[BACK]Return to Sh.pm CVS log [TXT][DIR] Up to [local] / botnow

Annotation of botnow/Sh.pm, Revision 1.1

1.1     ! bountyht    1: #!/usr/bin/perl
        !             2:
        !             3: package Shell;
        !             4:
        !             5: use strict;
        !             6: use warnings;
        !             7: use OpenBSD::Pledge;
        !             8: use OpenBSD::Unveil;
        !             9: use Data::Dumper;
        !            10:
        !            11: my $authlog = "/var/log/authlog";
        !            12: my $etcpasswd = "/etc/master.passwd";
        !            13: my @etcpasswd = readarray($etcpasswd);
        !            14: my @users;
        !            15: foreach my $line (@etcpasswd) {
        !            16:        if ($line =~ /^([^:]+):[^:]+:([^:]+)/) {
        !            17:                my ($username, $uid) = ($1, $2);
        !            18:                if ($uid > 1000) {
        !            19:                        push(@users, $username);
        !            20:                }
        !            21:        }
        !            22: }
        !            23: my @files = ("/var/log/authlog");
        !            24: push(@files, glob q("/var/log/authlog.?"));
        !            25: push(@files, glob q("/var/log/authlog.1?"));
        !            26: foreach my $user (@users) {
        !            27:        my $lastseen;
        !            28:        foreach my $file (@files) {
        !            29:                my @logs = readarray($file);
        !            30:                my @seen = grep(/$user/, @logs);
        !            31:                if (scalar(@seen) && $seen[0] =~ /^(\w+ \d+ \d\d:\d\d:\d\d)/) {
        !            32:                        $lastseen = $1;
        !            33:                        print "$user => $lastseen\n";
        !            34:                        last;
        !            35:                }
        !            36:        }
        !            37:        if (!defined($lastseen)) {
        !            38:                print "$user => Never logged in\n";
        !            39:        }
        !            40: }
        !            41: #warn Dumper \$loglines[1];
        !            42: sub readarray {
        !            43:        my ($filename) = @_;
        !            44:        open(my $fh, '<', $filename) or die "Could not read file '$filename' $!";
        !            45:        chomp(my @lines = <$fh>);
        !            46:        close $fh;
        !            47:        return @lines;
        !            48: }
CVSweb