#!/bin/bash

watcher_path="/root/etc/suspicious_user_detector/watch_"
status=0

while read -r user; do
  [[ status -eq 0 ]] && echo "CRITICAL! Detected suspicious user activity:"
  echo "cPanel user: ${user}"
  status=2
done < <(ls ${watcher_path}* 2>/dev/null|awk -F'watch_' '{print $2}')

[[ status -eq 0 ]] && echo "OK."
exit "${status}"