I need a linux bash script which send me an email if any results appear in searches made in the apache logs.
I have a very simple method (sentence) to look into SQL Injection attacks, which simply searches for some keywords used in SQLi. Is this:
#tail -50000 /var/vhosts/site.com/logs/access_log | egrep -i "select%20|union%20|'|1=1"
So now I would like to be able to launch it in several access_log (for each website - virtual host I have) and send me an email in case of finding results.
In a schematic way:
I have the apache access_log files, one for each virtual host:
/var/vhosts/website_1/access_log
/var/vhosts/website_2/access_log
etc...
And the scheme of the bash process I'm talking:
for each access_log file (one by virtual host)
result = tail -50000 /var/www/vhosts/site.com/logs/access_log | egrep -i "select%20|union%20|'|1=1"
if any line appear in the result then
send mail([email protected], 'Warning!: Possible attack in virtual_host_i')
end;
Does anyone know how to implement this script?
Thanks in advance
You have a good plan, just need to code it. Try this:
#!/bin/bash
for file in $(ls /var/vhosts/*/access_log); do
result="" #reset the result variable
result=$(tail -50000 "${file}" | egrep -i "(select )|(union )|'|(1=1)")
if [[ ! -z $result ]]; then
echo "file ${file} contains suspicious lines:"
echo $result
# or enter your command for mailing the result
# for example:
# echo ${result} | mail -s ${file} [email protected]
# check man page for your mail command!
fi
done