tonejito/audit-apache-procs

## audit-apache-procs
#!/bin/bash

# Create and change to ${TMP_DIR}
TMP_DIR=${HOME}/tmp
test -e ${TMP_DIR} || mkdir -vp ${TMP_DIR}
cd ${TMP_DIR}

# Output files in ${TMP_DIR}
PS_FILE=ps.log
NETSTAT_FILE=netstat.log
APACHE_PROCS=apache_procs.log
OUT_FILE=apache_audit.log

# Get current process status
ps auwfx | \
tee ${PS_FILE} | \
grep -v grep | \
egrep 'www-data|/usr/sbin/apache2' \
> ${APACHE_PROCS}

# Get current network status
netstat -natupeolw > ${NETSTAT_FILE}

# Get all apache procs
APACHE_PIDS=$(awk {'print $2'} < ${APACHE_PROCS})

# Headers and separators
SEP="#-------"
SEPARATOR="################################################################################"
PS_HEADER="$(head -n 1 ${PS_FILE})"
NETSTAT_HEADER="$(sed -n '2p' ${NETSTAT_FILE})"

# Print global status
(
  printf "\n%s\n" "${SEPARATOR}"

  printf "\n#	%s\n\n" "ps auwfx"

  cat ${PS_FILE}

  printf "\n#	%s\n\n" "ps auwfx | egrep 'www-data|apache2'"

  cat ${APACHE_PROCS}

  printf "\n#	%s\n\n" "netstat -natupeolw"

  cat ${NETSTAT_FILE}

  printf "\n%s\n" "${SEPARATOR}"
) | tee ${OUT_FILE}

# Print per-PID status
(
  for PID
  in ${APACHE_PIDS}
  do
    PROC_INFO=$(grep ${PID} ${PS_FILE})
    NETSTAT_INFO=$(grep ${PID} ${NETSTAT_FILE})

    # ps auwfx
    echo -e "\n# ps auwfx"
    printf "%s\n%s\n" "${PS_HEADER}" "${PROC_INFO}"
    # netstat -natupeolw
    echo -e "\n# netstat -natupeolw"
    printf "%s\n%s\n\n" "${NETSTAT_HEADER}" "${NETSTAT_INFO}"
    # find /proc/${PID}
    echo "# find /proc/${PID} -ls"
    find /proc/${PID} -ls
    printf "\n"
    # lsof -p ${PID}
    echo "# lsof -p ${PID}"
    lsof -p ${PID} 2>/dev/null
    #--
    printf "\n%s\n" ${SEP}
  done
) | tee -a ${OUT_FILE}
	#!/bin/bash

	# Create and change to ${TMP_DIR}
	TMP_DIR=${HOME}/tmp
	test -e ${TMP_DIR} \|\| mkdir -vp ${TMP_DIR}
	cd ${TMP_DIR}

	# Output files in ${TMP_DIR}
	PS_FILE=ps.log
	NETSTAT_FILE=netstat.log
	APACHE_PROCS=apache_procs.log
	OUT_FILE=apache_audit.log

	# Get current process status
	ps auwfx \| \
	tee ${PS_FILE} \| \
	grep -v grep \| \
	egrep 'www-data\|/usr/sbin/apache2' \
	> ${APACHE_PROCS}

	# Get current network status
	netstat -natupeolw > ${NETSTAT_FILE}

	# Get all apache procs
	APACHE_PIDS=$(awk {'print $2'} < ${APACHE_PROCS})

	# Headers and separators
	SEP="#-------"
	SEPARATOR="################################################################################"
	PS_HEADER="$(head -n 1 ${PS_FILE})"
	NETSTAT_HEADER="$(sed -n '2p' ${NETSTAT_FILE})"

	# Print global status
	(
	printf "\n%s\n" "${SEPARATOR}"

	printf "\n# %s\n\n" "ps auwfx"

	cat ${PS_FILE}

	printf "\n# %s\n\n" "ps auwfx \| egrep 'www-data\|apache2'"

	cat ${APACHE_PROCS}

	printf "\n# %s\n\n" "netstat -natupeolw"

	cat ${NETSTAT_FILE}

	printf "\n%s\n" "${SEPARATOR}"
	) \| tee ${OUT_FILE}

	# Print per-PID status
	(
	for PID
	in ${APACHE_PIDS}
	do
	PROC_INFO=$(grep ${PID} ${PS_FILE})
	NETSTAT_INFO=$(grep ${PID} ${NETSTAT_FILE})

	# ps auwfx
	echo -e "\n# ps auwfx"
	printf "%s\n%s\n" "${PS_HEADER}" "${PROC_INFO}"
	# netstat -natupeolw
	echo -e "\n# netstat -natupeolw"
	printf "%s\n%s\n\n" "${NETSTAT_HEADER}" "${NETSTAT_INFO}"
	# find /proc/${PID}
	echo "# find /proc/${PID} -ls"
	find /proc/${PID} -ls
	printf "\n"
	# lsof -p ${PID}
	echo "# lsof -p ${PID}"
	lsof -p ${PID} 2>/dev/null
	#--
	printf "\n%s\n" ${SEP}
	done
	) \| tee -a ${OUT_FILE}