#!/bin/sh
umask 077
if [ -s /var/log/alert ]
then
 if [ -O /var/spool/semaphores/mail_alert.sem ]
  then echo "Another $0 is running."; exit 0
 fi
touch /var/spool/semaphores/mail_alert.sem
chmod 600 /var/spool/semaphores/mail_alert.sem
ps -awxu > /var/log/alert_ps_list.log&
echo -ne "\n\nSecurity alert happend. User logins are temporary denied.\n\n" > /etc/nologin
###Two strings below are not yet working absolutely properly & are commented.
#echo -ne "\necho \"ftpd is disabled due to security alert. To enable edit rc.local\"" >> /etc/rc.d/rc.local
#echo -ne "\n\nkillall -9 ftpd" >> /etc/rc.d/rc.local
date
date >> /var/log/alert.happend.time
date >> /usr/local/games/alert.happend.time
cat /var/log/alert | mail olli@digger.org.ru
/usr/bin/killall -ALRM qmail-send
cat /var/log/alert | mail olli@grex.cyberspace.org
/usr/bin/killall -ALRM qmail-send
# It's usefull to have alert log also there.
cat /var/log/alert >> /var/log/alert.log
cat /var/log/alert.log | mail olli@grex.cyberspace.org
cat /var/log/alert.log | mail omail@vgsn.glasnet.ru
/usr/bin/killall -ALRM qmail-send
echo "Warinig. An alert happend w/ Ur kernel at vgsn.glasnet.ru,alert & security logs are copied to /usr/local/games/." | mail olli@grex.cyberspace.org -s "Security alert."
/usr/bin/killall -ALRM qmail-send
cat /var/log/alert >> /home/olli/alert
cat /var/log/alert >> /home/omail/alert
cat /var/log/alert >> /usr/local/games/alert
cp /var/log/btmp /usr/local/games/
cp /var/log/debug.log /usr/local/games/
cp /var/log/errors.log /usr/local/games/
cp /var/log/cron /usr/local/games/
cp /var/log/kernel.info.log /usr/local/games/
cp /var/log/kernel.warnings.log /usr/local/games/
cp /var/log/lastlog /usr/local/games/
cp /var/log/maillog /usr/local/games/
cp /var/log/messages /usr/local/games/
cp /var/log/mgetty.log.ttyS0 /usr/local/games/
cp /var/log/pacct /usr/local/games/
cp /var/log/ping.log /usr/local/games/
cp /var/log/secure /usr/local/games/
cp /var/log/wtmp /usr/local/games/
cp /var/log/xferlog /usr/local/games/
cp /var/log/httpd/error_log /usr/local/games/httpd
#Just not to repeat on next startup
cat /dev/null > /var/log/alert
#/bin/sleep 5s
/sbin/ifconfig eth0 down 2&1>/dev/null
/sbin/ifconfig ppp0 down 2&1>/dev/null
/sbin/ifconfig ppp1 down 2&1>/dev/null
/usr/bin/killall -9 pppd
/bin/rm -f /var/spool/semaphores/mail_alert.sem
/sbin/clock >> /var/log/alert.halt.time
/etc/rc.d/firewall/rc.firewall status | mail olli@grex.cyberspace.org -c olli@digger.org.ru -s "Security alert."
/etc/rc.d/firewall/rc.firewall status | mail olli@unix.kg -s "Security alert."
/sbin/clock >> /usr/local/games/alert.halt.time
#/sbin/lilo -R 2.0.37
/sbin/telinit 6
fi