##########################################################################
# $Id: cron,v 1.30 2007/02/16 03:13:51 bjorn Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.30 2007/02/16 03:13:51 bjorn
# Fixed typo in variable name.
#
# Revision 1.29 2007/01/29 20:12:19 bjorn
# Handling of "WRONG FILE OWNER", by Ivana Varekova.
#
# Revision 1.28 2006/12/20 15:35:02 bjorn
# Additional filtering, by Ivana Varekova.
#
# Revision 1.27 2006/10/20 16:43:04 bjorn
# Ignore additional log entry, by Willi Mann.
#
# Revision 1.26 2006/07/28 17:40:12 bjorn
# Accounts for log turnover in OpenBSD, by Markus Lude.
#
# Revision 1.25 2006/01/31 20:21:25 bjorn
# Ignore rsyncd, and coalesce ntpdate adjusts, by Bob Hutchinson.
#
# Revision 1.24 2005/11/30 05:00:50 bjorn
# Filtering additional INFO lines, by Willi Mann.
#
# Revision 1.23 2005/11/07 23:01:09 bjorn
# Filtering for fcron, by Georgi Georgiev
#
# Revision 1.22 2005/10/03 15:56:43 bjorn
# Processing "BAD FILE MODE", by Ivana Varekova.
#
# Revision 1.21 2005/05/11 20:41:22 mike
# Added finish and start checks for netbsd 2.0 -mgt
#
# Revision 1.20 2005/02/24 17:08:04 kirk
# Applying consolidated patches from Mike Tremaine
#
# Revision 1.7 2005/02/17 01:28:27 mgt
# Kernel,Cron Patches from Bjorn [from Fedora Bugzilla], emerge.conf patch from Laurent -mgt
#
# Revision 1.6 2005/02/16 00:43:28 mgt
# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
#
# Revision 1.5 2005/02/13 21:26:13 mgt
# patches from Michael Weiser -mgt
#
# Revision 1.4 2004/07/29 19:33:29 mgt
# Chmod and removed perl call -mgt
#
# Revision 1.3 2004/07/10 01:54:34 mgt
# sync with kirk -mgt
#
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
$BFMFile = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if (
($ThisLine =~ /Updated timestamp for job/) or
($ThisLine =~ /INFO \(pidfile fd = \d+\)/) or
($ThisLine =~ /rsyncd/) or
($ThisLine =~ /INFO \(Running \@(re)?boot jobs\)/) or
($ThisLine =~ /INFO \(Skipping \@(re)?boot jobs -- not system startup\)/) or
($ThisLine =~ /INFO \(not boot nor reboot\)/) or
($ThisLine =~ /logfile turned over/) # newsyslog on OpenBSD
) {
# Ignore
} elsif (
($ThisLine =~ s/^([^ ]+) \([^ ]+\)\s+//) or
($ThisLine =~ s/^\S+\s+\S+\s+..:..:..\s+\S+\s+\S+\[\d+\]:\s+\((\S+)\)\s+//)
) {
$User = $1;
if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
} elsif ($ThisLine =~ s/^CMD FINISH \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
} elsif ($ThisLine =~ s/^CMD START \((.+)\)\s*$/$1/) {
#Ignore for now, NetBSD users could get tricky with
#How many commands started vs finished -mgt
} elsif ($ThisLine =~ /ORPHAN \(no passwd entry\)/) {
$Orphans++;
} elsif ($ThisLine =~ s/^(BEGIN|END) EDIT \((.+)\)\s*$/$2/) {
$Runs->{$ThisLine}->{'personal crontab edited'} += 0.5;
} elsif ($ThisLine =~ s/^REPLACE \((.+)\)\s*$/$1/) {
$Runs->{$ThisLine}->{'personal crontab replaced'}++;
} elsif ($ThisLine =~ s/^LIST \((.+)\)\s*$/$1/) {
$Runs->{$ThisLine}->{'personal crontab listed'}++;
} elsif ($ThisLine =~ s/^DELETE \((.+)\)\s*$/$1/) {
$Runs->{$User}->{'personal crontab deleted'}++;
} elsif ($ThisLine =~ /^STARTUP \(.*\)\s*$/ ) {
$Startups++;
} elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
$Runs->{$User}->{'personal crontab reloaded'}++;
} elsif ( $ThisLine =~ /^MAIL \(mailed \d+ bytes of output but got status [^ ]+/) {
$MailErrors++;
} elsif ( $ThisLine =~ /^AUTH \(crontab command not allowed\)/) {
$CronDeny{$User}++;
} elsif ( $ThisLine =~ /^WRONG INODE INFO \([^ ]+\)/) {
$InodeError{$User}++;
} elsif ( $ThisLine =~ /session opened/ ||
$ThisLine =~ /session closed/ ) {
# ignore
} elsif ( ($Reason) = ($ThisLine =~ /^error \((.+)\)$/) ) {
$Errors{$Reason}++;
} elsif ( ($FileName) = ($ThisLine =~ /BAD FILE MODE \((.+)\)/) ) {
$BFMFile{$FileName}++;
} elsif ( ($FileName) = ($ThisLine = /WRONG FILE OWNER \((.+)\)/) ) {
$WFO{$FileName}++;
} else {
# Report any unmatched entries...
push @OtherList, "$ThisLine\n";
}
} elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
$Reloads++;
} elsif ( ($User) = ($ThisLine =~ /^(.*) \([^ ]+\) RELOAD \(.*\)$/ ) ) {
$UserReloads{$User}++;
} elsif ( $ThisLine =~ /.*?: Job (.*) started for user ([^ ]*)/) {
$Runs->{$2}->{$1}++;
} elsif (
($ThisLine =~ /.*?: Job (.*) (completed|terminated)/) or
($ThisLine =~ /.*?: updating configuration from/) or
($ThisLine =~ /.*?: Exiting with code 0/) or
($ThisLine =~ /.*?: SIGTERM signal received/)
) {
# Ignore
} elsif ( ($User) = ($ThisLine =~ /.*?: editing ([^ ]*)'s fcrontab.*/)) {
$Runs->{$User}->{'-- personal crontab edited'}++;
} elsif ( ($User) = ($ThisLine =~ /.*?: listing ([^ ]*)'s fcrontab.*/)) {
$Runs->{$User}->{'-- personal crontab listed'}++;
} elsif ( ($User) = ($ThisLine =~ /.*?: adding (?:new )?file ([^ ]+)/)) {
$Runs->{$User}->{'-- personal crontab updated'}++;
$UserReloads{$User}++;
} elsif ( $ThisLine =~ /.*?: fcron.* started/) {
$Startups++;
} elsif ( ($offset) = ($ThisLine =~ /ntpdate\[\d+\]: adjust time server .* offset (.*) sec/)) {
$Ntpdate++;
if ( $ntpdateminoffset > $offset ) { $ntpdateminoffset = $offset; }
if ( $ntpdatemaxoffset < $offset ) { $ntpdatemaxoffset = $offset; }
} elsif ($ThisLine =~ /ntpdate\[\d+\]: no server suitable for synchronization found/) {
$ntpdatenosync++;
} else {
# Report any unmatched entries...
push @OtherList, "$ThisLine\n";
}
}
#######################################
if (%CronDeny) {
print "Attempt to use crontab by unauthorized users:\n";
foreach $User (sort {$a cmp $b} keys %CronDeny) {
print " $User : $CronDeny{$User} Time(s)\n";
}
}
if (%InodeError) {
print "\nInode errors in crontab files of users:\n";
foreach $User (sort {$a cmp $b} keys %InodeError) {
print " $User : $InodeError{$User} Time(s)\n";
}
}
if (keys %Errors) {
print "Errors when running cron:\n";
foreach $Reason (sort {$a cmp $b} keys %Errors) {
print " $Reason: $Errors{$Reason} Time(s)\n";
}
}
if (keys %{$Runs} and ($Detail >= 5)) {
print "\n\nCommands Run:\n";
foreach $i (sort {$a cmp $b} keys %{$Runs}) {
print " User $i:\n";
foreach $j (sort {$a cmp $b} keys %{$Runs->{$i}}) {
print " $j: " . $Runs->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($Orphans) {
print " ORPHAN entries: $Orphans\n";
}
if ($MailErrors > 0) {
print "\nMAIL sending errors $MailErrors Time(s)\n";
}
if (keys %BFMFile) {
print "\nFiles with bad mode:\n";
foreach $i (keys %BFMFile) {
print " $i\n";
}
}
if ($Detail >= 10) {
if (keys %UserReloads) {
print " User crontabs reloaded:\n";
foreach $i (keys %UserReloads) {
print " $i $UserReloads{$i} Time(s)\n";
}
}
if ($Startups > 0) {
print "\nCRON Restarted $Startups Time(s)\n";
}
if ($Reloads > 0) {
print "\nCRON Reloaded system crontab $Reloads Time(s)\n";
}
}
if (keys %WFO) {
foreach $i (keys %WFO) {
printf "\n Wrong file owner (". $i ."): " . $WFO{$i}. " Time(s)\n";
}
}
if ($Ntpdate) {
print "\nNtpdate: adjusted $Ntpdate times\n";
print "\tMinimum offset $ntpdateminoffset\n";
print "\tMaximum offset $ntpdatemaxoffset\n";
}
if($ntpdatenosync) {
print "\nNtpDate could not sync: $ntpdatenosync times\n";
}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et
