#!/usr/bin/perl -w
##########################################################################
# $Id: mountd,v 1.10 2002/10/12 02:08:19 kirk Exp $
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
########################################################

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

sub LookupIP {
   my ($name, $a1, $a2,$a3,$a4,$PackedAddr,$Addr);
   $Addr = $_[0];
   ($a1,$a2,$a3,$a4) = split /\./,$Addr;
   $PackedAddr = pack('C4',$a1,$a2,$a3,$a4);
   if ($name = gethostbyaddr ($PackedAddr,2)) {
      return ($name . " (" . $Addr . ")");
   } else {
      return ($Addr);
   }
}

while (defined($ThisLine = <STDIN>)) {
   if ( ($ThisLine =~ /^Unauthorized access by NFS client .*$/ ) or 
         ($ThisLine =~ /^NFS client [^ ]+ tried to access .*$/ ) ) {
      # don't care about this, as the next line reports the IP again
   }
   elsif ( ($IP,$Mount) = ($ThisLine =~ /^Blocked attempt of ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) to mount (.*)$/) ) {
      $Name = LookupIP ($IP);
      $Mount = "      " . $Mount;
      $Rejected{$Name}{$Mount}++;
   }
   elsif ( ($Name,$Mount) = ($ThisLine =~ /^refused mount request from (.+) for ([^ ]+)/) ) {
      $Mount = "      " . $Mount;
      $Rejected{$Name}{$Mount}++;
   }
   elsif ( ($Mount) = ($ThisLine =~ /can.t stat exported dir (.*): No such file or directory/) ) {
      $Mount = "      " . $Mount;
      $NotFound{$Mount}++;
   }
   elsif ( ($Mount,$IP) = ($ThisLine =~ /^NFS mount of (.*) attempted from ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) $/) ) {
      $Name = LookupIP ($IP);
      $Mount = "      " . $Mount;
      $Attempted{$Name}{$Mount}++;
   }
   elsif ( ($Name) = ($ThisLine =~ /^authenticated (?:un)?mount request from ([\w:]+)/) ) {
      $Mount = "      unknown";
      $Mounted{$Name}{$Mount}++;
   }
   elsif ( ($Mount,$IP) = ($ThisLine =~ /^(.*) has been mounted by ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) $/) ) {
      $Name = LookupIP ($IP);
      $Mount = "      " . $Mount;
      $Mounted{$Name}{$Mount}++;
   }
   else {
      # Report any unmatched entries...
      push @OtherList,$ThisLine;
   }
}

if (keys %Rejected) {
   print "\nRefused NFS mount attempts:\n";
   foreach $ThisOne (keys %Rejected) {
      print "   " . $ThisOne . ":\n";
      foreach $ThatOne (keys %{$Rejected{$ThisOne}}) {
         print $ThatOne . ': ' . $Rejected{$ThisOne}{$ThatOne} . " Time(s)\n";
      }
   }
}

if (keys %NotFound) {
   print "\nAttemts to mount nonexisting files or directories:\n";
   foreach $ThisOne (keys %NotFound) {
      print "   " . $ThisOne .":" . $NotFound{$ThisOne} . " Time(s)\n";
   }
}

if (($Detail >= 5) and (keys %Mounted)) {
   print "\nSuccessful NFS mounts:\n";
   foreach $ThisOne (keys %Mounted) {
      print "   " . $ThisOne . ":\n";
      foreach $ThatOne (keys %{$Mounted{$ThisOne}}) {
         print $ThatOne . ': ' . $Mounted{$ThisOne}{$ThatOne} . " Time(s)\n";
      }
   }
}

if (($Detail >= 10) and (keys %Attempted)) {
   print "\nAttempted NFS mounts:\n";
   foreach $ThisOne (keys %Attempted) {
      print "   " . $ThisOne . ":\n";
      foreach $ThatOne (keys %{$Attempted{$ThisOne}}) {
         print $ThatOne . ': ' . $Attempted{$ThisOne}{$ThatOne} . " Time(s)\n";
      }
   }
}

if ($#OtherList >= 0) {
   print "\n**Unmatched Entries**\n";
   print @OtherList;
}

exit(0);

