| Server IP : 103.119.228.120 / Your IP : 18.225.95.229 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/modsecurity/bin/ |
Upload File : |
#!/usr/bin/perl
#
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
# Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
#
# You may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# If any of the files related to licensing are missing or if you have any
# other questions related to licensing please contact Trustwave Holdings, Inc.
# directly using the email address security@modsecurity.org.
use strict;
use File::Find qw(find);
use File::Spec::Functions qw(catfile);
use Sys::Hostname qw(hostname);
use Digest::MD5 qw(md5_hex);
my $ROOTDIR = $ARGV[0] || '';
my $MLOGC = $ARGV[1] || '';
my $MLOGCCONF = $ARGV[2] || '';
my @AUDIT = ();
if ($ROOTDIR eq '' or ! -e $MLOGC or ! -e $MLOGCCONF) {
printf STDERR "\nUsage: $0 <rootdir> </path/to/mlogc> <mlogc_config>\n\n";
exit 1;
}
open(MLOGC, "|$MLOGC -f $MLOGCCONF") or die "ERROR: could not open '$MLOGC' - $!\n";
find(
{
wanted => sub {
my($fn,$dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size);
(($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size) = stat($_)) &&
-f _ &&
#### MODSEC-204 /^\d{8}-\d+-\w{24}$/s
/^\d{8}-\d+-.{24,}$/s
&& (($fn = $File::Find::name) =~ s/^\Q$ROOTDIR\E//)
&& push(@AUDIT, [$fn, $size]);
},
follow => 1,
},
$ROOTDIR
);
for my $audit (@AUDIT) {
my $fn = $audit->[0];
my $line = "";
my $err = 0;
my $ln = 0;
my $sln = 0;
my $sect = "";
my $data = "";
my %data = (
hostname => hostname(),
remote_addr => "-",
remote_user => "-",
local_user => "-",
logtime => "-",
request => "-",
response_status => "-",
bytes_sent => "-",
referer => "-",
user_agent => "-",
uniqueid => "-",
sessionid => "-",
audit_file => $fn,
extra => "0",
audit_size => $audit->[1],
md5 => "-",
);
### Parse the audit file in an attempt to recreate the original log line
open (AUDIT, "<".catfile($ROOTDIR,$fn)) or $err = 1;
if ($err == 1) {
print STDERR "ERROR: could not open '$fn' - $!\n";
next;
}
while($line = <AUDIT>) {
$data .= $line;
chop $line;
$ln++;
$sln++;
if ($line =~ m%^--[0-9A-Fa-f]{8}-([A-Z])--$%) {
$sect = $1;
$sln = 0;
next;
};
if ($sect eq 'A') {
if ($line =~ m%^(\[[^:]+:\d+:\d+:\d+ [^\]]+\]) (\S+) (\S+) (\d+) (\S+) (\d+)%) {
$data{logtime} = $1;
$data{uniqueid} = $2;
$data{remote_addr} = $3;
}
next;
}
elsif ($sect eq 'B') {
if ($sln == 1) {
$data{request} = $line;
}
elsif ($line =~ m%^User=Agent: (.*)%i) {
$data{user_agent} = $1;
}
elsif ($line =~ m%^Referer: (.*)%i) {
$data{referer} = $1;
}
next;
}
elsif ($sect eq 'F') {
if ($sln == 1 and $line =~ m%^\S+ (\d{3})\D?.*%) {
$data{response_status} = $1;
}
elsif ($line =~ m%^Content-Length: (\d+)%i) {
$data{bytes_sent} = $1;
}
next;
}
}
$data{md5} = md5_hex($data);
printf MLOGC (
"%s %s %s %s %s \"%s\" %s %s \"%s\" \"%s\" %s \"%s\" %s %s %s md5:%s\n",
$data{hostname},
$data{remote_addr},
$data{remote_user},
$data{local_user},
$data{logtime},
$data{request},
$data{response_status},
$data{bytes_sent},
$data{referer},
$data{user_agent},
$data{uniqueid},
$data{sessionid},
$data{audit_file},
$data{extra},
$data{audit_size},
$data{md5},
);
}