-
Notifications
You must be signed in to change notification settings - Fork 17
/
nextcloud-av-notification.sh
102 lines (70 loc) · 3.08 KB
/
nextcloud-av-notification.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/bash
# By Georgiy Sitnikov.
#
# AS-IS without any warranty
# Administrator User to notify
USER="admin"
NextCloudPath=/var/www/nextcloud
# Last minutes to grep the logs, should be in same as cron job period
lastMinutes=30
###
tempfile=/tmp/nextcloud_av_notofications-$(date +"%M-%N").tmp
# Check if config.php exist
[[ -r "$NextCloudPath"/config/config.php ]] || { echo >&2 "Error - config.php could not be read under "$NextCloudPath"/config/config.php. Please check the path and permissions"; exit 1; }
# Fetch data directory place from the config file
DataDirectory=$(grep datadirectory "$NextCloudPath"/config/config.php | cut -d "'" -f4)
# Check if audit.log exist
LogFilePath=$(grep logfile "$NextCloudPath"/config/config.php | cut -d "'" -f4)
if [ LogFilePath = "" ]; then
LogFile=$DataDirectory/nextcloud.log
else
LogFile=$LogFilePath
fi
[[ -r "$LogFile" ]] || { echo >&2 "Error - nextcloud.log could not be found under "$LogFile"."; exit 1; }
# Check if OCC is reacheble
if [ ! -w "$NextCloudPath/occ" ]; then
echo "ERROR - Command $NextCloudPath/occ not found. Make sure taht path is corrct."
exit 1
else
if [ "$EUID" -ne "$(stat -c %u $NextCloudPath/occ)" ]; then
echo "ERROR - Command $NextCloudPath/occ not executable for current user.
Make sure that user has right to execute it.
Script must be executed as $(stat -c %U $NextCloudPath/occ)."
exit 1
fi
fi
# Fetch date and time and time shift
getCurrentTimeZone=$(date +"%:::z")
getCurrentTimeZone="${getCurrentTimeZone:1}"
timeShiftTo=$((60 * $getCurrentTimeZone))
timeShiftFrom=$((60 * $getCurrentTimeZone + $lastMinutes))
dateFrom=$(date --date="-$timeShiftFrom min" "+%Y-%m-%dT%H:%M:00+00:00")
dateTo=$(date --date="-$timeShiftTo min" "+%Y-%m-%dT%H:%M:00+00:00")
# Extract logs for a last defined minutes
awk -v d1="$dateFrom" -v d2="$dateTo" -F'["]' '$10 > d1 && $10 < d2 || $10 ~ d2' "$LogFile" | grep "Infected file" | awk -F'["]' '{print $34}' > $tempfile
if [ ! -s "$tempfile" ]; then
# Extract logs for a last defined minutes, from a ROTATED log if present
if [ "$(find "$LogFile.1" -mmin -"$lastMinutes")" != "" ]; then
awk -v d1="$dateFrom" -v d2="$dateTo" -F'["]' '$10 > d1 && $10 < d2 || $10 ~ d2' "$LogFile.1" | grep "Infected file" | awk -F'["]' '{print $34}' >> $tempfile
fi
# Exit if no results found
[[ -s "$tempfile" ]] || { rm $tempfile; exit 0; }
fi
generateNotification () {
php $NextCloudPath/occ notification:generate $USER "Infected File(s) $toFind!" -l "$(cat $tempfile.output | cut -c -4000)"
# cat $tempfile.output | cut -c -4000
}
preparingOutput () {
if [ "$(grep "$toFind" "$tempfile" | wc -l)" -gt 0 ]; then
#grep "$toFind" "$tempfile" | awk '{$1=""; $2 = ""; $3 = "";$4 = ""; $5 = ""; $6 = ""; print $0}' | awk -F'[/]' '{$1 = ""; $2 = ""; $3 = ""; print $0}' | sed 's/ //g' > $tempfile.output
grep "$toFind" "$tempfile" | awk '{$1=""; $2 = ""; $3 = "";$4 = ""; $5 = ""; $6 = ""; print $0}' | sed -r -e 's/appdata_.{12}//' | sed 's/ //g' > $tempfile.output
generateNotification
fi
}
toFind="found"
preparingOutput
toFind="deleted"
preparingOutput
rm $tempfile
rm $tempfile.output
exit 0