From a06d189deec9da695a6c4c3a40c8fbcc9c013d89 Mon Sep 17 00:00:00 2001 From: cassio Date: Sun, 26 Aug 2018 15:41:51 +0200 Subject: increased logs from users of the linux --- tools/boca-submit-log | 108 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 65 insertions(+), 43 deletions(-) (limited to 'tools') diff --git a/tools/boca-submit-log b/tools/boca-submit-log index 836225e..286e5f6 100644 --- a/tools/boca-submit-log +++ b/tools/boca-submit-log @@ -1,8 +1,8 @@ #!/bin/bash if [ "`id -u`" != "0" ]; then - echo "Must be run as root" - exit 1 + echo "Must be run as root" + exit 1 fi if [[ ! -e /etc/bocaip ]] ; then BOCASERVER=50.116.19.221 @@ -15,52 +15,74 @@ if [ "$BOCASERVER" == "" ]; then exit 1 fi -for zcount in 1 2 3 4 5 6; do +for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16; do -grep "session opened for user root" /var/log/auth.log |grep -v cron:session | grep -v systemd:session | tail -n 100 > /root/.logroot.tmp -[ -f /root/.logroot ] || touch /root/.logroot -diff /root/.logroot /root/.logroot.tmp > /root/.logroot.diff 2>/dev/null -res=$? -if [ "$res" != "0" ]; then - for i in uuencode wget tr perl sha256sum cut; do - p=`which $i` - if [ -x "$p" ]; then - echo -n "" - else - echo "$i" not found - exit 1 - fi - done - temp=/root/.temp.`date +%s%N`.txt - md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/logexternal.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` - echo "$md" | grep -q PHPSESS - if [ "$?" == "0" ]; then - md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` - res=`cat /root/submissions/code 2>/dev/null` - res=`echo -n "${res}${md}" | sha256sum - | cut -f1 -d' '` + grep -e sudo -e "password:session" /var/log/auth.log | tail -n 100 > /root/.logsession.tmp + [ -f /root/.logsession ] || touch /root/.logsession + diff /root/.logsession /root/.logsession.tmp > /root/.logsession.diff 2>/dev/null + res=$? - echo -n "comp=`cat /root/submissions/comp`" > $temp - echo -n "&code=$res" >> $temp - echo -n "&data=" >> $temp - grep "^>" /root/.logroot.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + journalctl | grep -i mount | grep -i -e "filesystem" -e "file system" | tail -n 100 > /root/.logfs.tmp + [ -f /root/.logfs ] || touch /root/.logfs + diff /root/.logfs /root/.logfs.tmp > /root/.logfs.diff 2>/dev/null + resfs=$? - wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/logexternal.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null - rm -f $temp - rm -f ${temp}.cookie.txt - grep -qi incorrect ${temp}.out - res=$? - rm ${temp}.out - if [ "$res" == "0" ]; then - echo "$BOCASERVER: User or password incorrect" - exit 3 - fi + if [ "$zcount" == "1" ]; then + tail -n 1000 /var/log/logkeys.log > /root/.logkeys.tmp + [ -f /root/.logkeys ] || touch /root/.logkeys + diff /root/.logkeys /root/.logkeys.tmp > /root/.logkeys.diff 2>/dev/null + reskeys=$? else - echo "$BOCASERVER: connection failed" - exit 2 + echo "" > /root/.logkeys.diff + reskeys=0 fi -fi -mv /root/.logroot.tmp /root/.logroot -[ "$zcount" == "6" ] || sleep 8 + + if [ "$res" != "0" -o "$resfs" != "0" -o "$reskey" != "0" ]; then + for i in uuencode wget tr perl sha256sum cut; do + p=`which $i` + if [ -x "$p" ]; then + echo -n "" + else + echo "$i" not found + exit 1 + fi + done + temp=/root/.temp.`date +%s%N`.txt + md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/logexternal.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` + echo "$md" | grep -q PHPSESS + if [ "$?" == "0" ]; then + md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` + res=`cat /root/submissions/code 2>/dev/null` + res=`echo -n "${res}${md}" | sha256sum - | cut -f1 -d' '` + + echo -n "comp=`cat /root/submissions/comp`" > $temp + echo -n "&code=$res" >> $temp + echo -n "&logsession=" >> $temp + grep "^>" /root/.logsession.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logfs=" >> $temp + grep "^>" /root/.logfs.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logkeys=" >> $temp + grep "^>" /root/.logkeys.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + + wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/logexternal.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null + rm -f $temp + rm -f ${temp}.cookie.txt + grep -qi incorrect ${temp}.out + res=$? + rm ${temp}.out + if [ "$res" == "0" ]; then + echo "$BOCASERVER: User or password incorrect" + exit 3 + fi + else + echo "$BOCASERVER: connection failed" + exit 2 + fi + fi + [ -f /root/.logsession.tmp ] && mv /root/.logsession.tmp /root/.logsession + [ -f /root/.logkeys.tmp ] && mv /root/.logkeys.tmp /root/.logkeys + [ -f /root/.logfs.tmp ] && mv /root/.logfs.tmp /root/.logfs + [ "$zcount" == "16" ] || sleep 10 done exit 0 -- cgit v1.2.3