[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Nimda statistik



Du kan da tage en kikker på http://212.242.57.117/serverinf/vira og hvis du kan bruge hvad du ser
så send lige en mail til mig på sslug@sslug Så kan jeg sende det som jeg har
lavet

m.v.h.

Kim Hermansen


----- Original Message ----- 
From: "Gunner Poulsen" <sslug@sslug>
Newsgroups: sslug.misc
To: <sslug@sslug>; "Michael Rasmussen" <sslug@sslug>
Sent: Wednesday, September 26, 2001 11:53 AM
Subject: Re: [MISC] Nimda statistik


> Hej Michael Rasmussen.
> 
> Jeg kunne godt bruge dit script til at bevidstgøre mine elever om
> virus/orme, som en del af dagens internet. Og til at gøre de skoler der
> er ramt opmærksomme på det (fandt den anden dag ud af at Ordrup
> Gymnasium bombede mig).
> Men jeg kan ikke finde ud af at sætte det op .-(
> Gider du at bruge ½ time og så lave en universel udgave af scriptet, med
> vejledning i hvilke filer der skal oprettes og hvilke ændringer der evt
> skal laves i filrettigheder osv.
> 
> Det ville være smadderpænt af dig!
> 
> :-)
> 
> Venlig hilsen Gunner Poulsen GnuSkole projektet.
> 
>  
> 
> Michael Rasmussen skriver:
> > 
> > In article <sslug@sslug>, "Henrik Størner" Hej Henrik,
> > 
> > Da de script ikke læste i error_log, og da de fleste angreb hos mig ryger i
> > error_log, har jeg udvidet funktionaliteten til at håndtere dette. Se
> > nedenstående mærket -->:
> > 
> > <sslug@sslug> wrote:
> > 
> > > #!/bin/sh
> > >
> > > # Need this for date-formatting to work correctly ... unset LC_ALL unset
> > > LANG
> > > export LC_ALL LANG
> > >
> > > DATESTR=`date +"%d/%b/%Y"`
> > >
> > > # Look for Code Red attacks
> > > cat /var/log/httpd/access_log | grep -i "$DATESTR.*GET /default.ida"
> > > /tmp/codered.$$
> > --> cat /var/log/httpd/error_log | grep -i "/default.ida"
> > >/tmp/codered1.$$
> > >echo -e "\n\nCode Red attacks by originator IP\n"
> > > CODEREDS=`cat /tmp/codered.$$ | wc -l`
> > -->CODEREDS1=`cat /tmp/codered1.$$ | wc -l`
> > -->CODEREDS=$((CODEREDS+CODEREDS1))
> > >echo "$CODEREDS Code Red attacks ignored"
> > >echo ""
> > > cat /tmp/codered.$$|awk '{print $1;}'|sort|uniq -c
> > echo ""
> > rm -f /tmp/codered.$$
> > --> cat /tmp/codered1.$$|awk '{print $8;}'|sort|uniq -c
> > --> rm -f /tmp/codered1.$$
> > >
> > > # Look for Nimda attacks
> > > cat /var/log/httpd/access_log | grep -i "$DATESTR.*cmd.exe"
> > > >/tmp/nimda.$$
> > --> cat /var/log/httpd/error_log | grep -i "cmd.exe"
> > > >/tmp/nimda.$$
> > echo -e "\n\nNimda attacks by originator IP\n"
> > NIMDA=`cat> /tmp/nimda.$$ | wc -l`
> > -->NIMDA1=`cat /tmp/nimda1.$$ | wc -l`
> > -->NIMDA=$((NIMDA+NIMDA1))
> > > echo "$NIMDA Nimda attacks ignored"
> > > echo ""
> > > cat /tmp/nimda.$$|awk '{print $1;}'|sort|uniq -c echo "" rm -f
> > > /tmp/nimda.$$
> > --> cat /tmp/nimda1.$$|awk '{print $8;}'|sort|uniq -c echo "" rm -f
> > --> /tmp/nimda1.$$
> > >
> > > touch /home/www/www.sslug.dk/mrtg/coderedtoday.html
> > >
> > > exit 0
> > >
> > >
> > Der er dog stadigvæk to fejl:
> > 1) Jeg bliver nødt til at gemme i to forskellige filer. Jeg er vist ikke
> > særlig god til awk? :o)
> > 2) IP nummeret i error_log er omkrandset af [], og jeg kan simpelt hen
> > ikke fjerne den sidste ]. Grund, se 1)
> > 
> > Har du eventuelt en løsning?
> > 
> > Se scriptet her: http://datanom.net/cgi-bin/nimda.cgi
> > 
> > --
> > Hilsen/Sincerely
> > Michael Rasmussen
> > -------------------------------------------------------------------
> > Fjern NOSPAM fra min adresse, for at sende mig en mail
> 



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *