[ SEA-GHOST MINI SHELL]

Path : /proc/2/root/var/lib/zabbix/
FILE UPLOADER :
Current File : //proc/2/root/var/lib/zabbix/nginx500errors.sh

#!/bin/bash

lastMin="5"
LVL_WRN=$1
LVL_CRIT=$2

#logs="$(grep "$(date -d "$lastMin minutes ago" +"%d/%b/%Y:%H:%M:%S")" -A 999999 /var/log/nginx/access.log | grep "HTTP/1.1\" 500")"

logs="$(grep "$(date -d "$lastMin minutes ago" +"%d/%b/%Y:%H:%M:%S")" -A 999999 /var/log/apache2/access_log | grep "HTTP/1.1\" 500")"
logsCrit="$(echo "$logs" | grep " / HTTP/1.1\" 500\| /index.* HTTP/1.1\" 500" | grep -v " /index.*/.* HTTP/1.1\" 500" | grep -v "index.php?" | grep -v POST)"

vhostsCrit="$(echo "$logsCrit" | awk '{print $7}' | sort | uniq | sed 's/^www\.//')"

urlsCrit="$(echo "$logsCrit" | awk '{print $7$9}' | sort | uniq | sed ':a;N;$!ba;s/\n/, /g')"

usersCrit="$(echo "$vhostsCrit" | xargs -i grep {} /etc/userdomains | awk -F ": " '{print $2}' | sort | uniq | sed ':a;N;$!ba;s/\n/, /g')"

userCount="$(wc -w <<< "$usersCrit")"

if  (($userCount >= $LVL_CRIT )); then
    echo "CRITICAL: $userCount user(s) affected: $usersCrit; $urlsCrit over the past $lastMin min"
elif (( $userCount >= $LVL_WRN )); then
    echo "WARNING: $userCount user(s) affected: $usersCrit; $urlsCrit over the past $lastMin min"
elif (( $userCount < $LVL_WRN )); then
    echo "OK: There is no HTTP 500 responses for / or /index* over the past $lastMin min in access log"
else
    echo "INFO: something goes wrong"
fi

SEA-GHOST - SHELL CODING BY SEA-GHOST