Filewatcher File Search
FTP Search
  
Directory 
  
Content Search 
   
pkg://dailyscript-3.0-1.src.rpm:14947/dailyscript-3.0.tar.gz  info  downloads

dailyscript-3.0/ 40755      0      0           0  6331134513  11664 5ustar  rootrootdailyscript-3.0/daily100755      0      0       37677  6331132612  13053 0ustar  rootroot#!/bin/bash

#############################################################################
# Version 3.0 -- Kirk Bauer -- 4/28/97
#############################################################################

# Note: there are a few variables to change below

#############################################################################
## This script was written by Kirk Bauer.  I am *absolutely* sure that this
## script could have been much more efficient than it is as far as run
## time... but it does work.   I could have written it in PERL and made it
## much better... but oh well, I don't know PERL yet.
##
## You can give this script to anybody... I wrote it for Red Hat Linux 4.1
## Systems, but I have a feeling that it would work (with a few modifications
## for other Red Hat Linux systems and maybe even other distributions.  I
## just ask that you leave my name on here and that you **send any suggestions
## or improvements to me!!!**
##
## Okay, you can now pass an argument to the script.  This argument is the
## date you want to scan the logs for.  If there are no arguments, it will
## scan for yesterday's date.  The argument must be in the form:
## "daily Apr 5" or "daily Apr 05" or "daily Apr  5" or "daily Mar 21", etc.
##
## So, here is how you send improvements and suggestions to me.  I will list
## several email addresses in order of preference:
##    kirk@gt.ed.net
##    gt5918a@prism.gatech.edu
##    kirk@kaybee.ml.org
##
## Revision History:
##    4/5/97 Version 1.0:  First time released to the public
##    4/6/97 Version 1.1:  Changed the configuration a little
##    4/7/97 Version 1.2:  Now, you can call with an argument that
##                         specifies what date to check if you want to.
##                         (Thanks to kaja007@hotmail.com)
##    4/7/97 Version 1.3:  Made a few small changes....
##                         (Thanks to scoile@patriot.net)
##   4/18/97 Version 2.0:  (Thanks to Tim Cross tcross@bart.northnet.com.au)
##                         On my system, I now have the following packages:
##                              pam-0.57-8 and pwdb-0.54-1
##                         This script catches the extra messages that I now
##                         get.  For now, it ignores the PAM_pwdb messages,
##                         but I now process the 'su' messages.
##
##                         I also changed a few small cosmetic things, as
##                         well as added a few options for non-standard
##                         machines.
##
##                          ** Version 1.3 may be better for standard RHL 4.1
##
##   4/28/97 Version 3.0:  (Thanks to Simun Mudd simon.mudd@alltrading.es for RPM script)
##                         (Thanks to the authors of the two maillog scripts)
##                         Basically, I slightly modified some other people's
##                         scripts so that I can now process the maillog as well
##                         as do some security checks via RPM...
##                         
#############################################################################

# These are three variables you *must* set for the script to work

# Set this to a temporary directory for the script to use for all
# of its files ... this directory does not have to exist.
TMP2=/var/tmp

# Since I can't figure out how to make multiple-line 'sed' scripts without
# using a script file, I had to use two sed script files.  Give me the
# location of those files below (please let me know if you know how to
# get around this with sed):
SEDSCRIPT1=/var/local/dailyscript/daily.script
SEDSCRIPT2=/var/local/dailyscript/daily.script.2
MAILSTATS=/var/local/dailyscript/todays_stats
MAILLIST=/var/local/dailyscript/smtpstats



########################################################################
# You only have to worry about these if you have wierd
# systems:

# This is a list of log files to process.  Be careful *not* to put stuff
# like /var/log/maillog in this list, because my script won't catch it.
# Basically, if you take everything that normally goes to /var/log/messages
# (on a default RHL 4.1) and split it into different files, include all those
# files below:
LOGFILES="/var/log/messages"
#LOGFILES="/var/log/messages /var/log/daemons /var/log/su"

# This is a list of messages to totally ignore.  For example, if you have
# something on your system that generates a lot of messages but my script
# does not look for it, list it here and it will be ignored.
# NOTE: for now, I ignore PAM_pwdb because I don't think it tells us anything
# the other messages don't... plus I don't feel like writing more code ;)
ALWAYSIGNORE="PAM_pwdb"
#ALWAYSIGNORE="PAM_pwdb other_wierd_stuff"




########################################################################
# You only have to worry about these if you want this script to check
# "incoming" directories.  If you want the script to do so, add one or
# more directories in the INCOMINGDIRS list....

# this is a list of 'incoming' directories or public-writeable
# directories that you would like to keep track of.  The script will
# let you know when files are added or removed from these directories
# on a daily basis...
# BTW -- the first time you run the script, or when you change the below
# lines, you will get a couple of errors... but no big deal, they will
# not be there the next time you run the script.
#INCOMINGDIRS="/home/ftp/incoming /home/samba/incoming"
INCOMINGDIRS=""

# This is a directory that files are left in to keep track of things.
# Really, there will only be a couple of files in here for now.  There
# will be one file in here for every directory you are keeping track of
# below.  In any case, just make sure this directory exists and then
# leave it alone...
PERMDIR=/var/local/dailyscript








# Okay, you shouldn't have to change anything below here...

######################################################################

TDIR=${TMP:-$TMP2}/`basename $0`$$
COMPNAME=`hostname | cut -d. -f1`
if [ $# -eq 0 ] ; then
   # this means there were no arguments
   D=`date -d "1 day ago" +"%b %d" | sed 's/ 0/  /'`
else
   D=`echo $* | sed 's/ 0/  /' | sed 's/^\(...\) \(.\)$/\1  \2/'`
fi
echo '***************************************************************'
echo "General Daily Run -- $COMPNAME -- $D"
echo '***************************************************************'
echo
echo People who logged in today:
echo
last -ad | grep "$D" | grep -v ".* *ftp" | cut -c-22,34-
echo
echo '***************************************************************'
echo
echo Checking System Log Files.....
echo






TFILE=$TDIR/tmp
umask 077
mkdir $TDIR 2> /dev/null
rm -rf $TDIR/* 2> /dev/null

for i in $LOGFILES
do
   grep "^$D" $i | grep -v "last message repeated" >> $TFILE
done


for i in syslog named identd login pam ftpd su sshd kernel talkd telnetd $ALWAYSIGNORE
do
   grep "^$D .* $COMPNAME $i" $TFILE > $TDIR/$i
   mv $TFILE $TFILE.1
   grep -v "^$D .* $COMPNAME $i" $TFILE.1 > $TFILE
done
rm $TFILE.1 2> /dev/null


# If this file still has stuff in it, we should definately look at it....
if [ -s $TFILE ] ; then
   echo "###########################################################"
   echo "###  Unmatched entries in /var/log/messages!!!!!!!!!!   ###"
   echo "###########################################################"
   echo
   cat $TFILE
   echo
   echo "###########################################################"
   echo
   echo
fi


# su messages...
echo "Successful SU's:"
for i in `grep -v "FAILED" $TDIR/su | sed "s/$D .*:.*:.* $COMPNAME su: \(.*\) on .*/\1/" | sort | uniq`
do
   echo "  $i:"
   grep -v "FAILED" $TDIR/su | sed "s/$D .*:.*:.* $COMPNAME su: $i on \(.*\)/    \1/"
done
echo "*Unsuccessful SU's:"
for i in `grep "FAILED" $TDIR/su | sed "s/$D .*:.*:.* $COMPNAME su: FAILED SU \(.*\) on .*/\1/" | sort | uniq`
do
   echo "  $i:"
   grep "FAILED" $TDIR/su | sed "s/$D .*:.*:.* $COMPNAME su: FAILED SU $i on \(.*\)/    \1/"
done
echo
echo



# Syslog messages...
T=`grep "restart" $TDIR/syslog | wc -l`
echo "Syslogd Restarted:$T Time(s)..."
grep -v "restart" $TDIR/syslog | grep -v "$COMPNAME syslog: gethostby" | tee $TFILE.1 | grep -v "FAILED LOGIN" > $TFILE 
echo 'Failed login(s) due to invalid username:'
grep "FAILED LOGIN" $TFILE.1 | sed "s/$D .*:.*:.* $COMPNAME syslog: FAILED LOGIN .* FROM \(.*\) FOR \(.*\), .*/   Failed Login:  \2 from \1/"
if [ -s $TFILE ] ; then
   echo "Other Syslogd Problems:"
   cat $TFILE | sed "s/\(.*\)/   \1/"
fi

# Login Messages....
echo
echo 'Failed login(s) due to bad password:'
grep "Authentication failure" $TDIR/login | sed "s/$D .*:.*:.* $COMPNAME login: FAILED LOGIN .* FROM \(.*\) FOR \(.*\), Authentication failure/   \1 -- \2/" 
echo
#echo 'Failed login(s) due to invalid username:'
#grep "User not known to the underlying authentication module" $TDIR/login | sed "s/$D .*:.*:.* $COMPNAME login: FAILED LOGIN .* FROM \(.*\) FOR \(.*\), User not known to the underlying authentication module/   \1 -- \2/"
#echo
grep -v "Authentication failure" $TDIR/login | grep -v "User not known to the underlying authentication module" > $TFILE
echo 'Failed login(s) for other reasons:'
grep "FAILED LOGIN" $TDIR/login | sed "s/$D .*:.*:.* $COMPNAME login: FAILED LOGIN .* FROM \(.*\) FOR \(.*\), \(.*\)/   \1 -- \2 -- \3/"
grep -v "FAILED LOGIN" $TFILE > $TDIR/login
echo
if [ -s $TDIR/login ] ; then
   echo "Other login messages:"
   cat $TDIR/login
   echo
fi


# Named messages...
if [ -e /usr/sbin/named ] ; then
   echo
   echo "----- named ------"
   echo
   T=`grep "Malformed response" $TDIR/named | wc -l`
   echo "Named had$T Malformed Response(s)..."
   mv $TDIR/named $TFILE
   grep -v "Malformed response" $TFILE | grep -v "owner.*invalid" > $TDIR/named

   T=`grep "learnt" $TDIR/named | wc -l`
   echo "Named had$T Learned Response(s)..."
   mv $TDIR/named $TFILE
   grep -v "learnt" $TFILE  > $TDIR/named

   T=`grep "zone.*loaded" $TDIR/named | wc -l`
   echo "Named loaded$T zone(s)..."
   mv $TDIR/named $TFILE
   grep -v "zone.*loaded" $TFILE  > $TDIR/named

   grep "$D.*approved AXFR" $TDIR/named | sed "s/$D .*:.*:.* $COMPNAME named\[.*\]: approved AXFR from \[\(.*\..*\..*\..*\)\]\..* for \"\(.*\)\"/\1|\2/" > $TDIR/named.tmp
   for i in `cat $TDIR/named.tmp | sort | uniq`
   do
      echo $i | sed "s/\(.*\)|\(.*\)/   Host \1 transfered zone \2 $(grep -c "$i" $TDIR/named.tmp) times.../"
   done
   mv $TDIR/named $TFILE
   grep -v "$D.*approved AXFR" $TFILE > $TDIR/named

   if [ -s $TDIR/named ] ; then
      echo "Other Named Errors:"
      cat $TDIR/named | sed "s/\(.*\)/   \1/"
   fi
   echo
   echo
fi




# FTPd Messages.....
echo
echo "----- FTPD ------"
grep "LOGIN" $TDIR/ftpd | cut -d ',' -f 2 | sort | uniq | sed 's/^ //' > $TDIR/ftpusers
grep "LOGIN" $TDIR/ftpd | sed "s/$D .* $COMPNAME ftpd.*:.* FTP LOGIN FROM //" | sed "s/ \[.*\],//" > $TDIR/ftphost
#echo "FTP Anonymous Users Logged in:"
#grep "ANONYMOUS FTP LOGIN" $TDIR/ftpd | sed "s/$D .* $COMPNAME ftpd.*: ANONYMOUS FTP LOGIN FROM //" | sed "s/ \[.*\],//" | sed "s/^/   /"
grep "ANONYMOUS FTP LOGIN" $TDIR/ftpd | sed "s/$D .* $COMPNAME ftpd.*: ANONYMOUS FTP LOGIN FROM //" | sed "s/ \[.*\],//" | sed "s/^/   /" | sort | uniq > $TDIR/ftp.anon
echo
echo "FTP Users Logged in:"
for i in `cat $TDIR/ftpusers`
do
   for h in `grep "$i" $TDIR/ftphost | cut -d ' ' -f 1 | sort | uniq`
   do
      echo "    $(sed -n "s/$h $i/*Anonymous: /p" $TDIR/ftp.anon)$i from $h"
      echo "          Deleted `grep "$D .* $COMPNAME ftpd\[.*\]: $i of $h \[.*\] deleted" $TDIR/ftpd | wc -l` file(s)...."
      grep "$D .* $COMPNAME ftpd\[.*\]: $i of $h \[.*\] deleted" $TDIR/ftpd | grep -v "/home/$i/" | sed "s/$D .*:.*:.* $COMPNAME ftpd\[.*\]: $i of $h \[.*\] deleted \(.*\)/              \1/"
      echo "          Transfered `grep "$D .* $h .* $i ftp" /var/log/xferlog | wc -l` file(s)...."
      grep "$D .* $h .* $i ftp" /var/log/xferlog | grep -v "/home/$i/" | sed "s/.* $D .*:.*:.* .* .* $h .* \(.*\) . . . . $i ftp . ./              \1/"
      echo
   done
done
grep -v "LOGIN" $TDIR/ftpd | grep -v "deleted" | grep -v "FTP session closed" > $TDIR/ftpd.left
mv $TDIR/ftpd.left $TDIR/ftpd.left.old
grep -v "User .* timed out after" $TDIR/ftpd.left.old > $TDIR/ftpd.left
if [ -s $TDIR/ftpd.left ] ; then
   echo
   echo "Other FTPd Messages:"
   cat $TDIR/ftpd.left
fi
echo
echo "-----------------"
echo




# identd messages...
grep -v "NO-USER" $TDIR/identd | sed "s/$D .*:.*:.* $COMPNAME identd\[.*\]: //" > $TDIR/identd.tmp
sed -nf $SEDSCRIPT1 $TDIR/identd.tmp > $TDIR/identd.users
echo
echo "Identd Lookups:"
for i in `cat $TDIR/identd.users | sed "s/\(.*\)  .*/\1/" | sort | uniq`
do
   echo "   Lookups for $i:"
   for j in `grep "$i  .*" $TDIR/identd.users | sed "s/$i  \(.*\)/\1/" | sort | uniq`
   do
      echo "`grep "$i  $j" $TDIR/identd.users | wc -l` lookup(s) by $j"
   done
done
mv $TDIR/identd $TDIR/identd.tmp
grep -v "Successful lookup" $TDIR/identd.tmp | grep -v "Connection from" > $TDIR/identd
if [ -s $TDIR/identd ] ; then
   echo
   echo "Other Identd Messages:"
   cat $TDIR/identd | sed "s/\(.*\)/   \1/"
fi




# PAM Messages....
echo
grep -v "no username obtained" $TDIR/pam > $TFILE
if [ -s $TFILE ] ; then
   echo "PAM Messages:"
   cat $TFILE
   echo
   echo
fi

# SU Messages...
   # I can't exactly see what useful information that I could
   # get out of the 'su' messages... as always, if you find out
   # useful stuff from the SU messages, tell me and I'll have the
   # script look at them...

# Talkd messages...
   # the only 'talkd' messages I ever get are "Connection Refused"
   # errors... and I don't think any other talkd messages are even
   # worth looking at... so I'll ignore all of them...

# Telnetd
if [ -s $TDIR/telnetd ] ; then
   echo
   echo "Telnetd messages:"
   echo
   cat $TDIR/telnetd | sed "s/\(.*\)/   \1/"
   echo
   echo
fi


# sshd...
if [ -e /usr/sbin/sshd ] ; then
   echo "SSHD Logins and failures:"
   grep -v "Generating new 768 bit RSA key." $TDIR/sshd | grep -v "RSA key generation complete." | grep -v "Connection from .* port .*" | grep -v "Closing connection to" | grep -v "ROOT LOGIN" > $TFILE
   sed -n "s/$D .*:.*:.* $COMPNAME sshd\[.*\]: log://p" $TFILE > $TDIR/sshd
   echo >> $TDIR/sshd
   sed -n -f $SEDSCRIPT2 $TDIR/sshd
   echo
fi

# kernel...
if [ -s $TDIR/kernel ] ; then
   echo
   echo "              ************ Kernel Errors ***********"
   echo
   cat $TDIR/kernel
   echo
   echo "              **************************************"
   echo
   echo
fi





echo
echo '***************************************************************'
echo



if [ $# -eq 0 ] ; then
   # this means there were no arguments
   DA=`date -d "yesterday" +"%m/%d"`
else
   DA=`date -d "$*" +"%m/%d"`
fi
echo "All programs executed by cron:"
grep "($DA-.*:.*:.*-.*)" /var/log/cron | sed 's/.* .* CMD (\(.*\))/   \1/' | sort | uniq
echo
echo
echo




# Secure log...
grep "^$D" /var/log/secure | grep -v "warning:" | grep -v "FAILED LOGIN" | sed "s/$D .*:.*:.* $COMPNAME \(.*\)\[.*\]: connect from \(.*\)/\1 \2/" > $TFILE
echo
echo "All Connections (/var/log/secure):"
for i in `sed "s/\(.*\) .*/\1/" $TFILE | sort | uniq`
do
   echo "   Connections for $i:"
   for j in `grep "$i .*" $TFILE | sed "s/$i \(.*\)/\1/" | sort | uniq`
   do
      echo "`grep "$i $j" $TFILE | wc -l` connections(s) by $j"
   done
done
mv $TDIR/identd $TDIR/identd.tmp
grep -v "Successful lookup" $TDIR/identd.tmp | grep -v "Connection from" > $TDIR/identd
if [ -s $TDIR/identd ] ; then
   echo
   echo "Other Identd Messages:"
   cat $TDIR/identd
fi
echo
echo
echo

# Look for new incoming files...

GLOBAL='Filename: %f, Size: %k, Perms: %m, Owners: %u:%g \n%p\n'
for i in $INCOMINGDIRS
do
   OLDFILE=$PERMDIR/`echo $i | sed "s=/=_=g"`
   find $i -printf "$GLOBAL" > $TFILE
   echo "New Files in $i:"
   echo
   diff $OLDFILE $TFILE
   if [ 0 -eq $? ] ; then
      echo "No new files...."
   fi
   mv $TFILE $OLDFILE
   echo
   echo
done

rm -rf $TDIR 2> /dev/null

echo
echo
echo
echo "File-systems..."
echo

df

echo
echo
echo
echo "NFS Exports....."
echo

cat /etc/exports


if [ -e /usr/bin/mailq ] ; then
   echo
   echo
   echo
   echo "Mail Queue....."
   echo
   mailq
   echo
fi
echo '***************************************************************'

$MAILSTATS -azs

$MAILLIST -y
dailyscript-3.0/daily.script100755      0      0         110  6326006445  14272 0ustar  rootrootN
s/Connection from \(.*\)\nSuccessful lookup: .* , .* : \(.*\)/\2 \1/p
dailyscript-3.0/daily.script.2100755      0      0         323  6322214266  14436 0ustar  rootroot:beg
N
s/accepted/accepted/
t next
s/connect from \([^\n]*\)/Invalid login from \1/
P
D
b beg
:next
s/connect from \(.*\)\n\(.*\) authentication for \(.*\) accepted./\3 logged in from \1 with\2 authentication/p
dailyscript-3.0/README100644      0      0        3314  6326016100  12635 0ustar  rootroot** NOTE **
This program was written and tested on machines with:

   rpmpam-0.57-8
   pwdb-0.54-1

which are *not* the default versions that come with Red Hat Linux 4.1.
I think it should work okay for default systems, however...



This program was written by Kirk Bauer.

First of all, I am *NOT* responsible for anything bad that might happen
because of this program.  It doesn't do anything bad on my system, but
it is not my fault if it does something bad on your system.

Okay, installation *should* be simple.  For a default Red Hat Linux 4.1
system (and probably many other systems) just put the 'daily' file in
/etc/cron.daily and make it executable.  Then stick the daily.script and
daily.script.2 files somewhere (I put mine in /usr/local/sbin).

Now, edit the /etc/cron.daily/daily script and you should change the
location of the two scripts (if you put them in /usr/local/sbin then you
don't have to worry about changing it), tell it what directories on your
system are public writeable (i.e. FTP or SAMBA incoming directories) and
finally give the script a temporary directory to use.



As I said in the script, *PLEASE* give me suggestions, comments, etc.
at:

   kirk@gt.ed.net
   gt5918a@prism.gatech.edu
   kirk@kaybee.ml.org



This script does nothing with /var/log/maillog but I would like to.
I think there are some *awesome* PERL scripts out there that will tell you
how much email goes through your system in a day and stuff like that.
Please let me know if you have something like this working...


Finally, please note that you *will* receive a couple of errors the first
time you run the script when it tries to look for new files in your
incoming directories... just run the script again and it will fix them.
dailyscript-3.0/smtpstats100755      0      0       26412  6331131053  13772 0ustar  rootroot#!/bin/sh
# -------------------------------------------------------------
#  Copyright (c) 1991 Regents of the University of Michigan.
#  All rights reserved.
#
#  Redistribution and use is permitted provided that this notice 
#  is preserved and that due credit is given to the University of 
#  Michigan. The name of the University may not be used to endorse 
#  or promote products derived from this software without specific 
#  prior written permission. This software is provided "as is" 
#  without express or implied warranty.
#
#  Mail Statistics gatherer
#  Author:  Bryan Beecher
#  Last Modified: 10/17/94
# -------------------------------------------------------------
LOGDIR=/var/log
MAILLOGFILE=maillog
ALIASFILE=/etc/aliases
TEMPFILE=/var/tmp/.mtool.$$
COUNT=20
FROM=/var/tmp/from.$$
VIA=/var/tmp/via.$$
TO=/var/tmp/to.$$
ERRORS=/var/tmp/errors.$$
#ERRORSTO=root@kaybee.gt.ed.net
TESTMODE=0

# -------------------------------------------------------------
#  set things up
# -------------------------------------------------------------
PATH=:/bin:/usr/bin:/usr/ucb:/sbin:/usr/sbin
rm -f $TEMPFILE $FROM $VIA $TO $ERRORS

trap "rm -f $TEMPFILE $FROM $VIA $TO $ERRORS ; exit 0" 0 1 2 3 15

# -------------------------------------------------------------
#  handle arguments
# -------------------------------------------------------------
#	-c count
#	Specify the top-N numbers to show in each section of
#	the report.
#
#       -y
#       Do stats for yesterday, not today
#
#	-t	test mode
# -------------------------------------------------------------
while [ $# != 0 ] ; do
        case "$1" in

		-c)
		COUNT=$2
		shift
		;;

		-t)
		TESTMODE=1
		;;

        esac
        shift
done

# -------------------------------------------------------------
#  Give a header...
# -------------------------------------------------------------
echo
echo "#################### Begin Mail Information ######################"
echo

# -------------------------------------------------------------
#  Dice up the lines the way we want
# -------------------------------------------------------------
cd $LOGDIR
if [ ! -s $MAILLOGFILE ] ; then
	exit 0
fi
cat $MAILLOGFILE | egrep "sendmail" |
	egrep -v "starting daemon|alias database|$ALIASFILE|gethostbyaddr|programs|setsender|return to sender" | 
	egrep -v "SYSERR|User unknown|protocol error|timeout waiting|lost input channel|unexpected close|Unbalanced" |
	egrep -v "Address contained invalid control characters|File exists|grew worklist" |
	tr A-Z a-z  | egrep -v " expn | vrfy " |
	awk '
$6 == "finis," { next; }
$7 == "done" { next; }
$7 == "alias" { next; }
$7 == "clone" { next; }
$7 == "forward" { next; }
$6 == "connect" { next; }
$7 == "aliases," && $8 == "longest" { next; }
$7 == "mail" && substr($8, 1, 5) == "from:" { next; }
$8 == "try" { next; }
$(NF-2) == "user" && $(NF-1) == "address" && $NF == "required" { next; }
$6 == "possible" && $7 == "attack" { next; }
$7 ~ /from=.*/ {
	#
	#  Split up the line using the commas
	#
	n = split($0, part, ",")

	#
	#  Pick off the host that sent this mail
	#  to be used later.
	#
	m = split(part[1], from, " ")
	host = from[m]
	if (substr(from[m], 1, 5) == "from=")
		host = substr(from[m], 6)
	else  {
		host = "user@horribly-mangled-address"
	}

	#
	#  Increment our bytes handled counter.
	#
	bytes += substr(part[2], 7)

	#
	#  Increment our recipients handled counter.
	#
	recipients += substr(part[5], 9)

	#
	#  Record who (directly) sent us this message.
	#  Look for user@localhost form.
	#
	if (substr(part[n], 1, 6) == " relay") {
		viahost = substr(part[n], 8)
		m = split(viahost, relay, " ")
		m = split(relay[1], junk, "@")
		if (m > 1)
			viahost = junk[2]
		else if (relay[1] == "[response]")
			viahost = localhost
		else
			viahost = relay[1]
		if (viahost == "localhost")
			viahost = localhost
		print viahost >f4
	}

	#
	#  Where is this mail from?  Handle the easy cases first, and
	#  then handle the nasty ones.
	#
	if (host == "mailer-daemon") {
		print localhost >f1
		next
	}
	if (viahost == localhost) {
		print localhost >f1
		next
	}
	if ((viahost == "local" || viahost == localhost) && host == "news") {
		print localhost >f1
		next
	}
	#
	#  Can be <blah> or <blah, woof>
	#  We just want blan.
	#
	if (substr(host, 1, 1) == "<")
		host = substr(host, 2)
	if (substr(host, length(host)) == ">")
		host = substr(host, 1, length(host) - 1)

	#
	#  Correct for user@domain(First Last) lines
	#
	i = split(host, tmp, "(")
	if (i > 1)
		host = tmp[1]

	#
	#  Handle from=<>
	#
	if (length(host) == 0) {
		print "NULL sender" >f1
		next
	}

	i = split(host, bangs, "!")
	j = split(host, ats, "@")
	k = split(host, pers, "%")
	l = split(host, routes, ":")

	#
	#  if it contains quotes and a @-sign
	#  we sort of bail out here
	m = split(host, quotes, "\"");
	if ((m > 1) && (j > 1)) {
		print ats[j] >f1
		next
	}
	#
	#  from=foo, but not handled above
	#
	if (i == 1 && j == 1 && k == 1) {
		print viahost >f1
		next
	}

	#
	#  site!...!SITE!user
	#
	if (i > 1 && j == 1 && k == 1 && l == 1) {
		print bangs[i - 1] >f1
		next
	}
	#
	#  some-stuff@DOMAIN
	#
	if (j == 2) {
		print ats[2] >f1
		next
	}
	#
	#  user%DOMAIN...@domain
	#
	if (i == 1 && j == 2 && k >= 2 && l == 1) {
		n = split(ats[1], tmp, "%")
		print tmp[2] >f1
		next
	}
	#
	#  @domain:god-knows-what@DOMAIN
	#
	if (l == 2 && j >= 3) {
		print ats[j] >f1
		next
	}
	#
	#  site!...!user%DOMAIN
	#  site!...!%DOMAIN!user
	#
	if (i >= 2 && j == 1 && k == 2 && l == 1) {
		n = split(pers[2], tmp, "!")
		if (n == 1)
			print pers[2] >f1
		else
			print tmp[1] >f1
		next
	}
	#
	#  foo@foo@DOMAIN
	#
	if (j > 2) {
		print ats[j] >f1
		next
	}
	print "from=" host, "line=", $0 >errors
	next
}

$7 ~ /to=.*/	{
	#
	# Only interested in delivered mail.
	#
	comma_parts = split($0, parts, ",")
	m = split(parts[comma_parts], status, " ")
	if (status[1] != "stat=sent") {
		next
	}
	count++

	#
	#  Pick off the receiving host for later use.
	#
	split($7, part, ",")
	if (part[1] == "to=<") {
		split($8, part, ",")
		host = part[1]
	}
	else
		host = substr(part[1], 4)
	if (substr(host, 1, 1) == "<")
		host = substr(host, 2)
	while (substr(host, 1, 1) == " ")
		host = substr(host, 2)
	if (substr(host, length(host)) == ">")
		host = substr(host, 1, length(host) - 1)

	#
	#  Record delay if delivered.
	#  And count delivered messages.
	#
	for (i = 1; i <= comma_parts; i++) {
		if (substr(parts[i], 1, 5) == " dela") {
			time = substr(parts[i], 8)
			break
		}
	}
	# time = substr(time, 1, length(time) - 1)
	n = split(time, dly, ":")
	delay = (dly[1] * 3600) + (dly[2] * 60) + dly[3]

	i = split(host, bangs, "!")
	j = split(host, ats, "@")
	k = split(host, pers, "%")
	l = split(host, routes, ":")

	#
	#  if it contains quotes and a @-sign
	#  we sort of bail out here
	m = split(host, quotes, "\"");
	if ((m > 1) && (j > 1)) {
		print ats[j] >f2
		next
	}
	#
	#  user [ local mail ]
	#
	if (i == 1 && j == 1 && k == 1 && l == 1) {
		print localhost, delay > f2
		next
	}
	#
	#  site!...!SITE!user
	#
	if (i > 1 && j == 1 && k == 1 && l == 1) {
		print bangs[i - 1], delay >f2
		next
	}
	#
	#  foo@foo@foo[@foo...]
	#
	if (j > 2) {
		print ats[j], delay >f2
		next
	}
	#
	#  stuff@DOMAIN
	#
	if (j == 2) {
		print ats[2], delay >f2
		next
	}
	#
	#  @domain:user@DOMAIN
	#
	if (i == 1 && j == 3 && k == 1 && l == 2) {
		print ats[3], delay >f2
		next
	}
	#
	#  @domain:...%DOMAIN@domain
	#
	if (i >= 1 && j >= 1 && k >= 2 && l == 2) {
		n = split(routes[k], tmp, "@")
		print tmp[1], delay >f2
		next
	}
	#
	#  site!...!user%DOMAIN
	#  site!...!%DOMAIN!user
	#
	if (i > 2 && j == 2 && k == 1 && l == 1) {
		print bangs[i - 2], delay >f2
		next
	}
	#
	#  site!...!user%DOMAIN
	#  site!...!%DOMAIN!user
	#
	if (i >= 2 && j == 1 && k == 2 && l == 1) {
		n = split(pers[2], tmp, "!")
		if (n == 1)
			print pers[2], delay >f2
		else
			print tmp[1], delay >f2
		next
	}
	print "to=" host, "delay=" delay, "line=" $0 >errors
	next
}

{
	#
	#  Did not recognize this
	#
	print "Did not recognize this =>", $0 >errors
}

END {
	if ((count + bytes + recipients) > 0) {
		printf("\n")
		printf("Total messages   handled: %5d\n", count)
		printf("Total recipients handled: %5d\n", recipients)
		printf("Total bytes      handled: ")
		if (bytes > 1000000)
			printf("%5.2fM\n", bytes / 1000000)
		else if (bytes > 1000)
			printf("%5.2fK\n", bytes / 1000)
		else
			printf("%5.2f\n", bytes)
		printf("\n")
	}
}
' localhost=`hostname` min=100 f1=$FROM f2=$TO f4=$VIA errors=$ERRORS -

if [ ! -s $FROM ] ; then
	exit 0
fi

# -------------------------------------------------------------
#  Print out info about who sent us mail
# -------------------------------------------------------------
echo " "
echo "--------------------------------------------------------------"
echo Part I -- Mail relayed from:
echo "--------------------------------------------------------------"
sort $VIA | uniq -c | sort -rn | head -$COUNT

# -------------------------------------------------------------
#  Print out info about who got the mail
# -------------------------------------------------------------
echo " "
echo "--------------------------------------------------------------"
echo Part II -- Mail sent from:
echo "--------------------------------------------------------------"
sort $FROM | uniq -c | sort -rn | head -$COUNT

# -------------------------------------------------------------
#  Print out info about who got mail
# -------------------------------------------------------------
echo " "
echo "--------------------------------------------------------------"
echo "Part III -- Mail sent to:               Avg delay   Max delay"
echo "--------------------------------------------------------------"
sort $TO | awk ' NR == 1 {
	last = $1
	delay += $2
	max = $2
	count = 1
	next
}
{
	#
	#  Each line should be of form:  <host> <delay>
	#  Lines are also ordered by host name, and so
	#  if the previous line began with a different
	#  name, we know we are on a new host.
	#
	if ($1 == last) {
		if ($2 > max)
			max = $2
		delay += $2
		count++
	}
	else {
		#
		#  Print results and reset.
		#
		avg = delay / count
		printf("%5d  %-30s", count, last)
		if (avg >= 3600)
			printf("  %5.2f hrs ", avg / 3600)
		else if (avg >= 60)
			printf("  %5.2f mins", avg / 60)
		else
			printf("  %5.2f secs", avg)
		if (max >= 3600)
			printf("  %5.2f hrs ", max / 3600)
		else if (max >= 60)
			printf("  %5.2f mins", max / 60)
		else
			printf("  %5.2f secs", max)
		printf("\n")

		last = $1
		count = 1
		delay = max = $2
	}
}
END	{ 
	avg = delay / count
	printf("%5d  %-30s", count, last)
	if (avg >= 3600)
		printf("  %5.2f hrs ", avg / 3600)
	else if (avg >= 60)
		printf("  %5.2f mins", avg / 60)
	else
		printf("  %5.2f secs", avg)
	if (max >= 3600)
		printf("  %5.2f hrs ", max / 3600)
	else if (max >= 60)
		printf("  %5.2f mins", max / 60)
	else
		printf("  %5.2f secs", max)
	printf("\n")

}' | sort -rn | head -$COUNT

# -------------------------------------------------------------
#  Mail any errors that were found with this script
# -------------------------------------------------------------
if [ -s $ERRORS ] ; then
	if [ $TESTMODE -eq 1 ] ; then
		echo "Found these errors"
		echo " "
		cat $ERRORS
#	else
#		Mail -s "smtpstats errors" $ERRORSTO < $ERRORS
	fi
fi

# -------------------------------------------------------------
#  Tidy up
# -------------------------------------------------------------
rm -f $TO $VIA $FROM $TEMPFILE $ERRORS
echo
echo "#################### End Mail Information ######################"
echo
dailyscript-3.0/todays_stats100755      0      0       30041  6331131053  14442 0ustar  rootroot#!/usr/bin/perl
#!/bin/perl -d
#=====================================================================
#
#      maillog_stats - sendmail statistics summary
#
#=====================================================================
#
#      Print a summary of email activity.  
#      Original written by Paul Vixie, DEC
#
#      Modified by Rich Bjorkund, CSC
#
#      Last modified:  Fri Jul  1 16:25:21 EDT 1994
#
#=====================================================================
#
# maillog_stats
#
#      -a       input ~postman/log/maillog.?????? 
#               (includes a soft link to /var/log/maillog)
#
#      -z       input ~postman/log/v8_sendmail/maillog.??????.gz
#
#      -s       summarizes all inputs as if from a single file
#               (will take input from ARGV or stdin)
#
# todays_stats  uses /var/log/maillog* as input
#
#=====================================================================
#
#      -t       test mode
#
#=====================================================================
#
#         SMTP "from:" lines          SMTP "to:" lines
#         mon                         mon
#         dd                          dd
#         time                        time
#         host                        host
#         client                      client
# rest    qid                 rest    qid
# [0]     from                [0]     to
# [1]     size                [1]     ctladdr (optional)
# [2]     class               [1/2]   delay
# [3]     pri                 [2/3]   mailer
# [4]     nrcpts              [3/4]   relay (optional)
# [5]     msgid (optional)    [4/3/5] stat
# [6/5]   proto (optional)
# [5/7/6] relay
#
#=====================================================================
#=====================================================================
#
# House keeping
#
#=====================================================================
# format
#
format q_top =
Syslog   Input:                   Output:             90th     Msgs  User Host
File     Msgs Kbytes AvgSz Rcips  Sent  Avg Delay  Percentile  Dferd Unkn Unkn
.
format q_line =
@<<<<<< @>>>> @>>>>> @>>>> @>>>> @>>>> @>>>>>>>>>> @>>>>>>>>>> @>>>> @>>> @>>> 
$logfn,$msgs,$kbytes,$avgsiz,$m11rcip,$sent,$avgdly,$nintyth,$dferd,$user_unknown,$host_unknown
.

# constants
#
$^          = "q_top";
$~          = "q_line";
$secperday  = 24 * 60 * 60;
$shortdelay = $secperday;
$K          = 1024;
$total_msgs = 0;

# command line arguments
#
($program = $0) =~ s%.*/%%;

while ($ARGV[0] =~ /^-/) {
    $ARGV[0] =~ s/^-//;
    foreach $flag ( split (//,$ARGV[0]) ) {
        if ( 'astz' !~ /$flag/ ) {
            printf stderr "unknown flag: %s\n", $flag;
            die "usage: $program [-astz] [maillog_file ...]\n";
        } 
        die "$0: '$flag' flag already set\n" if ($flags{$flag}++);
    } 
    shift;
}

#=====================================================================
#=====================================================================
#
# Main driver loop
#
#=====================================================================
if ($program =~ /todays_stats/o && $flags{'s'}) {
    $logdir = "/var/log";
    chdir($logdir) || die "can't chdir to $logdir: $!";
    open(stdin, "cat maillog* |") ||
        die "can't open log files";
    &mailstats();
    close(stdin);
    $logfn = "summary";
    write();

} elsif ($program =~ /todays_stats/o) {
    $logdir = "/var/log";
    chdir($logdir) || die "can't chdir to $logdir: $!";
    foreach $logfn (<maillog*>) {
        open(stdin, "cat $logfn |") ||
            die "can't open log files";
        &mailstats();
        close(stdin);
        $logfn =~ s/^.*\.//;
        write();
    }

} elsif ($flags{'s'} && $flags{'z'} && $flags{'a'}) {

    open(stdin, "(cat ./maillog.?????? ; gzcat ./maillog.??????.gz) |") ||
#    open(stdin, "(cat /posthome/postman/log/maillog.?????? ; gzcat /posthome/postman/log/v8_sendmail/maillog.??????.gz) |") ||
        die "can't open log files";
    &mailstats();
    close(stdin);
    $logfn = "summary";
    write();

} elsif ($flags{'s'} && $flags{'z'}) {
    $logdir = "/home/birch/rich/perl/maillog";
#    $logdir = "/posthome/postman/log/v8_sendmail";
    chdir($logdir) || die "can't chdir to $logdir: $!";
    open(stdin, "gzcat maillog.??????.gz |") ||
        die "can't open log files";
    &mailstats();
    close(stdin);
    $logfn = "summary";
    write();
#
} elsif ($flags{'s'} && $flags{'a'}) {
    $logdir = "/home/birch/rich/perl/maillog";
#    $logdir = "/posthome/postman/log";
    chdir($logdir) || die "can't chdir to $logdir: $!";
    open(stdin, "cat maillog.?????? |") ||
        die "can't open log files";
    &mailstats();
    close(stdin);
    $logfn = "summary";
    write();

} elsif ($flags{'z'} || $flags{'a'}) {
    if ($flags{'z'}) {
        $logdir = "/home/birch/rich/perl/maillog";
#        $logdir = "/posthome/postman/log/v8_sendmail";
        chdir($logdir) || die "can't chdir to $logdir: $!";
        foreach $logfn (<maillog.??????.gz>) {
            open(stdin, "gzcat $logfn |") ||
                die "can't open log files";
            &mailstats();
            $logfn =~ s/^maillog\.(\d+)\.gz/$1/;
            write();
        }
    }
    if ($flags{'a'}) {
        $logdir = "/home/birch/rich/perl/maillog";
#        $logdir = "/posthome/postman/log";
        chdir($logdir) || die "can't chdir to $logdir: $!";
        foreach $logfn (<maillog.??????>) {
            open(stdin, "cat $logfn |") ||
                die "can't open log files";
            &mailstats();
            $logfn =~ s/^.*\.//;
            write();
        }
    }
    close(stdin);
    
} elsif ($flags{'s'}) {
    &mailstats();
    $logfn = "summary";
    write();
#
} else {
#    print "\n";
#    print "maillog_stats\n";
#    print "\n";
#    print "	-a	input ~postman/log/maillog.?????? \n";
#    print "		(includes a soft link to /var/log/maillog)\n";
#    print "\n";
#    print "	-z	input ~postman/log/v8_sendmail/maillog.??????.gz\n";
#    print "\n";
#    print "	-s	sumerizes all inputs as if from a single file\n";
#    print "		(will take input from ARGV or stdin)\n";
#    print "\n";
#    print "	-t	test mode\n";
#    print "\n";
#    print "todays_stats	uses /var/log/maillog* as input\n";
#    print "\n";
#    print "\n";
#    print "	usage:	$program [-astz]\n";
#    print "\n";
#    print "	or:	$program [-st] [maillog_file ...]\n";
#    print "\n";
#    print "	or:	| $program [-st]\n";
#    print "\n";
#    print "	or:	todays_stats [-st]\n";
#    print "\n";
#    foreach $logfn (@ARGV) {
#        open(stdin, "cat $logfn |") ||
#            die "can't open log files";
#        &mailstats();
#        $logfn =~ s/^.*\.//;
#        write();
#    }
#
    foreach $logfn (<maillog.??????>) {
        open(stdin, "cat $logfn |") ||
            die "can't open log files";
        &mailstats();
        close(stdin);
        $logfn =~ s/^.*\.//;
        write();
    }
#    while (@ARGV) {
#        $logfn = shift @ARGV;
#        open(stdin, "cat $logfn |") ||
#            die "can't open log files";
#        &mailstats();
#        $logfn =~ s/^.*\.//;
#        write();
#    }
#    close(stdin);
} 
exit(0);

#=====================================================================
#
#  Time format function & sort by numeric sequence function
#
#=====================================================================
#
sub fmt_time {
    local($t) = @_;
    local($f) = int(($t - int($t)) * 100);
    local($s) = int($t);
    local($h) = int($s / 3600);  $s -= $h*3600;
    local($m) = int($s / 60);    $s -= $m*60;
#   local($d) = int($h / 24);    $h -= $d*24;         # handle days
    local($x) = "";
    $x = sprintf("%02d",  $f) .$x;
    $x = sprintf("%02d.", $s) .$x;
    $x = sprintf("%02d:", $m) .$x;
    $x = sprintf("%02d:", $h) .$x;
#   $x = sprintf("%01d+", $d) .$x;                    # handle days
    return $x;
}

sub bynumber { $a <=> $b; }

#=====================================================================
#=====================================================================
#
# The guts
#
#=====================================================================
sub mailstats {
    ($msgs,$bytes,$delay,$m11rcip,$sent,$dferd,$md,$d,$user_unknown,
     $host_unknown) = (0,0,0,0,0,0,0,0,0,0);
    while (<>) {
        ($mon,$dd,$time,$host,$client,$qid,@rest) = split;
        @rest=split(/, /,join(' ',@rest));
        if ($client = /sendmail\[[0-9]+\]:/) {
            if ($rest[0] =~ /^from=/ && $rest[1] =~ /^size=(\d+)/) {
                $bytes += $1;
                $msgs++;
                $total_msgs++;
                $rest[4] =~ /^nrcpts=(\d+)/;
                $m11rcip += $1;
            } elsif ($rest[0] =~ /^to=/io) {
                if ($rest[4] =~ /^stat=/io) {
                    $stat_value = $rest[4];
                } elsif ($rest[3] =~ /^stat=/io) {
                    $stat_value = $rest[3];
                } elsif ($rest[5] =~ /^stat=/io) {
                    $stat_value = $rest[5];
                } else {
                    $stat_value = "";
                }
                if ($rest[1] =~ /^delay=/io) {
                    $delay_value = $rest[1];
                } elsif ($rest[2] =~ /^delay=/io) {
                    $delay_value = $rest[2];
                } else {
                    $delay_value = "";
                }
#
                if (stat_value ne "") {
                    $stat++;
                    $delay_value =~ /^delay=([^,]+)/i;
                    $md = $1;
                    $d = 0;
                    if ($md =~ /(\d+)\+(.+)/i) {
                        $d += $md * $secperday;
                        $md =~ s/\d+\+//;
                    }
                    $md =~ /^(\d+):(\d+):(\d+)/i;
                    $d += ($1 * 3600 + $2 * 60 + $3);

                    if ($stat_value =~ /stat=Sent/io) {
                        push(@sent,$d);
                        $deferred_delays{$qid} = -1;
                        $delay += $d if ($d < $shortdelay) ||
                                        ($flags{'a'})      ||
                                        ($flags{'s'})      ||
                                        ($flags{'t'})      ||
                                        ($flags{'z'});
                        $sent++      if ($d < $shortdelay) ||
                                        ($flags{'a'})      ||
                                        ($flags{'s'})      ||
                                        ($flags{'t'})      ||
                                        ($flags{'z'});
                        next;
                    }
                    if ($stat_value =~ /stat=User unknown/io) {
                        $user_unknown++;
                        next;
                    }
                    if ($stat_value =~ /stat= Host unknown/io) {
                        $host_unknown++;
                        next;
                    }
                    if ($stat_value =~ /stat=Defer/io) {
                        $deferred_delays{$qid} = $d;
                        if (!$deferred{$qid}) {
                            $deferred{$qid}++;
                            $dferd++;
                        }
                    }
                }
            }
        }
    }
#
    if ($msgs == 0) {
        $avgdly = &fmt_time(0);
    } else {
        $avgdly = &fmt_time($delay / $sent);
    }
    $kbytes = int(0.5+$bytes/$K);
    if ($msgs == 0) {
        $avgsiz = 0;
    } else {
        $avgsiz = int(0.5+$bytes/$msgs);
    }

    while (($key,$del_val) = each(%deferred_delays)) {
        if ($del_val != -1) {
            push(@sent,$del_val);
        }
    }
    @sorted_sent = sort bynumber @sent;

    $nth_index        = 0.9 * $#sorted_sent;
    $nth_ind_int      = int($nth_index);
    if (($sorted_sent[$nth_ind_int] == $sorted_sent[$nth_ind_int + 1]) ||
        ($nth_index == $nth_ind_int)) {
        $nth_seconds  = $sorted_sent[$nth_ind_int];
    } else {
        $nth_ind_frac = $nth_index - $nth_ind_int;
        $nth_seconds  = ($nth_ind_frac * $sorted_sent[$nth_ind_int + 1])
                        + ((1 - $nth_ind_frac) * $sorted_sent[$nth_ind_int]);
    }
    $nintyth = &fmt_time($nth_seconds);

    return;
}
#=====================================================================
dailyscript-3.0/check-packages100775      0      0        2241  6331134513  14541 0ustar  rootroot#!/bin/sh

###################################################
##
## This was written by:
##     Simon Mudd - simon.mudd@alltrading.es
##
###################################################

RPMQA=/var/local/dailyscript/rpmqa
RPMVA=/var/local/dailyscript/rpmva

START=$SECONDS

unalias mv

# this is to check differences of rpm -Va from one day to another

echo "`basename $0` run on `date`"

if [ -f $RPMQA.new ]; then
	echo "WARNING: partial package list already present, ignoring"
fi
echo "Listing installed packages..."
rpm -qa > $RPMQA.new
echo "`wc -l $RPMQA.new | awk '{print $1}'` packages installed"
if [ -f $RPMQA ]; then
	echo "changes from previous run..."
	echo "---"
	diff $RPMQA $RPMQA.new
	echo "---"
else
	echo "no file from previous run to compare"
fi
mv $RPMQA.new $RPMQA

echo "Checking Packages..."
if [ -f $RPMVA.new ]; then
	echo "WARNING: partial file exists from previous run, ignoring"
fi
rpm -Va > $RPMVA.new
if [ -f $RPMVA ]; then
	echo "changes from previous run..."
	echo "---"
	diff $RPMVA $RPMVA.new
	echo "---"
else
	echo "no file from previous run to compare"
fi
mv $RPMVA.new $RPMVA

STOP=$SECONDS
let mm=${STOP}-${START}
echo "runtime $mm seconds"
Results 1 - 1
Help - FTP Sites List - Software Dir.
Searching half a billion files worldwide
© 1997-2009 MARUHN Internet Solutions