#!/usr/bin/perl
##########################################################################
# $Id: proftpd-messages,v 1.2 1999/02/23 14:50:29 kirk Exp $
##########################################################################
# $Log: proftpd-messages,v $
# Revision 1.2  1999/02/23 14:50:29  kirk
# New proftpd module from Simon
#
# Revision 1.1  1999/02/23 01:28:20  kirk
# Added proftpd module by Simon Liddington <sjl96v@ecs.soton.ac.uk>.
#
##########################################################################

########################################################
# This was written and is maintained by:
#    Simon Liddington <sjl96v@ecs.soton.ac.uk>
#
# for use with Logwatch
#
# Logwatch was written and is maintained by:
#    Kirk  <kirk@kaybee.org>
#
########################################################

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
$IgnoreUnmatched = $ENV{'ftpd_ignore_unmatched'};

while (defined($ThisLine = <STDIN>)) {
    if ( ( $ThisLine =~ /^FTP session closed. $/ ) or
	 ( $ThisLine =~ /^(ANONYMOUS )?FTP login as \'.*\' from [^ ]+ \[.*\] to .*$/ ) or
	 ( $ThisLine =~ /^FTP no transfer time out, disconnected\. $/ ) or
	 ( $ThisLine =~ /^PAM\(.*\): Authentication failure $/ ) or
	 ( $ThisLine =~ /^FTP login timed out, disconnected\. $/ )   ) {
	# We don't care about these
    }				 
    elsif ( ($Host,$IP,$Email,) = ( $ThisLine =~ /^FTP session opened: ftp\/ftp (.*)\[(.*)\] (.*)$/ ) ) {
        $Temp = "   " . $Host . " (" . $IP . "): " . $Email . " - ";
	$AnonLogins{$Temp}++;
    }
    elsif ( ($User,$Host,$IP) = ( $ThisLine =~ /^FTP session opened: (.*\/.*) (.*)\[(.*)\] (.*)$/ ) ) {
	$Temp = "   " . $Host . " (" . $IP . "): " . $User . " - ";
	$UserLogins{$Temp}++;
    }
    elsif ( ($User) = ( $ThisLine =~ /^failed login, can\'t find user \'(.*)\' $/ ) ) {
	$Temp = "   " . "Unknown" . " (" . "Unknown.IP" . "): " . $User . " - ";
	$BadUsers{$Temp}++;
    }
    elsif ( ($User,$Host,$IP) = ( $ThisLine =~ /^USER (.*): no such user found from (.*) \[(.*)\] to .*$/ ) ) {
	$Temp = "   " . $Host . " (" . $IP . "): " . $User . " - ";
	$BadUsers{$Temp}++;
    }
    elsif ( ($User,$Host,$IP) = ( $ThisLine =~ /^USER (.*): incorrect password from (.*) \[(.*)\] to .*$/ ) ) {
	$Temp = "   " . $Host . " (" . $IP . "): " . $User . " - ";
	$BadPasswds{$Temp}++;
    }
    elsif ( ($Host,$Reason) = ( $ThisLine =~ /^refused PORT [0123456789,]+ from ([^ ]+) \((.*)\) $/ ) ) {
	$Temp = "   " . $Host . " (" . "Unknown.IP" . "): " . $Reason . " - ";
	$RefusedPorts{$Temp}++;
    }
#    elsif ( ($User,$Host,$IP,$File) = ( $ThisLine =~ /^([^ ]+) of ([^ ]*) \[(.*)\] deleted (.*)$/ ) ) {
#	$Temp = "   " . $Host . " (" . $IP . "): " . $User . "\n";
#	$Temp2 = "      " . $File . "\n";
#	push @{$DeletedFiles{$Temp}}, $Temp2;
#    }			 
    else {
	# Report any unmatched entries...
	push @OtherList,$ThisLine;
    }
}

if ( 
     ( (keys %AnonLogins) and ($Detail >= 5 ) ) or
     ( (keys %BadUsers) and ($Detail >= 5 ) ) or
     ( (keys %BadPasswds) and ($Detail >= 5 ) ) or
     ( (keys %DeletedFiles) and ($Detail >= 10 ) ) or
     ( (keys %RefusedPorts) and ($Detail >= 5 ) ) or
     ( @OtherList ) or
     ( keys %UserLogins )
     ) {		

    print "\n\n --------------------- proftpd-messages Begin ------------------------ \n";
    
    if ( (keys %AnonLogins) and ($Detail >= 5) ) {
	print "\nAnonymous FTP Logins:\n";
	foreach $ThisOne (keys %AnonLogins) {
	    print $ThisOne . $AnonLogins{$ThisOne} . " Time(s)\n";
	}
    }

    if ( (keys %DeletedFiles) and ($Detail >= 10) ) {
	print "\nFiles deleted through FTP:\n";
	foreach $ThisOne (keys %DeletedFiles) {
	    print $ThisOne;
	    print @{$DeletedFiles{$ThisOne}};
	}
    }

    if (keys %UserLogins) {
	print "\nUser FTP Logins:\n";
	foreach $ThisOne (keys %UserLogins) {
	    print $ThisOne . $UserLogins{$ThisOne} . " Time(s)\n";
	}
    }

    if ( ( (keys %BadUsers) or (keys %BadPasswds) ) and ($Detail >= 5) ) {
	print "\nFailed FTP Logins:\n";
	
	if ( (keys %BadUsers) and ($Detail >= 5) ) {
	    print "\n  Invalid Username:\n";
	    foreach $ThisOne (keys %BadUsers) {
	        print $ThisOne . $BadUsers{$ThisOne} . " Time(s)\n";
	    }
	}
    
	if ( (keys %BadPasswds) and ($Detail >= 5) ) {
	    print "\n  Incorrect Password:\n";
	    foreach $ThisOne (keys %BadPasswds) {
	        print $ThisOne . $BadPasswds{$ThisOne} . " Time(s)\n";
	    }
	}

    }
    
    if ( (keys %RefusedPorts) and ($Detail >= 5) ) {
        print "\nRefused PORTs:\n";
        foreach $ThisOne (keys %RefusedPorts) {
	    print $ThisOne . $RefusedPorts{$ThisOne} . " Time(s)\n";
	}
    }

    if (($#OtherList >= 0) and (not $IngoreUnmatched)){
	print "\n**Unmatched Entries**\n";
	print @OtherList;
    }

    print "\n\n ---------------------- proftpd-messages End ------------------------- \n\n";
    
}

exit(0);



