Your IP : 18.220.134.161
#!/bin/bash
# Default values for the log file path and time threshold
log_file="/var/log/nc_audit/suspicious_file_detector.log"
allowed_time_diff=3600 # Default: 3600 seconds (1 hour)
# Function to display usage
usage() {
echo "Usage: $0 [-f log_file] [-t allowed_time_difference_in_seconds]"
exit 3
}
# Parse command-line arguments
while getopts "f:t:" opt; do
case ${opt} in
f)
log_file="${OPTARG}"
;;
t)
allowed_time_diff="${OPTARG}"
;;
*)
usage
;;
esac
done
# Check if the log file exists and is not empty
if [[ ! -f "${log_file}" || ! -s "${log_file}" ]]; then
echo "ERROR: Log file ${log_file} does not exist or is empty."
exit 1
fi
# Check the last modification time of the log file
current_time=$(date +%s)
file_mod_time=$(stat -c %Y "${log_file}")
time_diff=$((current_time - file_mod_time))
if (( time_diff > allowed_time_diff )); then
echo "CRITICAL!: Log file was modified more than $((allowed_time_diff / 60)) minutes ago."
exit 2
fi
# Get the last line of the log file
last_line=$(tail -n 1 "$log_file")
if [[ "${last_line}" == *"CRITICAL!"* ]]; then
echo "${last_line}"
exit 2
elif [[ "${last_line}" == *"WARNING"* ]]; then
echo "${last_line}"
exit 1
elif [[ "${last_line}" == *"OK!"* ]]; then
echo "${last_line}"
exit 0
else
echo "UNKNOWN: ${last_line}"
exit 3
fi