115 lines
5.3 KiB
Bash
Executable File
115 lines
5.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# WEVIA Blade Cleaner & Security Agent — cron */2
|
|
/usr/local/sbin/blade-ah.sh >> /var/log/bah.log 2>&1
|
|
# Connects to Blade via SSH, cleans cache, monitors security
|
|
BLADE="10.1.0.4"
|
|
USER="yanis"
|
|
SSH="ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=no -o BatchMode=yes $USER@$BLADE"
|
|
LOG="/var/log/wevia-blade-cleaner.log"
|
|
RESULTS="/var/www/html/api/wevia-blade-status.json"
|
|
|
|
# Check if Blade is reachable
|
|
if ! timeout 3 ping -c 1 $BLADE >/dev/null 2>&1; then
|
|
echo "{\"ts\":\"$(date +%H:%M)\",\"status\":\"offline\"}" > $RESULTS
|
|
exit 0
|
|
fi
|
|
|
|
# Run PowerShell cleanup + security in one SSH call
|
|
OUTPUT=$($SSH 'powershell -NoProfile -Command "
|
|
$r = @{}
|
|
$r.ts = Get-Date -Format \"HH:mm\"
|
|
$r.status = \"online\"
|
|
|
|
# === CACHE CLEAR ===
|
|
$cleaned = 0
|
|
# Chrome cache
|
|
$paths = @(
|
|
\"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cache\Cache_Data\*\",
|
|
\"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Code Cache\*\",
|
|
\"$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Service Worker\CacheStorage\*\",
|
|
\"$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Cache\*\"
|
|
)
|
|
foreach ($p in $paths) {
|
|
try {
|
|
$sz = (Get-ChildItem $p -Recurse -ErrorAction SilentlyContinue | Measure-Object Length -Sum).Sum
|
|
Remove-Item $p -Recurse -Force -ErrorAction SilentlyContinue
|
|
$cleaned += $sz
|
|
} catch {}
|
|
}
|
|
# Windows temp
|
|
Remove-Item \"$env:TEMP\*\" -Recurse -Force -ErrorAction SilentlyContinue 2>$null
|
|
Remove-Item \"C:\Windows\Temp\*\" -Recurse -Force -ErrorAction SilentlyContinue 2>$null
|
|
# Prefetch
|
|
Remove-Item \"C:\Windows\Prefetch\*.pf\" -Force -ErrorAction SilentlyContinue 2>$null
|
|
# Thumbnails
|
|
Remove-Item \"$env:LOCALAPPDATA\Microsoft\Windows\Explorer\thumbcache_*\" -Force -ErrorAction SilentlyContinue 2>$null
|
|
# DNS flush
|
|
ipconfig /flushdns 2>$null | Out-Null
|
|
$r.cleaned_mb = [math]::Round($cleaned / 1MB, 1)
|
|
|
|
# === HEALTH ===
|
|
$cpu = (Get-WmiObject Win32_Processor | Measure-Object LoadPercentage -Average).Average
|
|
$mem = Get-WmiObject Win32_OperatingSystem
|
|
$r.cpu = $cpu
|
|
$r.ram_pct = [math]::Round(($mem.TotalVisibleMemorySize - $mem.FreePhysicalMemory) / $mem.TotalVisibleMemorySize * 100, 1)
|
|
$disk = Get-WmiObject Win32_LogicalDisk -Filter \"DriveType=3 AND DeviceID='C:'\"
|
|
$r.disk_pct = [math]::Round(($disk.Size - $disk.FreeSpace) / $disk.Size * 100, 1)
|
|
$r.disk_free_gb = [math]::Round($disk.FreeSpace / 1GB, 1)
|
|
$r.procs = (Get-Process).Count
|
|
|
|
# === SECURITY ===
|
|
# Defender status
|
|
$def = Get-MpComputerStatus -ErrorAction SilentlyContinue
|
|
$r.defender = $def.RealTimeProtectionEnabled
|
|
$r.defender_sigs = $def.AntivirusSignatureLastUpdated.ToString(\"yyyy-MM-dd\")
|
|
# Threats detected
|
|
$threats = (Get-MpThreatDetection -ErrorAction SilentlyContinue | Where-Object {$_.InitialDetectionTime -gt (Get-Date).AddHours(-24)}).Count
|
|
$r.threats_24h = $threats
|
|
# Failed logins
|
|
$fails = (Get-WinEvent -FilterHashtable @{LogName='Security';Id=4625;StartTime=(Get-Date).AddHours(-1)} -MaxEvents 100 -ErrorAction SilentlyContinue).Count
|
|
$r.failed_logins_1h = $fails
|
|
# Listening ports count
|
|
$ports = (Get-NetTCPConnection -State Listen -ErrorAction SilentlyContinue | Select-Object LocalPort -Unique).Count
|
|
$r.open_ports = $ports
|
|
# Suspicious: high CPU processes
|
|
$r.high_cpu = @(Get-Process | Where-Object {$_.CPU -gt 120} | Select-Object -First 3 Name | ForEach-Object {$_.Name})
|
|
# Firewall
|
|
$r.firewall = @(Get-NetFirewallProfile | ForEach-Object {\"$($_.Name):$($_.Enabled)\"})
|
|
|
|
# === AUTO-FIX ===
|
|
# Kill known bloatware if eating CPU
|
|
$bloat = @(\"GameBar\",\"YourPhone\",\"SkypeApp\",\"Cortana\",\"OneDrive\")
|
|
foreach ($b in $bloat) {
|
|
$p = Get-Process -Name \"*$b*\" -ErrorAction SilentlyContinue
|
|
if ($p -and $p.CPU -gt 60) {
|
|
Stop-Process $p -Force -ErrorAction SilentlyContinue
|
|
$r.killed += @($b)
|
|
}
|
|
}
|
|
# Auto-update Defender signatures if >2 days old
|
|
if ($def.AntivirusSignatureLastUpdated -lt (Get-Date).AddDays(-2)) {
|
|
Update-MpSignature -ErrorAction SilentlyContinue
|
|
$r.defender_updated = $true
|
|
}
|
|
|
|
$r | ConvertTo-Json -Compress
|
|
"' 2>/dev/null)
|
|
|
|
# Save results
|
|
if [ -n "$OUTPUT" ] && echo "$OUTPUT" | python3 -c "import json,sys;json.load(sys.stdin)" 2>/dev/null; then
|
|
echo "$OUTPUT" > $RESULTS
|
|
# Log alerts
|
|
CPU=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('cpu',0))" 2>/dev/null)
|
|
RAM=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('ram_pct',0))" 2>/dev/null)
|
|
THREATS=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('threats_24h',0))" 2>/dev/null)
|
|
FAILS=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('failed_logins_1h',0))" 2>/dev/null)
|
|
CLEANED=$(echo "$OUTPUT" | python3 -c "import json,sys;print(json.load(sys.stdin).get('cleaned_mb',0))" 2>/dev/null)
|
|
|
|
MSG="$(date +%H:%M) CPU:${CPU}% RAM:${RAM}% Clean:${CLEANED}MB"
|
|
[ "${THREATS:-0}" -gt 0 ] && MSG="$MSG THREATS:$THREATS!"
|
|
[ "${FAILS:-0}" -gt 10 ] && MSG="$MSG BRUTE:$FAILS!"
|
|
echo "$MSG" >> $LOG
|
|
else
|
|
echo "{\"ts\":\"$(date +%H:%M)\",\"status\":\"ssh_error\"}" > $RESULTS
|
|
fi
|