Current Path : /opt/zabbix_scripts/ |
|
Current File : //opt/zabbix_scripts/cpanel_compromised_account.sh.Nov1 |
#/bin/bash
SPAMTEST=$(awk "/^$(date --date="-15min" "+%F %R:")/{p++} p" /var/log/exim_mainlog |grep ' <= ' |grep ' U=' |egrep -v 'T="Cron|U=mailnull|T="lfd' |awk -F'U=' '{print $2}'|awk '{print $1}' |sort |uniq -c |sort -n|awk '{ if ($1>25) print $1 " mails sent from user "$2}')
if [[ -n "$SPAMTEST" ]]; then
echo "CRITICAL: Possible compromised accounts using PHP script to send high volumes recently: $SPAMTEST"
exit 2
else
echo "OK: No compromised accounts found in the mail log"
exit 0
fi
Copyright 2K16 - 2K18 Indonesian Hacker Rulez