[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Nimda statistik



Hej Michael Rasmussen.

Jeg kunne godt bruge dit script til at bevidstgøre mine elever om
virus/orme, som en del af dagens internet. Og til at gøre de skoler der
er ramt opmærksomme på det (fandt den anden dag ud af at Ordrup
Gymnasium bombede mig).
Men jeg kan ikke finde ud af at sætte det op .-(
Gider du at bruge ½ time og så lave en universel udgave af scriptet, med
vejledning i hvilke filer der skal oprettes og hvilke ændringer der evt
skal laves i filrettigheder osv.

Det ville være smadderpænt af dig!

:-)

Venlig hilsen Gunner Poulsen GnuSkole projektet.

 

Michael Rasmussen skriver:
> 
> In article <sslug@sslug>, "Henrik Størner" Hej Henrik,
> 
> Da de script ikke læste i error_log, og da de fleste angreb hos mig ryger i
> error_log, har jeg udvidet funktionaliteten til at håndtere dette. Se
> nedenstående mærket -->:
> 
> <sslug@sslug> wrote:
> 
> > #!/bin/sh
> >
> > # Need this for date-formatting to work correctly ... unset LC_ALL unset
> > LANG
> > export LC_ALL LANG
> >
> > DATESTR=`date +"%d/%b/%Y"`
> >
> > # Look for Code Red attacks
> > cat /var/log/httpd/access_log | grep -i "$DATESTR.*GET /default.ida"
> > /tmp/codered.$$
> --> cat /var/log/httpd/error_log | grep -i "/default.ida"
> >/tmp/codered1.$$
> >echo -e "\n\nCode Red attacks by originator IP\n"
> > CODEREDS=`cat /tmp/codered.$$ | wc -l`
> -->CODEREDS1=`cat /tmp/codered1.$$ | wc -l`
> -->CODEREDS=$((CODEREDS+CODEREDS1))
> >echo "$CODEREDS Code Red attacks ignored"
> >echo ""
> > cat /tmp/codered.$$|awk '{print $1;}'|sort|uniq -c
> echo ""
> rm -f /tmp/codered.$$
> --> cat /tmp/codered1.$$|awk '{print $8;}'|sort|uniq -c
> --> rm -f /tmp/codered1.$$
> >
> > # Look for Nimda attacks
> > cat /var/log/httpd/access_log | grep -i "$DATESTR.*cmd.exe"
> > >/tmp/nimda.$$
> --> cat /var/log/httpd/error_log | grep -i "cmd.exe"
> > >/tmp/nimda.$$
> echo -e "\n\nNimda attacks by originator IP\n"
> NIMDA=`cat> /tmp/nimda.$$ | wc -l`
> -->NIMDA1=`cat /tmp/nimda1.$$ | wc -l`
> -->NIMDA=$((NIMDA+NIMDA1))
> > echo "$NIMDA Nimda attacks ignored"
> > echo ""
> > cat /tmp/nimda.$$|awk '{print $1;}'|sort|uniq -c echo "" rm -f
> > /tmp/nimda.$$
> --> cat /tmp/nimda1.$$|awk '{print $8;}'|sort|uniq -c echo "" rm -f
> --> /tmp/nimda1.$$
> >
> > touch /home/www/www.sslug.dk/mrtg/coderedtoday.html
> >
> > exit 0
> >
> >
> Der er dog stadigvæk to fejl:
> 1) Jeg bliver nødt til at gemme i to forskellige filer. Jeg er vist ikke
> særlig god til awk? :o)
> 2) IP nummeret i error_log er omkrandset af [], og jeg kan simpelt hen
> ikke fjerne den sidste ]. Grund, se 1)
> 
> Har du eventuelt en løsning?
> 
> Se scriptet her: http://datanom.net/cgi-bin/nimda.cgi
> 
> --
> Hilsen/Sincerely
> Michael Rasmussen
> -------------------------------------------------------------------
> Fjern NOSPAM fra min adresse, for at sende mig en mail


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *