##########################################################################
# $Id: cron,v 1.37 2009/06/02 14:41:09 mike Exp $
##########################################################################
# $Log: cron,v $
# Revision 1.37 2009/06/02 14:41:09 mike
# Patch from Fedora (Ivan Varekova) -mgt
#
# Revision 1.36 2009/02/20 17:57:23 mike
# Added fedora/redhet patches from Ivan Varekova -mgt
#
# Revision 1.35 2008/12/09 18:30:37 mike
# Inotify patch from Orion Poplawski -mgt
#
# Revision 1.34 2008/08/18 15:52:00 mike
# Fixed WRONG FILE type line 166 [from debian lenny] -mgt
#
# Revision 1.33 2008/03/24 23:31:26 kirk
# added copyright/license notice to each script
#
# Revision 1.32 2007/11/25 19:54:41 bjorn
# Handles more PAM and SELINUX errors, by Ivana Varekova.
#
# Revision 1.31 2007/08/22 19:03:45 bjorn
# Processing of icrond messages, by Ivana Varekova.
#
# Revision 1.30 2007/02/16 03:13:51 bjorn
# Fixed typo in variable name.
#
# Revision 1.29 2007/01/29 20:12:19 bjorn
# Handling of "WRONG FILE OWNER", by Ivana Varekova.
#
# Revision 1.28 2006/12/20 15:35:02 bjorn
# Additional filtering, by Ivana Varekova.
#
# Revision 1.27 2006/10/20 16:43:04 bjorn
# Ignore additional log entry, by Willi Mann.
#
# Revision 1.26 2006/07/28 17:40:12 bjorn
# Accounts for log turnover in OpenBSD, by Markus Lude.
#
# Revision 1.25 2006/01/31 20:21:25 bjorn
# Ignore rsyncd, and coalesce ntpdate adjusts, by Bob Hutchinson.
#
# Revision 1.24 2005/11/30 05:00:50 bjorn
# Filtering additional INFO lines, by Willi Mann.
#
# Revision 1.23 2005/11/07 23:01:09 bjorn
# Filtering for fcron, by Georgi Georgiev
#
# Revision 1.22 2005/10/03 15:56:43 bjorn
# Processing "BAD FILE MODE", by Ivana Varekova.
#
# Revision 1.21 2005/05/11 20:41:22 mike
# Added finish and start checks for netbsd 2.0 -mgt
#
# Revision 1.20 2005/02/24 17:08:04 kirk
# Applying consolidated patches from Mike Tremaine
#
# Revision 1.7 2005/02/17 01:28:27 mgt
# Kernel,Cron Patches from Bjorn [from Fedora Bugzilla], emerge.conf patch from Laurent -mgt
#
# Revision 1.6 2005/02/16 00:43:28 mgt
# Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt
#
# Revision 1.5 2005/02/13 21:26:13 mgt
# patches from Michael Weiser -mgt
#
# Revision 1.4 2004/07/29 19:33:29 mgt
# Chmod and removed perl call -mgt
#
# Revision 1.3 2004/07/10 01:54:34 mgt
# sync with kirk -mgt
#
# Revision 1.17 2004/06/21 15:07:21 kirk
# - Added check for large user mailboxes
# - Added pop3 and imapd filters
# - Updated clamav support
# - New cisco log filter
# - Tons of updates to existing filters (too many to list!)
#
# Revision 1.16 2004/06/21 14:59:05 kirk
# Added tons of patches from Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Thanks, as always!
#
# Revision 1.15 2004/06/21 14:24:46 kirk
# RH9 fix from Jindrich Kubec <kubecj@asw.cz
#
# Revision 1.14 2004/02/03 03:36:39 kirk
# Patches from Anssi Kolehmainen <kolean-5.listat@pp.inet.fi>
#
# Revision 1.13 2004/02/03 02:45:26 kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################
########################################################
## Copyright (c) 2008 Kirk Bauer
## Covered under the included MIT/X-Consortium License:
## http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms. If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions. If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$Startups = 0;
$Reloads = 0;
$MailErrors = 0;
$BFMFile = 0;
while (defined($ThisLine = <STDIN>)) {
chomp($ThisLine);
if (
($ThisLine =~ /Updated timestamp for job/) or
($ThisLine =~ /INFO \(pidfile fd = \d+\)/) or
($ThisLine =~ /rsyncd/) or
($ThisLine =~ /INFO \(Running \@(re)?boot jobs\)/) or
($ThisLine =~ /INFO \(Skipping \@(re)?boot jobs -- not system startup\)/) or
($ThisLine =~ /INFO \(not boot nor reboot\)/) or
($ThisLine =~ /INFO \(running with inotify support\)/) or
($ThisLine =~ /INFO \(\@reboot jobs will be run at computer's startup.\)/) or
($ThisLine =~ /logfile turned over/) or
($ThisLine =~ /ready to process filesystem events/) or # newsyslog on OpenBSD
($ThisLine =~ /loading (system|user) tables/) or
($ThisLine =~ /loading table .*/) or
($ThisLine =~ /void Inotify::Remove\(InotifyWatch\*\): removing watch failed/) or
($ThisLine =~ /error: \(22\) Invalid argument/)
) {
# Ignore
} elsif (
($ThisLine =~ s/^([^ ]+) \([^ ]+\)\s+//) or
($ThisLine =~ s/^\S+\s+\S+\s+..:..:..\s+\S+\s+\S+\[\d+\]:\s+\((\S+)\)\s+//)
) {
$User = $1;
if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
} elsif ($ThisLine =~ s/^CMD FINISH \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
} elsif ($ThisLine =~ s/^(END|CMD START) \((.+)\)\s*$/$1/) {
#Ignore for now, NetBSD users could get tricky with
#How many commands started vs finished -mgt
} elsif ($ThisLine =~ /ORPHAN \(no passwd entry\)/) {
$Orphans++;
} elsif ($ThisLine =~ s/^(BEGIN|END) EDIT \((.+)\)\s*$/$2/) {
$Runs->{$ThisLine}->{'personal crontab edited'} += 0.5;
} elsif ($ThisLine =~ s/^REPLACE \((.+)\)\s*$/$1/) {
$Runs->{$ThisLine}->{'personal crontab replaced'}++;
} elsif ($ThisLine =~ s/^LIST \((.+)\)\s*$/$1/) {
$Runs->{$ThisLine}->{'personal crontab listed'}++;
} elsif ($ThisLine =~ s/^DELETE \((.+)\)\s*$/$1/) {
$Runs->{$User}->{'personal crontab deleted'}++;
} elsif ($ThisLine =~ /^STARTUP \(.*\)\s*$/ ) {
$Startups++;
} elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
$Runs->{$User}->{'personal crontab reloaded'}++;
} elsif ( $ThisLine =~ /^MAIL \(mailed \d+ bytes of output but got status [^ ]+/) {
$MailErrors++;
} elsif ( $ThisLine =~ /^AUTH \(crontab command not allowed\)/) {
$CronDeny{$User}++;
} elsif ( $ThisLine =~ /^WRONG INODE INFO \([^ ]+\)/) {
$InodeError{$User}++;
} elsif ( $ThisLine =~ /session opened/ ||
$ThisLine =~ /session closed/ ) {
# ignore
} elsif ( ($Reason) = ($ThisLine =~ /^error \((.+)\)$/) ) {
$Errors{$Reason}++;
} elsif ( ($FileName) = ($ThisLine =~ /BAD FILE MODE \((.+)\)/) ) {
$BFMFile{$FileName}++;
} elsif ( ($FileName) = ($ThisLine =~ /WRONG FILE OWNER \((.+)\)/) ) {
$WFO{$FileName}++;
} else {
# Report any unmatched entries...
push @OtherList, "$ThisLine\n";
}
} elsif ( $ThisLine =~ /^RELOAD \(.+\)\s*$/ ) {
$Reloads++;
} elsif ( ($User) = ($ThisLine =~ /^(.*) \([^ ]+\) RELOAD \(.*\)$/ ) ) {
$UserReloads{$User}++;
} elsif ( $ThisLine =~ /.*?: Job (.*) started for user ([^ ]*)/) {
$Runs->{$2}->{$1}++;
} elsif (
($ThisLine =~ /.*?: Job (.*) (completed|terminated)/) or
($ThisLine =~ /.*?: updating configuration from/) or
($ThisLine =~ /.*?: Exiting with code 0/) or
($ThisLine =~ /.*?: SIGTERM signal received/)
) {
# Ignore
} elsif ( ($User) = ($ThisLine =~ /.*?: editing ([^ ]*)'s fcrontab.*/)) {
$Runs->{$User}->{'-- personal crontab edited'}++;
} elsif ( ($User) = ($ThisLine =~ /.*?: listing ([^ ]*)'s fcrontab.*/)) {
$Runs->{$User}->{'-- personal crontab listed'}++;
} elsif ( ($User) = ($ThisLine =~ /.*?: adding (?:new )?file ([^ ]+)/)) {
$Runs->{$User}->{'-- personal crontab updated'}++;
$UserReloads{$User}++;
} elsif ( $ThisLine =~ /.*?: fcron.* started/) {
$Startups++;
} elsif ( ($offset) = ($ThisLine =~ /ntpdate\[\d+\]: adjust time server .* offset (.*) sec/)) {
$Ntpdate++;
if ( $ntpdateminoffset > $offset ) { $ntpdateminoffset = $offset; }
if ( $ntpdatemaxoffset < $offset ) { $ntpdatemaxoffset = $offset; }
} elsif ($ThisLine =~ /ntpdate\[\d+\]: no server suitable for synchronization found/) {
$ntpdatenosync++;
} elsif (($ThisLine =~ /incrond/) && ($ThisLine =~ /starting service/)) {
$INCRONDSS++;
} elsif (($ThisLine =~ /incrond/) && ($ThisLine =~ /stopping service/)) {
$INCRONDStS++;
} elsif (($ThisLine =~ /incrond/) && (($Table) = ($ThisLine =~ /system table (.*) created, loading/))) {
$INCRONDSTCr{$Table}++;
} elsif (($ThisLine =~ /incrond/) && (($User) = ($ThisLine =~ /table for user (.*) created, loading/))) {
$INCRONDUTCr{$User}++;
} elsif (($ThisLine =~ /incrond/) && (($Table) = ($ThisLine =~ /system table (.*) changed, reloading/))) {
$INCRONDSTCh{$Table}++;
} elsif (($ThisLine =~ /incrond/) && (($User) = ($ThisLine =~ /table for user (.*) changed, reloading/))) {
$INCRONDUTCh{$User}++;
} elsif (($ThisLine =~ /incrond/) && (($Table) = ($ThisLine =~ /system table (.*) destroyed, removing/))) {
$INCRONDSTDe{$Table}++;
} elsif (($ThisLine =~ /incrond/) && (($User) = ($ThisLine =~ /table for user (.*) destroyed, removing/))) {
$INCRONDUTDe{$User}++;
} elsif ( ($ThisLine =~ /incrond/) &&
( (($Error) = ($ThisLine =~ /(cannot create watch for (system table|user) .*: \(2\) No such file or directory)/)) ||
(($Error) = ($ThisLine =~ /(access denied on (.*) - events will be discarded silently)/)) ||
(($Error) = ($ThisLine =~ /(unhandled exception occurred)/)) ||
(($Error) = ($ThisLine =~ /(cannot exec process.*)/))
) ) {
$INCRONDErr{$Error}++;
} elsif ( ($ThisLine =~ /crond/) &&
(($Error) = ($ThisLine =~ /(failed to open PAM security session: (Permission denied|Module is unknown))/))
) {
$CRONDErr{$Error}++;
} elsif (( ($Error) = ($ThisLine =~ /ERROR: (failed to change SELinux context)/)) or
(($Error) = ($ThisLine =~ /ERROR:(Could not set exec context to .* for .*)/))) {
$SELCONTErr{$Error}++;
} elsif ($ThisLine =~ /FAILED to authorize user with PAM \(User not known to the underlying authentication module\)/) {
$PAMAUTHErr++;
} elsif ( ($FileName,$Cause) = ($ThisLine =~ /ERROR chdir failed \((.*)\): (.*)/) ) {
$CHDIRErr{"$FileName,$Cause"}++;
} elsif ($ThisLine =~ /ERROR \(failed to change user\)/) {
$CHUSERHErr++;
} else {
# Report any unmatched entries...
push @OtherList, "$ThisLine\n";
}
}
#######################################
if (%CronDeny) {
print "Attempt to use crontab by unauthorized users:\n";
foreach $User (sort {$a cmp $b} keys %CronDeny) {
print " $User : $CronDeny{$User} Time(s)\n";
}
}
if (%InodeError) {
print "\nInode errors in crontab files of users:\n";
foreach $User (sort {$a cmp $b} keys %InodeError) {
print " $User : $InodeError{$User} Time(s)\n";
}
}
if (keys %Errors) {
print "Errors when running cron:\n";
foreach $Reason (sort {$a cmp $b} keys %Errors) {
print " $Reason: $Errors{$Reason} Time(s)\n";
}
}
if (keys %{$Runs} and ($Detail >= 5)) {
print "\n\nCommands Run:\n";
foreach $i (sort {$a cmp $b} keys %{$Runs}) {
print " User $i:\n";
foreach $j (sort {$a cmp $b} keys %{$Runs->{$i}}) {
print " $j: " . $Runs->{$i}->{$j} . " Time(s)\n";
}
}
}
if ($Orphans) {
print " ORPHAN entries: $Orphans\n";
}
if ($MailErrors > 0) {
print "\nMAIL sending errors $MailErrors Time(s)\n";
}
if (keys %BFMFile) {
print "\nFiles with bad mode:\n";
foreach $i (keys %BFMFile) {
print " $i\n";
}
}
if ($Detail >= 10) {
if (keys %UserReloads) {
print " User crontabs reloaded:\n";
foreach $i (keys %UserReloads) {
print " $i $UserReloads{$i} Time(s)\n";
}
}
if ($Startups > 0) {
print "\nCRON Restarted $Startups Time(s)\n";
}
if ($Reloads > 0) {
print "\nCRON Reloaded system crontab $Reloads Time(s)\n";
}
}
if (keys %WFO) {
foreach $i (keys %WFO) {
printf "\n Wrong file owner (". $i ."): " . $WFO{$i}. " Time(s)\n";
}
}
if ($Ntpdate) {
print "\nNtpdate: adjusted $Ntpdate times\n";
print "\tMinimum offset $ntpdateminoffset\n";
print "\tMaximum offset $ntpdatemaxoffset\n";
}
if($ntpdatenosync) {
print "\nNtpDate could not sync: $ntpdatenosync times\n";
}
if ($INCRONDSS) {
printf "\n service incrond started " . $INCRONDSS . ": time(s)\n";
}
if ($INCRONDStS) {
printf "\n service incrond stoped " . $INCRONDStS . ": time(s)\n";
}
if ((%INCRONDSTCr) || (%INCRONDUTCr)) {
printf "\n created tables \n";
for $key (keys %INCRONDSTCr) {
print " system table " . $key . " created " . $INCRONDSTCr{$key} . ": time(s)\n";
}
for $key (keys %INCRONDUTCr) {
print " table for user " . $key . " ceated " . $INCRONDUTCr{$key}. ": time(s)\n";
}
}
if ((%INCRONDSTCh) || (%INCRONDUTCh)) {
printf "\n changes of tables \n";
for $key (keys %INCRONDSTCh) {
print " system table " . $key . " changed " . $INCRONDSTCh{$key} . ": time(s)\n";
}
for $key (keys %INCRONDUTCh) {
print " table for user " . $key . "changed " . $INCRONDUTCh{$key} . ": time(s)\n";
}
}
if ((%INCRONDSTDe) || (%INCRONDUTDe)) {
printf "\n destroyed tables \n";
for $key (keys %INCRONDSTDe) {
print " system table " . $key . " destroyed " . $INCRONDSTDe{$key} . ": time(s)\n";
}
for $key (keys %INCRONDUTDe) {
print " table for user ". $key ." destroyed " .$INCRONDUTDe{$key} . ": time(s)\n";
}
}
if (%CRONDErr) {
printf "\n crond daemon errors \n";
for $key (keys %CRONDErr) {
print " " . $key . ": " . $CRONDErr{$key} . " time(s)\n";
}
}
if (%INCRONDErr) {
printf "\n incrond daemon errors \n";
for $key (keys %INCRONDErr) {
print " " . $key . ": " . $INCRONDErr{$key} . " time(s)\n";
}
}
if (%SELCONTErr) {
printf "\n SELinux context error \n";
for $key (keys %SELCONTErr) {
print " " . $key . ": " . $SELCONTErr{$key} . " time(s)\n";
}
}
if ($PAMAUTHErr) {
printf "\nPAM autentification error: " . $PAMAUTHErr . " time(s)\n";
}
if (%CHDIRErr) {
printf "\nchdir command failed\n";
foreach (keys %CHDIRErr) {
my ($File,$Cause) = split ",";
print " for directory " . $File . " (" . $Cause . ")". ": " . $CHDIRErr{"$File,$Cause"} . " time(s)\n";
}
}
if ($CHUSERHErr) {
printf "\nUser change error: " . $CHUSERHErr . " time(s)\n";
}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:
distrib
>
Mandriva
>
2011.0
>
x86_64
>
media
>
contrib-testing
>
by-pkgid
>
db5930ff42273c3d4922c886ff560c8b
>
files
>
188
