Página Principal Explorar Ajuda
Iniciar Sessão
yosoyhendrix
/
Multi_Script
1
0
Fork 0
Ficheiros Problemas 0 Wiki
Árvore: e2ede1a88c
Ramos Etiquetas
Multi_Script
/
ChuGH-5.7u
/
Bot
/
update
/
verifica

verifica 5.3 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. #!/bin/bash
    2. 

  2. #CREADOR Henry Chumo | 06/06/2022
    3. 

  3. #Alias : @ChumoGH
    4. 

  4. # -*- ENCODING: UTF-8 -*-
    5. 

  5. 

  6. dropbear_pids () {
    7. 

  7.   port_dropbear=`ps aux|grep 'dropbear'|awk NR==1|awk '{print $17;}'`
    8. 

  8. 

  9.   log=/var/log/auth.log
    10. 

  10.   loginsukses='Password auth succeeded'
    11. 

  11. 

  12.   pids=`ps ax|grep 'dropbear'|grep " $port_dropbear"|awk -F " " '{print $1}'`
    13. 

  13. 

  14.   for pid in $pids; do
    15. 

  15.     pidlogs=`grep $pid $log |grep "$loginsukses" |awk -F" " '{print $3}'`
    16. 

  16. 

  17.     i=0
    18. 

  18.     for pidend in $pidlogs; do
    19. 

  19.       let i=i+1
    20. 

  20.     done
    21. 

  21. 

  22.     if [ $pidend ];then
    23. 

  23.        login=`grep $pid $log |grep "$pidend" |grep "$loginsukses"`
    24. 

  24.        PID=$pid
    25. 

  25.        user=`echo $login |awk -F" " '{print $10}' | sed -r "s/'/ /g"`
    26. 

  26.        waktu=`echo $login |awk -F" " '{print $2"-"$1,$3}'`
    27. 

  27.        while [ ${#waktu} -lt 13 ]; do
    28. 

  28.            waktu=$waktu" "
    29. 

  29.        done
    30. 

  30.        while [ ${#user} -lt 16 ]; do
    31. 

  31.            user=$user" "
    32. 

  32.        done
    33. 

  33.        while [ ${#PID} -lt 8 ]; do
    34. 

  34.            PID=$PID" "
    35. 

  35.        done
    36. 

  36.        echo "$user $PID $waktu"
    37. 

  37.     fi
    38. 

  38. done
    39. 

  39. }
    40. 

  40. 

  41. mostrar_usuarios () {
    42. 

  42. for u in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
    43. 

  43. echo "$u"
    44. 

  44. done
    45. 

  45. }
    46. 

  46. 

  47. function_onlines () {
    48. 

  48. 	users=$(cat /etc/passwd|grep 'home'|grep 'false'|grep -v 'syslog'|awk -F ':' '{print $1}')
    49. 

  49. 	dpids=$(dropbear_pids)
    50. 

  50. 	time=$(date +%s)
    51. 

  51. 	[[ -e /etc/openvpn/openvpn-status.log ]] && ovpn_log=$(cat /etc/openvpn/openvpn-status.log)
    52. 

  52. 	n='0'
    53. 

  53. 	i='0'
    54. 

  54. 	conect='0'
    55. 

  55. 	for _user in $(mostrar_usuarios); do
    56. 

  56. 		[[ -z "$(ps -u $_user|grep sshd)" ]] && sqd=0 || sqd=1
    57. 

  57. 		[[ -z "$(echo $ovpn_log|grep -E ,"$_user",)" ]] && ovp=0 || ovp=1
    58. 

  58.         [[ -z "$(echo $dpids|grep -w "$_user")" ]] && drop=0 || drop=1
    59. 

  59.         conex=$(($sqd + $ovp + $drop))
    60. 

  60.         [[ $conex -ne 0 ]] && let conect++
    61. 

  61. 		if [[ $(chage -l $_user |grep 'Account expires' |awk -F ': ' '{print $2}') != never ]]; then
    62. 

  62. 			[[ $time -gt $(date '+%s' -d "$(chage -l $_user |grep "Account expires" |awk -F ': ' '{print $2}')") ]] && let n++
    63. 

  63. 		fi
    64. 

  64. 	done
    65. 

  65. _tuser=$(echo "$users"|sed '/^$/d'|wc -l)
    66. 

  66. #echo "${conect}" > /etc/adm-lite/onlines
    67. 

  67. #echo "${n}" > /etc/adm-lite/vencidos
    68. 

  68. #echo "${_tuser}" > /etc/adm-lite/total
    69. 

  69. }
    70. 

  70. 

  71. fun_ovpn_onl () {
    72. 

  72. for userovpn in `cat /etc/passwd | grep ovpn | awk -F: '{print $1}'`; do
    73. 

  73. us=$(cat /etc/openvpn/openvpn-status.log | grep $userovpn | wc -l)
    74. 

  74. [[ "$us" != "0" ]] && echo "$userovpn"
    75. 

  75. done
    76. 

  76. }
    77. 

  77. 

  78. function_usertime () {
    79. 

  79. declare -A data
    80. 

  80. declare -A time
    81. 

  81. declare -A time2
    82. 

  82. declare -A timefinal
    83. 

  83. tempousers="./tempo_conexao"
    84. 

  84. usr_pids_var="./userDIR"
    85. 

  85. [[ ! -e $tempousers ]] && touch $tempousers
    86. 

  86. _data_now=$(date +%s)
    87. 

  87.  for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
    88. 

  88.  unset ssh
    89. 

  89.  [[ -e $usr_pids_var/$user.pid ]] && source $usr_pids_var/$user.pid
    90. 

  90. ssh+="$(ps -u $user | grep sshd |wc -l)+"
    91. 

  91. ssh+="$(dropbear_pids | grep "$user" | wc -l)+"
    92. 

  92. [[ -e /etc/openvpn/server.conf ]] && ssh+="$(fun_ovpn_onl | grep "$user" | wc -l)+"
    93. 

  93. ssh+="0"
    94. 

  94. user_pid=$(echo $ssh|bc)
    95. 

  95. if [ "$user_pid" -gt "0" ]; then
    96. 

  96.  [[ "${data[$user]}" = "" ]] && data[$user]="$_data_now"
    97. 

  97.  fi
    98. 

  98. if [ "$user_pid" = "0" ]; then
    99. 

  99. unset data[$user]
    100. 

  100. [[ -e "$usr_pids_var/$user.pid" ]] && rm -f $usr_pids_var/$user.pid
    101. 

  101. [[ -e $usr_pids_var/$user.pid2 ]] && rm -f $usr_pids_var/$user.pid2
    102. 

  102. fi
    103. 

  103. if [ "${data[$user]}" != "" ]; then
    104. 

  104. time[$user]=$(($_data_now - ${data[$user]}))
    105. 

  105. time2[$user]=$(cat $tempousers | grep "$user" | awk '{print $2}')
    106. 

  106.   [[ "${time2[$user]}" = "" ]] && time2[$user]="0"
    107. 

  107. timefinal[$user]=$((${time2[$user]} + ${time[$user]}))
    108. 

  108. _arquivo=$(cat $tempousers |grep -v "$user")
    109. 

  109. echo "$_arquivo" > $tempousers
    110. 

  110. echo "$user ${timefinal[$user]}" >> $tempousers
    111. 

  111. echo "data[$user]=$_data_now" > $usr_pids_var/$user.pid
    112. 

  112. fi
    113. 

  113.  done
    114. 

  114. }
    115. 

  115. 

  116. fun_net () {
    117. 

  117. (
    118. 

  118. log_1="/tmp/tcpdump"
    119. 

  119. log_2="/tmp/tcpdumpLOG"
    120. 

  120. usr_dir="/etc/adm-lite/userDIR/usr_cnx"
    121. 

  121. [[ -e "$log_1" ]] &&  mv -f $log_1 $log_2
    122. 

  122. [[ ! -e $usr_dir ]] && touch $usr_dir
    123. 

  123. #ENCERRA TCP
    124. 

  124. for pd in `ps x | grep tcpdump | grep -v grep | awk '{print $1}'`; do
    125. 

  125. kill -9 $pd &> /dev/null
    126. 

  126. done
    127. 

  127. #INICIA TCP
    128. 

  128. tcpdump -s 50 -n &> /dev/null
    129. 

  129. #ANALIZA USER
    130. 

  130. for user in `cat "/etc/passwd"|grep 'home'|grep 'false'|grep -v 'syslog' | cut -d: -f1`; do
    131. 

  131. touch /tmp/$user
    132. 

  132. ip_openssh $user > /dev/null 2>&1
    133. 

  133. ip_drop $user > /dev/null 2>&1
    134. 

  134. sed -i '/^$/d' /tmp/$user
    135. 

  135. pacotes=$(paste -sd+ /tmp/$user | bc)
    136. 

  136. rm /tmp/$user
    137. 

  137. if [ "$pacotes" != "" ]; then
    138. 

  138.   if [ "$(cat $usr_dir | grep "$user")" != "" ]; then
    139. 

  139.   pacotesuser=$(cat $usr_dir | grep "$user" | awk '{print $2}')
    140. 

  140.   [[ $pacotesuser = "" ]] && pacotesuser=0
    141. 

  141.   [[ $pacotesuser != +([0-9]) ]] && pacotesuser=0
    142. 

  142.   ussrvar=$(cat $usr_dir | grep -v "$user")
    143. 

  143.   echo "$ussrvar" > $usr_dir
    144. 

  144.   pacotes=$(($pacotes+$pacotesuser))
    145. 

  145.   echo -e "$user $pacotes" >> $usr_dir
    146. 

  146.   else
    147. 

  147.   echo -e "$user $pacotes" >> $usr_dir
    148. 

  148.   fi
    149. 

  149. fi
    150. 

  150. unset pacotes
    151. 

  151. done
    152. 

  152. ) &
    153. 

  153. }
    154. 

  154. 

  155. ip_openssh () {
    156. 

  156. user="$1"
    157. 

  157. for ip in `lsof -u $user -P -n | grep "ESTABLISHED" | awk -F "->" '{print $2}' |awk -F ":" '{print $1}' | grep -v "127.0.0.1"`; do
    158. 

  158.  packet=$(cat $log_2 | grep "$ip" | wc -l)
    159. 

  159.  echo "$packet" >> /tmp/$user
    160. 

  160.  unset packet
    161. 

  161. done
    162. 

  162. }
    163. 

  163. 

  164. ip_drop () {
    165. 

  165. user="$1"
    166. 

  166. loguser='Password auth succeeded'
    167. 

  167. touch /tmp/drop
    168. 

  168. for ip in `cat /var/log/auth.log | tail -100 | grep "$user" | grep "$loguser" | awk -F "from" '{print $2}' | awk -F ":" '{print $1}'`; do
    169. 

  169.  if [ "$(cat /tmp/drop | grep "$ip")" = "" ]; then
    170. 

  170.  packet=$(cat $log_2 | grep "$ip" | wc -l)
    171. 

  171.  echo "$packet" >> /tmp/$user
    172. 

  172.  echo "$ip" >> /tmp/drop
    173. 

  173.  fi
    174. 

  174. done
    175. 

  175. rm /tmp/drop
    176. 

  176. }
    177. 

  177. 

  178. function_onlines > /dev/null 2>&1
    179. 

  179. #function_usertime > /dev/null 2>&1
    180. 

  180. #fun_net > /dev/null 2>&1
    181. 

  181. killall verifica > /dev/null 2>&1
    182.