML_REPORT
678
	gzip /var/log/havp/access.log.*
-
 
679
fi
678
 
680
 
-
 
681
#compress every logs
-
 
682
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
-
 
683
then
-
 
684
	gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
-
 
685
fi
-
 
686
 
-
 
687
#remove our files
-
 
688
rm $TMP_BL
-
 
689
rm $TMP_BL_WEEK
-
 
690
rm $TMP_BL_WEEK_CAT
-
 
691
rm $TMP_STATS
-
 
692
rm $TMP_STATS_2
-
 
693
rm $HTML_REPORT