Annotation of botnow/Sh.pm, Revision 1.1
1.1 ! bountyht 1: #!/usr/bin/perl
! 2:
! 3: package Shell;
! 4:
! 5: use strict;
! 6: use warnings;
! 7: use OpenBSD::Pledge;
! 8: use OpenBSD::Unveil;
! 9: use Data::Dumper;
! 10:
! 11: my $authlog = "/var/log/authlog";
! 12: my $etcpasswd = "/etc/master.passwd";
! 13: my @etcpasswd = readarray($etcpasswd);
! 14: my @users;
! 15: foreach my $line (@etcpasswd) {
! 16: if ($line =~ /^([^:]+):[^:]+:([^:]+)/) {
! 17: my ($username, $uid) = ($1, $2);
! 18: if ($uid > 1000) {
! 19: push(@users, $username);
! 20: }
! 21: }
! 22: }
! 23: my @files = ("/var/log/authlog");
! 24: push(@files, glob q("/var/log/authlog.?"));
! 25: push(@files, glob q("/var/log/authlog.1?"));
! 26: foreach my $user (@users) {
! 27: my $lastseen;
! 28: foreach my $file (@files) {
! 29: my @logs = readarray($file);
! 30: my @seen = grep(/$user/, @logs);
! 31: if (scalar(@seen) && $seen[0] =~ /^(\w+ \d+ \d\d:\d\d:\d\d)/) {
! 32: $lastseen = $1;
! 33: print "$user => $lastseen\n";
! 34: last;
! 35: }
! 36: }
! 37: if (!defined($lastseen)) {
! 38: print "$user => Never logged in\n";
! 39: }
! 40: }
! 41: #warn Dumper \$loglines[1];
! 42: sub readarray {
! 43: my ($filename) = @_;
! 44: open(my $fh, '<', $filename) or die "Could not read file '$filename' $!";
! 45: chomp(my @lines = <$fh>);
! 46: close $fh;
! 47: return @lines;
! 48: }
CVSweb