home *** CD-ROM | disk | FTP | other *** search
/ Chip 2002 January / chip-cd_2002_01.zip / 01 / Chip / Porady / logcheck / logclear.sh < prev   
Linux/UNIX/POSIX Shell Script  |  2001-11-01  |  3KB  |  105 lines
  1. #!/bin/sh
  2.  
  3. # CONFIGURATION SECTION
  4.  
  5. PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin
  6.  
  7. # Person to send log activity to.
  8.  
  9. SYSADMIN=root
  10.  
  11. # Full path to logtail program.
  12.  
  13. LOGTAIL=/usr/local/bin/logtail
  14.  
  15. # Full path to SECURED (non public writable) /tmp directory.
  16.  
  17. TMPDIR=/usr/local/etc/tmp
  18.  
  19. # The 'grep' command.
  20.  
  21. GREP=egrep
  22.  
  23. # The 'mail' command. 
  24.  
  25. MAIL=mail
  26. # HPUX 10.x and others(?)
  27. #MAIL=mailx
  28. # Digital OSF/1, Irix
  29. #MAIL=Mail
  30.  
  31. # Shouldn't need to touch these...
  32. HOSTNAME=`hostname`
  33. DATE=`date +%m/%d/%y:%H.%M`
  34.  
  35. umask 077
  36. rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$
  37. if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ ]; then
  38.     echo "Log files exist in $TMPDIR directory that cannot be removed. This 
  39. may be an attempt to spoof the log checker." \
  40.     | $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" $SYSADMIN
  41.     exit 1
  42. fi
  43.  
  44. # LOG FILE CONFIGURATION SECTION
  45.  
  46. # Generic and Linux Slackware 3.x
  47. #$LOGTAIL /var/log/messages > $TMPDIR/check.$$
  48.  
  49. # Linux Red Hat Version 3.x, 4.x
  50. $LOGTAIL /var/log/messages > $TMPDIR/check.$$
  51. $LOGTAIL /var/log/secure >> $TMPDIR/check.$$
  52. $LOGTAIL /var/log/maillog >> $TMPDIR/check.$$
  53.  
  54. # FreeBSD 2.x
  55. #$LOGTAIL /var/log/messages > $TMPDIR/check.$$
  56. #$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$
  57.  
  58. # BSDI 2.x
  59. #$LOGTAIL /var/log/messages > $TMPDIR/check.$$
  60. #$LOGTAIL /var/log/secure >> $TMPDIR/check.$$
  61. #$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$
  62. #$LOGTAIL /var/log/ftp.log >> $TMPDIR/check.$$
  63. # Un-comment out the line below if you are using BSDI 2.1
  64. #$LOGTAIL /var/log/daemon.log >> $TMPDIR/check.$$
  65.  
  66. # SunOS, Sun Solaris 2.5
  67. #$LOGTAIL /var/log/syslog > $TMPDIR/check.$$
  68. #$LOGTAIL /var/adm/messages >> $TMPDIR/check.$$
  69.  
  70. # HPUX 10.x and others(?)
  71. #$LOGTAIL /var/adm/syslog/syslog.log > $TMPDIR/check.$$
  72.  
  73. # Digital OSF/1
  74. # OSF/1 - uses rotating log directory with date & time in name
  75. #        LOGDIRS=`find /var/adm/syslog.dated/* -type d -prune -print`
  76. #        LOGDIR=`ls -dtr1 $LOGDIRS | tail -1` 
  77. #        if [ ! -d "$LOGDIR" ]
  78. #        then
  79. #          echo "Can't identify current log directory." >> $TMPDIR/checkrepo$
  80. #        else
  81. #                $LOGTAIL  $LOGDIR/auth.log >> $TMPDIR/check.$$
  82. #                $LOGTAIL  $LOGDIR/daemon.log >> $TMPDIR/check.$$
  83. #                $LOGTAIL  $LOGDIR/kern.log >> $TMPDIR/check.$$
  84. #                $LOGTAIL  $LOGDIR/lpr.log >> $TMPDIR/check.$$
  85. #                $LOGTAIL  $LOGDIR/mail.log >> $TMPDIR/check.$$
  86. #                $LOGTAIL  $LOGDIR/syslog.log >> $TMPDIR/check.$$
  87. #                $LOGTAIL  $LOGDIR/user.log >> $TMPDIR/check.$$
  88. #        fi
  89. #
  90.  
  91.  
  92. # END CONFIGURATION SECTION. YOU SHOULDN'T HAVE TO EDIT ANYTHING
  93. # BELOW THIS LINE.
  94.  
  95. # See if the tmp file exists and actually has data to check, 
  96. # if it doesn't we should erase it and exit as our job is done.
  97.  
  98. if [ ! -s $TMPDIR/check.$$ ]; then
  99.     rm -f $TMPDIR/check.$$    
  100.     exit 0
  101. fi
  102.  
  103. # Clean Up
  104. rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$
  105.