Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.41
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
share /
logwatch /
scripts /
services /
Delete
Unzip
Name
Size
Permission
Date
Action
afpd
3.84
KB
-rwxr-xr-x
2017-01-21 17:44
amavis
176.48
KB
-rwxr-xr-x
2017-01-21 17:44
arpwatch
1.43
KB
-rwxr-xr-x
2017-01-21 17:44
audit
15.59
KB
-rwxr-xr-x
2017-01-21 17:44
automount
5.24
KB
-rwxr-xr-x
2017-01-21 17:44
autorpm
2.25
KB
-rwxr-xr-x
2017-01-21 17:44
barracuda
11.85
KB
-rwxr-xr-x
2017-01-21 17:44
bfd
2.2
KB
-rwxr-xr-x
2017-01-21 17:44
cisco
44.38
KB
-rwxr-xr-x
2016-07-26 19:43
citadel
58.58
KB
-rwxr-xr-x
2017-01-21 17:44
clam-update
6.93
KB
-rwxr-xr-x
2017-01-21 17:44
clamav
6.17
KB
-rwxr-xr-x
2017-01-21 17:44
clamav-milter
4.17
KB
-rwxr-xr-x
2017-01-21 17:44
courier
23.28
KB
-rwxr-xr-x
2017-01-21 17:44
cron
12.58
KB
-rwxr-xr-x
2017-01-21 17:44
denyhosts
1.75
KB
-rwxr-xr-x
2017-01-21 17:44
dhcpd
11
KB
-rwxr-xr-x
2017-01-21 17:44
dirsrv
4.85
KB
-rwxr-xr-x
2017-01-21 17:44
dnssec
4.99
KB
-rwxr-xr-x
2017-01-21 17:44
dovecot
24.72
KB
-rwxr-xr-x
2017-01-21 17:44
dpkg
3.21
KB
-rwxr-xr-x
2017-01-21 17:44
emerge
4.44
KB
-rwxr-xr-x
2017-01-21 17:44
evtapplication
5.92
KB
-rwxr-xr-x
2017-01-21 17:44
evtsecurity
12.7
KB
-rwxr-xr-x
2017-01-21 17:44
evtsystem
14.95
KB
-rwxr-xr-x
2017-01-21 17:44
exim
24.79
KB
-rwxr-xr-x
2017-01-21 17:44
eximstats
1.91
KB
-rwxr-xr-x
2017-01-21 17:44
extreme-networks
10.91
KB
-rwxr-xr-x
2017-01-21 17:44
fail2ban
9.98
KB
-rwxr-xr-x
2017-01-21 17:44
fetchmail
3.53
KB
-rwxr-xr-x
2017-01-21 17:44
freeradius
10.22
KB
-rwxr-xr-x
2017-01-21 17:44
ftpd-messages
7.67
KB
-rwxr-xr-x
2017-01-21 17:44
ftpd-xferlog
6.18
KB
-rwxr-xr-x
2017-01-21 17:44
http
23.73
KB
-rwxr-xr-x
2017-01-21 17:44
http-error
4.22
KB
-rwxr-xr-x
2016-07-26 19:43
identd
5.54
KB
-rwxr-xr-x
2017-01-21 17:44
imapd
11.15
KB
-rwxr-xr-x
2017-01-21 17:44
in.qpopper
4.84
KB
-rwxr-xr-x
2017-01-21 17:44
init
3.48
KB
-rwxr-xr-x
2017-01-21 17:44
ipop3d
4.08
KB
-rwxr-xr-x
2017-01-21 17:44
iptables
14.96
KB
-rwxr-xr-x
2017-01-21 17:44
kernel
10.56
KB
-rwxr-xr-x
2017-01-21 17:44
knockd
2.8
KB
-rwxr-xr-x
2017-01-21 17:44
lvm
3.12
KB
-rwxr-xr-x
2017-01-21 17:44
mailscanner
27.15
KB
-rwxr-xr-x
2017-01-21 17:44
mdadm
4.58
KB
-rwxr-xr-x
2017-01-21 17:44
mod_security2
7.82
KB
-rwxr-xr-x
2017-01-21 17:44
modprobe
4.17
KB
-rwxr-xr-x
2017-01-21 17:44
mountd
4.35
KB
-rwxr-xr-x
2017-01-21 17:44
mysql
4.52
KB
-rwxr-xr-x
2017-01-21 17:44
mysql-mmm
4.84
KB
-rwxr-xr-x
2017-01-21 17:44
named
31.26
KB
-rwxr-xr-x
2017-01-21 17:44
netopia
14.98
KB
-rwxr-xr-x
2017-01-21 17:44
netscreen
20.63
KB
-rwxr-xr-x
2017-01-21 17:44
oidentd
5.47
KB
-rwxr-xr-x
2017-01-21 17:44
omsa
2.59
KB
-rwxr-xr-x
2017-01-21 17:44
openvpn
13.68
KB
-rwxr-xr-x
2017-01-21 17:44
pam
1.86
KB
-rwxr-xr-x
2017-01-21 17:44
pam_pwdb
7.84
KB
-rwxr-xr-x
2017-01-21 17:44
pam_unix
16.03
KB
-rwxr-xr-x
2017-01-21 17:44
php
5.1
KB
-rwxr-xr-x
2017-01-21 17:44
pix
13.29
KB
-rwxr-xr-x
2017-01-21 17:44
pluto
11.97
KB
-rwxr-xr-x
2017-01-21 17:44
pop3
15.18
KB
-rwxr-xr-x
2017-01-21 17:44
portsentry
5
KB
-rwxr-xr-x
2017-01-21 17:44
postfix
241.59
KB
-rwxr-xr-x
2017-01-21 17:44
postgresql
5.39
KB
-rwxr-xr-x
2017-01-21 17:44
pound
3.52
KB
-rwxr-xr-x
2017-01-21 17:44
proftpd-messages
10.6
KB
-rwxr-xr-x
2017-01-21 17:44
puppet
10.37
KB
-rwxr-xr-x
2016-07-26 19:43
pureftpd
8.17
KB
-rwxr-xr-x
2017-01-21 17:44
qmail
5.73
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-pop3d
4.43
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-pop3ds
3.98
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-send
19.63
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-smtpd
56.05
KB
-rwxr-xr-x
2017-01-21 17:44
raid
1.73
KB
-rwxr-xr-x
2017-01-21 17:44
resolver
3.43
KB
-rwxr-xr-x
2017-01-21 17:44
rsnapshot
3.33
KB
-rwxr-xr-x
2017-01-21 17:44
rsyslogd
1.79
KB
-rwxr-xr-x
2016-07-26 19:43
rt314
4.43
KB
-rwxr-xr-x
2017-01-21 17:44
samba
25.63
KB
-rwxr-xr-x
2017-01-21 17:44
saslauthd
4.06
KB
-rwxr-xr-x
2017-01-21 17:44
scsi
3.34
KB
-rwxr-xr-x
2017-01-21 17:44
secure
41.04
KB
-rwxr-xr-x
2017-01-21 17:44
sendmail
92.27
KB
-rwxr-xr-x
2017-01-21 17:44
sendmail-largeboxes
2.51
KB
-rwxr-xr-x
2017-01-21 17:44
shaperd
5.64
KB
-rwxr-xr-x
2017-01-21 17:44
slon
4.61
KB
-rwxr-xr-x
2017-01-21 17:44
smartd
16.1
KB
-rwxr-xr-x
2017-01-21 17:44
sonicwall
25
KB
-rwxr-xr-x
2017-01-21 17:44
spamassassin
7.56
KB
-rwxr-xr-x
2016-07-26 19:43
sshd
30.98
KB
-rwxr-xr-x
2017-01-21 17:44
sshd2
2.02
KB
-rwxr-xr-x
2017-01-21 17:44
sssd
2.45
KB
-rwxr-xr-x
2017-01-21 17:44
stunnel
5.61
KB
-rwxr-xr-x
2016-07-26 19:43
sudo
6.01
KB
-rwxr-xr-x
2017-01-21 17:44
syslog-ng
20.61
KB
-rwxr-xr-x
2017-01-21 17:44
syslogd
1.98
KB
-rwxr-xr-x
2017-01-21 17:44
systemd
7.53
KB
-rwxr-xr-x
2017-01-21 17:44
tac_acc
4.12
KB
-rwxr-xr-x
2017-01-21 17:44
tivoli-smc
4.41
KB
-rwxr-xr-x
2016-07-26 19:43
up2date
4.79
KB
-rwxr-xr-x
2017-01-21 17:44
vdr
8.3
KB
-rwxr-xr-x
2017-01-21 17:44
vpopmail
3.48
KB
-rwxr-xr-x
2017-01-21 17:44
vsftpd
8.28
KB
-rwxr-xr-x
2017-01-21 17:44
windows
16.12
KB
-rwxr-xr-x
2017-01-21 17:44
xntpd
8.59
KB
-rwxr-xr-x
2017-01-21 17:44
yum
2.8
KB
-rwxr-xr-x
2017-01-21 17:44
zypp
2.48
KB
-rwxr-xr-x
2017-01-21 17:44
zz-disk_space
6.02
KB
-rwxr-xr-x
2017-01-21 17:44
zz-fortune
1.69
KB
-rwxr-xr-x
2017-01-21 17:44
zz-lm_sensors
1.82
KB
-rwxr-xr-x
2017-01-21 17:44
zz-network
12.79
KB
-rwxr-xr-x
2017-01-21 17:44
zz-runtime
1.66
KB
-rwxr-xr-x
2017-01-21 17:44
zz-sys
3.01
KB
-rwxr-xr-x
2017-01-21 17:44
zz-zfs
5.91
KB
-rwxr-xr-x
2017-01-21 17:44
Save
Rename
#!/usr/bin/perl ########################################################################## # $Id$ ########################################################################## # $Log: evtsystem,v $ # Revision 1.3 2008/06/30 23:07:51 kirk # fixed copyright holders for files where I know who they should be # # Revision 1.2 2008/03/24 23:31:26 kirk # added copyright/license notice to each script # # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. # ########################################################################## ######################################################## ## Copyright (c) 2008 Orion Poplawski ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use strict; my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my %Errors; my %RestartRequired; my %Systems; my %Updates; my %UpdatesInstalled; my %UpdatesReadyForInstall; while (defined(my $ThisLine = <STDIN>)) { my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra); #Determine format if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4 #Parse ($Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) = ($ThisLine =~ /MSWinEventLog\[(\d+)\]:(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)/); } elsif ($ThisLine =~ /MSWinEventLog\t/) { # Snare 3 #Parse ($Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) = ($ThisLine =~ /MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)/); } if (!defined($Hostname)) { print STDERR "Cannot parse $ThisLine"; next; } #print STDERR "ExpandedString = $ExpandedString\n"; if ($System eq "Application Popup") { #Ignore these next if $ExpandedString =~ /Initialization Failed : The application failed to initialize because the window station is shutting down/; next if $ExpandedString =~ /^Application popup: Windows : Other people are logged on to this computer. Shutting down Windows might cause them to lose data\. Do you want to continue shutting down\?$/; next if $ExpandedString =~ /^Application popup: Message from .*: Automatic software deployment is currently updating your system\. Please save all your documents as the the system might reboot without further notice\. Thank you\./; next if $ExpandedString =~ /^Application popup: Message from .*: The automated software installation utility has completed installing or updating software on your system\. No reboot was necessary\. All updates are complete\./; } if ($System eq "BTHUSB") { next if $ExpandedString =~ /^Windows cannot store Bluetooth authentication codes \(link keys\) on the local adapter\. Bluetooth keyboards might not work in the system BIOS during startup\.$/ and $Detail < 5; } if ($System =~ "EventLog") { #Ignore these next if $ExpandedString =~ /Microsoft \(R\) Windows \(R\) \d+\.\d+\. \d+ +(Multiprocessor Free|Service Pack \d)/; next if $ExpandedString =~ /^The Event log service was started./; next if $ExpandedString =~ /^The Event log service was stopped./; next if $ExpandedString =~ /^The system uptime is \d+ seconds/; } if ($System =~ "LsaSrv") { #Ignore these next if $ExpandedString =~ /^A logon cache entry for user .* was the oldest entry and was removed\. The timestamp of this entry was/; } if ($System eq "Microsoft-Windows-Application-Experience") { #Ignore these next if $ExpandedString eq "The Program Compatibility Assistant service successfully performed phase two initialization."; } if ($System eq "Microsoft-Windows-DfsSvc") { #Ignore these next if $ExpandedString =~ /^DFS has finished building all namespaces\.$/; next if $ExpandedString =~ /^DFS server has finished initializing\.$/; } if ($System eq "Microsoft-Windows-FilterManager") { #Ignore these next if $ExpandedString =~ /^File System Filter .* has successfully loaded and registered with Filter Manager\.$/; } if ($System eq "Microsoft-Windows-Iphlpsvc") { #High Detail next if $ExpandedString =~ /^Isatap interface .* with address .* has been brought up\.$/ and $Detail < 10; next if $ExpandedString =~ /^Isatap interface .* is no longer active\.$/ and $Detail < 10; } if ($System eq "Microsoft-Windows-Kernel-Boot") { #High Detail next if $ExpandedString =~ /^The boot type was/ and $Detail < 10; next if $ExpandedString =~ /^The bootmgr spent .* waiting for user input/ and $Detail < 10; next if $ExpandedString =~ /^The last shutdown's success status was true. The last boot's success status was true\.$/ and $Detail < 10; next if $ExpandedString =~ /^There are .* boot options on this system/ and $Detail < 10; } if ($System eq "Microsoft-Windows-Kernel-General") { #High Detail next if $ExpandedString =~ /^The operating system started at system time/ and $Detail < 10; next if $ExpandedString =~ /^The operating system is shutting down at system time/ and $Detail < 10; next if $ExpandedString =~ /^The access history in hive .* was cleared updating \d+ keys/ and $Detail < 10; #TODO - We should warn is this is big next if $ExpandedString =~ /^The system time has changed to .* from/; } if ($System eq "Microsoft-Windows-Kernel-Power") { #High Detail next if $ExpandedString =~ /^The system is entering sleep/ and $Detail < 10; next if $ExpandedString =~ /^The kernel power manager has initiated a shutdown transition\.$/ and $Detail < 10; #Ignore these next if $ExpandedString =~ /^ACPI thermal zone .* has been enumerated/; next if $ExpandedString =~ /^Processor \d+ in group \d+ exposes the following power management capabilities/; } if ($System eq "Microsoft-Windows-Kernel-Processor-Power") { #Ignore these next if $ExpandedString =~ /^Processor \d+ in group \d+ exposes the following/; } if ($System eq "Microsoft-Windows-GroupPolicy") { #Ignore these next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. There were no changes detected since the last successful processing of Group Policy\.$/; next if $ExpandedString =~ /^The Group Policy settings for the (computer|user) were processed successfully\. New settings from \d+ Group Policy objects were detected and applied\.$/ and $Detail == 0; } if ($System eq "Microsoft-Windows-Ntfs") { #Ignore these next if $ExpandedString =~ /^Volume .* is healthy\. No action is needed\.$/; } if ($System eq "Microsoft-Windows-Power-Troubleshooter") { #High Detail next if $ExpandedString =~ /^The system has resumed from sleep/ and $Detail < 10; } if ($System eq "Microsoft-Windows-Time-Service") { #High Detail next if $ExpandedString =~ /^The time provider NtpClient is currently receiving valid time data from/ and $Detail < 10; next if $ExpandedString =~ /^The time service is now synchronizing the system time with the time source/ and $Detail < 10; } if ($System eq "Microsoft-Windows-WAS") { #High Detail next if $ExpandedString =~ /^A worker process with process id of .* serving application pool .* has requested a recycle because the worker process reached its allowed processing time limit/ and $Detail < 10; } if ($System eq "Microsoft-Windows-WindowsUpdateClient" or $System eq "Windows Update Agent") { #High Detail next if $ExpandedString =~ /^Automatic Updates is now paused\.$/ and $Detail < 10; next if $ExpandedString =~ /^Windows Update started downloading an update\.$/ and $Detail < 10; #Updates if (my ($InstallDateTime, $Updates) = $ExpandedString =~ /^Installation Ready: The following updates are downloaded and ready for installation(?:\. )?(?:This computer is currently scheduled to install these updates on (.*)|To install the updates, an administrator should log on.*|): - (.*)$/) { $InstallDateTime =~ s/\?//g; foreach my $Update (split(" - ",$Updates)) { $InstallDateTime = "Now" if $InstallDateTime eq ""; $UpdatesReadyForInstall{$Hostname}->{$Update} = $InstallDateTime; } next; } if (my ($Update) = $ExpandedString =~ /^Installation Successful: Windows successfully installed the following update: (.*)$/) { delete($UpdatesReadyForInstall{$Hostname}->{$Update}); push(@{$UpdatesInstalled{$Hostname}},$Update); next; } if ($ExpandedString =~ /^Installation Failure:/) { $Errors{$System}->{"$Hostname $ExpandedString"}++; next; } if ($ExpandedString =~ /^Installation Started:/) { next; } if ($ExpandedString =~ /^Restart Required:/) { $RestartRequired{$Hostname} = 1; next; } } if ($System eq "Microsoft-Windows-WHEA-Logger") { $Errors{$System}->{"$Hostname $ExpandedString"}++; next; } if ($System eq "Microsoft-Windows-Winlogon") { #High Detail next if $ExpandedString =~ /User \w+ Notification for Customer Experience Improvement Program/ and $Detail < 10; } if ($System eq "Microsoft-Windows-WinRM") { #High Detail next if $ExpandedString =~ /^The WinRM service is listening for WS-Management requests/ and $Detail < 10; } if ($System eq "NPS") { #High Detail next if $ExpandedString =~ /^A LDAP connection with domain controller .* for domain .* is established/ and $Detail < 10; } if ($System eq "Service Control Manager") { #Ignore these next if $ExpandedString =~ /^The (.*) service entered the running state\./; next if $ExpandedString =~ /^The (.*) service entered the stopped state\./; next if $ExpandedString =~ /^The (.*) service was successfully sent a start control\./; next if $ExpandedString =~ /^The (.*) service was successfully sent a stop control\./; } if ($System eq "USER32") { #High Detail next if $ExpandedString =~ /^The process .* has initiated the power off of computer \w+ on behalf of user .* for the following reason: .*$/ and $Detail < 10; } if ($System eq "Virtual Disk Service") { #High Detail next if $ExpandedString =~ /Service (started|stopped)/ and $Detail < 10; } if ($System eq "atikmdag") { #Ignore these next if $ExpandedString =~ /^UVD Information$/; #High Detail next if $ExpandedString =~ /^Display is not active$/ and $Detail < 10; } if ($System eq "volsnap") { #Med Detail next if $ExpandedString =~ /^The oldest shadow copy of volume .* was deleted to keep disk space usage for shadow copies of volume .* below the user defined limit\.$/ and $Detail < 5; } next if $ExpandedString =~ /client service is started$/ and $Detail < 10; next if $ExpandedString =~ /started successfully\.$/ and $Detail < 10; next if $ExpandedString =~ /has successfully (?:started|stopped)\./ and $Detail < 10; next if $ExpandedString =~ /service .* (?:started|stopped)/i and $Detail < 10; next if $ExpandedString =~ /Module has (?:started|stopped)/ and $Detail < 10; next if $ExpandedString =~ /Driver initialized successfully\.$/ and $Detail < 10; next if $ExpandedString =~ /Network controller configured for .* link\.$/ and $Detail < 10; next if $ExpandedString =~ /Network link has been established/ and $Detail < 10; next if $ExpandedString =~ /^The driver package installation has succeeded\.$/ and $Detail < 10; next if $ExpandedString =~ /^The .* service entered the .* state/ and $Detail < 10; next if $ExpandedString =~ /^The process .* has initiated the (?:power off|restart|shutdown) of computer .* on behalf of user .* for the following reason/ and $Detail < 5; next if $ExpandedString =~ /^UVD Information$/; next if $ExpandedString =~ /Link has been established:/; # Add to the list $Systems{$System}->{"$Hostname $ExpandedString"}++; } # Handle high priority errors first my $System = "Microsoft-Windows-WER-SystemErrorReporting"; if (defined($Systems{$System})) { print "\nSYSTEM ERRORS!:\n"; foreach my $Error (sort(keys %{$Systems{$System}})) { print " $Error : $Systems{$System}->{$Error} Times\n"; } delete($Systems{$System}); } print "\n"; # Next output items marked as errors if (keys %Errors) { print "\nERRORS:"; foreach my $System (sort(keys %Errors)) { print "\n $System\n"; foreach my $Error (sort(keys %{$Errors{$System}})) { print " $Error : $Errors{$System}->{$Error} Times\n"; } } } if (keys %Systems) { foreach my $System (sort(keys %Systems)) { print "\n$System\n"; foreach my $Error (sort(keys %{$Systems{$System}})) { print " $Error : $Systems{$System}->{$Error} Times\n"; } } } if (keys %UpdatesReadyForInstall or keys %UpdatesInstalled) { print "\nWindows Update Summary:\n"; foreach my $Hostname (sort(keys %UpdatesReadyForInstall)) { # We may have removed all updates from this list when installed if (keys %{$UpdatesReadyForInstall{$Hostname}}) { print " Updates ready for install on $Hostname:\n"; foreach my $Update (sort(keys %{$UpdatesReadyForInstall{$Hostname}})) { print " $Update at $UpdatesReadyForInstall{$Hostname}->{$Update}\n"; } } } print "\n" if keys %UpdatesReadyForInstall; foreach my $Hostname (sort(keys %UpdatesInstalled)) { print " Updates successfully installed on $Hostname:\n"; foreach my $Update (@{$UpdatesInstalled{$Hostname}}) { print " $Update\n"; } } print "\n Restart required on hosts: " if keys %RestartRequired; foreach my $Hostname (sort(keys %RestartRequired)) { print "$Hostname "; } print "\n"; } exit(0); # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: