Command Center

<?php
$mail_to_array = array("admin@example.com");

$mail_log_path = "/var/log/maillog";

echo "Producing filtered maillog..";

$generated_date_month = date("M");

$generated_date_day = date("j");

if(strlen($generated_date_day) == 1) {
        $gen_date = "$generated_date_month  $generated_date_day";
}
else {
        $gen_date = "$generated_date_month $generated_date_day";
}


$execution_string = "grep unknown $mail_log_path | grep '$gen_date' > /tmp/.unknownhack";

exec($execution_string);



#mail($mail_to_array[$u], "[pot] Daily unknown users", $message_body, "From: root@pot.example.com");

#exec(mail -s "[Unknown_user_hack potato] $HOSTNAME - `date`" admin@example.com < /tmp/.unknownhack);

//exec(mail -s "[Unknown_user_hack potato] $HOSTNAME - `date`" admin@example.com < /tmp\.unknownhack);

//mail($mail_to_array[$u], "[pot] sendmail Abuse Report!", $message_body, "From: root@pot.example.com");
$command = "mail -s '[Unknown_user_hack potato] $HOSTNAME - `date`' admin@example.com < /tmp/.unknownhack";

exec($command);
?>

#!/bin/bash
echo "[error_log/pot] $HOSTNAME - `date` " > /tmp/.pot.pro.net-error_log.txt
tail -2000 /var/log/messages > /tmp/.pot.example.com-error_log.txt
echo "complete." >> /tmp/.pot.example.com-error_log.txt
mail -s "[error_log/pot] $HOSTNAME - `date`" admin@example.com < /tmp/.pot.pro.net-error_log.txt

<?php

$mail_to_array = array("ga@example.com,pa@example.com,pe@example.com");
//$mail_to_array = array("garyc@example.com");

$mail_log_path = "/var/log/maillog";

echo "Producing filtered maillog..";

$generated_date_month = date("M");

$generated_date_day = date("j");

if(strlen($generated_date_day) == 1) {
        $gen_date = "$generated_date_month  $generated_date_day";
}
else {
        $gen_date = "$generated_date_month $generated_date_day";
}




$execution_string = "grep Login $mail_log_path | grep '$gen_date' > /tmp/.filteredmaillog_ipop3";

exec($execution_string);

$user_access_array = array();

$fp = fopen("/tmp/.filteredmaillog_ipop3", "r");

while($line = fgets($fp)) {
        $line_explosion = explode(" ", $line);
        if(strlen($generated_date_day) == 1) {
                $user_explosion = explode("=", $line_explosion[7]);
        }
        else {
                $user_explosion = explode("=", $line_explosion[6]);
        }
#print_r($line_explosion);
#print_r($user_explosion);

        $username = trim($user_explosion[1]);
        if($user_access_array["$username"] == "") {
                $user_access_array["$username"] = 0;
        }
        $user_access_array["$username"]++;
}

arsort($user_access_array);

#Daily POP3 Abuse Report from $gen_date

$message_body = "
Daily(1440 minutes in a day) POP3 and Imap Total Abuse Report from " . date("r") . "\n" .
"
freq\tusername\t\tspoolsize\t\tuserinfo
----\t--------\t\t---------\t\t--------

";

foreach ($user_access_array as $key => $val) {
   $mail_spool_size = "0";
   $retstr = shell_exec("/bin/ls -lahS /var/spool/mail/" . $key);
   $tmpuserinfo = shell_exec("grep '$key:' /etc/passwd");
   $arrTmpUI = explode(":", $tmpuserinfo);
   $arrRetstr = explode(" ", $retstr);
   $mail_spool_size = $arrRetstr[5];
   $message_body .= "$val\t$key\t\t $mail_spool_size\t\t" . $arrTmpUI[4] . "\n";
}

fclose($fp);

for($u=0;$u<count($mail_to_array);$u++) {

mail($mail_to_array[$u], "[potato] Daily IPOP3 and Imap Total Abuse Report!", $message_body, "From: root@po.example.com");

echo "mailing $mail_to_array[$u]..\n";

}


// old exec string exec("cat $mail_log_path | grep 'sm-mta' | grep 'from=' > /tmp/.filteredmaillog_sendmail");
$execution_string = "grep 'from=' $mail_log_path | grep '$gen_date' > /tmp/.filteredmaillog_sendmail";
exec($execution_string);

$fp = fopen("/tmp/.filteredmaillog_sendmail", "r");

$from_access_array = array();

while($line = fgets($fp)) {
    $line_explosion = explode(" ", $line);
        if(strlen($generated_date_day) == 1) {
        $from_explosion = explode("=>", $line_explosion[7]);
        }
        else {
        $from_explosion = explode("=>", $line_explosion[6]);
        }
#       print_r($line_explosion);

        $fromaddr = trim($from_explosion[0]);
        $additional_from_explosion = explode(",", $fromaddr);
        $fromaddr = $additional_from_explosion[0];
        if($from_access_array["$fromaddr"] == "") {
                $from_access_array["$fromaddr"] = 0;
        }
        $from_access_array["$fromaddr"]++;
}

arsort($from_access_array);

#Daily sendmail Abuse Report for $gen_date.
$message_body = "
Daily sendmail Abuse Report for " . date("r") ."\n" ."

";

foreach ($from_access_array as $key => $val) {
        if($val > 1) {
                $message_body .= "$val\t\t $key\n";
        }
}

for($u=0;$u<count($mail_to_array);$u++) {

mail($mail_to_array[$u], "[Po]Smtp Abuse Report!", $message_body, "From: root@po.example.com");

}

fclose($fp);
?>