Last active
December 16, 2015 11:29
-
-
Save CLCL/5428185 to your computer and use it in GitHub Desktop.
Logwatch用フィルタ。CentOS 6なら/etc/logwatch/scripts/servicesに設置する。Apacheの認証突破したもので、ホワイトリストにないIPをレポートする。設定ファイルを/etc/logwatch/conf/servicesに置くこと
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
use strict; | |
use warnings; | |
# HTTP Status codes from HTTP/Status.pm, to avoid loading package | |
# that may or may not exist. We only need those >=400, but all | |
# are included for potential future use. | |
my %StatusCode = ( | |
100 => 'Continue', | |
101 => 'Switching Protocols', | |
102 => 'Processing', # WebDAV | |
200 => 'OK', | |
201 => 'Created', | |
202 => 'Accepted', | |
203 => 'Non-Authoritative Information', | |
204 => 'No Content', | |
205 => 'Reset Content', | |
206 => 'Partial Content', | |
207 => 'Multi-Status', # WebDAV 300 => 'Multiple Choices', | |
301 => 'Moved Permanently', | |
302 => 'Found', | |
303 => 'See Other', | |
304 => 'Not Modified', | |
305 => 'Use Proxy', | |
307 => 'Temporary Redirect', | |
400 => 'Bad Request', | |
401 => 'Unauthorized', | |
402 => 'Payment Required', | |
403 => 'Forbidden', | |
404 => 'Not Found', | |
405 => 'Method Not Allowed', | |
406 => 'Not Acceptable', | |
407 => 'Proxy Authentication Required', | |
408 => 'Request Timeout', | |
409 => 'Conflict', | |
410 => 'Gone', | |
411 => 'Length Required', | |
412 => 'Precondition Failed', | |
413 => 'Request Entity Too Large', | |
414 => 'Request-URI Too Large', | |
415 => 'Unsupported Media Type', | |
416 => 'Request Range Not Satisfiable', | |
417 => 'Expectation Failed', | |
422 => 'Unprocessable Entity', # WebDAV | |
423 => 'Locked', # WebDAV | |
424 => 'Failed Dependency', # WebDAV | |
500 => 'Internal Server Error', | |
501 => 'Not Implemented', | |
502 => 'Bad Gateway', | |
503 => 'Service Unavailable', | |
504 => 'Gateway Timeout', | |
505 => 'HTTP Version Not Supported', | |
507 => 'Insufficient Storage', # WebDAV | |
); | |
my $regex = qr/^(\d.+\d) (.+) (.+) \[(.+)\] "(\w+) (.+) (.+)" (\d\d\d) .+$/; | |
my @attr = qw/client_ip ident userid timestamp method path http http_rc /; | |
my %whitelist = ( | |
'127.0.0.1' => 'localhost', | |
); | |
my $hash; | |
while(<>) { | |
tr/\x0a\x0d//d; | |
if ( my @res = m/$regex/ ) { | |
my %d; | |
for ( my $i = 0; $i < $#attr + 1; $i++ ) { | |
$d{ $attr[ $i ] } = $res[ $i ]; | |
} | |
next if $d{userid} eq '-'; # 認証なしアクセスならスルー | |
next if $d{http_rc} == 401; # 401ならスルー | |
next if exists $whielist{$d{client_ip}}; # 辞書に有るならスルー | |
# 認証ありで401以外で辞書にないIPは報告 | |
$hash->{$d{http_rc}}->{$d{client_ip} .' '. $d{userid} .' '. $d{path} } += 1; | |
} | |
}; | |
if ($hash) { | |
print " ApacheのBasic認証を通過したがホワイトリストに載ってないIPからのアクセス:\n"; | |
foreach my $rc ( sort keys %$hash ) { | |
print " $rc $StatusCode{$rc}\n"; | |
foreach my $item ( sort keys %{$hash->{$rc} } ) { | |
print " $item: $hash->{$rc}->{$item}回\n"; | |
} | |
} | |
} | |
__END__ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment