2002-12-15 22:08:13 +08:00
|
|
|
#!/usr/bin/perl -wT
|
2002-11-29 19:01:44 +08:00
|
|
|
#
|
2002-12-10 21:17:16 +08:00
|
|
|
# ==========================================================================
|
|
|
|
#
|
|
|
|
# Zone Minder Audit Script, $Date$, $Revision$
|
|
|
|
# Copyright (C) 2002 Philip Coombes
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
#
|
|
|
|
# ==========================================================================
|
|
|
|
#
|
2002-11-29 19:01:44 +08:00
|
|
|
# This script checks for consistency between the event filesystem and
|
|
|
|
# the database. If events are found in one and not the other they are
|
|
|
|
# deleted (optionally). Additionally any monitor event directories that
|
|
|
|
# do not correspond to a database monitor are similarly disposed of.
|
|
|
|
# However monitors in the database that don't have a directory are left
|
|
|
|
# alone as this is valid if they are newly created and have no events
|
|
|
|
# yet.
|
|
|
|
#
|
|
|
|
|
2002-12-10 21:33:18 +08:00
|
|
|
# ==========================================================================
|
|
|
|
#
|
|
|
|
# These are the elements you need to edit to suit your installation
|
|
|
|
#
|
|
|
|
# ==========================================================================
|
|
|
|
use constant DB_NAME => "zm";
|
|
|
|
use constant DB_USER => "zmadmin";
|
|
|
|
use constant DB_PASS => "zmadminzm";
|
|
|
|
use constant EVENT_PATH => "/data/zm/events";
|
2002-12-15 22:08:13 +08:00
|
|
|
use constant AUDIT_LOG_FILE => '/tmp/zmaudit.log';
|
2002-12-10 21:33:18 +08:00
|
|
|
|
|
|
|
# ==========================================================================
|
|
|
|
#
|
|
|
|
# You shouldn't need to change anything from here downwards
|
|
|
|
#
|
|
|
|
# ==========================================================================
|
|
|
|
|
2002-11-29 19:01:44 +08:00
|
|
|
use strict;
|
|
|
|
use DBI;
|
|
|
|
use Getopt::Long;
|
|
|
|
use Term::ReadKey;
|
|
|
|
|
|
|
|
$| = 1;
|
|
|
|
|
|
|
|
my $report = 0;
|
|
|
|
my $yes = 0;
|
|
|
|
my $delay = 0;
|
|
|
|
|
|
|
|
sub usage
|
|
|
|
{
|
|
|
|
print( "
|
|
|
|
Usage: zme.pl [-r,-report|-y,-yes] [-d <seconds>,-delay=<seconds>]
|
|
|
|
Parameters are :-
|
|
|
|
-r, --report - Just report don't actually do anything
|
|
|
|
-y, --yes - Just do all actions without confirmation
|
2002-12-14 07:23:24 +08:00
|
|
|
-d <seconds>, --delay=<seconds> - how long to delay between each pass, the default of 0 means run once only.
|
2002-11-29 19:01:44 +08:00
|
|
|
");
|
|
|
|
exit( -1 );
|
|
|
|
}
|
|
|
|
|
|
|
|
sub confirm
|
|
|
|
{
|
|
|
|
my $yesno = $yes?1:0;
|
|
|
|
if ( $report )
|
|
|
|
{
|
|
|
|
print( "\n" );
|
|
|
|
}
|
|
|
|
elsif ( $yes )
|
|
|
|
{
|
|
|
|
print( ", deleting\n" );
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
print( ", delete y/n: " );
|
|
|
|
my $char = ReadKey( 0 );
|
|
|
|
#print( "C:'".ord($char)."'\n" );
|
|
|
|
if ( $char eq 'q' )
|
|
|
|
{
|
|
|
|
print( "\n" );
|
2002-12-15 22:08:13 +08:00
|
|
|
ReadMode( 'restore' );
|
2002-11-29 19:01:44 +08:00
|
|
|
exit( 0 );
|
|
|
|
}
|
|
|
|
if ( ord($char) == 10 )
|
|
|
|
{
|
|
|
|
$char = 'y';
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
print( "$char\n" );
|
|
|
|
}
|
|
|
|
if ( $char eq "a" )
|
|
|
|
{
|
|
|
|
$yes = 1;
|
|
|
|
return( 1 );
|
|
|
|
}
|
|
|
|
$yesno = ( $char =~ /[yY]/ );
|
|
|
|
}
|
|
|
|
return( $yesno );
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( !GetOptions( 'report'=>\$report, 'yes'=>\$yes, 'delay=i'=>\$delay ) )
|
|
|
|
{
|
|
|
|
usage();
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $report && $yes )
|
|
|
|
{
|
|
|
|
print( STDERR "Error, only one of --report and --yes may be specified\n" );
|
|
|
|
usage();
|
|
|
|
}
|
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
my $dbh = DBI->connect( "DBI:mysql:".DB_NAME, DB_USER, DB_PASS );
|
2002-12-10 21:33:18 +08:00
|
|
|
chdir( EVENT_PATH );
|
2002-12-15 22:08:13 +08:00
|
|
|
if ( !$yes && !$report )
|
|
|
|
{
|
|
|
|
ReadMode( 'cbreak' );
|
|
|
|
}
|
|
|
|
if ( !$delay ) # Background mode
|
|
|
|
{
|
|
|
|
open( LOG, ">>".AUDIT_LOG_FILE ) or die( "Can't open log file: $!" );
|
|
|
|
open( STDOUT, ">&LOG" ) || die( "Can't dup stdout: $!" );
|
|
|
|
select( STDOUT ); $| = 1;
|
|
|
|
open( STDERR, ">&LOG" ) || die( "Can't dup stderr: $!" );
|
|
|
|
select( STDERR ); $| = 1;
|
|
|
|
select( LOG ); $| = 1;
|
|
|
|
}
|
2002-12-14 07:23:24 +08:00
|
|
|
do
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
my $fs_monitors;
|
|
|
|
foreach my $monitor ( <*> )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Found filesystem monitor '$monitor'" );
|
|
|
|
my $fs_events = $fs_monitors->{$monitor} = {};
|
2002-12-15 22:08:13 +08:00
|
|
|
( my $monitor_dir ) = ( $monitor =~ /^(.*)$/ ); # De-taint
|
|
|
|
chdir( $monitor_dir );
|
2002-12-14 07:23:24 +08:00
|
|
|
foreach my $event ( <*> )
|
|
|
|
{
|
|
|
|
$fs_events->{$event} = !undef;
|
|
|
|
}
|
|
|
|
chdir( '..' );
|
|
|
|
print( ", got ".int(keys(%$fs_events))." events\n" );
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
my $db_monitors;
|
|
|
|
my $sql = "select * from Monitors order by Name";
|
|
|
|
my $sth = $dbh->prepare_cached( $sql ) or die( "Can't prepare '$sql': ".$dbh->errstr() );
|
|
|
|
my $sql2 = "select * from Events where MonitorId = ? order by Id";
|
|
|
|
my $sth2 = $dbh->prepare_cached( $sql2 ) or die( "Can't prepare '$sql2': ".$dbh->errstr() );
|
|
|
|
my $res = $sth->execute() or die( "Can't execute: ".$sth->errstr() );
|
|
|
|
while( my $monitor = $sth->fetchrow_hashref() )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Found database monitor '$monitor->{Name}'" );
|
|
|
|
my $db_events = $db_monitors->{$monitor->{Name}} = {};
|
|
|
|
my $res = $sth2->execute( $monitor->{Id} ) or die( "Can't execute: ".$sth2->errstr() );
|
|
|
|
while ( my $event = $sth2->fetchrow_hashref() )
|
|
|
|
{
|
|
|
|
$db_events->{$event->{Id}} = !undef;
|
|
|
|
}
|
|
|
|
print( ", got ".int(keys(%$db_events))." events\n" );
|
|
|
|
$sth2->finish();
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
2002-12-14 07:23:24 +08:00
|
|
|
$sth->finish();
|
2002-11-29 19:01:44 +08:00
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
while ( my ( $fs_monitor, $fs_events ) = each(%$fs_monitors) )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( my $db_events = $db_monitors->{$fs_monitor} )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( $fs_events )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
while ( my ( $fs_event, $val ) = each(%$fs_events ) )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( !$db_events->{$fs_event} )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Filesystem event '$fs_monitor/$fs_event' does not exist in database" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
my $command = "rm -rf ".EVENT_PATH."/$fs_monitor/$fs_event";
|
|
|
|
qx( $command );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2002-12-14 07:23:24 +08:00
|
|
|
else
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Filesystem monitor '$fs_monitor' does not exist in database" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
my $command = "rm -rf ".EVENT_PATH."/$fs_monitor";
|
|
|
|
qx( $command );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
my $sql3 = "delete from Monitors where Id = ?";
|
|
|
|
my $sth3 = $dbh->prepare_cached( $sql3 ) or die( "Can't prepare '$sql3': ".$dbh->errstr() );
|
|
|
|
my $sql4 = "delete from Events where Id = ?";
|
|
|
|
my $sth4 = $dbh->prepare_cached( $sql4 ) or die( "Can't prepare '$sql4': ".$dbh->errstr() );
|
|
|
|
my $sql5 = "delete from Frames where EventId = ?";
|
|
|
|
my $sth5 = $dbh->prepare_cached( $sql5 ) or die( "Can't prepare '$sql5': ".$dbh->errstr() );
|
|
|
|
my $sql6 = "delete from Stats where EventId = ?";
|
|
|
|
my $sth6 = $dbh->prepare_cached( $sql6 ) or die( "Can't prepare '$sql6': ".$dbh->errstr() );
|
|
|
|
while ( my ( $db_monitor, $db_events ) = each(%$db_monitors) )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( my $fs_events = $fs_monitors->{$db_monitor} )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( $db_events )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
while ( my ( $db_event, $val ) = each(%$db_events ) )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
if ( !$fs_events->{$db_event} )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Database event '$db_monitor/$db_event' does not exist in filesystem" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
my $res = $sth4->execute( $db_event ) or die( "Can't execute: ".$sth4->errstr() );
|
|
|
|
$res = $sth5->execute( $db_event ) or die( "Can't execute: ".$sth5->errstr() );
|
|
|
|
$res = $sth6->execute( $db_event ) or die( "Can't execute: ".$sth5->errstr() );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2002-12-14 07:23:24 +08:00
|
|
|
else
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Database monitor '$db_monitor' does not exist in filesystem" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
# We don't actually do this in case it's new
|
|
|
|
#my $res = $sth3->execute( $db_monitor ) or die( "Can't execute: ".$sth3->errstr() );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
my $sql7 = "select distinct EventId from Frames left join Events on Frames.EventId = Events.Id where isnull(Events.Id)";
|
|
|
|
my $sth7 = $dbh->prepare_cached( $sql7 ) or die( "Can't prepare '$sql7': ".$dbh->errstr() );
|
|
|
|
$res = $sth7->execute() or die( "Can't execute: ".$sth7->errstr() );
|
|
|
|
while( my $frame = $sth7->fetchrow_hashref() )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Found orphaned frame records for event '$frame->{EventId}'" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
$res = $sth5->execute( $frame->{EventId} ) or die( "Can't execute: ".$sth7->errstr() );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
|
|
|
|
2002-12-14 07:23:24 +08:00
|
|
|
my $sql8 = "select distinct EventId from Stats left join Events on Stats.EventId = Events.Id where isnull(Events.Id)";
|
|
|
|
my $sth8 = $dbh->prepare_cached( $sql8 ) or die( "Can't prepare '$sql8': ".$dbh->errstr() );
|
|
|
|
$res = $sth8->execute() or die( "Can't execute: ".$sth8->errstr() );
|
|
|
|
while( my $stat = $sth8->fetchrow_hashref() )
|
2002-11-29 19:01:44 +08:00
|
|
|
{
|
2002-12-14 07:23:24 +08:00
|
|
|
print( "Found orphaned statistic records for event '$stat->{EventId}'" );
|
|
|
|
if ( confirm() )
|
|
|
|
{
|
|
|
|
$res = $sth6->execute( $stat->{EventId} ) or die( "Can't execute: ".$sth8->errstr() );
|
|
|
|
}
|
2002-11-29 19:01:44 +08:00
|
|
|
}
|
2002-12-15 22:08:13 +08:00
|
|
|
sleep( $delay ) if ( $delay );
|
2002-12-14 07:23:24 +08:00
|
|
|
} while( $delay );
|
2002-12-15 22:08:13 +08:00
|
|
|
if ( !$yes && !$report )
|
|
|
|
{
|
|
|
|
ReadMode( 'restore' );
|
|
|
|
}
|