alexalmazan.com : EBF's Monster OneLiner

EBF's Monster OneLiner

Posted by alex almazan Wed, 26 Mar 2008 04:01:00 GMT
unset parse_apache_config find_alog_hit find_host_from_headers find_maillog_entries find_user_from_messagelog;parse_apache_config() { if [ ! -f docroots.out ]; then rm -f cfgs.[0-9]*;if [ -f /hsphere/local/home/cpanel/apache/etc/httpd.conf ]; then rootcfg='/etc/httpd/conf/httpd.conf';else rootcfg='/etc/httpd/conf/httpd.conf'; fi; ilvl=0;includes=1; echo $rootcfg > cfgs.$ilvl;until [[ ! -f cfgs.$ilvl ]]; do let $(( ilvl++ )); for cfg in $(cat cfgs.$((ilvl-1))); do for inc in $(grep -i "^ *include" $cfg | awk '{print $2}' | sed -e "s/^conf/\/etc\/httpd\/conf/g"); do ls $inc >> cfgs.$ilvl;done; done; done; cat cfgs.* > httpdconfs.out; rm -f cfgs.*;for cfg in $(cat httpdconfs.out); do egrep -i "(transfer|error|custom)log" $cfg | sed -e "s/^\s//g" | grep -v "^ *#" | sed -e "s/ logs\// \/var\/log\/httpd\//g" -e "s/  */ /g" | cut -f1-2; done > logs.out; egrep "TransferLog|CustomLog" logs.out | sed -e "s/^ *//g" |cut -f2 -d" " | uniq > access_logs;grep "ErrorLog" logs.out | sed -e "s/^ *//g" |cut -f2 -d" " | uniq > error_logs;for cfg in $(cat httpdconfs.out); do egrep -i "documentroot" $cfg | grep -v "^ *#" | awk '{print $2}'| sed -e "s/\"//g"; done | uniq > docroots.out;rm -f logs.out; rm -f httpdconfs.out;else echo "Apache config already  parsed"; fi; };find_host_from_headers() { host=$(grep "^Received: .*)$" $msgfile | head -1 | sed -e "s/^.*(//g" -e "s/)$//g");echo " - connected from: $host"; unset srchpatt; };find_maillog_entries() { srchpatt="$datefromhdr.*msg $msgno"; echo "$mlfn:";zgrep -h "$srchpatt" $mlfn*; unset srchpatt; };find_user_from_messagelog() { if [[ $subjhdr != 'failure notice' ]]; then srchpatt="$datefromhdr .* smtp_auth: SMTP user.*$host";user=$(zgrep -h "$srchpatt" /var/log/messages* | sed -e "s/^.*smtp_auth: SMTP user //g" -e "s/:.*$//g");if [ -z $user ]; then echo "user not found.  searching again with truncated timestamp, may provide weird results";srchpatt="$daypatt .* smtp_auth: SMTP user.*$host";user=$(zgrep -h "$srchpatt" /var/log/messages* | sed -e "s/^.*smtp_auth: SMTP user //g" -e "s/:.*$//g"); fi;if [ -z $user ]; then user="not found"; else mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "select password from domains left join mail on domains.id=mail.dom_id left join accounts on mail.account_id= accounts.id where postbox= \"true\" and mail_name=\"$user\" and domains.name=\"$domain\"\G" | grep --binary-files=text "password:" | cut -f2 -d" ";fi; echo "SMTP auth user $user";unset srchpatt; else echo "failure notice"; fi; };find_alog_hit() { echo "Searching web access_logs..."; for alog in $(cat access_logs); do zgrep "$apachefmt_date.*POST" $alog*; done; };if [ ! -d spaminfo ]; then mkdir spaminfo || (echo "Could not create work directory"; exit 1);else echo -n "" > spaminfo/report.out; fi;if [ -d /etc/psa ]; then mlfn="/usr/local/psa/var/log/maillog";echo "Found maillog: $mlfn";echo "Parsing Apache configuration file chain"; parse_apache_config;for msgfile in $(find /var/qmail/queue/mess/ -type f | head -10); do unset rcvhdr method uid date qmpid rcptlist tohdr fromhdr subjhdr bcchdr loc_datestamp srchpatt datefromhdr host user;remfile=$(echo $msgfile | sed -e "s/mess/remote/g"); rcptlist=$(sed -e "s/T/ /g" $remfile);rcvhdr=$(grep "^Received: (qmail" $msgfile);datefromhdr=$(echo $rcvhdr | sed -e "s/^.*); //g" | awk '{print $2" *"$1" "$4}');apachefmt_date=$(echo "$rcvhdr" | awk '{print $8"/"$9"/"$10":"$11}' | cut -f1-3 -d":");daypatt=$(echo $datefromhdr | cut -f1-2 -d ":");qmpid=$(echo $rcvhdr | sed -e "s/^.*qmail //g" -e "s/ invoked .*$//g");method=$(echo $rcvhdr | sed -e "s/^.*invoked //g" -e "s/).*$//g");echo $method | grep "from network" >/dev/null && (auth=);echo $method | grep "by uid" >/dev/null && (uid=$(echo $method | sed -e "s/^by uid //g"); );msgno=$(echo $msgfile | cut -f7 -d"/");tohdr=$(grep "^To: " $msgfile | cut -f2- -d" ");subjhdr=$(grep "^Subject: " $msgfile | head -1 | cut -f2- -d" ");fromhdr=$(grep "^From: " $msgfile | cut -f2- -d" ");bcchdr=$(grep -i "^bcc:" $msgfile | cut -f2- -d" ");echo "found msg: $msgno"; echo "To: $rcptlist"; echo "From: $fromhdr";echo "Timestamp: $(echo $datefromhdr | sed -e "s/\*//g")";echo "Subject: $subjhdr"; echo -n "qmail pid=$qmpid, $method";(echo $method | grep "from network" > /dev/null) && (find_host_from_headers && find_user_from_messagelog);(echo $method | grep "by uid 48" > /dev/null) && (find_alog_hit);echo; echo; echo "***"; echo; done;else mlfn="/var/log/maillog"; fi | tee -a spaminfo/report.out;unset parse_apache_config find_alog_hit find_host_from_headers find_maillog_entries find_user_from_messagelog
Posted in Linux Tips & Tricks, Mail Server Tips & Tricks, Plesk Tips & Tricks
Tags mail
Meta permalink, rss, atom
alexalmazan.com

atypical typo tech rhelish

EBF's Monster OneLiner

Categories

Archives

Ma.gnolia Links (magnolia)

Recent Comments

Docs

Old School

Tags

Gallerias Almazan

Syndicate
