#!/usr/bin/perl
#------------------------------------------#
# seclog v0.1                (by dilusi0n) #
#------------------------------------------#
# This is a pretty basic log auditing tool #
# written in Perl, made for unix type sys- #
# tems. This program isn't hard to install #
# at all, just read the explanations next  #
# to the variables. I'm currently working  #
# on a wizard based install. If yur having #
# trouble installing, email me at the mail #
# address below.                           # 
#------------------------------------------#
# www.cr0nic.net       dilusi0n@cr0nic.net #
#------------------------------------------#
# After configuring the vars in this file, #
# be sure to set syslogd to log everything #
# to /var/log/messages, then, crontab dis  #
# file or something, whatever you'd like.  #
#------------------------------------------#

$mailcmd = "mail";      # The command to use to email.
$delcmd = "rm -f";      # The command to delete a file.
$grepcmd = "grep";      # The command for the grep tool.
$touchcmd = "touch";    # The command for touching files.
$localif = "eth0";      # The local interface of the sys.
$sysadmin = "root";     # The sysadmin (email or login).
$tmpdir = "/root";      # A temporary dir for seclog files.
$sppipch = "yes";       # Are you running ipchains firewall?


if ($ARGV[0] eq "-shouts") {
print "\n-seclog- by dilusi0n\n";
print "Shouts to: Azrael, ragnarox, meth, Bri4n, ^gLiTcH^, Axtrex,\n";
print "Tutor, xp0rnstar, Spikeman, Quixote, dlm21, jigz, slackee,\n";
print "fcjohn, cHRONIK, E-dub, script0r, llthangel, freix. If you\n";
print "are not in the list that means i forgot you. Get over it. ;p\n\n";
exit;
}

$date = localtime(time);
$ipaddy = `/sbin/ifconfig $localif | grep inet | cut -d : -f 2  | cut -b 1-14 | sed 's/ *//g' | sed 's/P*//g' | sed 's/-*//g' | 
sed 's/t*//g'`;
chop $ipaddy;

system("echo --- Failed Stuff > $tmpdir/seclog.failed.tmp");
system("cat /var/log/messages | grep ailed >> $tmpdir/seclog.failed.tmp");
system("cat /var/log/messages | grep FAILED >> $tmpdir/seclog.failed.tmp");
system("cat $tmpdir/seclog.failed.tmp > $tmpdir/seclog.tmp");
system("$delcmd $tmpdir/seclog.failed.tmp");

if ($sppipch eq "yes") {
system("echo \"\n\" > $tmpdir/seclog.ipchains.tmp");
system("echo --- IP Chains >> $tmpdir/seclog.ipchains.tmp");
system("cat /var/log/messages | grep Packet >> $tmpdir/seclog.ipchains.tmp");
system("cat $tmpdir/seclog.ipchains.tmp >> $tmpdir/seclog.tmp");
system("$delcmd $tmpdir/seclog.ipchains.tmp");
}

system("echo \"\n\" > $tmpdir/seclog.login.tmp");
system("echo --- Error Messages >> $tmpdir/seclog.error.tmp");
system("cat /var/log/messages | grep rror >> $tmpdir/seclog.error.tmp");
system("cat /var/log/messages | grep ERROR >> $tmpdir/seclog.error.tmp");
system("cat $tmpdir/seclog.error.tmp >> $tmpdir/seclog.tmp");
system("$delcmd $tmpdir/seclog.error.tmp");

system("echo \"\n\" > $tmpdir/seclog.login.tmp");
system("echo --- Login Stuff >> $tmpdir/seclog.login.tmp");
system("cat /var/log/messages | grep ogin >> $tmpdir/seclog.login.tmp");
system("cat $tmpdir/seclog.login.tmp >> $tmpdir/seclog.tmp");
system("$delcmd $tmpdir/seclog.login.tmp");

system("cat $tmpdir/seclog.tmp | $mailcmd -s \"-seclog- report for $ipaddy\" $sysadmin");
system("$delcmd $tmpdir/seclog.tmp");

system("$delcmd /var/log/messages | $touchcmd /var/log/messages");
exit;