blob: b3f475162fa5e70b589c984400c70b984267fa05 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/bin/sh -
#
# Show possible port scans detected by scanlogd.
#
# If you want to enable this script, place the following
# into /etc/periodic.conf:
#
# security_status_scanlogd_enable="YES"
# security_status_scanlogd_period="daily"
#
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]; then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
: ${security_status_scanlogd_period="daily"}
logdir="${security_status_logdir}"
yesterday=`env LC_TIME=C date -v-1d "+%b %e "`
catmsgs() {
local logdir logfile mtime
logdir="$1"
logfile="$2"
mtime="$3"
find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 |
xargs -0 ls -1tr |
while read f; do
case "$f" in
*.gz) zcat -f "$f" ;;
*.bz2) bzcat -f "$f" ;;
*) cat "$f" ;;
esac
done
}
rc=0
if check_yesno_period security_status_scanlogd_enable; then
echo ""
echo "${host} possible port scans:"
n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0
fi
exit $rc
|
