Server IP : 103.119.228.120 / Your IP : 3.135.205.26 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/ssl/local/ssl/local/modsecurity/bin/ |
Upload File : |
#!/usr/bin/perl # # ModSecurity for Apache 2.x, http://www.modsecurity.org/ # Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) # # You may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # If any of the files related to licensing are missing or if you have any # other questions related to licensing please contact Trustwave Holdings, Inc. # directly using the email address security@modsecurity.org. use strict; use File::Find qw(find); use File::Spec::Functions qw(catfile); use Sys::Hostname qw(hostname); use Digest::MD5 qw(md5_hex); my $ROOTDIR = $ARGV[0] || ''; my $MLOGC = $ARGV[1] || ''; my $MLOGCCONF = $ARGV[2] || ''; my @AUDIT = (); if ($ROOTDIR eq '' or ! -e $MLOGC or ! -e $MLOGCCONF) { printf STDERR "\nUsage: $0 <rootdir> </path/to/mlogc> <mlogc_config>\n\n"; exit 1; } open(MLOGC, "|$MLOGC -f $MLOGCCONF") or die "ERROR: could not open '$MLOGC' - $!\n"; find( { wanted => sub { my($fn,$dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size); (($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size) = stat($_)) && -f _ && #### MODSEC-204 /^\d{8}-\d+-\w{24}$/s /^\d{8}-\d+-.{24,}$/s && (($fn = $File::Find::name) =~ s/^\Q$ROOTDIR\E//) && push(@AUDIT, [$fn, $size]); }, follow => 1, }, $ROOTDIR ); for my $audit (@AUDIT) { my $fn = $audit->[0]; my $line = ""; my $err = 0; my $ln = 0; my $sln = 0; my $sect = ""; my $data = ""; my %data = ( hostname => hostname(), remote_addr => "-", remote_user => "-", local_user => "-", logtime => "-", request => "-", response_status => "-", bytes_sent => "-", referer => "-", user_agent => "-", uniqueid => "-", sessionid => "-", audit_file => $fn, extra => "0", audit_size => $audit->[1], md5 => "-", ); ### Parse the audit file in an attempt to recreate the original log line open (AUDIT, "<".catfile($ROOTDIR,$fn)) or $err = 1; if ($err == 1) { print STDERR "ERROR: could not open '$fn' - $!\n"; next; } while($line = <AUDIT>) { $data .= $line; chop $line; $ln++; $sln++; if ($line =~ m%^--[0-9A-Fa-f]{8}-([A-Z])--$%) { $sect = $1; $sln = 0; next; }; if ($sect eq 'A') { if ($line =~ m%^(\[[^:]+:\d+:\d+:\d+ [^\]]+\]) (\S+) (\S+) (\d+) (\S+) (\d+)%) { $data{logtime} = $1; $data{uniqueid} = $2; $data{remote_addr} = $3; } next; } elsif ($sect eq 'B') { if ($sln == 1) { $data{request} = $line; } elsif ($line =~ m%^User=Agent: (.*)%i) { $data{user_agent} = $1; } elsif ($line =~ m%^Referer: (.*)%i) { $data{referer} = $1; } next; } elsif ($sect eq 'F') { if ($sln == 1 and $line =~ m%^\S+ (\d{3})\D?.*%) { $data{response_status} = $1; } elsif ($line =~ m%^Content-Length: (\d+)%i) { $data{bytes_sent} = $1; } next; } } $data{md5} = md5_hex($data); printf MLOGC ( "%s %s %s %s %s \"%s\" %s %s \"%s\" \"%s\" %s \"%s\" %s %s %s md5:%s\n", $data{hostname}, $data{remote_addr}, $data{remote_user}, $data{local_user}, $data{logtime}, $data{request}, $data{response_status}, $data{bytes_sent}, $data{referer}, $data{user_agent}, $data{uniqueid}, $data{sessionid}, $data{audit_file}, $data{extra}, $data{audit_size}, $data{md5}, ); }