@@ -25,17 +25,23 @@ TODAY=$(date +'%Y-%m-%d')
2525YESTERDAY=$(date --date=yesterday +%' Y-%m-%d' )
2626# Number of lines to allow from each log
2727MAXLINES=1000
28+ # Which services are enabled ?
29+ ENABLE_FTPS="__ENABLE_FTPS__"
30+ ENABLE_SFTP="__ENABLE_SFTP__"
31+ ENABLE_SFTP_SUBSYS="__ENABLE_SFTP_SUBSYS__"
32+ ENABLE_DAVS="__ENABLE_DAVS__"
2833{
29- grep -H "Internal Server Error" $LOGDIR/webdavs.out | tail -n $MAXLINES
30- grep -H -A 12 "Traceback" $LOGDIR/webdavs.out | tail -n $MAXLINES
34+ [ "$ENABLE_DAVS" == "True" ] && grep -H "Internal Server Error" $LOGDIR/webdavs.out | tail -n $MAXLINES
35+ [ "$ENABLE_DAVS" == "True" ] && grep -H -A 12 "Traceback" $LOGDIR/webdavs.out | tail -n $MAXLINES
3136
32- grep -H " ERROR " $LOGDIR/ftps.log | \
37+ [ "$ENABLE_FTPS" == "True" ] && grep -H " ERROR " $LOGDIR/ftps.log | \
3338 grep -E -v "ERROR (Invalid user(name)?|auth failed) .* from ${SECSCANIP}|${SECSCANIP}, .* Invalid user(name)?|GDP: Project logout failed for user: .* from ip: ${SECSCANIP} with|Invalid username [a-zA-Z0-9._-]* from|ERROR Account disabled or expired|: Invalid path characters" | tail -n $MAXLINES
3439
35- grep -H " ERROR " $LOGDIR/sftp*.log | \
40+ [[ "$ENABLE_SFTP" == "True" || "$ENABLE_SFTP_SUBSYS" == True ]] \
41+ && grep -H " ERROR " $LOGDIR/sftp*.log | \
3642 grep -E -v "Password authentication failed for|Socket exception: Connection reset by peer|Error reading SSH protocol banner|check_banner|list_folder on missing path|chmod (292|365) rejected on path|symlink rejected on path|ERROR mkdir .* failed: \[Errno 17\] File exists|ERROR rmdir .* failed: \[Errno 39\] Directory not empty|ERROR open .* failed: \[Errno 21\] Is a directory|ERROR open for modify on read-only path|ERROR open existing file on missing path |ERROR Exception.*: Incompatible ssh|ERROR Exception.*: Incompatible version |Exception.*: Invalid SSH banner|ERROR Exception.*: no moduli available|ERROR Exception.*: Expecting packet from \(20,\), got 0|ERROR Socket exception: Connection timed out|ERROR Exception.*: Key-exchange timed out|ERROR (Invalid user(name)?|auth failed) .* from ${SECSCANIP}|${SECSCANIP}, .* Invalid user(name)?|GDP: Project logout failed for user: .* from ip: ${SECSCANIP} with|Invalid username [a-zA-Z0-9._-]* from|ERROR Account disabled or expired|ERROR Exception.*: Client kex .* is out of range|ERROR Exception.*: Expecting packet from .*|get_fs_path failed: Invalid path characters|ERROR $" | tail -n $MAXLINES
3743
38- grep -H " ERROR " $LOGDIR/davs.log | grep -E -v "The handshake operation timed out|decryption failed or bad record mac|length too short|no ciphers specified|(unknown error|parse tlsext|https proxy request) \(_ssl.c:\)|SSL/TLS wrap of .* failed unexpectedly:|Failed password login for .* from ${SECSCANIP}|ERROR (Invalid user(name)?|auth failed) .* from ${SECSCANIP}|${SECSCANIP}, .* Invalid user(name)?|GDP: Project logout failed for user: .* from ip: ${SECSCANIP} with|Invalid username [a-zA-Z0-9._-]* from|ERROR Account disabled or expired|invalid share mode (write|read)-only for |: Invalid path characters" | tail -n $MAXLINES
44+ [ "$ENABLE_DAVS" == "True" ] && grep -H " ERROR " $LOGDIR/davs.log | grep -E -v "The handshake operation timed out|decryption failed or bad record mac|length too short|no ciphers specified|(unknown error|parse tlsext|https proxy request) \(_ssl.c:\)|SSL/TLS wrap of .* failed unexpectedly:|Failed password login for .* from ${SECSCANIP}|ERROR (Invalid user(name)?|auth failed) .* from ${SECSCANIP}|${SECSCANIP}, .* Invalid user(name)?|GDP: Project logout failed for user: .* from ip: ${SECSCANIP} with|Invalid username [a-zA-Z0-9._-]* from|ERROR Account disabled or expired|invalid share mode (write|read)-only for |: Invalid path characters" | tail -n $MAXLINES
3945
4046grep -H " ERROR " $LOGDIR/chkchroot.log | grep -E -v " from ${SECSCANIP} "| \
4147 grep -E -v "__CRACK_WEB_REGEX__" | \
0 commit comments