Re: httpd access_logs-security et al


Subject: Re: httpd access_logs-security et al
From: W.D.McKinney (deem@wdm.com)
Date: Sat Dec 29 2001 - 17:48:13 AKST


Well something like this maybe ?

#!/bin/sh
tail -f /path/to/log/httpd/access_log|gawk '/default.ida|scripts/
{system("/sbin/route add -host "$1" reject")}'

William Bouterse <bill@bouterse.com> wrote:
>
> After the overwhelming inundation of Nimidia and others and continued
> bloat of my home server access_logs and the recent malicious cracking into a member of this lists server, I was wondering....?
>
> Where is one of those nice little scripts I remember seeing
> to bounce back the access attempts returning them to the attention
> of the administrator of the infected server? Or other suggestions
> for a realatively non-sophisticated linux user.
>
> I have misplaced the email concerning the cracked server and was wondering
> what the outcome of it all was and whether or not the members of this group have a notification process setup whereas any comfirmed exploit is immediately announced Perhaps "SECURITY ALERT"!!!
> ...Sometimes the list grows long with various discussions and I for one have a tendency to skim and sometimes forget which is why I am writing this....It would be nice to know the details of
> security issues as it can affect us all both home user and business...
>
> I still have not perfected the balance between
> too much and too little security
>
>
> William Bouterse
> Talkeetna, Ak.

--
W.D.McKinney (Dee)
(907)349-4308 (Office)
(907)349-2226 (Fax)
http://3519098920



This archive was generated by hypermail 2a23 : Sat Dec 29 2001 - 17:44:07 AKST