Question

In: Computer Science

The following is a mock-up of a Nginx web server access log. There are a few...

The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for an attack vector. Write a command that will do all of the wollowing;

  1. Read the lines from a file
  2. Use a single regular expression to find all lines where;

    Someone tried to access a file starting with a period (example ".htaccess")
    OR
    Someone attempted to open one of; "php.ini" or "wp.conf"
    OR
    Someone tried to retrieve a parent directory (example ".." somewhere in the URL)
  3. Output a list of IP addresses without duplicates

access.log

10.10.38.12 - - [25/Aug/2018:00:13:00] "GET https://picard.zone/index.html (Links to an external site.) HTTP/1.1 200 Mozilla/.05"
12.10.38.12 - - [25/Aug/2018:00:14:18] "GET https://picard.zone/catalog.html (Links to an external site.)?id=5 200  Mozilla/5.0"
64.34.88.11 - - [25/Aug/2018:00:15:20] "GET https://picard.zone/catalog.html (Links to an external site.)?id=30 200  Mozilla/5.0"
51.85.91.44 - - [25/Aug/2018:00:16:33] "GET https://picard.zone/ (Links to an external site.)specials/coupon.php 500  Mozilla/5.0"
1.1.1.1 - - [25/Aug/2018:00:16:40] "GET https://picard.zone/ (Links to an external site.)specials/.htaccess 500  Mozilla/5.0"
1.1.1.1 - - [25/Aug/2018:00:16:44] "GET https://picard.zone/ (Links to an external site.)specials/.settings 500  Mozilla/5.0"
192.168.1.100 - - [25/Aug/2018:00:16:50] "GET https://picard.zone/ (Links to an external site.)specials/wp.conf 500  Mozilla/5.0"
192.168.1.100 - - [25/Aug/2018:00:16:55] "GET https://picard.zone/ (Links to an external site.)specials/../settings.py 500  Mozilla/5.0"
4.2.2.2 - - [25/Aug/2018:00:16:58] "GET https://picard.zone/ (Links to an external site.)specials/php.ini 500  Mozilla/5.0"
11.22.33.44 - - [25/Aug/2018:00:17:42] "GET https://picard.zone/ (Links to an external site.)finish.php 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:18:01] "GET https://picard.zone/ (Links to an external site.)settings.html 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:19:12] "GET https://picard.zone/catalog.html (Links to an external site.)?id=5 200  Mozilla/5.0"
12.34.56.87 - - [25/Aug/2018:00:20:11] "GET https://picard.zone/ (Links to an external site.)privacy.py 200  Mozilla/5.0"

10.10.38.12 - - [25/Aug/2018:00:13:38] "GET https://picard.zone/index.html (Links to an external site.) HTTP/1.1 404 Mozilla/.05"

HINT: The lines you are interested in are in bold; lines 5 to 9.
HINT: In your terminal, create a new file called 'access.log' and copy-paste the above lines into it
HINT: You will likely need to use; cut, uniq and grep in your command

Solutions

Expert Solution

venereology answered 11 months ago
Next > < Previous

Related Solutions

Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. (10 marks total) CSE1CPR 2020 Final Exam Page 8 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry? iii. How might this cause harm? iv. Suggest how the website developer or administrator might...
Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry? iii. How might this cause harm? i v. Suggest how the website developer or administrator might mitigate this threat or vulnerability?
Use the sample entry from an Apache web server log below to answer the following questions....
Use the sample entry from an Apache web server log below to answer the following questions. 10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302 i. Identify the key information in this message and briefly describe what this log entry is telling you? ii. What security threat or vulnerability can you see from this log entry?   iii. How might this cause harm? iv. Suggest how the website developer or administrator might mitigate this threat or vulnerability?
A small company network have multiple servers (including a web server, a log server, DNS servers,...
A small company network have multiple servers (including a web server, a log server, DNS servers, a file server for inventory information and customer orders, but no email server) , two firewalls, DMZ, and PCs. The company sales products online. a). Suppose that you are a system administrator. What types of network connections will you allow to be established with the servers in the DMZ from the Internet? b). What are the points of entry for attackers? c). How do...
Web Server is the computer that stores Web Server Software and Website. If you are running...
Web Server is the computer that stores Web Server Software and Website. If you are running some service like Food Panda which type of Hosting Server will be used. Answer your question by discussion and comparison of different types of web hosting? If you have low budget so what will be the best possible hosting plan in this situation? Justify your answer by logical reasoning.
Computer/Network Security How do you implement write access through web server?
Computer/Network Security How do you implement write access through web server?
Discuss the main similarity and difference between a dedicated web server and a co-located web server....
Discuss the main similarity and difference between a dedicated web server and a co-located web server. Group of answer choices Both of them are mainly used for small to medium-size web sites. Both of them are mainly used for large to enterprise-size web sites. Both of them are kept and connected to the Internet at the web host provider's location. One of them is kept and connected to the Internet at the web host provider's location, while the other is...
You need to design a Web Server, Database Server and a Backup server. If you had...
You need to design a Web Server, Database Server and a Backup server. If you had to choose from the following list of resources which ones would you place a priority on and state why you would do so. List these for each server type. Hint: You need to think about the functionality of the server. Based on this information, which resource would you emphasize on the most to increase the performance of the server. CPU utilization and speed Multiprocessing...
In an effort to increase access to healthcare, I have come up with a few ideas...
In an effort to increase access to healthcare, I have come up with a few ideas to aid the access to healthcare, expanding. The following strategies are my ideas to improve access to healthcare. -Expanding office hours, this would benefit those who are unable to take time off from the normal work day, in order to attend an appointment. Taking time off from work is not always applicable, and these extended hours would ensure that those who can afford to...
Describe the process involving the transmission of a Web page from a Web server to a...
Describe the process involving the transmission of a Web page from a Web server to a user’s computer.
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT