One Hat Cyber Team
Your IP :
18.191.252.78
Server IP :
192.145.235.60
Server :
Linux ngx365.inmotionhosting.com 5.14.0-427.33.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 09:45:56 EDT 2024 x86_64
Server Software :
Apache
PHP Version :
8.2.27
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
opt
/
sharedrads
/
View File Name :
check_crons
#!/usr/bin/bash #load functions + banners if [ -f /opt/sharedrads/radsfunctions.sh ]; then source /opt/sharedrads/radsfunctions.sh else source /opt/dedrads/radsfunctions.sh fi CHECKUSER=$1 SESSIONID=$2 function pusage(){ echo echo "Usage:" echo " check_crons [username] - displays the crontab file for a user" echo " check_crons --recent - count frequency of recent cron executions" echo " check_crons --full - print last 50000 lines of cron log sorted by user" echo } if [ -z $1 ]; then pusage exit; fi if [ "$1" == "--help" ];then pusage exit; fi if [ "$1" == "--full" ];then echo "Displaying the last 50000 lines of /var/log/cron sorted by user:" echo sudo tail -50000 /var/log/cron | sort -k6 exit; fi if [ "$1" == "--recent" ];then echo "Displaying users with the most cronjob executions as found in /var/log/cron:" echo sudo cat /var/log/cron | awk '{print $6}' | sort | uniq -c | sort -nk1 exit; fi if [ -z $2 ]; then SESSIONID=`date +%s` DETAILED=YES fi EMPTY=NO cat /var/spool/cron/$CHECKUSER 1> /tmp/.$SESSIONID 2> /dev/null || EMPTY=TRU if [ "$EMPTY" == "NO" ]; then echo echo -e "\033[40;37;2m RADS has detected these custom cron jobs currently enabled for this account \033[0m" if [ "$RADSCOLORS" == "off" ]; then echo -en "\033[0m" else echo -en "\033[29;30;1m" fi #displays crons cat /tmp/.$SESSIONID echo #clear colors echo -en "\033[0m" fi #no session ID was received earlier, we were invoked directly, lets display add'l history: if [ "$DETAILED" == "YES" ]; then echo -e "\033[40;37;2m Displaying cron execution history for user's scheduled jobs \033[0m" if [ "$RADSCOLORS" == "off" ]; then echo -e "\033[0m" else echo -e "\033[34;1m" fi grep $CHECKUSER /var/log/cron echo -ne "\033[0m" rm -f /tmp/.$SESSIONID fi