LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 11-13-2004, 03:13 PM   #1
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Perl Script To Check Logs


I'm currently managing two Gentoo servers. I wrote a small script that does the following:

1. Runs 'chkrootkit' to see if anything is infected
2. Runs 'emerge sync' to get a snapshot of the current portage tree
3. Runs 'emerge -up world' to show available updates
4. Runs 'glsa-check -l' to show if any security updates are available
5. E-mails results of above to security user on each server

The script is run daily at 4a.m. via cron. The next thing I want to add to the script is log checking. Specifically, I want the script to show all logins and failed logins for that day. I'm using metalog so everything relevant is stored in /var/log/everything and a simple 'grep session' would show all logins and failed logins.

The problem is that I don't know how to specify to only show the logins from that day. I could try to manipulate the date stamp on every entry in the log file but I'm not sure how to do this. The problem with this is that metalog rotates logs by file size so if the file gets rotated the data goes to /var/log/everything/log-2004-blah-blah. So, I'd have to check every file under /var/log/everything to see whats going on here.

Just wondering how you guys would tackle this. I'm open to suggestions. Here is the current script(I'm no perl expert by the way):

Code:
#!/usr/bin/perl -w

$date = `date`;
$hostname = `hostname`;
$text_file = "/root/email.txt";
$chk_file = "/root/chkrootkit_results.txt";

# CHKROOTKIT SECTION
system("echo 'Chkrootkit Results:\n' > $text_file");
system("chkrootkit > $chk_file");

open(CHK_IN, $chk_file);
while(<CHK_IN>) 
{
   push(@infected,$_) if (/INFECTED/);
}
close  CHK_IN;

if (@infected) 
{
   system("echo 'INFECTED LINES FOUND!\n\n' >> $text_file");
   system("echo '$_\n' >> $text_file") for @infected;
}
else 
{
   system("echo 'Nothing infected.\n' >> $text_file");
}

# SYNC TO CURRENT PORTAGE TREE
system("emerge sync > /dev/null 2> /dev/null");

# CHECK FOR AVAILABLE UPDATES
system("echo '\nAvailable Package Updates:\n' >> $text_file");
system("emerge -up world | grep ebuild >> $text_file");

# RUN GLSA-CHECK TO SEE IF ANY SECURITY UPDATES ARE AVAILABLE
system("echo '\nGlsa-Check Results:\n' >> $text_file");
system("glsa-check -l 2> /dev/null >> $text_file");

# E-MAIL RESULTS
system("cat $text_file | mail -s \"Security Report For $hostname On $date\" security\@localhost");

# CLEAN UP TEMPORARY TEXT FILES
system("rm -f $text_file");
system("rm -f $chk_file");

# TO DO LIST
# ADD SUPPORT TO PARSE LOG FILES FOR DAILY LOGINS AND DAILY FAILED LOGINS VIA METALOG
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 04:19 AM
how to check logs after a black screen freeze? TokyoYank Fedora 5 11-04-2005 06:45 PM
Converting a Windows Perl script to a Linux Perl script. rubbercash Programming 2 07-19-2004 10:22 AM
what logs do I check? mehesque Linux - Newbie 1 02-12-2004 07:26 PM
Including methods from a perl script into another perl script gene_gEnie Programming 3 01-31-2002 05:03 AM


All times are GMT -5. The time now is 11:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration