#!/usr/bin/perl

$| = 1;
$status="CLEAN";
$server=`uname -n`;
chomp($server);
$date_is=`date +%Y-%m-%d`;
chomp($date_is);
$time_is=`date +%H:%M`;
chomp($time_is);
$now_is="$date_is $time_is";
chomp($now_is);
$logfile="/var/xdrago/log/last-shell-escape-log";
`rm -f $logfile`;
&makeactions;
if ($status ne "CLEAN") {
  $mailx_test = `mail -V 2>&1`;
  if ($mailx_test =~ /(invalid)/i || $mailx_test =~ /(GNU Mailutils)/i) {
    if ($status ne "CLEAN") {
      `cat $logfile | mail -a "From: notify\@omega8.cc" -e -s "Shell Escape Alert [$server] $now_is" notify\@omega8.cc`;
    }
  }
  else {
    if ($status ne "CLEAN") {
      `cat $logfile | mail -r notify\@omega8.cc -e -s "Shell Escape Alert [$server] $now_is" notify\@omega8.cc`;
    }
  }
}
exit;

#############################################################################
sub makeactions
{
local(@MYARR) = `grep -i forbidden /var/log/lsh/*.log | tail --lines=999 2>&1`;
  foreach $line (@MYARR) {
    if ($line =~ /(syntax|path|command)/i || ($line =~ /(shell escape)/i && $line !~ /exit/i)) {
      if ($line =~ /(var\/log\/lsh)/i) {
        ($log, $line) = split(/.log:/,$line);
      }
      local($DATEQ, $TIMEQ, $rest) = split(/\s+/,$line);
      local($TIMEX, $rest) = split(/\,/,$TIMEQ);
      chomp($DATEQ);
      chomp($TIMEX);
      chomp($line);
      $TIMEX =~ s/[^0-9\:]//g;
      if ($TIMEX =~ /^[0-9]/) {
        local($HOUR, $MIN, $SEC) = split(/:/,$TIMEX);
        $log_is="$DATEQ $HOUR:$MIN";
        if ($now_is eq $log_is) {
          $status="ERROR";
          `echo "$line" >> $logfile`;
          print "===[$now_is]\t[$log_is]\t[$line]===\n";
          `echo "[$now_is]:[$log_is]:[$line]" >> /var/xdrago/log/last-shell-escape-y-problem`;
        }
#         else {
#           `echo "[$now_is]:[$log_is]" >> /var/xdrago/log/last-shell-escape-n-problem`;
#         }
      }
    }
  }
}
###EOF2014###
