Annotation of botnow/Sh.pm, Revision 1.1.1.1
1.1 bountyht 1: #!/usr/bin/perl
2:
3: package Shell;
4:
5: use strict;
6: use warnings;
7: use OpenBSD::Pledge;
8: use OpenBSD::Unveil;
9: use Data::Dumper;
10:
11: my $authlog = "/var/log/authlog";
12: my $etcpasswd = "/etc/master.passwd";
13: my @etcpasswd = readarray($etcpasswd);
14: my @users;
15: foreach my $line (@etcpasswd) {
16: if ($line =~ /^([^:]+):[^:]+:([^:]+)/) {
17: my ($username, $uid) = ($1, $2);
18: if ($uid > 1000) {
19: push(@users, $username);
20: }
21: }
22: }
23: my @files = ("/var/log/authlog");
24: push(@files, glob q("/var/log/authlog.?"));
25: push(@files, glob q("/var/log/authlog.1?"));
26: foreach my $user (@users) {
27: my $lastseen;
28: foreach my $file (@files) {
29: my @logs = readarray($file);
30: my @seen = grep(/$user/, @logs);
31: if (scalar(@seen) && $seen[0] =~ /^(\w+ \d+ \d\d:\d\d:\d\d)/) {
32: $lastseen = $1;
33: print "$user => $lastseen\n";
34: last;
35: }
36: }
37: if (!defined($lastseen)) {
38: print "$user => Never logged in\n";
39: }
40: }
41: #warn Dumper \$loglines[1];
42: sub readarray {
43: my ($filename) = @_;
44: open(my $fh, '<', $filename) or die "Could not read file '$filename' $!";
45: chomp(my @lines = <$fh>);
46: close $fh;
47: return @lines;
48: }
CVSweb