SYS320 Week5 Lab - JadenGil/Jaden-Tech-Journal GitHub Wiki

#!/bin/bash

# Read in file

# Arguments using the position, they start at APACHE_LOG=""

# check to see if the file exists if [ ! -f ${APACHE_LOG} ](/JadenGil/Jaden-Tech-Journal/wiki/-!--f-${APACHE_LOG}-) then echo "Please specify the path to a log file." exit 1 fi

# looking for web scanners sed -e "s/\[//g" -e "s/\"//g" ${APACHE_LOG} | \ egrep -i "test|shell|echo|passwd|select|phpmyadmin|setup|admin|w00t" | \ awk ' BEGIN { format = "%-15 %-20 %-7s %-6s %-10s %s\n" printf format, "IP", "Date", "Method", "Status", "Size", "URI" printf format, "--", "----", "------", "------", "----", "---"} { printf format, , , , , 0, }'

awk ' { print } ' ${APACHE_LOG} | sort -u | tee -a apacheIP.txt

for badIP in $(cat apacheIP.txt) do echo "netsh advfirewall firewall add rule name="BLOCK IP ADDRESS - ${badIP}" dir=in action=block remoteip=${badIP}" | tee -a windowsbadIP.txt done

for badIP in $(cat apacheIP.txt) do echo "iptables -A INPUT -s ${badIP} -j DROP" | tee -a badiptables.txt done