#[BASH] Script to check in apache log for some BAD requests.
#
#!/bin/bash
#
# Check-appa-log.sh // Script By E32
# how to run this script: $ bash Check-appa-log.sh
#ADD your own ip or ip you don't want to ban.
ipowner="82.46.24.92"
ipowner2="202.03.13.20"
varlog(){
loge=/var/log/apache2/error.log
loga=/var/log/apache2/access.log
grepfiltre=" [0-9]\+[.][0-9]\+[.][0-9]\+[.][0-9]\+"
#filterse="alert("
filterse="String\(|passwd|tar|zip|rar|gz|sql|xmlrpc.php|/wp"
#filterse="String|passwd"
filtersa="String\(|/wp|/.env |xmlrpc.php"
}
#####################################
checkip_loga(){
varlog
echo -e "$(tput setaf 1)π$(tput setaf 3) IP $(tput setaf 1)π’$(tput setaf 4) ${filtersa} $(tput setaf 3)π$(tput setaf 2) $loga$(tput sgr0) "
}
checkip_loge(){
varlog
echo -e "$(tput setaf 1)π$(tput setaf 3) IP $(tput setaf 1)π’$(tput setaf 4) ${filterse} $(tput setaf 3)π$(tput setaf 2) $loge$(tput sgr0) "
}
showipa() {
varlog
# grep 404
check_ipa=$(egrep -i "$filtersa" $loga | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g")
echo -e " $check_ipa" | tr "\n" " "
}
showipe() {
varlog
check_ipe=$(egrep -i "$filterse" $loge | grep -o "$grepfiltre" | sort | uniq | sed "s/\($ipowner\|$ipowner2\)//g")
echo -e " $check_ipe" | tr "\n" " "
}
##########
logecount(){
varlog
tbante=`egrep -i $filterse $loge | grep -o "$grepfiltre" | uniq | wc -l`
echo -ne " $(tput setaf 3)Β»$(tput setaf 1) π$(tput setaf 3) $tbante $(tput sgr0)"
}
logacount(){
varlog
tbanta=`egrep -i $filtersa $loga | grep -o "$grepfiltre" | uniq | wc -l`
echo -ne " $(tput setaf 3)Β»$(tput setaf 1) π$(tput setaf 3) $tbanta $(tput sgr0)"
}
countips() {
logecount
checkip_loge
# echo -e "\n"
logacount
checkip_loga
}
checkverboseall(){
checkip_loge
logecount
echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) "
showipe
echo
echo
checkip_loga
logacount
echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) "
showipa
echo
}
checkverbose(){
countips
echo
}
checkall(){
echo -e "\n -- CHECK --\n"
checkip_loge
logecount
echo
echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) "
showipe
echo -e "\n$(tput setaf 3) Β» $(tput setaf 1)Logs $(tput sgr0) "
egrep -i --color=always ${filterse} $loge | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g"
echo -e " \n --------------------------------------------------\n"
checkip_loga
logacount
echo -ne "$(tput setaf 3) Β» $(tput setaf 1)List $(tput sgr0) "
showipa
echo -e "\n$(tput setaf 3) Β» $(tput setaf 1)Logs $(tput sgr0)\n"
egrep -i --color=always ${filtersa} $loga | grep --color=always "$grepfiltre" | sed "s/\($ipowner\|$ipowner2\)//g"
}
show_cli() {
echo -e "\n secu-apache CLI"
echo -e "$(tput setaf 3) Usage:\n $(realpath $0) [arguments] $(tput sgr0)\n"
echo -e " Arguments:"
echo -e " --help (-h): Display this help message"
echo -e " --all (-a): Ip list color"
echo -e " --ip (-i): Ip list"
echo -e " --count (-c): Count IPs"
echo -e " --check (-C): Check Logs"
echo -e " --Ban (-B): TEST ban"
echo ""
}
case "$1" in
-h | --help)
show_cli
exit
;;
-c | --count)
countips
exit
;;
-a | --all)
echo
checkverboseall
echo
exit
;;
-i | --ip)
showipe
showipa
echo
exit
;;
-B | --Ban)
# need other script to include //
;;
-C | --Check)
checkall
echo
exit
;;
-F | --Filtre)
checkverbose
echo
exit
;;
*)
echo -ne " \n Check with -h for more option \n\n$(tput setaf 1) π$(tput sgr0) Check "
[ -z "showipe" ] && echo -e "Logs Clean $(tput setaf 4) β
$(tput sgr0)" || echo -e "$(tput setaf 1)π¨$(tput sgr0) Ban FOUND $(tput setaf 1)βοΈ$(tput sgr0) \n $(tput setaf 3)πto check:$(tput sgr0) $0 -C\n $(tput setaf 3)πto ban :$(tput sgr0) $0 -B"
echo
checkverbose
echo
;;
esac
################################################################
# ignore CTRL+C, CTRL+Z and quit singles using the trap
# trap '' SIGINT SIGQUIT SIGTSTP
trap "clear; exit" SIGHUP SIGINT SIGTERM