File: [local] / botnow / Sh.pm (download)
Revision 1.1, Sat May 15 15:12:32 2021 UTC (2 years, 11 months ago) by bountyht
Branch point for: MAIN
Initial revision
|
#!/usr/bin/perl
package Shell;
use strict;
use warnings;
use OpenBSD::Pledge;
use OpenBSD::Unveil;
use Data::Dumper;
my $authlog = "/var/log/authlog";
my $etcpasswd = "/etc/master.passwd";
my @etcpasswd = readarray($etcpasswd);
my @users;
foreach my $line (@etcpasswd) {
if ($line =~ /^([^:]+):[^:]+:([^:]+)/) {
my ($username, $uid) = ($1, $2);
if ($uid > 1000) {
push(@users, $username);
}
}
}
my @files = ("/var/log/authlog");
push(@files, glob q("/var/log/authlog.?"));
push(@files, glob q("/var/log/authlog.1?"));
foreach my $user (@users) {
my $lastseen;
foreach my $file (@files) {
my @logs = readarray($file);
my @seen = grep(/$user/, @logs);
if (scalar(@seen) && $seen[0] =~ /^(\w+ \d+ \d\d:\d\d:\d\d)/) {
$lastseen = $1;
print "$user => $lastseen\n";
last;
}
}
if (!defined($lastseen)) {
print "$user => Never logged in\n";
}
}
#warn Dumper \$loglines[1];
sub readarray {
my ($filename) = @_;
open(my $fh, '<', $filename) or die "Could not read file '$filename' $!";
chomp(my @lines = <$fh>);
close $fh;
return @lines;
}