Current Path : /usr/lib64/nagios/plugins/ |
|
Current File : //usr/lib64/nagios/plugins/cpanel_compromised_mail.sh |
#!/bin/bash
##########################################################
# Script to find the spamming via smtp authentication
# Author : Priya
########################################################
SPAMTEST=$(perl -lsne '/$day.*\[([0-9.]+)\]:.+dovecot_(?:login|plain):([^\s]+).* for (.*)/ and $sender{$2}{r}+=scalar (split / /,$3) and $sender{$2}{i}{$1}=1; END {foreach $sender(keys %sender){printf"Rcpn %d Hosts %03d Auth %s\n",$sender{$sender}{r},scalar (keys %{$sender{$sender}{i}}),$sender;}}' -- -day="$(date +"%F %H" -d "1 hour ago")" /var/log/exim_mainlog | sed 's/^Rcpn \(\S*\).*Auth \(\S*\).*$/\1 mails sent authed as \2/g' |sort -n | awk '{ if ($1>150) print $0}')
if [[ -n "$SPAMTEST" ]]; then
echo "WARNING: Possible compromised mail accounts sending high volumes recently: $SPAMTEST"
exit 1
else
echo "OK: No compromised accounts found in the mail log"
exit 0
fi
Copyright 2K16 - 2K18 Indonesian Hacker Rulez