function authlogs(){ include_once(dirname(__FILE__) . '/ressources/class.mysql.inc'); include_once(dirname(__FILE__) . '/ressources/class.auth.tail.inc'); include_once(dirname(__FILE__) . '/ressources/class.iptables-chains.inc'); $unix=new unix(); $pidfile="/etc/artica-postfix/pids/".basename(__FILE__).".".__FUNCTION__.".pid"; $pid=@file_get_contents($pidfile); if($unix->process_exists($pid)){echo "Already running pid $pid\n";return;} $q=new mysql(); foreach (glob("/var/log/artica-postfix/sshd-failed/*") as $filename) { events("Open $filename",__FUNCTION__,__FILE__,__LINE__); $array=unserialize(@file_get_contents($filename)); $zdate=date("Y-m-d H:i:s",basename($filename)); while (list ($ip, $uid) = each ($array)){ $hostname=gethostbyaddr($ip); if(function_exists("geoip_record_by_name")){ $record = geoip_record_by_name($ip); if (!$record) {ssh_events("Unable to detect country for $ip",__FUNCTION__,__FILE__,__LINE__);}else{ $Country=$record["country_name"]; } } $Country=addslashes($Country); ssh_events("SSH Failed $ip $hostname ($Country)",__FUNCTION__,__FILE__,__LINE__); $sql="INSERT IGNORE INTO auth_events (ipaddr,hostname,success,uid,zDate,Country) VALUES ('$ip','$hostname','0','$uid','$zdate','$Country')"; $q->QUERY_SQL($sql,"artica_events"); if(!$q->ok){ssh_events($q->mysql_error,__FUNCTION__,__FILE__,__LINE__);}else{@unlink($filename);}} } foreach (glob("/var/log/artica-postfix/sshd-success/*") as $filename) { $array=unserialize(@file_get_contents($filename)); $zdate=date("Y-m-d H:i:s",basename($filename)); while (list ($ip, $uid) = each ($array)){ if(!isset($GLOBALS["HOSTNAME"][$ip])){$GLOBALS["HOSTNAME"][$ip]=gethostbyaddr($ip);} $hostname=$GLOBALS["HOSTNAME"][$ip]; if(function_exists("geoip_record_by_name")){ $record = geoip_record_by_name($ip); if (!$record) {ssh_events("Unable to detect country for $ip",__FUNCTION__,__FILE__,__LINE__);}else{ $Country=$record["country_name"]; } } $Country=addslashes($Country); ssh_events("SSH Success $ip $hostname ($Country)",__FUNCTION__,__FILE__,__LINE__); $sql="INSERT IGNORE INTO auth_events (ipaddr,hostname,success,uid,zDate,Country) VALUES ('$ip','$hostname','1','$uid','$zdate','$Country')"; $q->QUERY_SQL($sql,"artica_events"); if(!$q->ok){ssh_events($q->mysql_error,__FUNCTION__,__FILE__,__LINE__);}else{@unlink($filename);}} } authfw(); snort_logs(); loadavg_logs(); }
function authlogs() { include_once dirname(__FILE__) . '/ressources/class.mysql.inc'; include_once dirname(__FILE__) . '/ressources/class.auth.tail.inc'; include_once dirname(__FILE__) . '/ressources/class.iptables-chains.inc'; $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $pid = @file_get_contents($pidfile); if ($unix->process_exists($pid)) { echo "Already running pid {$pid}\n"; return; } $q = new mysql(); $DirPath = "{$GLOBALS["ARTICALOGDIR"]}/sshd-failed"; if (!is_dir($DirPath)) { return; } if (!($handle = opendir($DirPath))) { return; } while (false !== ($file = readdir($handle))) { if ($file == ".") { continue; } if ($file == "..") { continue; } $filename = "{$GLOBALS["ARTICALOGDIR"]}/sshd-failed/{$file}"; if (is_dir($filename)) { continue; } if ($unix->file_time_min($filename) > 120) { @unlink($filename); continue; } events("Open {$filename}", __FUNCTION__, __FILE__, __LINE__); $array = unserialize(@file_get_contents($filename)); if (!is_array($array)) { @unlink($filename); continue; } $zdate = date("Y-m-d H:i:s", basename($filename)); if (is_array($array)) { while (list($ip, $uid) = each($array)) { $hostname = gethostbyaddr($ip); if (function_exists("geoip_record_by_name")) { $record = geoip_record_by_name($ip); if (!$record) { ssh_events("Unable to detect country for {$ip}", __FUNCTION__, __FILE__, __LINE__); } else { $Country = $record["country_name"]; } } $Country = addslashes($Country); $hostname = addslashes($hostname); $uid = addslashes($uid); ssh_events("SSH Failed {$ip} {$hostname} ({$Country})", __FUNCTION__, __FILE__, __LINE__); $sql = "INSERT IGNORE INTO auth_events (ipaddr,hostname,success,uid,zDate,Country) VALUES ('{$ip}','{$hostname}','0','{$uid}','{$zdate}','{$Country}')"; $q->QUERY_SQL($sql, "artica_events"); if (!$q->ok) { @unlink($filename); } } } } foreach (glob("{$GLOBALS["ARTICALOGDIR"]}/sshd-success/*") as $filename) { $array = unserialize(@file_get_contents($filename)); $zdate = date("Y-m-d H:i:s", basename($filename)); while (list($ip, $uid) = each($array)) { if (!isset($GLOBALS["HOSTNAME"][$ip])) { $GLOBALS["HOSTNAME"][$ip] = gethostbyaddr($ip); } $hostname = $GLOBALS["HOSTNAME"][$ip]; if (!is_file("/usr/share/GeoIP/GeoIPCity.dat")) { _UpdateGeoip(); } if (function_exists("geoip_record_by_name")) { $record = geoip_record_by_name($ip); if (!$record) { ssh_events("Unable to detect country for {$ip}", __FUNCTION__, __FILE__, __LINE__); } else { $Country = $record["country_name"]; } } $Country = addslashes($Country); $hostname = addslashes($hostname); $uid = addslashes($uid); $sql = "INSERT IGNORE INTO auth_events (ipaddr,hostname,success,uid,zDate,Country) VALUES ('{$ip}','{$hostname}','1','{$uid}','{$zdate}','{$Country}')"; ssh_events("SSH Success {$ip} {$hostname} ({$Country}) `{$sql}`", __FUNCTION__, __FILE__, __LINE__); $q->QUERY_SQL($sql, "artica_events"); if (!$q->ok) { ssh_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__); } else { @unlink($filename); } } } authfw(); snort_logs(); loadavg_logs(); clamd_mem(); }