v/nexus-utilities
1
0
Fork 0
mirror of https://github.com/AG7GN/nexus-utilities.git synced 2025-05-15 14:10:09 -07:00
Code Issues Projects Releases Wiki Activity
nexus-utilities/vnc-server-activity.sh
Steve Magnuson 8815b0cabd Fix date calculation in vnc-server-activity.sh
2021-07-22 16:05:20 -07:00

112 lines
3.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Extracts Connection events for VNC server activity occuring in the past 24 hours
# and emails results via patmail.sh and pat
#
# Usage: vnc-server-activity.sh [email-address[,email-address]...]
#
VERSION="1.2.1"
# Pat and patmail.sh must be installed. If they are not, exit.
command -v pat >/dev/null 2>&1 || exit 1
command -v patmail.sh >/dev/null 2>&1 || exit 1
declare -i AGE=24 # Specify Age in hours. Events older than AGE will not be included.
# Mail VNC Server login activity for last 24 hours.
# MAILTO can contain multiple destination email addresses. Separate addresses with a
# comma.
MAILTO="${1:-w7ecg.wecg@gmail.com}"
FILTERED="$(mktemp)"
OUTFILE="$(mktemp)"
TEMPOUT="$(mktemp)"
NOW="$(date +'%s')"
# Check VNC logs
FILES="/var/log/user.log"
if [[ -s $FILES ]]
then
echo "VNC Activity" > $OUTFILE
grep -h Connections $FILES* 2>/dev/null 1>$FILTERED
if [[ -s $FILTERED ]]
then
while IFS= read -r LINE
do
D="${LINE%% $HOSTNAME*}" # Extract date from log message
E="$(date --date="$D" +'%s')" # Convert date to epoch
if (( $E > $NOW ))
then # Now in new year. (Log messages don't include year, so it's a problem going from December to January.)
# Account for leap years
date -d $(date +%Y)-02-29 >/dev/null 2>&1 && SEC_IN_YEAR=$((60 * 60 * 24 * 366)) || SEC_IN_YEAR=$((60 * 60 * 24 * 365))
# Make it December again ;)
E=$(( $E - $SEC_IN_YEAR ))
fi
let DIFF=$NOW-$E
if [ $DIFF -le $(($AGE * 3600)) ] # Print events <= 24 hours old
then
echo "$LINE" | tr -s ' ' | cut -d' ' -f1,2,3,7- >> $TEMPOUT
fi
done < $FILTERED
fi
else
echo "No $FILES log" >> $OUTFILE
fi
if [ -s $TEMPOUT ]
then
cat $TEMPOUT | sort | uniq >> $OUTFILE
else
echo " No VNC activity." >> $OUTFILE
fi
> $TEMPOUT
# Check DWService logs
FILES="/usr/share/dwagent/dwagent.log"
if [[ -s $FILES ]]
then
echo -e "\nDWService Activity" >> $OUTFILE
grep -Ihs session $FILES* | grep "^[0-9]*" 2>/dev/null 1>$FILTERED
if [[ -s $FILTERED ]]
then
while IFS= read -r LINE
do
D="${LINE%% INFO*}" # Extract date from log message
E="$(date --date="$D" +'%s')" # Convert date to epoch
if [ $E -gt $NOW ]
then # Now in new year. (Log messages don't include year, so it's a problem going from December to January.)
# Account for leap years
date -d $(date +%Y)-02-29 >/dev/null 2>&1 && SEC_IN_YEAR=$((60 * 60 * 24 * 366)) || SEC_IN_YEAR=$((60 * 60 * 24 * 365))
# Make it December again ;)
E=$(( $E - $SEC_IN_YEAR ))
fi
let DIFF=$NOW-$E
if [ $DIFF -le $(($AGE * 3600)) ] # Print events <= 24 hours old
then
echo "$LINE" | tr -s ' ' | cut -d' ' -f1,2,5- >> $TEMPOUT
fi
done < $FILTERED
fi
else
echo -e "\nNo $FILES log" >> $OUTFILE
fi
if [ -s $TEMPOUT ]
then
cat $TEMPOUT | sort | uniq >> $OUTFILE
else
echo " No DWService activity." >> $OUTFILE
fi
#[ -s $OUTFILE ] || echo "No VNC activity." > $OUTFILE
#{
# echo To: $MAILTO
# echo From: $MAILFROM
# echo Subject: $HOSTNAME VNC Server activity for 24 hours preceding `date`
# echo
# cat $OUTFILE
#} | /usr/sbin/ssmtp $MAILTO
#cat $OUTFILE
cat $OUTFILE | $(command -v patmail.sh) $MAILTO "$HOSTNAME remote access activity for 24 hours preceding `date`" telnet
rm $OUTFILE
rm $FILTERED
rm $TEMPOUT
Reference in New Issue View Git Blame Copy Permalink