#!/usr/local/bin/perl # # Written by: Dave Williss # Last modified: 23 Aug 96 # # dumpxfer formats the xferlog from wuftpd into a more readable format # It can be called by anybody with read permission on the xferlog. # # dumpxfer [-g] [-b] [-a] [-f filename] # # -g Write normal transfer report # # -b Write report of just bad transfers # # -a Same as -gb (default) # # -f filename # File to get xferlog from (default = /usr/adm/xferlog) # # -S Provide a default Subject: line # # -s subject # Subject to use. (Be sure to put it in double quotes) # # -e regex # Ignore files with a given string. For example, to ignore # transfers to/from /home, use -e "^/home/". The carot is # important or else somebody who knew you used this could # prevent you from noticing something just by starting the # file name with "home". You can have multiples by doing # something like # -e "^/home/,^/some/other/dir" # # -i regex # Include only files that contain the given regex in the path # Useful for watching a particular directory. # # A "bad" transfer is defined to be any incoming transfer not coming to # /pub/incoming or any outgoing transfer from /pub/incoming. These # get flagged specially because they can mean your setup's wrong or # that somebody discovered you had a world-writable incoming directory # and decided to use it to transfer megabytes of X-rated GIFs to his # friends. # # CHANGES: # # 23 Aug 1996. Group downloads by user. Format report so that # my boss can read it. # 13 Aug 1996. Implemented -e and -i # require "getopts.pl"; &Getopts('gbaf:Ss:i:e:'); $opt_a = 1 if (!$opt_g && !$opt_b); if ($opt_a) { $opt_g = 1; $opt_b = 1; } $good_subject = "FTP Transfer Log"; $bad_subject = "Strange FTP Transfer Warning"; if ($opt_S == 1) { $opt_s = ($opt_g) ? $good_subject : $bad_subject; } $xferlog = $opt_f ? $opt_f : "/usr/adm/xferlog"; open (XFERLOG, "<$xferlog") || exit(0); $need_space = 0; while () { ($day, $month, $date, $time, $year, $pid, $host, $size, $file, $mode, $nothing, $direction, $class, $password, $user, $crud) = split; if ($opt_e) { $found = 0; foreach $path (split(/,/, $opt_e)) { $found = 1 if ($file =~ /$path/); } next if ($found); } if ($opt_i) { $found = 0; foreach $path (split(/,/, $opt_i)) { $found = 1 if ($file =~ /$path/); } next if (!$found); } #next if ($opt_e && $file =~ /$opt_e/); #next if ($opt_i && !($file =~ /$opt_i/)); # if user didn't give host name in password, tack it on $password .= "@" . $host if (! ($password =~ /@./)); ($subuser, $subhost) = split(/@/, $password); if (!($host =~ /$subhost/i) && !($subhost =~ /$host/i)) { $password .= " ($host)"; } # correct for the possibility that we added a "@" where there # already was one. $password =~ s/@@/@/g; if ("$direction" eq "i") { $users1{$password} .= " $mode $file\n"; if (!($file =~ m#/pub/incoming#)) { $users2{$password} .= " $mode $file\n"; } } if ("$direction" eq "o") { # Files we don't care if people look at next if $file =~ /.message/; next if $file =~ /README/; next if $file =~ /welcome.msg/; next if $file =~ /.html/; $users3{$password} .= " $mode $file\n"; if ($file =~ m#/pub/incoming#) { $users4{$password} .= " $mode $file\n"; } } } # # Now dump out the reports # if ($opt_g) { $num_found = 0; foreach $password (keys %users1) { if (!$num_found) { print "Subject: $opt_s\n\n" if ($opt_s && !$need_space); print "\n\n" if $need_space; print "Incoming FTP Transfers\n"; print "======================\n\n"; $need_space = 1; } print "$password\n"; print "$users1{$password}\n"; ++ $num_found; } } if ($opt_b) { $num_found = 0; foreach $password (keys %users2) { if (!$num_found) { print "Subject: $opt_s\n\n" if ($opt_s && !$need_space); print "\n\n" if $need_space; print "Incoming FTP Transfers not in the /pub/incoming directory\n"; print "=========================================================\n"; $need_space = 1; } print "$password\n"; print "$users2{$password}\n"; ++ $num_found; } } if ($opt_g) { $num_found = 0; foreach $password (keys %users3) { if (!$num_found) { print "Subject: $opt_s\n\n" if ($opt_s && !$need_space); print "\n\n" if $need_space; print "Outgoing FTP Transfers\n"; print "======================\n\n"; $need_space = 1; } print "$password\n"; print "$users3{$password}\n"; ++ $num_found; } } if ($opt_b) { $num_found = 0; foreach $password (keys %users4) { if (!$num_found) { print "Subject: $opt_s\n\n" if ($opt_s && !$need_space); print "\n\n" if $need_space; print "Outgoing FTP Transfers from /pub/incoming directory\n"; print "===================================================\n\n"; $need_space = 1; } print "$password\n"; print "$users4{$password}\n"; ++ $num_found; } } close(XFERLOG);