Linux bash 遍历 apache access_log 文件并发送邮件 [英] Linux bash to iterate over apache access_log files and send mail

问题描述

我需要一个 linux bash 脚本，如果在 apache 日志中进行的搜索中出现任何结果，它会向我发送电子邮件.

I need a linux bash script which send me an email if any results appear in searches made in the apache logs.

我有一个非常简单的方法(句子)来研究 SQL 注入攻击，它只是搜索 SQLi 中使用的一些关键字.这是:

I have a very simple method (sentence) to look into SQL Injection attacks, which simply searches for some keywords used in SQLi. Is this:

#tail -50000 /var/vhosts/site.com/logs/access_log | egrep -i "select%20|union%20|'|1=1"

所以现在我希望能够在多个 access_log 中启动它(对于每个网站 - 我拥有的虚拟主机)，并在找到结果时给我发送电子邮件.

So now I would like to be able to launch it in several access_log (for each website - virtual host I have) and send me an email in case of finding results.

以示意图的方式:

我有 apache access_log 文件，每个虚拟主机一个:

I have the apache access_log files, one for each virtual host:

/var/vhosts/website_1/access_log
/var/vhosts/website_2/access_log
etc...

以及我所说的 bash 进程的方案:

And the scheme of the bash process I'm talking:

for each access_log file (one by virtual host)
    result = tail -50000 /var/www/vhosts/site.com/logs/access_log | egrep -i "select%20|union%20|'|1=1"
    if any line appear in the result then
        send mail(myemail@site.com, 'Warning!: Possible attack in virtual_host_i')
end;

有人知道如何实现这个脚本吗?

Does anyone know how to implement this script?

提前致谢

推荐答案

你有一个很好的计划，只需要编写代码.试试这个:

You have a good plan, just need to code it. Try this:

#!/bin/bash
for file in $(ls /var/vhosts/*/access_log);  do 
  result=""   #reset the result variable
  result=$(tail -50000 "${file}" | egrep -i "(select )|(union )|'|(1=1)")
  if [[ ! -z $result ]]; then
    echo "file ${file} contains suspicious lines:"
    echo $result
    # or enter your command for mailing the result
    # for example:
    # echo ${result} | mail -s ${file} youremail@site.com
    # check man page for your mail command!
  fi
done

这篇关于Linux bash 遍历 apache access_log 文件并发送邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！