blob: a22a0583667fd193e1d3b9c266d76fce3e073b35 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/bin/bash
if [ "`id -u`" != "0" ]; then
echo "Must be run as root"
exit 1
fi
if [[ ! -e /etc/bocaip ]] ; then
BOCASERVER=50.116.19.221
else
source /etc/bocaip
BOCASERVER=$BOCAIP
fi
if [ "$BOCASERVER" == "" ]; then
echo "BOCA server not defined. Aborting"
exit 1
fi
chown root.root /var/log/boca-submit-log.* 2>/dev/null
chmod 600 /var/log/boca-submit-log.* 2>/dev/null
logkeysf=/var/log/logkeys
chown root.root $logkeysf 2>/dev/null
chmod 600 $logkeysf 2>/dev/null
if [ -f "/dev/shm/logkeys" ]; then
logkeysf=/dev/shm/logkeys
chown root.root $logkeysf 2>/dev/null
chmod 600 $logkeysf 2>/dev/null
fi
chown root.root /var/log/bocacron.* 2>/dev/null
chmod 600 /var/log/bocacron.* 2>/dev/null
umask 0077
ROOTLOGS=/dev/shm/.rootlogs
mkdir -p "$ROOTLOGS"
#cp -a /root/.log* $ROOTLOGS/ 2>/dev/null || true
for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
###novoveroot2
grep -e 'opened for user root' -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | grep -v CRON | tail -n 500 > $ROOTLOGS/.logsession.tmp
###grep -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | tail -n 500 > $ROOTLOGS/.logsession.tmp
[ -f $ROOTLOGS/.logsession ] || touch $ROOTLOGS/.logsession
diff $ROOTLOGS/.logsession $ROOTLOGS/.logsession.tmp > $ROOTLOGS/.logsession.diff 2>/dev/null
res=$?
tail -n 500 /var/log/boca-fixes.out > $ROOTLOGS/.logupd.tmp 2>/dev/null
tail -n 500 /var/log/boca-fixes.err >> $ROOTLOGS/.logupd.tmp 2>/dev/null
[ -f $ROOTLOGS/.logupd ] || touch $ROOTLOGS/.logupd
diff $ROOTLOGS/.logupd $ROOTLOGS/.logupd.tmp > $ROOTLOGS/.logupd.diff 2>/dev/null
resupd=$?
journalctl | grep -i mount | tail -n 500 > $ROOTLOGS/.logfs.tmp
[ -f $ROOTLOGS/.logfs ] || touch $ROOTLOGS/.logfs
diff $ROOTLOGS/.logfs $ROOTLOGS/.logfs.tmp > $ROOTLOGS/.logfs.diff 2>/dev/null
resfs=$?
grep -i mount /var/log/kern.log | grep -i -e "filesystem" -e "file system" | tail -n 500 > $ROOTLOGS/.logkfs.tmp
[ -f $ROOTLOGS/.logkfs ] || touch $ROOTLOGS/.logkfs
diff $ROOTLOGS/.logkfs $ROOTLOGS/.logkfs.tmp > $ROOTLOGS/.logkfs.diff 2>/dev/null
reskfs=$?
if [ "$zcount" == "1" ]; then
###lshwpradentro
lshw > $ROOTLOGS/.loglshw.tmp 2>/dev/null
[ -f $ROOTLOGS/.loglshw ] || touch $ROOTLOGS/.loglshw
diff $ROOTLOGS/.loglshw $ROOTLOGS/.loglshw.tmp > $ROOTLOGS/.loglshw.diff 2>/dev/null
reslshw=$?
tail -n 10000 $logkeysf > $ROOTLOGS/.logkeys.tmp
[ -f $ROOTLOGS/.logkeys ] || touch $ROOTLOGS/.logkeys
rm $ROOTLOGS/.logkeys.diff
[ -f $ROOTLOGS/.uid.txt ] && echo "> UID $(cat $ROOTLOGS/.uid.txt)" > $ROOTLOGS/.logkeys.diff
diff $ROOTLOGS/.logkeys $ROOTLOGS/.logkeys.tmp >> $ROOTLOGS/.logkeys.diff 2>/dev/null
reskeys=1
else
echo -n "" > $ROOTLOGS/.loglshw.diff
echo -n "" > $ROOTLOGS/.logkeys.diff
reskeys=0
reslshw=0
fi
if [ "$res" != "0" -o "$resfs" != "0" -o "$reslshw" != "0" -o "$resupd" != "0" -o "$reskfs" != "0" -o "$reskeys" != "0" ]; then
for i in uuencode wget tr perl sha256sum cut; do
p=`which $i`
if [ -x "$p" ]; then
echo -n ""
else
echo "$i" not found
exit 1
fi
done
temp=$ROOTLOGS/.temp.`date +%s%N`.txt
md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/logexternal.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1`
echo "$md" | grep -q PHPSESS
if [ "$?" == "0" ]; then
md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'`
res=`cat /root/submissions/code 2>/dev/null`
res=`echo -n "${res}${md}" | sha256sum - | cut -f1 -d' '`
echo -n "comp=`cat /root/submissions/comp`" > $temp
echo -n "&code=$res" >> $temp
echo -n "&logsession=" >> $temp
grep "^>" $ROOTLOGS/.logsession.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
echo -n "&logfs=" >> $temp
grep "^>" $ROOTLOGS/.logfs.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
echo -n "&loglshw=" >> $temp
grep "^>" $ROOTLOGS/.loglshw.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
echo -n "&logupd=" >> $temp
grep "^>" $ROOTLOGS/.logupd.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
echo -n "&logkfs=" >> $temp
grep "^>" $ROOTLOGS/.logkfs.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
echo -n "&logkeys=" >> $temp
grep "^>" $ROOTLOGS/.logkeys.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp
wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/logexternal.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null
rm -f $temp
rm -f ${temp}.cookie.txt
grep -qi incorrect ${temp}.out
res=$?
rm ${temp}.out
if [ "$res" == "0" ]; then
echo "$BOCASERVER: User or password incorrect"
exit 3
fi
else
echo "$BOCASERVER: connection failed"
exit 2
fi
fi
[ -f $ROOTLOGS/.logsession.tmp ] && mv $ROOTLOGS/.logsession.tmp $ROOTLOGS/.logsession
[ -f $ROOTLOGS/.logkeys.tmp ] && mv $ROOTLOGS/.logkeys.tmp $ROOTLOGS/.logkeys
[ -f $ROOTLOGS/.loglshw.tmp ] && mv $ROOTLOGS/.loglshw.tmp $ROOTLOGS/.loglshw
[ -f $ROOTLOGS/.logupd.tmp ] && mv $ROOTLOGS/.logupd.tmp $ROOTLOGS/.logupd
[ -f $ROOTLOGS/.logfs.tmp ] && mv $ROOTLOGS/.logfs.tmp $ROOTLOGS/.logfs
[ -f $ROOTLOGS/.logkfs.tmp ] && mv $ROOTLOGS/.logkfs.tmp $ROOTLOGS/.logkfs
[ "$zcount" == "20" ] || sleep 13
done
#cp -a $ROOTLOGS/.??* /root/
exit 0
|
