Tree - source-git/logwatch - CentOS Git server

source-git / logwatch

Blame scripts/services/openvpn

Blob History Raw

Packit	57988d	`##########################################################################`
Packit	57988d	`# $Id$`
Packit	57988d	`##########################################################################`
Packit	57988d
Packit	57988d	`########################################################`
Packit	57988d	`# The openvpn script was written by:`
Packit	57988d	`# Jim Richardson <develop@aidant.net>`
Packit	57988d	`########################################################`
Packit	57988d
Packit	57988d	`#####################################################`
Packit	57988d	`## Copyright (c) 2008 Jim Richardson`
Packit	57988d	`## Covered under the included MIT/X-Consortium License:`
Packit	57988d	`## http://www.opensource.org/licenses/mit-license.php`
Packit	57988d	`## All modifications and contributions by other persons to`
Packit	57988d	`## this script are assumed to have been donated to the`
Packit	57988d	`## Logwatch project and thus assume the above copyright`
Packit	57988d	`## and licensing terms. If you want to make contributions`
Packit	57988d	`## under your own copyright or a different license this`
Packit	57988d	`## must be explicitly stated in the contribution an the`
Packit	57988d	`## Logwatch project reserves the right to not accept such`
Packit	57988d	`## contributions. If you have made significant`
Packit	57988d	`## contributions to this script and want to claim`
Packit	57988d	`## copyright please contact logwatch-devel@lists.sourceforge.net.`
Packit	57988d	`#########################################################`
Packit	57988d
Packit	57988d	`use strict;`
Packit	57988d	`my $Debug = $ENV{'LOGWATCH_DEBUG'};`
Packit	57988d	`my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};`
Packit	57988d	`my %Auth;`
Packit	57988d	`my %ConnErrors;`
Packit	57988d	`my %ConnectCauseDrop;`
Packit	57988d	`my %Connections;`
Packit	57988d	`my %Crypt;`
Packit	57988d	`my %Error;`
Packit	57988d	`my %IncorrectPassword;`
Packit	57988d	`my $MaxClients;`
Packit	57988d	`my $MaxConn;`
Packit	57988d	`my %OtherList;`
Packit	57988d	`my %PluginCallFailure;`
Packit	57988d	`my %PluginCallOK;`
Packit	57988d	`my %VerifyList;`
Packit	57988d	`my %VersionInfo;`
Packit	57988d
Packit	57988d	`if ( $Debug >= 5 ) {`
Packit	57988d	`print STDERR "\n\nDEBUG \n\n";`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`while (defined(my $ThisLine = <STDIN>)) {`
Packit	57988d	`chomp($ThisLine);`
Packit	57988d
Packit	57988d	`# normalise - this could possibly be used for more detailed per host statistics`
Packit	57988d	`# further down`
Packit	57988d	`$ThisLine =~ s/^([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //;`
Packit	57988d	`$ThisLine =~ s/^([\S]+)\/([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //;`
Packit	57988d
Packit	57988d	`if (`
Packit	57988d	`($ThisLine =~ /Inactivity timeout $--ping-restart$, restarting/) or`
Packit	57988d	`($ThisLine =~ /^\/sbin\//) or`
Packit	57988d	`($ThisLine =~ /^Attempting to establish TCP connection with [\d.]+:\d+/) or`
Packit	57988d	`($ThisLine =~ /^Closing TUN\/TAP interface/) or`
Packit	57988d	`($ThisLine =~ /^Connection reset, restarting \[\d+\]/) or`
Packit	57988d	`($ThisLine =~ /^Control Channel Authentication/) or`
Packit	57988d	`($ThisLine =~ /^Control Channel MTU parms/) or`
Packit	57988d	`($ThisLine =~ /CRL CHECK OK: \/.*\//) or`
Packit	57988d	`($ThisLine =~ /^Data Channel MTU parms/) or`
Packit	57988d	`($ThisLine =~ /^Delayed exit in \d+ seconds/) or`
Packit	57988d	`($ThisLine =~ /^Diffie-Hellman initialized/) or`
Packit	57988d	`($ThisLine =~ /^event_wait : Interrupted system call $code=\d+$/) or`
Packit	57988d	`($ThisLine =~ /^Exiting/) or`
Packit	57988d	`($ThisLine =~ /^Expected Remote Options/) or`
Packit	57988d	`($ThisLine =~ /^GID set to/) or`
Packit	57988d	`($ThisLine =~ /^IFCONFIG POOL/) or`
Packit	57988d	`($ThisLine =~ /^IMPORTANT: OpenVPN's default port number is now 1194/) or`
Packit	57988d	`($ThisLine =~ /^Initialization Sequence Completed/) or`
Packit	57988d	`($ThisLine =~ /^Listening for incoming TCP connection on \S+:\d+/) or`
Packit	57988d	`($ThisLine =~ /^LZO compression initialized/) or`
Packit	57988d	`($ThisLine =~ /^Local Options hash/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: Learn:/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: multi_init called/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: multi_create_instance called/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: primary virtual IP for/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: TCP INIT maxclients=\d+ maxevents=\d+/) or`
Packit	57988d	`($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or`
Packit	57988d	`($ThisLine =~ /^MULTI_sva: pool returned IPv4=/) or`
Packit	57988d	`($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or`
Packit	57988d	`($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or`
Packit	57988d	`($ThisLine =~ /OpenVPN .* built on [A-Z][a-z]{2} [ 12]?[0-9] [0-9]{4}/) or`
Packit	57988d	`($ThisLine =~ /^OPTIONS IMPORT/) or`
Packit	57988d	`($ThisLine =~ /^PLUGIN_CALL: plugin function /) or`
Packit	57988d	`($ThisLine =~ /^PLUGIN_INIT: POST .* intercepted=/) or`
Packit	57988d	`($ThisLine =~ /^Preserving previous TUN\/TAP instance: \w+/) or`
Packit	57988d	`($ThisLine =~ /^PUSH: Received control message/) or`
Packit	57988d	`($ThisLine =~ /^Re-using pre-shared static key/) or`
Packit	57988d	`($ThisLine =~ /^Re-using SSL\/TLS context/) or`
Packit	57988d	`($ThisLine =~ /read UDPv4 \[.\]: No route to host $code=[0-9]$/) or`
Packit	57988d	`($ThisLine =~ /^Restart pause, \d+ second$s$/) or`
Packit	57988d	`($ThisLine =~ /^ROUTE_GATEWAY/) or`
Packit	57988d	`($ThisLine =~ /^send_push_reply/) or`
Packit	57988d	`($ThisLine =~ /^SENT CONTROL/) or`
Packit	57988d	`($ThisLine =~ /^SIGTERM\[hard,[^\]]*\] received, process exiting/) or`
Packit	57988d	`($ThisLine =~ /^SIGUSR1\[soft,(connection-reset\|ping-restart)\] received, (process\|client-instance) restarting/) or`
Packit	57988d	`($ThisLine =~ /Socket Buffers: R=\[[0-9]+->[0-9]+\] S=\[[0-9]+->[0-9]+\]/) or`
Packit	57988d	`($ThisLine =~ /^TCP\/UDP: Closing socket/) or`
Packit	57988d	`($ThisLine =~ /^TCP\/UDP: Dynamic remote address changed during TCP connection establishment/) or`
Packit	57988d	`($ThisLine =~ /^TCP connection established with [\d.]+:\d+/) or`
Packit	57988d	`($ThisLine =~ /^TCPv\d_(CLIENT\|SERVER) link (local\|remote)/) or`
Packit	57988d	`($ThisLine =~ /^TLS-Auth MTU parms/) or`
Packit	57988d	`($ThisLine =~ /^TLS: Initial packet from/) or`
Packit	57988d	`($ThisLine =~ /^TLS: soft reset/) or`
Packit	57988d	`($ThisLine =~ /^TLS: tls_process: killed expiring key$/) or`
Packit	57988d	`($ThisLine =~ /^TLS: move_session: dest=.* src=.* reinit_src=[0-9]*/) or`
Packit	57988d	`($ThisLine =~ /^TLS: tls_multi_process: untrusted session promoted to (semi-)?trusted/) or`
Packit	57988d	`($ThisLine =~ /TLS: tls_multi_process: killed expiring key/) or`
Packit	57988d	`($ThisLine =~ /^TLS: new session incoming connection from .*/) or`
Packit	57988d	`($ThisLine =~ /TLS Error: TLS object -> incoming plaintext read error/) or`
Packit	57988d	`($ThisLine =~ /TLS ERROR: received control packet with stale session-id=.*/) or`
Packit	57988d	`($ThisLine =~ /^TUN\/TAP device \w+ opened/) or`
Packit	57988d	`($ThisLine =~ /TUN\/TAP TX queue length set to [0-9]*/) or`
Packit	57988d	`($ThisLine =~ /^UDPv4 link /) or`
Packit	57988d	`($ThisLine =~ /^UID set to/) or`
Packit	57988d	`($ThisLine =~ /^VERIFY OK: nsCertType=\w+/) or`
Packit	57988d	`($ThisLine =~ /^chroot to /) or`
Packit	57988d	`($ThisLine =~ /^LDAP bind failed: Invalid credentials$/) or`
Packit	57988d	`($ThisLine =~ /Authenticate\/Decrypt packet error: bad packet ID $may be a replay$: \[ #.* \] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings/)`
Packit	57988d	`) {`
Packit	57988d	`# Don't care about these...`
Packit	57988d	`} elsif (my ($status, $depth, $dn) = ( $ThisLine =~ /^VERIFY (.): depth=(.), (.*)/ )) {`
Packit	57988d
Packit	57988d	`#VERIFY OK: depth=0, /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s)`
Packit	57988d	`$VerifyList{"status: $status depth: $depth DN: $dn"}++;`
Packit	57988d	`} elsif (my ($status, $dn) = ( $ThisLine =~ /^VERIFY X509NAME (.): (.)/ )) {`
Packit	57988d	`#VERIFY X509NAME OK: /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster@aidant.net: 23 Time(s)`
Packit	57988d	`$VerifyList{"status: $status X509Name DN: $dn"}++;`
Packit	57988d	`} elsif (my ($status, $dn) = ( $ThisLine =~ /^CRL CHECK (.): (.)/ )) {`
Packit	57988d
Packit	57988d	`#CRL CHECK OK: C=US, ST=CO, L=Boulder, O=NWRA, OU=Boulder, CN=user, name=root, emailAddress=xxxx@xxxx.xxx`
Packit	57988d	`$VerifyList{"CRL check status: $status DN: $dn"}++;`
Packit	57988d	`} elsif ($ThisLine =~ /^TLS: Username\/Password authentication/) {`
Packit	57988d	`$VerifyList{$ThisLine}++;`
Packit	57988d	`} elsif ($ThisLine =~ /^Incorrect password supplied for .* "(.*)"/) {`
Packit	57988d	`$IncorrectPassword{$1}++;`
Packit	57988d	`} elsif ($ThisLine =~ m/^MULTI: new incoming connection would exceed maximum number of clients/) {`
Packit	57988d	`$MaxClients++;`
Packit	57988d	`} elsif ($ThisLine =~ m/^OpenVPN [\d.]+ [\w-]+ [\[\]\w ]+ built on [\w]+ +[\d]+ [\d]+$/) {`
Packit	57988d	`$VersionInfo{$ThisLine} = 1;`
Packit	57988d	`} elsif (my ($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)/)) {`
Packit	57988d	`push (@{$Connections{$config}{$peer}}, $port) unless grep(/^$port$/,@{$Connections{$config}{$peer}});`
Packit	57988d	`} elsif (my ($peer, $port) = ($ThisLine =~ m/^Peer Connection Initiated with [^\d]*([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)/)) {`
Packit	57988d	`push (@{$Connections{"client"}{$peer}}, $port) unless grep(/^$port$/,@{$Connections{"client"}{$peer}});`
Packit	57988d	`} elsif (my ($dir, $channel, $bits, $algo) = ($ThisLine =~ /^(Incoming\|Outgoing) (Control Channel) Authentication: Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {`
Packit	57988d	`$Auth{$channel}{$dir}{"$bits $algo"}++;`
Packit	57988d	`} elsif (my ($channel, $dir, $bits, $algo) = ($ThisLine =~ /^(Data Channel) (Encrypt\|Decrypt): Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {`
Packit	57988d	`$Auth{$channel}{$dir}{"$bits $algo"}++;`
Packit	57988d	`} elsif (my ($channel, $proto, $cipher) = ($ThisLine =~ /^(Control Channel): (\w+), cipher (.+)/)) {`
Packit	57988d	`$Crypt{$channel}{$proto}{$cipher}++;`
Packit	57988d	`} elsif (my ($channel, $dir, $algo, $bits) = ($ThisLine =~ /^(Data Channel) (Encrypt\|Decrypt): Cipher '(\S+)' initialized with ([\d]+ bit) key/)) {`
Packit	57988d	`$Crypt{$channel}{$dir}{"$bits $algo"}++;`
Packit	57988d	`} elsif (my ($proto, $host, $port, $error) = ($ThisLine =~ /^(TCP\|UDP): connect to ([\d.]+):(\d+) failed, will try again in \d+ seconds: (.*)/)) {`
Packit	57988d	`$ConnErrors{$error}{"$proto $host:$port"}++;`
Packit	57988d	`} elsif (my ($proto, $error) = ($ThisLine =~ /^read (\w+)_SERVER \[\]: (.*)/)) {`
Packit	57988d	`$ConnErrors{$error}{"$proto"}++;`
Packit	57988d	`} elsif (my ($name) = ($ThisLine =~ /MULTI: new connection by client '(.*)' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect./)) {`
Packit	57988d	`$ConnectCauseDrop{$name}++;`
Packit	57988d	`} elsif ((my ($Err) = ($ThisLine =~ /(read UDPv4 \[ECONNREFUSED\]: Connection refused $code=111$)/)) or`
Packit	57988d	`(my ($Err) = ($ThisLine =~ /(read UDPv4 \[EHOSTUNREACH\]: No route to host $code=113$)/))) {`
Packit	57988d	`$Error{$Err}++;`
Packit	57988d	`} elsif (my ($plugin,$call,$status) = ($ThisLine =~ /^PLUGIN_CALL: POST (.)\/(PLUGIN_.) status=(.*)/)) {`
Packit	57988d	`if ($status == 0) {`
Packit	57988d	`$PluginCallOK{$plugin}{$call}++;`
Packit	57988d	`} else {`
Packit	57988d	`$PluginCallFailure{$plugin}{$call}++;`
Packit	57988d	`}`
Packit	57988d	`} else {`
Packit	57988d	`# Report any unmatched entries...`
Packit	57988d	`# remove PID from named messages`
Packit	57988d	`#$ThisLine =~ s/^(client [.0-9]+)\S+/$1/;`
Packit	57988d	`$OtherList{$ThisLine}++;`
Packit	57988d	`}`
Packit	57988d	`#$LastLine = $ThisLine;`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`################################################`
Packit	57988d
Packit	57988d
Packit	57988d	`if(keys %ConnErrors) {`
Packit	57988d	`print "Connection Errors:\n";`
Packit	57988d	`foreach my $error (sort keys %ConnErrors) {`
Packit	57988d	`print " $error:\n";`
Packit	57988d	`foreach my $host (sort keys %{$ConnErrors{$error}}) {`
Packit	57988d	`print " $host: ".$ConnErrors{$error}{$host}." Time(s)\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %IncorrectPassword) {`
Packit	57988d	`print "\nIncorrect Password\n";`
Packit	57988d	`foreach my $DN (sort {$a cmp $b} keys %IncorrectPassword) {`
Packit	57988d	`print " $DN: $IncorrectPassword{$DN} Time(s)\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %VerifyList) {`
Packit	57988d	`print "\nVerify\n";`
Packit	57988d	`foreach my $line (sort {$a cmp $b} keys %VerifyList) {`
Packit	57988d	`print " $line: $VerifyList{$line} Time(s)\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if ($MaxClients) {`
Packit	57988d	`print "\nMaximum Number of Clients reached $MaxClients Time(s)\n";`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %Connections) {`
Packit	57988d	`print "\nConnections:";`
Packit	57988d	`foreach my $config (sort keys %Connections) {`
Packit	57988d	`print "\n Configuration $config:";`
Packit	57988d	`foreach my $peer (sort keys %{$Connections{$config}}) {`
Packit	57988d	`my $ports = $Connections{$config}{$peer};`
Packit	57988d	`print "\n $peer connected " . ($#{$ports} + 1) . " Time(s), Ports:";`
Packit	57988d	`for (my $i = 0; $i <= $#{$ports}; $i++) {`
Packit	57988d	`print "\n " if (($i + 16) % 20 == 0);`
Packit	57988d	`print " $$ports[$i]";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %Auth and $Detail >= 10) {`
Packit	57988d	`print "\nCiphers used for Authentication:";`
Packit	57988d	`foreach my $channel (sort keys %Auth) {`
Packit	57988d	`print "\n $channel:";`
Packit	57988d	`foreach my $dir (sort keys %{$Auth{$channel}}) {`
Packit	57988d	`print "\n $dir:";`
Packit	57988d	`foreach my $algo (sort keys %{$Auth{$channel}{$dir}}) {`
Packit	57988d	`print "\n $algo used $Auth{$channel}{$dir}{$algo} Time(s)";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %Crypt and $Detail >= 10) {`
Packit	57988d	`print "\nCiphers used for Encryption:";`
Packit	57988d	`foreach my $channel (sort keys %Crypt) {`
Packit	57988d	`print "\n $channel:";`
Packit	57988d	`foreach my $dir (sort keys %{$Crypt{$channel}}) {`
Packit	57988d	`print "\n $dir:";`
Packit	57988d	`foreach my $algo (sort keys %{$Crypt{$channel}{$dir}}) {`
Packit	57988d	`print "\n $algo used $Crypt{$channel}{$dir}{$algo} Time(s)";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %VersionInfo) {`
Packit	57988d	`print "\nVersion Information:\n";`
Packit	57988d	`foreach my $vers (sort keys %VersionInfo) {`
Packit	57988d	`print " $vers\n"`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %ConnectCauseDrop) {`
Packit	57988d	`print "\n Previous active sessions of the same client dropped upon new connection:\n";`
Packit	57988d	`foreach my $name (sort keys %ConnectCauseDrop) {`
Packit	57988d	`print " client $name: $ConnectCauseDrop{$name} Time(s)\n"`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %Error) {`
Packit	57988d	`print "\n UDPv4 errors:\n";`
Packit	57988d	`foreach my $Err (sort keys %Error) {`
Packit	57988d	`print " " . $Err . ": " .$Error{$Err}. " Time(s)\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %PluginCallFailure) {`
Packit	57988d	`print "\nPlugin Call Failures:";`
Packit	57988d	`foreach my $plugin (sort keys %PluginCallFailure) {`
Packit	57988d	`print "\n Plugin $plugin:";`
Packit	57988d	`foreach my $call (sort keys %{$PluginCallFailure{$plugin}}) {`
Packit	57988d	`my $times = $PluginCallFailure{$plugin}{$call};`
Packit	57988d	`print "\n $call failed $PluginCallFailure{$plugin}{$call} Time(s)";`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %PluginCallOK and $Detail >= 5) {`
Packit	57988d	`print "\nPlugin Call OK:";`
Packit	57988d	`foreach my $plugin (sort keys %PluginCallOK) {`
Packit	57988d	`print "\n Plugin $plugin:";`
Packit	57988d	`foreach my $call (sort keys %{$PluginCallOK{$plugin}}) {`
Packit	57988d	`my $times = $PluginCallOK{$plugin}{$call};`
Packit	57988d	`print "\n $call succeeded $PluginCallOK{$plugin}{$call} Time(s)";`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %OtherList) {`
Packit	57988d	`print "\nUnmatched Entries\n";`
Packit	57988d	`foreach my $line (sort {$a cmp $b} keys %OtherList) {`
Packit	57988d	`print " $line: $OtherList{$line} Time(s)\n";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`exit(0);`
Packit	57988d
Packit	57988d
Packit	57988d	`# vi: shiftwidth=3 tabstop=3 syntax=perl et`
Packit	57988d	`# Local Variables:`
Packit	57988d	`# mode: perl`
Packit	57988d	`# perl-indent-level: 3`
Packit	57988d	`# indent-tabs-mode: nil`
Packit	57988d	`# End:`

source-git / logwatch

Source Code

Blame scripts/services/openvpn