The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cron log analyzer to find abusers

Discussion in 'General Discussion' started by konrath, Jul 18, 2013.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello

    I wish a Cron log analyzer to find abusers;

    i.e.

    user 1 : run today 200 x cron
    user 2 : run today 187 x cron

    Anyone know?

    Thank you
    Konrath
     
  2. STS Admin

    STS Admin Well-Known Member

    Joined:
    Jul 8, 2012
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I don't think anyone has created this kind of plugin yet. But you can manually check /var/log/cron file for the cron logs.


     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can also review the cron jobs configured for each username in:

    Code:
    /var/spool/cron
    Each username has it's own file where it's cron jobs are stored.

    Thank you.
     
  4. bhd

    bhd Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    JNB ZA
    cPanel Access Level:
    Root Administrator
    I normally just

    tail -f /var/log/cron > somefile

    for 10-30 minutes, then go look at the file. Crons running like every 60 seconds are real easy to spot.
     
  5. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Thank you

    I find a solution. I will publish here today.

    Thank you
    Konrath
     
  6. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello

    My enslish id bad. Excuse-me.

    I'll try to explain. If you have questions, ask me.

    This script is adapted from
    -------------------------

    Linux: Localizar e excluir linhas repetidas em um arquivo texto [Shell Script]

    Code ( my code adapted )

    See below how to use.


    -----------------------------------

    Code:
    #!/bin/bash
    # limpa_duplicados - Copyright (C) 2009 Gabriel Fernandes <gabriel@duel.com.br>
     
    if [ ! -f "$1" ] ; then
      echo ""
      echo "limpa_duplicados - Copyright (C) 2009 Gabriel Fernandes"
      echo ""
      echo "Use: $0 /caminho/do/arquivo caracteres inicio"
      echo ""
      echo "Parametros:"
      echo "/caminho/do/arquivo = Caminho completo do arquivo;"
      echo "caracteres = Quantidade de caracteres que compoem a chave da linha (opcional, padrao=450);"
      echo "inicio = Posicao inicial da chave, comecando em 0 - ZERO (opcional, padrao=0);"
      echo ""
      echo "Exemplo: $0 arquivo.txt 450 0"
      echo ""
      echo "Precisa de ajuda? Fale comigo!"
      echo "gabriel@duel.com.br"
      echo ""
      exit 1
    fi
     
    # Recebe caminho completo do arquivo para processar
    ARQUIVO=$1
    ARQUIVO_SAIDA="$ARQUIVO-SAIDA"
    ARQUIVO_SAIDA2="$ARQUIVO-SAIDA2"
    ARQUIVO_DUPLICADOS="$ARQUIVO-DUPLICADOS"
    # Recebe parametros da chave
    CARACTERES=$2
    INICIO=$3
     
    # apaga arquivo antigos ja processados
    rm -rf "$ARQUIVO-SAIDA" "$ARQUIVO-DUPLICADOS"
    # faz backup do arquivo original
    cp "$ARQUIVO" "$ARQUIVO-ORIGINAL"
     
    # Conta quantidade linha para processar
    NUM_LINHAS=$(cat $ARQUIVO | wc -l)
    let NUM_LINHAS++
     
    # Inicia contadores
    CONT_LINHAS_DUPLICADAS="0"
    CONT_LINHAS_SAIDA="0"
    CONT_LINHAS_PROCESSADAS="1"
     
    while read LINHA ; do
      # Carrega os primeiros X caracteres da linha, aqui neste ponto voce pode arrumar a precisao do teste
      # aumentando ou diminuindo a quantidade de caracteres a ser testado na linha, o padrão quando omisso eh 450
      if [ ! -f "$2" ] || [ ! -f "$3" ]; then
        LINHA_ATUAL=${LINHA:0:450}
      else
        LINHA_ATUAL=${LINHA:$INICIO:$CARACTERES}
      fi
     
      # Verifica quantas vezes esta linha foi encontrada no arquivo
      QTDE_LINHAS_LOCALIZADAS_ORIGINAL=$(grep "$LINHA_ATUAL" $ARQUIVO | wc -l)
    
       echo "$QTDE_LINHAS_LOCALIZADAS_ORIGINAL" "$LINHA" >> $ARQUIVO_SAIDA2
     
      if [ "$QTDE_LINHAS_LOCALIZADAS_ORIGINAL" == "1" ]; then
        let CONT_LINHAS_SAIDA++
        echo "$QTDE_LINHAS_LOCALIZADAS_ORIGINAL" "$LINHA" >> $ARQUIVO_SAIDA
     
      else
        # Verifica se a linha repetida ja esta no arquivo novo
        QTDE_LINHAS_LOCALIZADAS_NOVO=$(grep "$LINHA_ATUAL" $ARQUIVO_SAIDA | wc -l)
        if [ "$QTDE_LINHAS_LOCALIZADAS_NOVO" == "0" ]; then
          let CONT_LINHAS_DUPLICADAS++
          let CONT_LINHAS_SAIDA++
          echo "$LINHA" >> $ARQUIVO_SAIDA
          echo "$LINHA" >> $ARQUIVO_DUPLICADOS
        fi
      fi
     
      let CONT_LINHAS_PROCESSADAS++
      clear
      echo "Processando arquivo: $ARQUIVO"
      echo "Registro:$CONT_LINHAS_PROCESSADAS de $NUM_LINHAS"
      echo "Normal:$CONT_LINHAS_SAIDA Duplo:$CONT_LINHAS_DUPLICADAS"
     
    done < $ARQUIVO
     
      echo "Processado arquivo: $ARQUIVO" > $ARQUIVO-LOG
      echo "Registro:$CONT_LINHAS_PROCESSADAS de $NUM_LINHAS" >> $ARQUIVO-LOG
      echo "Normal:$CONT_LINHAS_SAIDA Duplo:$CONT_LINHAS_DUPLICADAS" >> $ARQUIVO-LOG

    -----------------------------------


    1) Create file limpa_duplicados.sh and put this code and save in root
    2) Change permission to 755
    3) Make download of cron file to your computer ( /var/log/cron )
    4) Open in MS EXCEL and use : to separate in cells
    5) Copy collun of real cron to notepad and save as cron.txt

    Final result: I.E. of file cron.txt

    (root) CMD (/usr/local/cpanel/scripts/monitornginxvhost > /dev/null 2>&1 )
    (root) CMD (perl /usr/local/stop/stop >/dev/null 2>&1)
    (new) CMD (php /home/new/.rvsitebuilder/rvscronjobctrl.php)
    (root) CMD (/usr/local/cpanel/scripts/monitornginxvhost > /dev/null 2>&1 )
    (root) CMD (perl /usr/local/stop/stop >/dev/null 2>&1)
    (megaclic) CMD (php -f /home/megaclic/public_html/cron/cron.php )
    (sucessbr) CMD (wget -q -O /dev/null http
    (junior) CMD (php -f /home/junior/public_html/marketing/admin/cron/cron.php)
    (square) CMD (/usr/bin/php -f /home/square/public_html/emarket/admin/cron/cron.php)
    (aragov) CMD (wget -q -O /dev/null http


    6) Upload the file to your server and move to root
    7) Run ./limpa_duplicados.sh cron.txt 450 0

    wait to finsh


    8) After finish, view the files generated

    In particular file

    cron.txt-SAIDA2

    Rename this file to cron2.txt ( mv cron.txt-SAIDA2 to cron2.txt )


    9) Run again the script but now to cron2.txt

    Run ./limpa_duplicados.sh cron2.txt 450 0

    10) View all abusers in

    cron2.txt-DUPLICADOS


    Thank you
    Konrath
     
    #6 konrath, Jul 19, 2013
    Last edited by a moderator: Jul 22, 2013
  7. Archmactrix

    Archmactrix Well-Known Member

    Joined:
    Jan 20, 2012
    Messages:
    132
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    In my weekly Logwatch report I get a list of cron commands run for every user, root included, and how often the commands were run.
     
Loading...

Share This Page