#[BASH] Script to check in apache log for some BAD requests. # #!/bin/bash # # Check-appa-log.sh // Script By E32 # how to run this script: $ bash Check-appa-log.sh #ADD your own ip or ip you don't want to ban. ipowner="82.46.24.92" ipowner2="202.03.13.20" varlog(){ loge=/var/log/apache2/error.log loga=/var/log/apache2/access.log grepfiltre=" [0-9]\+[.][0-9]\+[.][0-9]\+[.][0-9]\+" #filterse="alert(" filterse="String\(|passwd|tar|zip|rar|gz|sql|xmlrpc.php|/wp" #filterse="String|passwd" filtersa="String\(|/wp|/.env |xmlrpc.php" } ##################################### checkip_loga(){ varlog echo -e "$(tput setaf 1)🌍$(tput setaf 3) IP $(tput setaf 1)πŸ’’$(tput setaf 4) ${filtersa} $(tput setaf 3)πŸ‘‰$(tput setaf 2) $loga$(tput sgr0) " } checkip_loge(){ varlog echo -e "$(tput setaf 1)🌍$(tput setaf 3) IP $(tput setaf 1)πŸ’’$(tput setaf 4) ${filterse} $(tput setaf 3)πŸ‘‰$(tput setaf 2) $loge$(tput sgr0) " } showipa() { varlog # grep 404 check_ipa=$(egrep -i "$filtersa" $loga | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g") echo -e " $check_ipa" | tr "\n" " " } showipe() { varlog check_ipe=$(egrep -i "$filterse" $loge | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g") echo -e " $check_ipe" | tr "\n" " " } ########## logecount(){ varlog tbante=`egrep -i $filterse $loge | grep -o "$grepfiltre" | uniq | wc -l` echo -ne " $(tput setaf 3)Β»$(tput setaf 1) πŸ†$(tput setaf 3) $tbante $(tput sgr0)" } logacount(){ varlog tbanta=`egrep -i $filtersa $loga | grep -o "$grepfiltre" | uniq | wc -l` echo -ne " $(tput setaf 3)Β»$(tput setaf 1) πŸ†$(tput setaf 3) $tbanta $(tput sgr0)" } countips() { logecount checkip_loge # echo -e "\n" logacount checkip_loga } checkverboseall(){ checkip_loge logecount echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) " showipe echo echo checkip_loga logacount echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) " showipa echo } checkverbose(){ countips echo } checkall(){ echo -e "\n -- CHECK --\n" checkip_loge logecount echo echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) " showipe echo -e "\n$(tput setaf 3) Β» $(tput setaf 1)Logs $(tput sgr0) " egrep -i --color=always ${filterse} $loge | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g" echo -e " \n --------------------------------------------------\n" checkip_loga logacount echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) " showipa echo -e "\n$(tput setaf 3) Β» $(tput setaf 1)Logs $(tput sgr0)\n" egrep -i --color=always ${filtersa} $loga | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g" } show_cli() { echo -e "\n secu-apache CLI" echo -e "$(tput setaf 3) Usage:\n $(realpath $0) [arguments] $(tput sgr0)\n" echo -e " Arguments:" echo -e " --help (-h): Display this help message" echo -e " --all (-a): Ip list color" echo -e " --ip (-i): Ip list" echo -e " --count (-c): Count IPs" echo -e " --check (-C): Check Logs" echo -e " --Ban (-B): TEST ban" echo "" } case "$1" in -h | --help) show_cli exit ;; -c | --count) countips exit ;; -a | --all) echo checkverboseall echo exit ;; -i | --ip) showipe showipa echo exit ;; -B | --Ban) # need other script to include // ;; -C | --Check) checkall echo exit ;; -F | --Filtre) checkverbose echo exit ;; *) echo -ne " \n Check with -h for more option \n\n$(tput setaf 1) πŸ”$(tput sgr0) Check " [ -z "showipe" ] && echo -e "Logs Clean $(tput setaf 4) βœ…$(tput sgr0)" || echo -e "$(tput setaf 1)🚨$(tput sgr0) Ban FOUND $(tput setaf 1)⁉️$(tput sgr0) \n $(tput setaf 3)πŸ‘‰to check:$(tput sgr0) $0 -C\n $(tput setaf 3)πŸ‘‰to ban :$(tput sgr0) $0 -B" echo checkverbose echo ;; esac ################################################################ # ignore CTRL+C, CTRL+Z and quit singles using the trap # trap '' SIGINT SIGQUIT SIGTSTP trap "clear; exit" SIGHUP SIGINT SIGTERM