#!/bin/bash
################################################
# script for NC CXS scan logs monitoring #
################################################
# Nagios exit codes: [0=OK] [WARNING=1] [CRITICAL=2] [UNKNOWN=3];
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# Include ini files with configuration;
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
source "${SCRIPT_DIR}/check-vps-cxs-log.ini"
verbose=0
PROGNAME=${0##*/}
IFS=','
read -a PATCHES_TO_BIN_ARR <<< "/usr/sbin/cxs"
read -a LOG_FILES_ARR <<< "scandaily.log,scanweekly.log"
read -a SEARCH_PATTERNS_ARR <<< "${SEARCH_PATTERNS}"
LOG_FILES_FOLDER="/var/log/cxsreports/"
print_usage() {
echo ""
echo "Usage: $PROGNAME [-v be Verbose] [-l Logfiles dir]"
echo "Usage: $PROGNAME -h | --help"
}
print_help() {
print_usage
echo ""
echo "This script checks logs of CXS scan with NC custom signatures (see TOP-64)"
echo ""
echo "-v be Verbose (should be last argument)"
echo "-l Logfiles dir, string. Default - /var/log/cxsreports/"
echo "--help Print this help screen"
echo ""
exit 3
}
while [ $# -gt 0 ]; do
case "$1" in
--help)
print_help
exit 3
;;
-h)
print_help
exit 3
;;
-l)
LOG_FILES_FOLDER=$2; shift
;;
-v)
verbose=1; shift;shift
;;
*)
echo >&2 "Unknown argument: $1"
print_usage
exit 3
;;
esac
shift
done
if [ "${verbose}" == 1 ]; then
echo "Patch to bin file: ${PATCHES_TO_BIN_ARR[@]}"
echo "Log files array: ${LOG_FILES_ARR[@]}"
echo -e "Search patterns: ${SEARCH_PATTERNS_ARR[@]}\n"
fi
# Array for output information;
declare -a echo_array
####### BIN FILES CHECK SECTION BEGIN ######
# Check if BIN file exists;
for element in "${PATCHES_TO_BIN_ARR[@]}";
do
if [[ ! -f "${element}" ]]; then
# If file doesn't exists, we add it to array;
echo_array+=(${element})
fi
done
# Output all not found bin files and UNKNOWN;
if [[ "${#echo_array[@]}" -gt 0 ]]; then
echo "UNKNOWN. Bin file(s) not found. Path to file(s) = ${echo_array[*]}"
exit 3
fi
####### BIN FILES CHECK SECTION END ######
####### LOG FILES CHECK SECTION BEGIN ######
# Check if log file exists;
for file in "${LOG_FILES_ARR[@]}";
do
if [[ ! -f "${LOG_FILES_FOLDER}${file}" ]]; then
# If file doesn't exists, we add it to array;
echo_array+=(${LOG_FILES_FOLDER}${file})
fi
done
# Output all not found files and WARNING;
if [[ "${#echo_array[@]}" -gt 0 ]]; then
echo "WARNING. Log file(s) not found. Path to file(s) = ${echo_array[*]}"
exit 1
fi
####### LOG FILES CHECK SECTION END ######
####### CHECK DATE OF LOG FILE begin ######
DAYS_THRESHOLD=0
for log_file_name in "${LOG_FILES_ARR[@]}"; do
if [[ "${log_file_name}" == "scandaily.log" ]]; then
DAYS_THRESHOLD=1
elif [[ "${log_file_name}" == "scanweekly.log" ]]; then
DAYS_THRESHOLD=7
fi
FIND_OUT=$(find "${LOG_FILES_FOLDER}" -iname "${log_file_name}" -mtime -"${DAYS_THRESHOLD}" 2>/dev/null)
if [ -z "${FIND_OUT}" ]; then
echo_array+=(${log_file_name})
fi
done
# Output all not found bin files and UNKNOWN;
if [[ "${#echo_array[@]}" -gt 0 ]]; then
echo "WARNING. Log file(s) is old. File(s) = ${echo_array[*]}"
exit 1
fi
####### CHECK DATE OF LOG FILE end ######
####### CHECK LOG FILE FORMAT,PATTERN BEGIN ######
for file in "${LOG_FILES_ARR[@]}"; do
CHECK_PATTERN=$(grep "\- SCAN REPORT \-" "${LOG_FILES_FOLDER}${file}")
if [ -z "${CHECK_PATTERN}" ]; then
echo "WARNING. Log file(s) have invalid structure. File(s) = ${file}"
exit 1
fi
for pattern in "${SEARCH_PATTERNS_ARR[@]}"; do
INFECTED=$(grep "${pattern}" "${LOG_FILES_FOLDER}${file}" | tr -s '\n' ' ')
if [ -n "${INFECTED}" ]; then
echo_array+=("${file}:${INFECTED}")
fi
done
done
# Output all not found bin files and UNKNOWN;
if [[ "${#echo_array[@]}" -gt 0 ]]; then
echo "CRITICAL. Viruses were found ${echo_array[*]}"
exit 2
fi
####### CHECK LOG FILE FORMAT,PATTERN END ########
echo "OK. There are no infected files."
exit 0
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell