uploaded filter script

2025-08-26 18:17:29 +00:00 · 2025-08-26 18:17:29 +00:00 · d329ed2a3a
commit d329ed2a3a
1 changed files with 59 additions and 0 deletions
--- a/filter.sh
+++ b/filter.sh
@ -0,0 +1,59 @@
+#!/bin/bash
+
+CPU_THRESHOLD=90.0
+TIME_THRESHOLD=$((10 * 3600)) #10 hours in seconds
+
+# Getting all Process IDs running on Port 445 or 139 (Default SMB ports)
+SMB_PIDS=$(ss -tanp '( sport = :445 or sport = :139 )' 2>/dev/null \
+        | awk -F ',' 'NR>1 && $2 ~ /pid=/ {
+                        split($2,a," ");
+                        split(a[1],b,"=");
+                        print b[2]
+                }' | sort -u) 
+if [ -z "$SMB_PIDS" ]; then
+        echo "No SMB connections found."
+        exit 0
+fi
+
+# Checking to see if any PIDs exceed CPU or Time thresholds
+ps -axo pid,comm,pcpu,etime | awk -v cpu="$CPU_THRESHOLD" -v time="$TIME_THRESHOLD" -v smb_pids="$SMB_PIDS" '
+BEGIN {
+        split(smb_pids, arr, " ")
+        for (i in arr) {
+                smb[arr[i]] = 1
+        }
+}
+NR > 1 {
+        if(!($1 in smb)) {
+                next
+        }
+
+        # Converting etime into seconds
+        split($4, parts, "-")
+        if (length(parts) == 2) {
+                days=parts[1]
+                hms=parts[2]
+        } else {
+                days=0
+                hms=parts[1] 
+        }
+
+        split(hms, t, ";")
+        if (length(t) == 3) {
+                h=t[1]; m=t[2]; s=t[3]
+         } else if (length(t) == 2) {
+                h=t[1]; m=t[2]; s=0
+        } else {
+                h=0; m=0; s=0
+        }
+
+        elapsed = days*86400 + h*3600 + m*60 + s
+
+        # Comparing elapsed to thresholds
+        if ($3 >= cpu && elapsed >= time) {
+                printf "PID: %s | Command: %s | CPU: %s%% | Runtime: %s (%.2f hours)\n,$1, $2, $3, $4, elapsed/3600"
+        }
+}'
+               
+                
+