[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Nimda statistik

In article <sslug@sslug>, "Henrik Størner" Hej Henrik,

Da de script ikke læste i error_log, og da de fleste angreb hos mig ryger i
error_log, har jeg udvidet funktionaliteten til at håndtere dette. Se
nedenstående mærket -->:

<sslug@sslug> wrote:

> #!/bin/sh
> 
> # Need this for date-formatting to work correctly ... unset LC_ALL unset
> LANG
> export LC_ALL LANG
> 
> DATESTR=`date +"%d/%b/%Y"`
> 
> # Look for Code Red attacks
> cat /var/log/httpd/access_log | grep -i "$DATESTR.*GET /default.ida"
> /tmp/codered.$$
--> cat /var/log/httpd/error_log | grep -i "/default.ida"
>/tmp/codered1.$$
>echo -e "\n\nCode Red attacks by originator IP\n"
> CODEREDS=`cat /tmp/codered.$$ | wc -l`
-->CODEREDS1=`cat /tmp/codered1.$$ | wc -l`
-->CODEREDS=$((CODEREDS+CODEREDS1))
>echo "$CODEREDS Code Red attacks ignored"
>echo ""
> cat /tmp/codered.$$|awk '{print $1;}'|sort|uniq -c
echo ""
rm -f /tmp/codered.$$
--> cat /tmp/codered1.$$|awk '{print $8;}'|sort|uniq -c
--> rm -f /tmp/codered1.$$
> 
> # Look for Nimda attacks
> cat /var/log/httpd/access_log | grep -i "$DATESTR.*cmd.exe"
> >/tmp/nimda.$$
--> cat /var/log/httpd/error_log | grep -i "cmd.exe"
> >/tmp/nimda.$$
echo -e "\n\nNimda attacks by originator IP\n"
NIMDA=`cat> /tmp/nimda.$$ | wc -l`
-->NIMDA1=`cat /tmp/nimda1.$$ | wc -l`
-->NIMDA=$((NIMDA+NIMDA1))
> echo "$NIMDA Nimda attacks ignored"
> echo ""
> cat /tmp/nimda.$$|awk '{print $1;}'|sort|uniq -c echo "" rm -f
> /tmp/nimda.$$
--> cat /tmp/nimda1.$$|awk '{print $8;}'|sort|uniq -c echo "" rm -f
--> /tmp/nimda1.$$
> 
> touch /home/www/www.sslug.dk/mrtg/coderedtoday.html
> 
> exit 0
> 
> 
Der er dog stadigvæk to fejl:
1) Jeg bliver nødt til at gemme i to forskellige filer. Jeg er vist ikke
særlig god til awk? :o)
2) IP nummeret i error_log er omkrandset af [], og jeg kan simpelt hen
ikke fjerne den sidste ]. Grund, se 1)

Har du eventuelt en løsning?

Se scriptet her: http://datanom.net/cgi-bin/nimda.cgi

-- 
Hilsen/Sincerely
Michael Rasmussen
-------------------------------------------------------------------
Fjern NOSPAM fra min adresse, for at sende mig en mail

 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *