Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.112
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
share /
logwatch /
scripts /
services /
Delete
Unzip
Name
Size
Permission
Date
Action
afpd
3.84
KB
-rwxr-xr-x
2017-01-21 17:44
amavis
176.48
KB
-rwxr-xr-x
2017-01-21 17:44
arpwatch
1.43
KB
-rwxr-xr-x
2017-01-21 17:44
audit
15.59
KB
-rwxr-xr-x
2017-01-21 17:44
automount
5.24
KB
-rwxr-xr-x
2017-01-21 17:44
autorpm
2.25
KB
-rwxr-xr-x
2017-01-21 17:44
barracuda
11.85
KB
-rwxr-xr-x
2017-01-21 17:44
bfd
2.2
KB
-rwxr-xr-x
2017-01-21 17:44
cisco
44.38
KB
-rwxr-xr-x
2016-07-26 19:43
citadel
58.58
KB
-rwxr-xr-x
2017-01-21 17:44
clam-update
6.93
KB
-rwxr-xr-x
2017-01-21 17:44
clamav
6.17
KB
-rwxr-xr-x
2017-01-21 17:44
clamav-milter
4.17
KB
-rwxr-xr-x
2017-01-21 17:44
courier
23.28
KB
-rwxr-xr-x
2017-01-21 17:44
cron
12.58
KB
-rwxr-xr-x
2017-01-21 17:44
denyhosts
1.75
KB
-rwxr-xr-x
2017-01-21 17:44
dhcpd
11
KB
-rwxr-xr-x
2017-01-21 17:44
dirsrv
4.85
KB
-rwxr-xr-x
2017-01-21 17:44
dnssec
4.99
KB
-rwxr-xr-x
2017-01-21 17:44
dovecot
24.72
KB
-rwxr-xr-x
2017-01-21 17:44
dpkg
3.21
KB
-rwxr-xr-x
2017-01-21 17:44
emerge
4.44
KB
-rwxr-xr-x
2017-01-21 17:44
evtapplication
5.92
KB
-rwxr-xr-x
2017-01-21 17:44
evtsecurity
12.7
KB
-rwxr-xr-x
2017-01-21 17:44
evtsystem
14.95
KB
-rwxr-xr-x
2017-01-21 17:44
exim
24.79
KB
-rwxr-xr-x
2017-01-21 17:44
eximstats
1.91
KB
-rwxr-xr-x
2017-01-21 17:44
extreme-networks
10.91
KB
-rwxr-xr-x
2017-01-21 17:44
fail2ban
9.98
KB
-rwxr-xr-x
2017-01-21 17:44
fetchmail
3.53
KB
-rwxr-xr-x
2017-01-21 17:44
freeradius
10.22
KB
-rwxr-xr-x
2017-01-21 17:44
ftpd-messages
7.67
KB
-rwxr-xr-x
2017-01-21 17:44
ftpd-xferlog
6.18
KB
-rwxr-xr-x
2017-01-21 17:44
http
23.73
KB
-rwxr-xr-x
2017-01-21 17:44
http-error
4.22
KB
-rwxr-xr-x
2016-07-26 19:43
identd
5.54
KB
-rwxr-xr-x
2017-01-21 17:44
imapd
11.15
KB
-rwxr-xr-x
2017-01-21 17:44
in.qpopper
4.84
KB
-rwxr-xr-x
2017-01-21 17:44
init
3.48
KB
-rwxr-xr-x
2017-01-21 17:44
ipop3d
4.08
KB
-rwxr-xr-x
2017-01-21 17:44
iptables
14.96
KB
-rwxr-xr-x
2017-01-21 17:44
kernel
10.56
KB
-rwxr-xr-x
2017-01-21 17:44
knockd
2.8
KB
-rwxr-xr-x
2017-01-21 17:44
lvm
3.12
KB
-rwxr-xr-x
2017-01-21 17:44
mailscanner
27.15
KB
-rwxr-xr-x
2017-01-21 17:44
mdadm
4.58
KB
-rwxr-xr-x
2017-01-21 17:44
mod_security2
7.82
KB
-rwxr-xr-x
2017-01-21 17:44
modprobe
4.17
KB
-rwxr-xr-x
2017-01-21 17:44
mountd
4.35
KB
-rwxr-xr-x
2017-01-21 17:44
mysql
4.52
KB
-rwxr-xr-x
2017-01-21 17:44
mysql-mmm
4.84
KB
-rwxr-xr-x
2017-01-21 17:44
named
31.26
KB
-rwxr-xr-x
2017-01-21 17:44
netopia
14.98
KB
-rwxr-xr-x
2017-01-21 17:44
netscreen
20.63
KB
-rwxr-xr-x
2017-01-21 17:44
oidentd
5.47
KB
-rwxr-xr-x
2017-01-21 17:44
omsa
2.59
KB
-rwxr-xr-x
2017-01-21 17:44
openvpn
13.68
KB
-rwxr-xr-x
2017-01-21 17:44
pam
1.86
KB
-rwxr-xr-x
2017-01-21 17:44
pam_pwdb
7.84
KB
-rwxr-xr-x
2017-01-21 17:44
pam_unix
16.03
KB
-rwxr-xr-x
2017-01-21 17:44
php
5.1
KB
-rwxr-xr-x
2017-01-21 17:44
pix
13.29
KB
-rwxr-xr-x
2017-01-21 17:44
pluto
11.97
KB
-rwxr-xr-x
2017-01-21 17:44
pop3
15.18
KB
-rwxr-xr-x
2017-01-21 17:44
portsentry
5
KB
-rwxr-xr-x
2017-01-21 17:44
postfix
241.59
KB
-rwxr-xr-x
2017-01-21 17:44
postgresql
5.39
KB
-rwxr-xr-x
2017-01-21 17:44
pound
3.52
KB
-rwxr-xr-x
2017-01-21 17:44
proftpd-messages
10.6
KB
-rwxr-xr-x
2017-01-21 17:44
puppet
10.37
KB
-rwxr-xr-x
2016-07-26 19:43
pureftpd
8.17
KB
-rwxr-xr-x
2017-01-21 17:44
qmail
5.73
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-pop3d
4.43
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-pop3ds
3.98
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-send
19.63
KB
-rwxr-xr-x
2017-01-21 17:44
qmail-smtpd
56.05
KB
-rwxr-xr-x
2017-01-21 17:44
raid
1.73
KB
-rwxr-xr-x
2017-01-21 17:44
resolver
3.43
KB
-rwxr-xr-x
2017-01-21 17:44
rsnapshot
3.33
KB
-rwxr-xr-x
2017-01-21 17:44
rsyslogd
1.79
KB
-rwxr-xr-x
2016-07-26 19:43
rt314
4.43
KB
-rwxr-xr-x
2017-01-21 17:44
samba
25.63
KB
-rwxr-xr-x
2017-01-21 17:44
saslauthd
4.06
KB
-rwxr-xr-x
2017-01-21 17:44
scsi
3.34
KB
-rwxr-xr-x
2017-01-21 17:44
secure
41.04
KB
-rwxr-xr-x
2017-01-21 17:44
sendmail
92.27
KB
-rwxr-xr-x
2017-01-21 17:44
sendmail-largeboxes
2.51
KB
-rwxr-xr-x
2017-01-21 17:44
shaperd
5.64
KB
-rwxr-xr-x
2017-01-21 17:44
slon
4.61
KB
-rwxr-xr-x
2017-01-21 17:44
smartd
16.1
KB
-rwxr-xr-x
2017-01-21 17:44
sonicwall
25
KB
-rwxr-xr-x
2017-01-21 17:44
spamassassin
7.56
KB
-rwxr-xr-x
2016-07-26 19:43
sshd
30.98
KB
-rwxr-xr-x
2017-01-21 17:44
sshd2
2.02
KB
-rwxr-xr-x
2017-01-21 17:44
sssd
2.45
KB
-rwxr-xr-x
2017-01-21 17:44
stunnel
5.61
KB
-rwxr-xr-x
2016-07-26 19:43
sudo
6.01
KB
-rwxr-xr-x
2017-01-21 17:44
syslog-ng
20.61
KB
-rwxr-xr-x
2017-01-21 17:44
syslogd
1.98
KB
-rwxr-xr-x
2017-01-21 17:44
systemd
7.53
KB
-rwxr-xr-x
2017-01-21 17:44
tac_acc
4.12
KB
-rwxr-xr-x
2017-01-21 17:44
tivoli-smc
4.41
KB
-rwxr-xr-x
2016-07-26 19:43
up2date
4.79
KB
-rwxr-xr-x
2017-01-21 17:44
vdr
8.3
KB
-rwxr-xr-x
2017-01-21 17:44
vpopmail
3.48
KB
-rwxr-xr-x
2017-01-21 17:44
vsftpd
8.28
KB
-rwxr-xr-x
2017-01-21 17:44
windows
16.12
KB
-rwxr-xr-x
2017-01-21 17:44
xntpd
8.59
KB
-rwxr-xr-x
2017-01-21 17:44
yum
2.8
KB
-rwxr-xr-x
2017-01-21 17:44
zypp
2.48
KB
-rwxr-xr-x
2017-01-21 17:44
zz-disk_space
6.02
KB
-rwxr-xr-x
2017-01-21 17:44
zz-fortune
1.69
KB
-rwxr-xr-x
2017-01-21 17:44
zz-lm_sensors
1.82
KB
-rwxr-xr-x
2017-01-21 17:44
zz-network
12.79
KB
-rwxr-xr-x
2017-01-21 17:44
zz-runtime
1.66
KB
-rwxr-xr-x
2017-01-21 17:44
zz-sys
3.01
KB
-rwxr-xr-x
2017-01-21 17:44
zz-zfs
5.91
KB
-rwxr-xr-x
2017-01-21 17:44
Save
Rename
#!/usr/bin/perl #!/usr/bin/perl -w ########################################################################## # $Id: mod_security2, v 1.0.1 2013/01/11 ########################################################################## # # Revision 1.0.1 2013/01/11 # fixed problem with uninitialized values #6 # ########################################################################## # This script is written an maintained by: # Torben Hansen <derhansen@gmail.com> # # To send comments, suggestions, bugreports, etc, please use: # https://github.com/derhansen/logwatch-modsec2 ########################################################################## ########################################################################## # Copyright © 2013 Torben Hansen <derhansen@gmail.com> # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the # “Software”), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be included # in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANT- # ABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO # EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, # DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR # THE USE OR OTHER DEALINGS IN THE SOFTWARE. # ########################################################################## use Logwatch ':dates'; # Disable warnings about unused variables no warnings qw(once); my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $SearchDate = TimeFilter('%d/%b/%Y:%H:%M:%S'); my $within_range = 0; my %tmpEntry = (); my $count = 0; my %messages = (); my %topips = (); my %toprules = (); my $check = 0; my $option = ''; if ( $Debug >= 5 ) { print STDERR "\n\nDEBUG MODE \n\n"; } # Initialize array $tmpEntry{$count}{"action"} = ""; $tmpEntry{$count}{"hostname"} = ""; $tmpEntry{$count}{"message"} = ""; $tmpEntry{$count}{"ruleid"} = ""; while (defined($ThisLine = <STDIN>)) { chomp($ThisLine); # Reset $check if line starts with two dashes if ( $ThisLine =~ /-[A-Z]--/ ) { $check = 0; $option = ""; } if ($check == 1) { if ($option eq "audit-log-header") { ($timestamp, $transactionID, $sourceIP, $sourcePort, $destIP, $destPort ) = ($ThisLine =~ /\[(.*?)\] (.*?) (.*?) (.*?) (.*?) (.*?)$/ ); $tmpEntry{$count}{"timestamp"} = $timestamp; $tmpEntry{$count}{"sourceIp"} = $sourceIP; $tmpEntry{$count}{"sourcePort"} = $sourcePort; $tmpEntry{$count}{"destIp"} = $destIP; $tmpEntry{$count}{"destPort"} = $destPort; if ( $Debug >= 5 ) { print STDERR "\n"; print STDERR "DATE: " . $timestamp . "\n"; print STDERR "FROM: ". $sourceIP . ":" . $sourcePort . "\n"; print STDERR "TO: ". $destIP . ":" . $destPort . "\n"; } } if ($option eq "request-header") { if ( ($method, $requestUri) = ($ThisLine =~ /^(POST|GET) (.*?)$/) ) { $tmpEntry{$count}{"method"} = $method; $tmpEntry{$count}{"uri"} = $requestUri; if ( $Debug >= 5 ) { print STDERR "METHOD: " . $method . "\n"; print STDERR "URI: " . $requestUri . "\n"; } } elsif ( ($hostname) = ($ThisLine =~ /^Host: (.*?)$/) ) { $tmpEntry{$count}{"hostname"} = $hostname; if ( $Debug >= 5 ) { print STDERR "HOST: " . $hostname . "\n"; } } } if ($option eq "audit-log-trailer") { if ( $ThisLine =~ /^Message:/ ) { if ( ($ruleId) = ($ThisLine =~ /\[id \"(.*?)\"\]/) ) { if ( $Debug >= 5 ) { print STDERR "Rule ID: " . $ruleId. "\n"; } } if ( ($msg) = ($ThisLine =~ /\[msg \"(.*?)\"\]/) ) { if ( $Debug >= 5 ) { print STDERR "Message: " . $msg. "\n"; } } $tmpEntry{$count}{"ruleid"} = $ruleId; $tmpEntry{$count}{"message"} = $msg; } if ( ($action) = ($ThisLine =~ /^Action: (.*?)$/) ) { $tmpEntry{$count}{"action"} = $action; if ( $Debug >= 5 ) { print STDERR "Action: " . $action. "\n"; } } if ( ($engineMode) = ($ThisLine =~ /^Engine-Mode: (.*?)$/) ) { $tmpEntry{$count}{"engine"} = $engineMode; if ( $Debug >= 5 ) { print STDERR "Engine mode: " . $engineMode. "\n"; } } } } if ( $ThisLine =~ /-A--/ ) { $check = 1; $option = "audit-log-header"; } elsif ( $ThisLine =~ /-B--/ ) { $check = 1; $option = "request-header"; } elsif ( $ThisLine =~ /-H--/ ) { $check = 1; $option = "audit-log-trailer"; } elsif ( $ThisLine =~ /-Z--/ ) { $check = 0; $option = ""; # Create new summary entry if date matches searchdate if ( $tmpEntry{$count}{"timestamp"} =~ /$SearchDate/ ) { if ( $tmpEntry{$count}{"action"} ne "" && $tmpEntry{$count}{"hostname"} ne "" && $tmpEntry{$count}{"message"} ne "" && $tmpEntry{$count}{"ruleid"} ne "" ) { $messages{$tmpEntry{$count}{"hostname"}}{"numAttacks"}++; $messages{$tmpEntry{$count}{"hostname"}}{"attack"}{$tmpEntry{$count}{"sourceIp"}}{$tmpEntry{$count}{"ruleid"}} = $tmpEntry{$count}{"message"}; $messages{$tmpEntry{$count}{"hostname"}}{$tmpEntry{$count}{"sourceIp"}}{$tmpEntry{$count}{"ruleid"}}++; $topips{$tmpEntry{$count}{"sourceIp"}}++; $toprules{$tmpEntry{$count}{"ruleid"}}++; } } # Increase counter $count++; # Reset values $tmpEntry = (); $tmpEntry{$count}{"action"} = ""; $tmpEntry{$count}{"hostname"} = ""; $tmpEntry{$count}{"message"} = ""; $tmpEntry{$count}{"ruleid"} = ""; if ( $Debug >= 5 ) { print STDERR "---------------------------------------\n"; } } } # Start summary if (keys %messages) { print "\nATTACKS BLOCKED ON VHOSTS:\n"; foreach my $vhost ( sort {$a cmp $b} keys %messages ) { print "\n" . $vhost . " - " . $messages{$vhost}{"numAttacks"} . " time(s)\n"; foreach my $fromip (sort {$a cmp $b} keys %{$messages{$vhost}{"attack"}}) { foreach my $ruleid (sort {$a cmp $b} keys %{$messages{$vhost}{"attack"}{$fromip}}) { print " [ip: " . sprintf("%-15s", $fromip) . "] "; print "[id: " . $ruleid . " ] [msg: " . $messages{$vhost}{"attack"}{$fromip}{$ruleid} . "] "; print " - " . $messages{$vhost}{$fromip}{$ruleid} . " time(s)\n"; } } } } # Top 10 blocked IPs if (keys %topips) { print "\nTOP 10 BLOCKED IPS:\n"; my $cnt = 0; foreach my $ip ( sort {$topips{$b} <=> $topips{$a}} keys %topips ) { print "\n " . sprintf("%2s", ($cnt + 1)) . ". " . $ip . " - " . $topips{$ip} . " time(s)"; $cnt++; if($cnt == 10) { last(); } } print "\n"; } exit(0)