Question

In: Computer Science

The following is a mock-up of a Nginx web server access log. There are a few...

The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for an attack vector. Write a command that will do all of the wollowing;

  1. Read the lines from a file
  2. Use a single regular expression to find all lines where;

    Someone tried to access a file starting with a period (example ".htaccess")
    OR
    Someone attempted to open one of; "php.ini" or "wp.conf"
    OR
    Someone tried to retrieve a parent directory (example ".." somewhere in the URL)
  3. Output a list of IP addresses without duplicates

access.log

10.10.38.12 - - [25/Aug/2018:00:13:00] "GET https://picard.zone/index.html (Links to an external site.) HTTP/1.1 200 Mozilla/.05"
12.10.38.12 - - [25/Aug/2018:00:14:18] "GET https://picard.zone/catalog.html (Links to an external site.)?id=5 200  Mozilla/5.0"
64.34.88.11 - - [25/Aug/2018:00:15:20] "GET https://picard.zone/catalog.html (Links to an external site.)?id=30 200  Mozilla/5.0"
51.85.91.44 - - [25/Aug/2018:00:16:33] "GET https://picard.zone/ (Links to an external site.)specials/coupon.php 500  Mozilla/5.0"
1.1.1.1 - - [25/Aug/2018:00:16:40] "GET https://picard.zone/ (Links to an external site.)specials/.htaccess 500  Mozilla/5.0"
1.1.1.1 - - [25/Aug/2018:00:16:44] "GET https://picard.zone/ (Links to an external site.)specials/.settings 500  Mozilla/5.0"
192.168.1.100 - - [25/Aug/2018:00:16:50] "GET https://picard.zone/ (Links to an external site.)specials/wp.conf 500  Mozilla/5.0"
192.168.1.100 - - [25/Aug/2018:00:16:55] "GET https://picard.zone/ (Links to an external site.)specials/../settings.py 500  Mozilla/5.0"
4.2.2.2 - - [25/Aug/2018:00:16:58] "GET https://picard.zone/ (Links to an external site.)specials/php.ini 500  Mozilla/5.0"
11.22.33.44 - - [25/Aug/2018:00:17:42] "GET https://picard.zone/ (Links to an external site.)finish.php 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:18:01] "GET https://picard.zone/ (Links to an external site.)settings.html 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:19:12] "GET https://picard.zone/catalog.html (Links to an external site.)?id=5 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:20:11] "GET https://picard.zone/ (Links to an external site.)privacy.py 200  Mozilla/5.0"

10.10.38.12 - - [25/Aug/2018:00:13:38] "GET https://picard.zone/index.html (Links to an external site.) HTTP/1.1 404 Mozilla/.05"

HINT: The lines you are interested in are in bold; lines 5 to 9.
HINT: In your terminal, create a new file called 'access.log' and copy-paste the above lines into it
HINT: You will likely need to use; cut, uniq and grep in your command

Solutions

Expert Solution

venereology answered 6 months ago
Next > < Previous

Related Solutions

A small company network have multiple servers (including a web server, a log server, DNS servers,...
A small company network have multiple servers (including a web server, a log server, DNS servers, a file server for inventory information and customer orders, but no email server) , two firewalls, DMZ, and PCs. The company sales products online. a). Suppose that you are a system administrator. What types of network connections will you allow to be established with the servers in the DMZ from the Internet? b). What are the points of entry for attackers? c). How do...
Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. (10 marks total) CSE1CPR 2020 Final Exam Page 8 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry? iii. How might this cause harm? iv. Suggest how the website developer or administrator might...
Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry? iii. How might this cause harm? i v. Suggest how the website developer or administrator might mitigate this threat or vulnerability?
Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry?   iii. How might this cause harm? iv. Suggest how the website developer or administrator might mitigate this threat or vulnerability?
Web Server is the computer that stores Web Server Software and Website. If you are running...
Web Server is the computer that stores Web Server Software and Website. If you are running some service like Food Panda which type of Hosting Server will be used. Answer your question by discussion and comparison of different types of web hosting? If you have low budget so what will be the best possible hosting plan in this situation? Justify your answer by logical reasoning.
Discuss the main similarity and difference between a dedicated web server and a co-located web server....
Discuss the main similarity and difference between a dedicated web server and a co-located web server. Group of answer choices Both of them are mainly used for small to medium-size web sites. Both of them are mainly used for large to enterprise-size web sites. Both of them are kept and connected to the Internet at the web host provider's location. One of them is kept and connected to the Internet at the web host provider's location, while the other is...
In an effort to increase access to healthcare, I have come up with a few ideas...
In an effort to increase access to healthcare, I have come up with a few ideas to aid the access to healthcare, expanding. The following strategies are my ideas to improve access to healthcare. -Expanding office hours, this would benefit those who are unable to take time off from the normal work day, in order to attend an appointment. Taking time off from work is not always applicable, and these extended hours would ensure that those who can afford to...
Describe the process involving the transmission of a Web page from a Web server to a...
Describe the process involving the transmission of a Web page from a Web server to a user’s computer.
AWS screenshot of a view of the web browser connection to your web server via the...
AWS screenshot of a view of the web browser connection to your web server via the load balancer (step 5 of this lab document).
Using node.js, create the following tasks. 1. Set up a server and HTML file server as...
Using node.js, create the following tasks. 1. Set up a server and HTML file server as shown in the videos. Once you have it successfully running, make the following adjustments A. When a 404 error (file not found) occurs, display a funny message about the file missing and/or did you forget how to type? B. If the user enters a request for the home page (index.html) then: Display an index.html page you have created which includes your name, course number,...
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT