#!/bin/bash # Default values for the log file path and time threshold log_file="/var/log/nc_audit/suspicious_file_detector.log" allowed_time_diff=3600 # Default: 3600 seconds (1 hour) # Function to display usage usage() { echo "Usage: $0 [-f log_file] [-t allowed_time_difference_in_seconds]" exit 3 } # Parse command-line arguments while getopts "f:t:" opt; do case ${opt} in f) log_file="${OPTARG}" ;; t) allowed_time_diff="${OPTARG}" ;; *) usage ;; esac done # Check if the log file exists and is not empty if [[ ! -f "${log_file}" || ! -s "${log_file}" ]]; then echo "ERROR: Log file ${log_file} does not exist or is empty." exit 1 fi # Check the last modification time of the log file current_time=$(date +%s) file_mod_time=$(stat -c %Y "${log_file}") time_diff=$((current_time - file_mod_time)) if (( time_diff > allowed_time_diff )); then echo "CRITICAL!: Log file was modified more than $((allowed_time_diff / 60)) minutes ago." exit 2 fi # Get the last line of the log file last_line=$(tail -n 1 "$log_file") if [[ "${last_line}" == *"CRITICAL!"* ]]; then echo "${last_line}" exit 2 elif [[ "${last_line}" == *"WARNING"* ]]; then echo "${last_line}" exit 1 elif [[ "${last_line}" == *"OK!"* ]]; then echo "${last_line}" exit 0 else echo "UNKNOWN: ${last_line}" exit 3 fi