Bashhacker Part3: logusers

Das Script Logusers fasst die wichtigsten Daten über angemeldete User zusammen. Dazu gehört wieviel Resourcen durch Speicherplatz und Prozesse einzelne angemeldete User belegen. Diese werden dann nur für den Superuser zugänglich in einem seperaten Verzeichnis abgelegt.

Code:

#!/bin/bash

#logusers
#Script that will log the uptime, date and time as well as all users logged in with their running actions

#Please report me, if you have any idea of what else should be logged.

#Comes with the package Bash-Tools
#Ideas collected by Mendel Cooper (Advanced Bash Scripting Guide)
#Rewritten for opensuse 10.3 by Matthias Propst



#VARS
NOT_ROOT=67
LOG_DIR=/var/log/logusers #Change this according to your needs
INDEX=$(date +%Y%m%d%H%M%S) #Change this if you need another date format or use a complete different way to index your logup file.
USERS=$(users)
IP_ADRESS=127.0.0.1 #Change this value if you know your current ip adress.
#VARS

###functions begin here

#checking for root
check_root ()
{
echo "Checking whether you are root."
if [ $UID -ne 0 ]
then
echo "Not root"
drop_failure
exit $NOT_ROOT
else
drop_ok
create_logdir
fi
}

#Checking whether directory /var/log/logusers allready exists and has all neccessary permissisons, if not, creating it
create_logdir ()
{
echo "Checking whether the logdir exists"
if [ ! -d $LOG_DIR ]
then
mkdir -p /var/log/logusers
chmod 700 $LOG_DIR
main
drop_ok
else
drop_ok
main
fi
}

#main fucntion does the action for what the script is for
main ()
{
#Creating new logfile
echo "Creating logdir. Please wait."
touch $LOG_DIR/"$INDEX".log


{
echo "File was generated by $0"
date
echo "========================================================================================================"
} >> $LOG_DIR/"$INDEX".log


{
echo "Host information:"
echo $LOGNAME"@"$HOSTNAME
echo $MACHTYPE
uname -r
cat /proc/cpuinfogrep model\ \name
cat /proc/cpuinfogrep cpu\ \MHz
uptime
echo "========================================================================================================="
} >> $LOG_DIR/"$INDEX".log


{
echo "Network information:"
ifconfig
iwconfig
ping -w 1 google.de 2> /dev/null

if [ $? -gt "0" ]
then
echo "There is no connection running:"
else
echo "You are running a connection to the internet"

#scans only the localhost by default
echo "nmap:"
nmap $IP_ADRESS -v
echo "netstat:"
netstat
fi

echo "========================================================================================================="
} >> $LOG_DIR/"$INDEX".log

{
echo "The following users are logged in:"
echo "=================================="
finger
n=0

for m in ${USERS[@]}
do

if [ $m != $n ]
then
id $m
n=$m
fi

done

id root

echo "The following processes are running:"
echo "===================================="
echo "Sorted by User"
k=0
for i in ${USERS[@]}
do

if [ $i != $k ]
then
echo $i
ps -U $i
k=$i
fi

done

echo "root"
ps -U root

echo "Treeview"
pstree -pu
echo "====================================================================================================="
} >> $LOG_DIR/"$INDEX".log

{
echo "These environment variables has been set:"
env
} >> $LOG_DIR/"$INDEX".log


#Ensuring the logfile is only readable to root
chmod 400 "$LOG_DIR"/"$INDEX".log

#Ensuring no one but root can manipulate or delete the output.logfiles
chattr +a $LOG_DIR/"$INDEX".log

echo "Logs have been saved to $LOG_DIR/$INDEX"
echo -e '\t \t \t \t \E[32mdone'; tput sgr0

exit 0
}

drop_ok ()
{
echo -e '\t \t \t \t \E[32mok'; tput sgr0
}

drop_failure ()
{
echo -e '\t \t \t \t \E[31mfailure'; tput sgr0
}

###functions end here

check_root

exit 0