-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmonpanel
executable file
·130 lines (105 loc) · 2.97 KB
/
monpanel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/bash
if [ $(whoami) != "root" ];then
echo "THIS SCRIPT MUST BE RUN AS ROOT!"
exit
fi
find / -name .bashrc > temp4 &
md5sum /etc/passwd /etc/group /etc/profile md5sum /etc/sudoers /etc/hosts /etc/ssh/ssh_config /etc/ssh/sshd_config > temp2
ls -a /etc/ /usr/ /sys/ /home/ /bin/ /etc/ssh/ >> temp2
while true;
do
netstat -n -A inet | grep ESTABLISHED > temp
incoming_ftp=$(cat temp | cut -d ':' -f2 | grep "^21" | wc -l)
outgoing_ftp=$(cat temp | cut -d ':' -f3 | grep "^21" | wc -l)
incoming_ssh=$(cat temp | cut -d ':' -f2 | grep "^22" | wc -l)
outgoing_ssh=$(cat temp | cut -d ':' -f3 | grep "^22" | wc -l)
outgoing_telnet=$(cat temp | cut -d ':' -f2 | grep "^23" | wc -l)
incoming_telnet=$(cat temp | cut -d ':' -f3 | grep "^23" | wc -l)
incoming_telnet=$(cat temp | cut -d ':' -f2 | grep "^^23" | wc -l)
outgoing_telnet=$(cat temp | cut -d ':' -f3 | grep "^^23" | wc -l)
echo "ACTIVE NETWORK CONNECTIONS:"
echo "---------------------------"
if [ $outgoing_telnet -gt 0 ]; then
echo $outgoing_telnet successful outgoing telnet connection.
fi
if [ $incoming_telnet -gt 0 ]; then
echo $incoming_telnet successful incoming telnet session.
fi
if [ $outgoing_ssh -gt 0 ]; then
echo $outgoing_ssh successful outgoing ssh connection.
fi
if [ $incoming_ssh -gt 0 ]; then
echo $incoming_ssh successful incoming ssh session.
fi
if [ $outgoing_ftp -gt 0 ]; then
echo $outgoing_ftp successful outgoing ftp connection.
fi
if [ $incoming_ftp -gt 0 ]; then
echo $incoming_ftp successful incoming ftp session.
fi
if [ $incoming_ftp -gt 0 ]; then
echo $incoming_ftp successful incoming ftp session.
fi
cat temp
sleep 5
clear
echo "CURRENT LOGIN SESSIONS:"
echo "-----------------------"
w
echo
echo "RECENT LOGIN SESSIONS:"
echo "----------------------"
last | head -n5
sleep 5
clear
sleepingProcs=$(pstree | grep sleep)
if [[ ! -z "$sleepingProcs" ]];then
echo "SLEEP PROCESSES:"
echo "----------------"
sleep 5
clear
fi
#Check for changes to important files.
md5sum /etc/passwd /etc/group /etc/profile md5sum /etc/sudoers /etc/hosts /etc/ssh/ssh_config /etc/ssh/sshd_config > temp3
ls -a /etc/ /usr/ /sys/ /home/ /bin/ /etc/ssh/ >> temp3
fileChanges=$(diff temp2 temp3)
if [[ ! -z "$fileChanges" ]];then
echo CHANGE TRACKER:
echo -e "\n"
echo "$fileChanges"
sleep 5
clear
fi
echo "CRON JOBS:"
echo "Found Cronjobs for the following users:"
echo "---------------------------------------"
ls /var/spool/cron/crontabs
echo
echo "Cronjobs in cron.d:"
echo "-------------------"
ls /etc/cron.d/
sleep 5
clear
echo "ALIASES:"
echo "--------"
alias
echo
echo ".BASHRC LOCATIONS:"
echo "------------------"
cat temp4 | while read line
do
echo $line
done
sleep 5
clear
echo "USERS ABLE TO LOGIN:"
echo "--------------------"
grep -v -e "/bin/false" -e "/sbin/nologin" /etc/passwd | cut -d ':' -f1
sleep 5
clear
echo "CURRENT PROCESS TREE:"
echo "---------------------"
pstree
sleep 7
clear
done